Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...
Contents Configuring the Ethernet interface ································································································································· 1 Naming the Ethernet interfaces ······································································································································· 1 Understanding the general configuration ······················································································································· 1 Configuring the management Ethernet interface ·································································································· 1 Configuring a combo interface ······························································································································· 2 Configuring basic settings of an Ethernet interface ······························································································ 2 Shutting down an Ethernet interface ······················································································································...
Page 4
Configuring Ethernet link-aggregation························································································································· 26 Basic concepts ······················································································································································· 26 Using aggregating links in static mode ·············································································································· 29 Using aggregating links in dynamic mode········································································································· 30 Using load-sharing criteria for link-aggregation groups ··················································································· 32 Using the Ethernet link-aggregation configuration task list ························································································ 32 Configuring an aggregation group ·····························································································································...
Page 5
Configuring the port link type ······························································································································ 73 Configuring port mode used to recognize/send MSTP packets ······································································ 73 Enabling port state transition information output ······························································································· 74 Enabling the spanning tree feature ····················································································································· 75 Performing mCheck ··············································································································································· 76 Configuring the VLAN Ignore feature ················································································································· 76 Configuring Digest Snooping ······························································································································...
Page 6
Displaying isolate-user-VLAN ······································································································································ 131 Setting an example isolate-user-VLAN configuration ······························································································· 131 Configuring GVRP ······················································································································································ 134 Using GVRP·························································································································································· 137 GVRP registration modes ···································································································································· 137 Protocols and standards ····································································································································· 137 Configuration task list ·················································································································································· 137 Configuring GVRP functions ······································································································································· 138 Configuring GARP timers ············································································································································ 139 Displaying and maintaining GVRP·····························································································································...
Page 7
Configuring a service loopback group ······················································································································ 205 Displaying service loopback groups ·························································································································· 206 Service loopback group configuration ······················································································································ 206 Support and other resources ····································································································································· 208 Contacting HP ······························································································································································ 208 Subscription service ············································································································································ 208 Related information ······················································································································································ 208 Documents ···························································································································································· 208 Websites ······························································································································································...
Configuring the Ethernet interface Naming the Ethernet interfaces The GE and 10-GE interfaces on the A5830 switches are named in the format of interface-type A/B/C, where the following definitions apply: A represents the ID of the switch in an IRF fabric. If the switch is not assigned to any IRF fabric, A ...
Configuring a combo interface A combo interface is a logical interface that comprises one optical (fiber) port and one electrical (copper) port. The two ports share one forwarding interface, so they cannot work simultaneously. When you enable one port, the other is disabled automatically. The fiber combo port and cooper combo port are Layer 2 Ethernet interfaces.
Step… Command… Remarks interface interface-type interface- Enter Ethernet interface view. — number Optional By default, the description of an interface is in the format of Set the interface description. description text interface-name Interface For example, GigabitEthernet1/0/1 Interface Optional By default, the duplex mode is auto for Ethernet interfaces Set the duplex mode of the The half parameter is not...
Step… Command… Remarks Use any command Enter Ethernet interface view: Enter Ethernet To shut down an Ethernet interface, interface interface-type interface-number interface view or enter Ethernet interface Enter port group view: port group view. To shut down all Ethernet interfaces in port-group manual port-group-name a port group, enter port group view Shut down the...
On an interface that is physically down, only perform internal loopback testing. On an interface that is shut down administratively, perform neither internal nor external loopback testing. The speed, duplex, mdi, and shutdown commands are not available during loopback testing. During loopback testing, the Ethernet interface operates in full duplex mode.
Step… Command… Remarks Required By default, the switch allows jumbo frames within Configure jumbo jumboframe enable [ value ] 9216 bytes to pass through Ethernet interfaces frame support. If you set the value parameter multiple times, the latest configuration takes effect Configuring a Layer 2 Ethernet interface Using the layer 2 Ethernet interface configuration task list Complete these tasks to configure an Ethernet interface operating in bridge mode:...
Step… Command… Remarks Enter system view system-view — Create a manual port port-group manual port- group and enter manual Required group-name port group view Assign Ethernet interfaces group-member interface- Required to the manual port group list Required By default, the switch allows jumbo frames Configure jumbo frame jumboframe enable [ within 9216 bytes to pass through Ethernet...
Figure 1 Speed auto negotiation application scenario IP network GE1/0/4 Switch A Server 1 Server 2 Server 3 As shown in Figure 1, all ports on Switch A are operating in speed auto negotiation mode, with the highest speed of 1000 Mbps. If the transmission rate of each server in the server cluster is 1000 Mbps, their total transmission rate will exceed the capability of port GigabitEthernet 1/0/4, the port providing access to the Internet for the servers.
Step… Command… Remarks Use either command Enter Ethernet interface view: To configure storm suppression on an Ethernet interface, enter interface interface-type interface- Enter Ethernet interface Ethernet interface view number view or port group view To configure storm suppression Enter port group view: on a group of Ethernet port-group manual port-group-name...
Page 17
Table 1 Actions to take upon detection of a loop condition Actions Port type No protective action is configured A protective action is configured Place the receiving interface in controlled Perform the configured protective mode. The interface does not receive or send action.
Step… Command… Remarks Optional By default, a looped interface does not receive or send packets Set the protective With the shutdown parameter specified, action to take on loopback-detection action { no- the switch shuts down the looped ports the interface when learning | semi-block | shutdown } and set their physical state to Loop down a loop is detected...
To set the MDI mode of an Ethernet interface: Step… Command… Remarks Enter system view system-view — interface interface-type interface- Enter Ethernet interface view — number Optional Set the MDI mode of the By default, a copper Ethernet mdi { across | auto | normal } Ethernet interface interface operates in auto mode to negotiate pin roles with its peer...
Configuring the loopback and null interface A loopback interface is a software-only virtual interface. It delivers the following benefits. The physical layer state and link-layer protocols of a loopback interface are always up unless the loopback interface is shut down manually. ...
configure settings such as IP addresses and IP routes on loopback interfaces. For more information, see Layer 3—IP Services Configuration Guide and Layer 3—IP Routing Configuration Guide. Configuring the null interface A null interface is a completely software-based logical interface, and is always up. However, you cannot use it to forward data packets, and you cannot configure an IP address or link-layer protocol on it.
Page 23
Task… Command… Remarks Clear the statistics on the reset counters interface [ null [ 0 ] ] Available in user view null interface...
Configuring the MAC address table An Ethernet device uses a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which port a MAC address (or host) can be reached. When forwarding a frame, the device first looks up the MAC address of the frame in the MAC address table for a match.
to block all packets destined for a specific user for security concerns, configure the MAC address of this user as a blackhole MAC address entry. To adapt to network changes and prevent inactive entries from occupying table space, an aging mechanism is adopted for dynamic MAC address entries.
Adding or modifying a static or dynamic MAC address table entry on an interface To add or modify a static or dynamic MAC address table entry in interface view: Step… Command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface-type interface- interface view or Layer 2 —...
Step… Command… Remarks Disable MAC address learning on Required the interface or all mac-address mac-learning disable Enabled by default ports in the port group Disabling MAC address learning on a VLAN To disable MAC address learning on a per-VLAN basis: Step…...
Step… Command… Remarks Optional Configure the aging mac-address timer { timer for dynamic aging seconds | no- 300 seconds by default MAC address entries aging } The no-aging parameter disables the aging timer Configuring the MAC learning limit on ports The device’s forwarding performance can degrade as the MAC address table grows.
Page 29
The MAC address of Host A is 000f-e235-dc71 and belongs to VLAN 1. It is connected to GigabitEthernet 1/0/1 of the device. To prevent MAC address spoofing, add a static entry for the host in the MAC address table of the device. The MAC address of Host B is 000f-e235-abcd and belongs to VLAN 1.
Configuring MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users who are joining and leaving a network by monitoring their MAC addresses. With the MAC Information function, Layer 2 Ethernet ports send Syslog or trap messages to the monitor end in the network when they obtain or delete MAC addresses.
Step… Command… Remarks Enter system view system-view — Optional Configure MAC Information mac-address information mode { mode syslog | trap } trap by default Configuring the interval for sending Syslog or trap messages To prevent Syslog or trap messages from being sent too frequently, set the interval for sending Syslog or trap messages.
Figure 3 Network diagram for MAC Information configuration Device GE1/0/1 GE1/0/2 GE1/0/3 Host A Server 192.168.1.1/24 192.168.1.3/24 Host B 192.168.1.2/24 Configuration procedure Configure Device to send Syslog messages to Host B. For more information, see Network Management and Monitoring Configuration Guide. Enable MAC Information.
Configuring Ethernet link-aggregation Ethernet link-aggregation, or simply link-aggregation, combines multiple physical Ethernet ports into one logical link, called an aggregate link. Link-aggregation delivers the following benefits: Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
Page 34
Operational key When aggregating ports, the system assigns each port an operational key automatically based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key. In an aggregation group, all selected member ports are assigned the same operational key. Configuration classes Every configuration setting on a port can affect its aggregation state.
Page 35
Implemented by extending the LACPDU with new Type/Length/Value (TLV) fields. This is Extended LACP how the LACP MAD mechanism of the IRF feature is implemented. The A5830 Switch functions Series can participate in LACP MAD as either an IRF member switch or an intermediate device.
Link-aggregation modes Link-aggregation has the following modes: dynamic and static. Dynamic link-aggregation uses LACP and static link-aggregation does not. Table 5 compares the two aggregation modes. Table 5 A comparison between static and dynamic aggregation modes Aggregation LACP status on Pros Cons mode...
Setting the aggregation state of each member port After selecting the reference port, the static aggregation group sets the aggregation state of each member port. Figure 5 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction?
Page 38
The systems compare the system ID (which comprises the system LACP priority and the system MAC address). The system with the lower LACP priority value wins. If they are the same, the systems compare the system MAC addresses. The system with the lower MAC address wins. The system with the smaller system ID selects the port with the smallest port ID as the reference port.
To make sure stable aggregation state and service continuity, do not change port attributes or class-two configurations on any member port. In a dynamic aggregation group, when the aggregation state of a local port changes, the aggregation state of the peer port changes. A port that joins a dynamic aggregation group after the Selected port limit has been reached is placed in the Selected state if it is more eligible for being selected than a current member port.
CAUTION: Removing an aggregate interface also removes the corresponding aggregation group. At the same time, all member ports leave the aggregation group. If a port is used as a reflector port for port mirroring, do not assign it to an aggregation group. For more information about reflector ports, see Network Management and Monitoring Configuration Guide.
Step... Command... Remarks Optional By default, the aggregation priority of a port is Assign the port an link-aggregation port- 32,768 aggregation priority priority port-priority Changing the aggregation priority of a port can affect the aggregation state of the ports in the static aggregation group Configuring a Layer 2 dynamic aggregation group To guarantee a successful dynamic aggregation, be sure that the peer ports of the ports aggregated at...
Step... Command... Remarks Set the LACP Optional timeout interval on the port to the short lacp period short By default, the LACP timeout interval on a port is the timeout interval (1 long timeout interval (30 seconds) second) Configuring an aggregate interface Most of the configurations that can be performed on Layer 2 or Layer 3 Ethernet interfaces can also be performed on Layer 2 aggregate interfaces.
Shutting down an aggregate interface Shutting down or bringing up an aggregate interface affects the aggregation state and link state of ports in the corresponding aggregation group in the following ways: When an aggregate interface is shut down, all Selected ports in the corresponding aggregation ...
Page 44
Configuring the global link-aggregation load-sharing criteria To configure the global link-aggregation load-sharing criteria: Step... Command... Remarks Enter system view system-view — Required Configure the link-aggregation load-sharing By default, Layer 2 packets are load-shared global link- mode { { destination-ip | based on the source/destination MAC aggregation destination-mac | destination-port...
Enabling local-first load sharing for link-aggregation Use the local-first load sharing mechanism in a cross-card or cross-switch link-aggregation scenario to distribute traffic preferentially across member ports on the ingress switch rather than all member ports. When you aggregate ports on different member switches in an IRF fabric, use local-first load sharing to reduce traffic on IRF links, as shown in Figure 7.
Step... Command... Remarks Enter system view system-view — Optional Enable link-aggregation traffic link-aggregation lacp traffic- redirection redirect-notification enable Disabled by default Displaying and maintaining Ethernet link- aggregation Task... Command... Remarks display interface bridge-aggregation [ brief [ down ] ] [ | { begin | exclude | include } Display information for an regular-expression ] Available in any...
Setting an example Layer 2 static aggregation configuration Network requirements As shown in Figure Device A and Device B are connected through their respective Layer 2 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3. Configure a Layer 2 static aggregation group on Device A and Device B, respectively. Enable VLAN ...
Page 48
[DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait...
Setting an example Layer 2 dynamic aggregation configuration Network requirements As shown in Figure Device A and Device B are connected through their respective Layer 2 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3. Configure a Layer 2 dynamic aggregation group on Device A and Device B. Then enable VLAN 10 ...
Page 50
[DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.
VLAN resources. To isolate Layer 2 traffic without using VLANs, HP introduced the port isolation feature. To use the feature, you assign ports to a port isolation group. Ports in an isolation group are called ―isolated ports.‖...
Using a port isolation configuration Network requirements As shown in Figure Users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device. Device is connected to the Internet through GigabitEthernet 1/0/4. ...
Configuring the spanning tree Networks often have redundant links as backups in case of failures, but loops are a very serious problem. STP, a Layer 2 management protocol, eliminates loops in a LAN's data link layer by putting redundant links in a standby state that still allows for link redundancy. Devices that run STP detect loops by exchanging information with one another, and eliminate loops by selectively blocking certain ports to prune the loop structure into a loop-free tree structure.
Upon initialization of a network, each device generates and periodically sends configuration BPDUs with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs, and the other devices forward the BPDUs. Root port On a non-root bridge, the port nearest to the root bridge is the root port.
Page 55
The STP algorithm uses the following calculation process: Initial state Upon initialization of a device, each port generates a BPDU with the port as the designated port, the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge ID. Root bridge selection Initially, each STP-enabled device on the network assumes itself to be the root bridge, with its own device ID as the root bridge ID.
Page 56
The configuration BPDU with the lowest root bridge ID has the highest priority. If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S. The configuration BPDU with the smallest S value has the highest priority.
Page 57
Table 11 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison Port A1 receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}, finds that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU, and discards the received one.
Page 58
Configuration BPDU on Device Comparison process ports after comparison Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}, finds that the received configuration BPDU is superior to its existing configuration BPDU {2, 0, 2, Port C1}, Port C1: {0, 0, 0, Port and updates its configuration BPDU.
Page 59
Figure 13 The final calculated spanning tree Root bridge Root port Designated port Blocked port Normal link Blocked link This example shows a simplified spanning tree calculation process. The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded following these guidelines: Upon network initiation, every device regards itself as the root bridge, generates configuration ...
The device sends hello packets at the hello time interval to the neighboring devices to make sure that the paths are fault-free. Max age The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded.
MSTP features Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP, RSTP, and PVST. In addition to supporting rapid network convergence, it provides a better load sharing mechanism for redundant links by allowing data flows of different VLANs to be forwarded along separate paths. MSTP provides the following features: MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance ...
Page 62
Figure 15 Network diagram and topology of MST region 3 To MST region 4 MST region 3 Device A Device B MSTI 1 MSTI 2 域根 MSTI Device C Device D MSTI 0 VLAN 1 à MSTI 1 VLAN 2&3 à MSTI 2 MST域3中各MSTI的拓扑...
Page 63
An IST is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 14, MSTI 0 is the IST in MST region 3. CIST The CIST is a single spanning tree that connects all devices in a switched network.
Page 64
MSTP calculation involves the following port roles: Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. Designated port—Forwards data to the downstream network segment or device. Alternate port—The backup port for a root port or master port. When the root port or master port is ...
Using MSTP MSTP divides an entire Layer 2 network into multiple MST regions, which are connected by a calculated CST. Inside an MST region, multiple spanning trees are calculated. Each spanning tree is an MSTI. Among these MSTIs, MSTI 0 is the IST. Like STP, MSTP uses configuration BPDUs to calculate spanning trees.
Configuration task lists Before configuring a spanning tree, you must determine the spanning tree protocol to be used (STP, RSTP, PVST, or MSTP) and plan the device roles (the root bridge or leaf node). STP configuration task list Task Remarks Required Setting the spanning tree mode Configure the device to work...
Page 67
RSTP configuration task list Task Remarks Required Setting the spanning tree mode Configure the device to work in RSTP mode Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Optional Configuring the network diameter of a switched network Optional Configuring spanning tree timers Optional...
Page 68
PVST configuration task list Task Remarks Required Setting the spanning tree mode Configure the device to work in PVST mode Configuring the root bridge or a secondary Optional root bridge Configuring the device priority Optional Configuring the network diameter of a Optional switched network Configure...
Page 69
MSTP configuration task list Task Remarks Optional Setting the spanning tree mode By default, the device works in MSTP mode Configuring an MST region Required Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Optional Configuring the maximum hops of an MST region Optional Configuring the network diameter of a switched network...
PVST mode—The device sends PVST BPDUs through all ports and maintains a spanning tree for each VLAN. The A5830 Switch Series supports up to 128 VLANs in PVST mode. The maximum number of VLANs (assume that the number is n) for which PVST can maintain instances varies by device model.
In STP-compatible or RSTP mode, do not specify any MSTI or VLAN. Otherwise, the spanning tree configuration is ineffective. In MSTP mode, if you specify an MSTI, the spanning tree configuration is effective for the specified MSTI. If you specify a VLAN list, the spanning tree configuration is ineffective. If you do not specify any MSTI or VLAN, the spanning tree configuration is effective for the CIST.
you change the spanning tree mode back. To prevent loss of mappings, do not manually configure VLAN- to-instance mappings in PVST mode. Configuring the root bridge or a secondary root bridge Have MSTP determine the root bridge of a spanning tree through MSTP calculation, or specify the current device as the root bridge or as a secondary root bridge using the commands that the system provides.
Configure the current device as the root bridge by setting the device priority to 0. For the device priority configuration, see ―Configuring the device priority.‖ Configuring the device priority CAUTION: You cannot change the priority of a device while it is configured as the root bridge or as a secondary root bridge.
Max age 2 × (hello time + 1 second) HP recommends not setting the spanning tree timers manually. Instead, specify the network diameter and let spanning tree protocols automatically calculate the timers based on the network diameter. If the...
If the forward delay timer is too long, network convergence can take a long time. HP recommends you use the default setting. An appropriate hello time setting enables the device to quickly detect link failures on the network without using excessive network resources.
By setting an appropriate maximum port rate, limit the rate at which the port sends BPDUs and prevent spanning tree protocols from using excessive network resources when the network becomes unstable. HP recommends you use the default setting. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.
Step... Command... Remarks Enter Enter Layer 2 Ethernet interface interface- interface interface view or Layer 2 type interface-number Required view or aggregate interface view port Use either command port-group manual group Enter port group view port-group-name view Required Configure the current ports as edge stp edged-port All ports are non-edge ports by ports...
Page 78
Table 13 Mappings between the link speed and the path cost Path cost Link speed Port type Private IEEE 802.1d-1998 IEEE 802.1t standard — 65,535 200,000,000 200,000 Single port 2,000,000 2000 Aggregate interface containing 2 Selected 1,000,000 1800 ports Aggregate interface 10 Mbps containing 3 Selected 666,666...
Configuring re-calculated port path cost When the path cost of a port changes, the system re-calculates the role of the port and initiates a state transition. To configure the re-calculated path cost of ports: Step... Command... Remarks Enter system view system-view —...
Configure the link type as point-to-point for a Layer 2 aggregate interface or a port that works in full duplex mode. HP recommends you use the default setting and let the device to automatically detect the port link type.
dot1s—802.1s-compliant standard format legacy—Compatible format By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format.
Enabling the spanning tree feature You must enable the spanning tree feature for the device before any other spanning tree related configurations can take effect. Enabling the spanning tree feature (in STP/RSTP/MSPT mode) In STP/RSTP/MSTP mode, make sure that the spanning tree feature is enabled globally and on the desired ports.
Step... Command... Remarks Enter Enter Layer 2 Ethernet interface interface-type interface interface view or Layer 2 interface-number Required view or aggregate interface view port Use either command group port-group manual port- Enter port group view view group-name Optional Enable the spanning tree feature for stp enable By default, the spanning tree the port or group of ports...
Page 84
Figure 17 VLAN connectivity blocked by MSTP Root bridge VLAN 1 Port A1 Port B1 Port A2 Port B2 VLAN 2 Device A Device B Root port Designated port Blocked port Normal link Blocked link As shown in Figure Port A1 on Device A allows the traffic of VLAN 1 to pass through, and Port A2 allows the traffic of VLAN 2 to pass through.
To enable communication between an HP device and a third-party device, enable the Digest Snooping feature on the port that connects the HP device to the third-party device in the same MST region. Before you enable Digest Snooping, make sure that associated devices of different vendors are connected and run spanning tree protocols.
Page 86
NOTE: With Digest Snooping enabled, VLAN-to-instance mappings must be the same on associated ports, because in- the-same-region verification does not require comparison of configuration digest. With global Digest Snooping enabled, you cannot use the undo stp region-configuration command to modify VLAN-to-instance mappings or to remove the current region configuration.
Figure 19 Digest Snooping configuration MST region Device C (Root bridge) Root port GE1/0/1 GE1/0/2 Designated port Blocked port Normal link GE1/0/1 GE1/0/1 Blocked link GE1/0/2 GE1/0/2 Device A Device B Configuration procedure # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device A and enable global Digest Snooping on Device A.
Page 88
Figure 20 Rapid state transition of an MSTP designated port Upstream device Downstream device (1) Proposal for rapid transition The root port blocks non-edge ports. The root port changes to the (2) Agreement forwarding state and sends an Agreement to the upstream device.
Step... Command... Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface-type Enter interface view or Layer 2 interface-number Required interface or aggregate interface view port group Use either command port-group manual port- view Enter port group view group-name Required Enable No Agreement Check...
Page 90
Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers. The access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new spanning tree calculation process.
Page 91
Disabled by default Enabling TC-BPDU guard HP recommends that you not disable this feature. When a switch receives topology change (TC) BPDUs (the BPDUs that notify devices of topology changes), the switch flushes its forwarding address entries. If someone forges TC-BPDUs to attack the switch, the switch will receive a large number of TC-BPDUs within a short time and be busy with forwarding address entry flushing.
To enable TC-BPDU guard: Step... Command... Remarks Enter system view system-view — Optional Enable the TC-BPDU guard function stp tc-protection enable Enabled by default Configure the maximum number of Optional stp tc-protection threshold forwarding address entry flushes that the number 6 by default device can perform every 10 seconds Enabling BPDU drop...
Task... Command... Remarks display stp [ instance instance-id | vlan Display the statistics of TC/TCN BPDUs vlan-id ] tc [ slot slot-number ] [ | { begin sent and received by all ports in the Available in any view | exclude | include } regular-expression specified MSTI or all MSTIs display stp [ instance instance-id | vlan Display the spanning tree status and...
Page 94
Figure 23 Network diagram for MSTP configuration MST region Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 Permit: VLANs 10 and Permit: VLANs 20 and GE1/0/3 GE1/0/3 Permit: VLANs 20 and 40 Device C Device D Configuration procedure Configure VLANs and VLAN member ports (details not shown). Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B;...
Page 95
[DeviceB] stp region-configuration [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally.
Page 96
[DeviceD-mst-region] quit # Enable the spanning tree feature globally. [DeviceD] stp enable Verify the configurations use the display stp brief command to view brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A. [DeviceA] display stp brief MSTID Port...
Figure 24 MSTIs mapped to different VLANs MSTI mapped VLAN 10 MSTI mapped to VLAN 20 MSTI mapped to VLAN 30 MSTI mapped to VLAN 40 Root device Normal link Blocked link Setting the PVST configuration Network requirements As shown in Figure Device A and Device B work at the distribution layer.
Page 98
Configuration procedure VLAN and VLAN member port configuration Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B; VLAN 10, VLAN 20, and VLAN 40 on Device C; and VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.
Page 99
VLAN Port Role STP State Protection GigabitEthernet1/0/1 DESI DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/1 DESI FORWARDING NONE GigabitEthernet1/0/2 DESI FORWARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/2 DESI FORWARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE # Display brief spanning tree information on Device B. [DeviceB] display stp brief VLAN Port...
Page 100
Figure 26 Spanning trees mapped to different VLANs Spanning tree mapped to VLAN 10 Spanning tree mapped to VLAN 20 Spanning tree mapped to VLAN 30 Spanning tree mapped to VLAN 40 Root device Normal link Blocked link...
The encapsulated Layer 2 protocol packet (called BPDU) is forwarded to PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to CE 2. HP devices support BPDU tunneling for the following protocols: DLDP ...
LLDP PAGP PVST UDLD Implementing BPDU tunneling NOTE: This document uses the term in a broad sense. It includes STP, RSTP, and MSTP. STP calculates the topology of a network by transmitting BPDUs among devices in the network. For more information, see “Spanning tree configuration.”...
The upper section of Figure 28 represents the service provider network (ISP network). The lower section, including User A network 1 and User A network 2, represents the customer networks. Enabling BPDU tunneling on edge devices (PE 1 and PE 2) in the service provider network allows BPDUs of User A network 1 and User A network 2 to be transparently transmitted through the service provider network.
Step... Command... Remarks Enter system view system-view — Enter Layer 2 Enter interface interface-type interface- Ethernet interface Ethernet number Required view interface Use either command view or port Enter port group port-group manual port-group-name group view view bpdu-tunnel dot1q { cdp | dldp | Required Enable BPDU tunneling for a eoam | gvrp | hgmp | lacp | lldp |...
Page 105
All ports that connect service provider devices and customer devices are access ports and belong to VLAN 2. All ports that interconnect service provider devices are trunk ports and allow packets of any VLAN to pass through. MSTP is enabled on User A’s network. ...
Setting BPDU tunneling for the PVST configuration Network requirements As shown in Figure CE 1 and CE 2 are edge devices on the geographically dispersed network of User A. PE 1 and PE 2 are edge devices on the service provider network. All ports that connect service provider devices and customer devices and those that interconnect ...
Page 107
[PE2-GigabitEthernet1/0/2] port link-type trunk [PE2-GigabitEthernet1/0/2] port trunk permit vlan all # Disable STP on GigabitEthernet 1/0/2, and then enable BPDU tunneling for STP and PVST on it. [PE2-GigabitEthernet1/0/2] undo stp enable [PE2-GigabitEthernet1/0/2] bpdu-tunnel dot1q stp [PE2-GigabitEthernet1/0/2] bpdu-tunnel dot1q pvst...
Configuring VLAN Ethernet is a network technology based on the CSMA/CD mechanism. Because the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, VLAN was introduced to break a LAN down into separate VLANs. VLANs are isolated from each other at Layer 2. A VLAN is a bridging domain, and contains all broadcast traffic within it.
Figure 32 Traditional Ethernet frame format DA&SA Type Data IEEE 802.1Q inserts a four-byte VLAN tag after the DA&SA field, as shown in Figure Figure 33 Position and format of VLAN tag VLAN Tag DA&SA TPID Priority CFI VLAN ID Type The fields of a VLAN tag are tag protocol identifier (TPID), priority, CFI, and VLAN ID.
When the switch is determining which VLAN a packet that passes through the port should be assigned to, it looks up the VLANs in the default order of MAC-based VLAN, IP-based VLAN, protocol-based VLAN, and port-based VLAN. Protocols and standards IEEE 802.1Q, IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area ...
Configuring VLAN interface basic settings For hosts of different VLANs to communicate, you must use a router or Layer 3 switch to perform Layer 3 forwarding. You use VLAN interfaces to achieve this. VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices.
Page 112
Configure VLAN interfaces on Switch A and configure the PCs to enable Layer 3 communication between the PCs. Figure 34 Network diagram for VLAN interface configuration Switch A GE1/0/1 GE1/0/2 Vlan-Int5 Vlan-Int10 192.168.0.10/24 192.168.1.20/24 PC B PC A 192.168.0.1/24 192.168.1.1/24 VLAN 5 VLAN 10 Configuration procedure...
Vlan-interface5 192.168.0.10 Vlan-inte... Vlan-interface10 192.168.1.20 Vlan-inte... Configuring port-based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type Configure the link type of a port as access, trunk, or hybrid. The link types use the following VLAN tag handling methods: An access port belongs to only one VLAN and sends traffic untagged.
PVID setting on the port. HP recommends setting the same PVID ID for local and remote ports. Make sure that a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the PVID or untagged frames (including protocol packets such as MSTP BPDUs), the port filters out these frames.
Actions (in the inbound direction) Actions (in the outbound Port type direction) Untagged frame Tagged frame Receives the frame if its VLAN ID is the same as the PVID Tags the frame with the Removes the VLAN tag and Access PVID tag ...
Step… Command… Remarks Required. Enter Layer 2 interface interface- Ethernet type interface- Use any command: interface view number The configuration made in Layer 2 Ethernet interface view only applies to the port. The configuration made in port group view Enter applies to all ports in the port group.
Step… Command… Remarks applies to all ports in the port group. The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports. If the system fails to apply the configuration to the aggregate Enter port port-group manual interface, it stops applying the...
To assign a hybrid port to one or multiple VLANs: Step… Command… Remarks Enter system view system-view — Enter Ethernet interface interface-type Required. interface view interface-number Use any command: Enter Layer 2 interface bridge- The configuration made in Ethernet aggregate aggregation interface- interface view only applies to the port.
Page 119
Figure 36 Network diagram for port-based VLAN configuration GE1/0/3 GE1/0/3 Device A Device B GE1/0/2 GE1/0/1 GE1/0/2 GE1/0/1 Host A Host B Host C Host D VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration procedure Configure Device A. # Create VLAN 100, and assign port GigabitEthernet 1/0/1 to VLAN 100. <DeviceA>...
GigabitEthernet1/0/1 [DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not configured Description: VLAN 0200 Name: VLAN 0200 Tagged Ports: GigabitEthernet1/0/3 Untagged Ports: GigabitEthernet1/0/2 Configuring MAC-based VLAN The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is usually used in conjunction with security technologies such as 802.1X to provide secure, flexible network access for terminal devices.
Page 121
address-to-VLAN entries, and enable the MAC-based VLAN feature and dynamic MAC-based VLAN assignment on the port. Dynamic MAC-based VLAN assignment uses the following workflows: When the port receives a frame, the port first determines whether the frame is tagged. If the frame is tagged, the port reports the source MAC address of the frame. If the frame is not tagged, the port selects a VLAN for the frame by tagging the untagged frame with the PVID tag and obtaining the tag, and then reports the source MAC address of the frame.
When a port is assigned to the corresponding VLAN in a MAC address-to-VLAN entry, but has not been assigned to the VLAN by using the port hybrid vlan command, the port sends packets from the VLAN with VLAN tags removed. If you configure both static and dynamic MAC-based VLAN assignment on the same port, dynamic MAC- based VLAN assignment applies.
Page 123
Step... Command... Remarks mac-vlan mac-address mac- Associate a specific MAC address [ mask mac-mask ] Required address with a VLAN vlan vlan-id [ priority priority Enter Ethernet interface interface-type Use either command: Enter interface view interface-number interface The configuration made in Ethernet view or interface view only applies to the port port...
Step... Command... Remarks Disable the PVID of the Optional port from forwarding By default, when a port receives a packets with unknown packet with an unknown source source MAC addresses port pvid disable MAC address that does not match to that do not match any any MAC address-to-VLAN entry, it MAC address-to-VLAN...
Page 126
# Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 1/0/1. Configure GigabitEthernet 1/0/1 as a hybrid port that sends packets of VLANs 100 and 200 untagged, and enable the MAC-based VLAN feature on it. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type hybrid [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait...
-------------------------------------------------------- 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN address count:2 Configuring protocol-based VLAN Use the protocol-based VLAN feature to assign packets to VLANs by their application type. The protocol-based VLAN feature assigns inbound packets to different VLANs based on their protocol type and encapsulation format.
Step… Command… Remarks Required. Enter Layer 2 interface interface-type Use any command: Ethernet interface-number The configuration made in Ethernet interface view interface view only applies to the port. The configuration made in port group view applies to all ports in the port group.
Page 129
Figure 39 Network diagram for protocol-based VLAN configuration VLAN 100 VLAN 200 IPv4 Server IPv6 Server GE1/0/11 GE1/0/12 GE1/0/1 GE1/0/2 Device L2 Switch A L2 Switch B IPv4 Host A IPv6 Host A IPv4 Host B IPv6 Host B VLAN 100 VLAN 200 VLAN 100 VLAN 200...
Page 130
# Configure port GigabitEthernet 1/0/1 as a hybrid port that forwards packets of VLANs 100 and 200 untagged. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. # Associate port GigabitEthernet 1/0/1 with the IPv4 protocol template of VLAN 100 and the IPv6 protocol template of VLAN 200.
ipv4 ipv6 Interface: GigabitEthernet 1/0/2 VLAN ID Protocol Index Protocol Type ====================================================== ipv4 ipv6 Configuring IP subnet-based VLAN In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet.
Step… Command… Remarks Required. Configure the hybrid ports to port hybrid vlan vlan-id-list By default, a hybrid port allows only permit the specified IP subnet- { tagged | untagged } packets from VLAN 1 to pass through based VLANs to pass through untagged.
Page 133
Configuration procedure # Associate IP subnet 192.168.5.0/24 with VLAN 100. <DeviceC> system-view [DeviceC] vlan 100 [DeviceC-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0 [DeviceC-vlan100] quit # Associate IP subnet 192.168.50.0/24 with VLAN 200. [DeviceC] vlan 200 [DeviceC-vlan200] ip-subnet-vlan ip 192.168.50.0 255.255.255.0 [DeviceC-vlan200] quit # Configure interface GigabitEthernet 1/0/1 1 to permit packets of VLAN 100 to pass through.
Configuring isolate-user-VLAN An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, the following types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device. The following are the characteristics of the isolate-user-VLAN implementation: Isolate-user-VLANs are used mainly for upstream data exchange. An isolate-user-VLAN can be ...
Page 136
To enable Layer 3 communication among secondary VLANs associated with the same isolate- user-VLAN, you must enable local proxy ARP on the upstream device (for example, Switch A in Figure 41). Associate the isolate-user-VLAN with the specified secondary VLANs. Step...
Configuring secondary VLANs You cannot configure the member port of a service loopback group as the upstream or downstream port of an isolate-user-VLAN. For more information about the service loopback group, see ―Setting a service loopback group configuration.‖ Step… Command… Remarks Enter system view system-view...
Associating secondary VLANs with an isolate-user-VLAN Step… Command… Remarks Enter system view system-view — Associate the specified secondary isolate-user-vlan isolate-user-vlan-id secondary VLANs with the specified isolate- Required secondary-vlan-id [ to secondary-vlan-id ] user-VLAN Displaying isolate-user-VLAN Task... Command... Remarks Display the mapping between an isolate- display isolate-user-vlan [ isolate-user- Available in any user-VLAN and its secondary VLANs and...
Page 139
Configure Device B. # Configure the isolate-user-VLAN. <DeviceB> system-view [DeviceB] vlan 5 [DeviceB-vlan5] isolate-user-vlan enable [DeviceB-vlan5] quit # Configure the secondary VLANs. [DeviceB] vlan 2 to 3 # Configure the uplink port GigabitEthernet 1/0/5 to operate in promiscuous mode in VLAN 5. [DeviceB] interface gigabitethernet 1/0/5 [DeviceB-GigabitEthernet1/0/5] port isolate-user-vlan 5 promiscuous [DeviceB-GigabitEthernet1/0/5] quit...
Page 140
[DeviceC-GigabitEthernet1/0/4] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceC] isolate-user-vlan 6 secondary 3 to 4 Verification # Display the isolate-user-VLAN configuration on Device B. [DeviceB] display isolate-user-vlan Isolate-user-VLAN VLAN ID : 5 Secondary VLAN ID : 2-3 VLAN ID: 5 VLAN Type: static Isolate-user-VLAN type : isolate-user-VLAN Route Interface: not configured...
Configuring GVRP GARP provides a generic framework for devices in a switched LAN, such as end stations and switches, to register and deregister attribute values. The GVRP is a GARP application that registers and deregisters VLAN attributes. GVRP uses the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for GVRP devices on the network.
Page 142
The value ranges for the Hold, Join, Leave, and LeaveAll timers are dependent on one another. See Table for their dependencies. HP's implementation of GARP uses the following timers to control GARP message transmission: Hold timer The Hold timer sets the delay that a GARP participant waits before sending a Join or Leave message.
Page 143
A device can send LeaveAll messages at the interval set by its LeaveAll timer or the LeaveAll timer of another device on the network, whichever is smaller. This is because each time a device on the network receives a LeaveAll message, it resets its LeaveAll timer. GARP PDU format Figure 44 GARP PDU format Ethernet frame...
Field Description Value 0x00: LeaveAll event 0x01: JoinEmpty event 0x02: JoinIn event Attribute event Event that the attribute describes 0x03: LeaveEmpty event 0x04: LeaveIn event 0x05: Empty event VLAN ID for GVRP If the value of the attribute event field is Attribute value Attribute value 0x00 (LeaveAll event), the attribute value...
Task Remarks Configuring GARP timers Optional GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes effect on the current interface only. GVRP configuration made in port group view takes effect on all member ports in the group. GVRP configuration made on a member port in an aggregation group only takes effect after the port is removed from the aggregation group.
Step… Command… Remarks Required Enable GVRP on the ports gvrp Disabled by default Optional Configure the GVRP registration mode on gvrp registration { fixed the port | forbidden | normal } normal by default Configuring GARP timers As shown in Table 15, the value ranges for GARP timers are dependent on one another;...
Step… Command… Remarks Optional garp timer leave timer- Configure the Leave timer value 60 centiseconds by default Displaying and maintaining GVRP Task… Command… Remarks Display statistics about GARP on display garp statistics [ interface interface-list ] [ | { Available in ports begin | exclude | include } regular-expression ] any view...
Page 148
Configuration procedure Configure Device A. # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1.
According to the output, information about VLAN 1, static VLAN information of VLAN 3 on the local device, and dynamic VLAN information of VLAN 2 on Device A are all registered through GVRP. Setting the GVRP fixed registration mode configuration Network requirements As shown in Figure...
# Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration. Use the display gvrp local-vlan command to view the local VLAN information that GVRP maintains on ports. For example: # Display the local VLAN information that GVRP maintains on port GigabitEthernet 1/0/1 of Device A. [DeviceA] display gvrp local-vlan interface gigabitethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default), 2...
Page 151
[DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 [DeviceA-vlan2] quit Configure Device B. # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all...
Configuring QinQ CVLANs, also called inner VLANs, see the VLANs that a customer uses on the private network. SVLANs, also called outer VLANs, see the VLANs that a service provider uses to carry VLAN tagged traffic for customers. QinQ is a flexible, easy-to-implement Layer 2 VPN technology based on IEEE 802.1Q. QinQ enables the edge device on a service provider network to insert an outer VLAN tag in the Ethernet frames from customer networks, so that the Ethernet frames travel across the service provider network (public network) with double VLAN tags.
1500-byte standard Ethernet frame. Implementing QinQ HP provides the following QinQ implementations: basic QinQ and selective QinQ. Basic QinQ Basic QinQ enables a port to tag any incoming frames with its port VLAN ID (PVID) tag, regardless of whether they have been tagged or not.
Modify the inner VLAN ID. Besides being able to separate the service provider network from the customer networks, selective QinQ provides abundant service features and enables more flexible networking. Modifying the TPID in a VLAN tag A VLAN tag uses the TPID field to identify the protocol type of the tag. The default value of this field, as defined in IEEE 802.1Q, is 0x8100.
Protocol type Value Cluster 0x88A7 Reserved 0xFFFD/0xFFFE/0xFFFF Protocols and standards IEEE 802.1Q: IEEE standard for local and metropolitan area networks: Virtual Bridged Local Area Networks Configuration task list QinQ requires configurations only on the service provider network. QinQ configurations made in Ethernet interface view take effect on the interface only. Those made in Layer 2 aggregate interface view take effect on the aggregate interface and all member ports in the aggregation group.
Basic QinQ can only tag received frames with the PVID tag of the receiving port. Selective QinQ allows adding different outer VLAN tags based on different inner VLAN tags. The A5830 Switch Series achieves the selective QinQ feature through QoS policies. To enable the switch to tag tagged packets based on inner VLAN tags, follow these steps: Configure a class to match packets with certain tags.
Configuring an inner-outer VLAN 802.1p priority mapping Through QoS policies, the A5830 Switch Series marks the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p priorities in the inner VLAN tags: To mark the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p priorities in the inner VLAN tags: Step...
Step... Command... Remarks Required Create a class and enter class traffic classifier classifier-name [ operator By default, the operator of view { and | or } ] a class is AND Match the specified inner VLAN IDs: if-match customer-vlan-id vlan-id-list Required Configure a match criterion ...
Step... Command... Remarks Configure a match criterion to match if-match customer-vlan-id vlan-id-list Required the specified inner VLAN IDs Configure a match criterion to match if-match service-vlan-id vlan-id Required the specified outer VLAN IDs Return to system view quit — Create a traffic behavior and enter traffic behavior behavior-name Required traffic behavior view...
QinQ configuration examples Setting basic QinQ configuration Network requirements As shown in Figure The two branches of Company A, Site 1 and Site 2, are connected through the service provider network and use CVLANs 10 through 70. The two branches of Company B, Site 3 and Site 4, are connected through the service provider network and use CVLANs 30 through 90.
Page 161
# Configure VLAN 100 as the PVID for the port. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable basic QinQ on the port. [PE1-GigabitEthernet1/0/1] qinq enable [PE1-GigabitEthernet1/0/1] quit Configure GigabitEthernet 1/0/2. # Configure GigabitEthernet 1/0/2 as a trunk port and assign it to VLAN 100 and VLAN 200. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200...
Configure GigabitEthernet 1/0/3. # Configure GigabitEthernet 1/0/3 as a trunk port and assign it to VLAN 100. [PE2] interface gigabitethernet 1/0/3 [PE2-GigabitEthernet1/0/3] port link-type trunk [PE2-GigabitEthernet1/0/3] port trunk permit vlan 100 # Configure VLAN 100 as the PVID for the port. [PE2-GigabitEthernet1/0/3] port trunk pvid vlan 100 # Enable basic QinQ on the port.
Page 163
Configure GigabitEthernet 1/0/1. # Configure GigabitEthernet 1/0/1 as a trunk port and assign it to VLANs 10 through 50. <PE1> system-view [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type trunk [PE1-GigabitEthernet1/0/1] port trunk permit vlan 10 to 50 # Enable basic QinQ on the port. [PE1-GigabitEthernet1/0/1] qinq enable # Configure the port to transparently transmit frames from VLANs 10 through 50.
Setting simple selective QinQ configuration Network requirements As shown in Figure The two branches of a company, Site 1 and Site 2, are connected through the service provider network and use CVLAN 10 and CVLAN 20 to transmit voice traffic and data traffic separately. ...
Page 165
# Create traffic behavior P100 and add the action of inserting outer VLAN tag 100. [PE1] traffic behavior P100 [PE1-behavior-P100] nest top-most vlan-id 100 [PE1-behavior-P100] quit # Create class A20 and configure the class to match frames with CVLAN 20. Create traffic behavior P200 and add the action of inserting outer VLAN tag 200.
[PE2] traffic behavior P100 [PE2-behavior-P100] nest top-most vlan-id 100 [PE2-behavior-P100] quit # Create class A20 and configure the class to match frames with CVLAN 20. Create traffic behavior P200 and add the action of inserting outer VLAN tag 200. [PE2] traffic classifier A20 [PE2-classifier-A20] if-match customer-vlan-id 20 [PE2-classifier-A20] quit [PE2] traffic behavior P200...
Page 167
Configure the edge and third-party devices to allow the voice traffic and data traffic to be transmitted between the two companies via SVLAN 100 SVLAN 200 separately. Figure 54 Network diagram for comprehensive selective QinQ configuration PE 1 PE 2 GE1/0/2 GE1/0/2 VLANs 100, 200...
Page 168
[PE1] traffic behavior P200 [PE1-behavior-P200] nest top-most vlan-id 200 [PE1-behavior-P200] quit # Create a QoS policy named qinq, associate traffic class A10 with traffic behavior P100, and associate traffic class A20 with traffic behavior P200. [PE1] qos policy qinq [PE1-qospolicy-qinq] classifier A10 behavior P100 [PE1-qospolicy-qinq] classifier A20 behavior P200 [PE1-qospolicy-qinq] quit # Enable basic QinQ on the port.
Page 169
[PE1-GigabitEthernet1/0/2] qos apply policy sqinq outbound # Set the TPID value in the outer tag to 0x8200. [PE1-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200 [PE1-GigabitEthernet1/0/2] quit Configure PE 2. Configure GigabitEthernet 1/0/1. # Configure GigabitEthernet 1/0/1 as a hybrid port to permit frames of VLAN 100 and VLAN 200 to pass through untagged.
Page 170
# Create class A100 and configure the class to match frames with CVLAN 30 and SVLAN 100. [PE2] traffic classifier A100 [PE2-classifier-A100] if-match customer-vlan-id 30 [PE2-classifier-A100] if-match service-vlan-id 100 [PE2-classifier-A100] quit # Configure traffic behavior T100 to mark matching packets with CVLAN 10. [PE2] traffic behavior T100 [PE2-behavior-T100] remark customer-vlan-id 10 [PE2-behavior-T100] quit...
Configuring VLAN mapping VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP provides the following types of VLAN mapping: One-to-one VLAN mapping—Replaces one VLAN tag with another. use one-to-one VLAN mapping to sub-classify traffic from a particular VLAN for granular QoS control.
Figure 57 Basic concepts of VLAN mapping Network-side port Customer-side port Uplink traffic Downlink traffic Uplink traffic—Traffic transmitted from the customer network to the service provider network. Downlink traffic—Traffic transmitted from the service provider network to the customer network. ...
Page 175
Figure 58 One-to-one VLAN mapping implementation Inbound uplink policy CVLAN Data SVLAN Data Customer SP network Network CVLAN Data SVLAN Data Outbound downlink policy Network-side port Customer-side port Uplink traffic Downlink traffic Many-to-one VLAN mapping Implement many-to-one VLAN mapping through the following configurations, as shown in Figure Apply an uplink policy to the incoming traffic on the customer-side port to map different CVLAN IDs ...
Figure 60 One-to-two VLAN mapping Inbound uplink policy CVLAN Data SVLAN CVLAN Data Customer SP network Network CVLAN Data SVLAN CVLAN Data Hybrid port, an untagged member of SVLANs Network-side port Customer-side port Uplink traffic Downlink traffic Two-to-two VLAN mapping Implement two-to-two VLAN mapping through the following configurations, as shown in Figure For uplink traffic, apply an inbound policy on the customer-side port to replace the SVLAN with a...
Configuring one-to-one VLAN mapping Perform one-to-one VLAN mapping on wiring-closet switches (see Figure 55) to isolate traffic by both user and traffic type. Perform these tasks to configure one-to-one VLAN mapping: Task Description Configuring an uplink policy Creates CVLAN-to-SVLAN mappings (required) Configuring a downlink policy Creates SVLAN-to-CVLAN mappings (required) Configuring the customer-side port...
Page 178
Step... Command... Remarks Return to system view quit Create a traffic behavior and traffic behavior behavior-name enter traffic behavior view Required Configure a CVLAN marking Repeat these steps to configure a remark customer-vlan-id vlan-id action behavior for each CVLAN Return to system view quit Create a QoS policy and qos policy policy-name...
Configuring many-to-one VLAN mapping CAUTION: Before changing VLAN mappings on a port, clear all DHCP snooping entries by using the reset dhcp- Layer 3—IP Services Command Reference snooping command (see Perform many-to-one VLAN mapping on campus switches (see Figure 55) to transmit the same type of traffic from different users in one VLAN.
Page 180
Step... Command... Remarks Required Enable ARP detection arp detection enable Disabled by default Configuring an uplink policy To configure an uplink policy to map a group of CVLANs to one SVLAN: Step... Command... Remarks Enter system view system-view — Create a class and enter class traffic classifier tcl-name operator view Required...
Step... Command... Remarks Set the port as a DHCP Required snooping trusted port and dhcp-snooping trust no- disable the port to record IP- By default, all ports are DHCP snooping user-binding to-MAC bindings for DHCP untrusted ports clients Required Enable customer-side QinQ qinq enable downlink By default, customer-side QinQ is disabled on all ports...
Page 182
Task Description Configures VLAN and other settings required for one-to-two Configuring the network-side port VLAN mapping (required) Configuration prerequisites Create VLANs, and plan CVLAN-to-SVLAN mappings. Configuring an uplink policy To configure an uplink policy to insert an SVLAN to VLAN tagged packets: Step...
Step... Command... Remarks Apply the uplink policy qos apply policy policy- Required to the incoming traffic name inbound Configuring the network-side port To configure the network-side port: Step... Command... Remarks Enter system view system-view — Enter Ethernet interface interface interface-type —...
Page 184
To configure an uplink policy for the customer-side port: Step... Command... Remarks Enter system view system-view — Create a class and enter traffic classifier tcl-name [ operator class view and ] Required Specify a foreign CVLAN if-match customer-vlan-id vlan-id Repeat these steps to create one as a match criterion class for each foreign CVLAN and Specify a foreign SVLAN...
Page 185
Step... Command... Remarks Create a QoS policy and enter qos policy policy-name Required QoS policy view Required Associate the class with the classifier tcl-name behavior Repeat this step to create behavior behavior-name other class-behavior associations Configuring a downlink policy for the customer-side port The downlink policy on the customer-side port replaces local SVLAN and CVLAN pairs with foreign SVLAN and CVLAN pairs.
Page 186
Step... Command... Remarks interface interface-type interface- Enter Ethernet interface view — number Required Configure the port as a trunk port link-type trunk The default link type of an port Ethernet port is access Required Assign the port to the local port trunk permit vlan { vlan-id-list By default, a trunk port is in only SVLANs...
Setting VLAN mapping configurations Setting one-to-one and many-to-one VLAN mapping configuration Network requirements As shown in Figure Each home is offered PC, VoD, and VoIP services, connects to a wiring-closet switch through the home gateway, and obtains the IP address through DHCP. ...
<SwitchD> system-view [SwitchD] dhcp-snooping # Assign port GigabitEthernet 1/0/1 to SVLANs 501 to 503. [SwitchD] interface gigabitethernet 1/0/1 [SwitchD-GigabitEthernet1/0/1] port link-type trunk [SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 501 502 503 Setting one-to-two and two-to-two VLAN mapping configuration Network requirements As shown in Figure Two VPN A branches, Site 1 and Site 2, are in VLAN 10 and VLAN 30, respectively.
Page 194
# Configure customer-side port GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLAN 100 as an untagged member, so the port forwards VLAN 100 traffic with the VLAN tag removed. On the port, enable basic QinQ, and apply uplink policy test to the incoming traffic. [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type hybrid [PE1-GigabitEthernet1/0/1] port hybrid vlan 100 untagged...
Page 195
[PE3-behavior-down_downlink] remark service-vlan-id 100 [PE3-behavior-down_downlink] quit [PE3] qos policy down_downlink [PE3-qospolicy-down_downlink] classifier down_downlink behavior down_downlink [PE3-qospolicy-down_downlink] quit # Configure an uplink policy up_uplink for network-side port GigabitEthernet 1/0/2 to substitute CVLAN 30 for the CVLAN ID of the outgoing traffic tagged with CVLAN 10 and SVLAN 200. [PE3] traffic classifier up_uplink [PE3-classifier-up_uplink] if-match customer-vlan-id 10 [PE3-classifier-up_uplink] if-match service-vlan-id 200...
Page 196
[PE4] interface gigabitethernet 1/0/1 [PE4-GigabitEthernet1/0/1] port link-type trunk [PE4-GigabitEthernet1/0/1] port trunk permit vlan 200 # Configure port GigabitEthernet 1/0/2 as a hybrid port, and assign it to VLAN 200 as un untagged member, so the port forwards VLAN 200 traffic with the VLAN tag removed. Enable basic QinQ, and apply uplink policy test to the incoming traffic on the port.
Configuring LLDP In a heterogeneous network, a standard configuration exchange platform makes sure that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The IETF drafted the LLDP in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Table 17 Fields in an Ethernet II-encapsulated LLDPDU Field Description The MAC address to which the LLDPDU is advertised. It is fixed to 0x0180- Destination MAC address C200-000E, a multicast MAC address. The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used.
Page 199
Specifies the management address, and the interface number Management Address and OID associated with the address IEEE 802.1 organizationally specific TLVs HP devices support only receiving protocol identity TLVs. Layer 3 Ethernet ports do not support IEEE 802.1 organizationally specific TLVs. ...
Page 200
IEEE 802.3 organizationally specific TLVs The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. HP devices send this type of TLVs only after receiving them. Table 21 IEEE 802.3 organizationally specific TLVs...
Type Description Manufacturer Name Allows a terminal device to advertise its vendor name Model Name Allows a terminal device to advertise its model name Allows a terminal device to advertise its asset ID Asset ID The typical case is that the user specifies the asset ID for the endpoint to facilitate directory management and asset tracking Allows a network device to advertise the appropriate location Location Identification...
value in the Time to Live TLV carried in the LLDPDU. If the TTL value is zero, the information ages out immediately. Protocols and standards IEEE 802.1AB-2005, Station and Media Access Control Connectivity Discovery ANSI/TIA- 1 057, Link Layer Discovery Protocol for Media Endpoint Devices ...
Step… Command… Remarks view or port port-group manual Enter port group view group port-group-name view Optional Enable LLDP lldp enable By default, LLDP is enabled on a port Setting the LLDP operating mode LLDP can operate in one of the following modes. TxRx mode—A port in this mode sends and receives LLDPDUs.
Step… Command… Remarks Enter system view system-view — Enter Enter Layer 2/Layer 3 interface interface-type interface- Ethernet Ethernet interface view number Required interface Use either command view or port Enter port group view port-group manual port-group-name group view Required Enable LLDP polling and set the lldp check-change-interval interval polling interval Disabled by default...
By default, management addresses are encoded in numeric format. If a neighbor encoded its management address in character string format, you must configure the encoding format of the management address as string on the connecting port to guarantee normal communication with the neighbor.
Set the LLDPDU transmit interval to be no less than four times the LLDPDU transmit delay. If the LLDPDU transmit delay is greater than the LLDPDU transmit interval, the device uses the LLDPDUs transmit delay as the transmit interval. To change the TTL multiplier: Step…...
LLDP traps are sent periodically, and the interval is configurable. To prevent excessive LLDP traps from being sent when the topology is unstable, set a trap transmit interval for LLDP. To configure LLDP trapping: Step… Command… Remarks Enter system view system-view —...
Configuration examples Basic LLDP configuration example Network requirements As shown in Figure 67, the NMS and Switch A are located in the same Ethernet. An MED device and Switch B are connected to GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A. Enable LLDP on the ports of Switch A and Switch B to monitor the link between Switch A and Switch B and the link between Switch A and the MED device on the NMS.
Page 209
[SwitchB-GigabitEthernet1/0/1] quit Verify the configuration # Display the global LLDP status and port LLDP status on Switch A. [SwitchA] display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days,0 hours,4 minutes,40 seconds Transmit interval : 30s...
Page 210
Hold multiplier Reinit delay : 2s Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [GigabitEthernet1/0/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s Number of neighbors Number of MED neighbors Number of sent optional TLV Number of received unknown TLV...
Configuring a service loopback group To increase traffic redirecting throughput, bundle multiple Ethernet ports of a device together, to increase bandwidth and implement load sharing. The ports that act as a logical link form a service loopback group. A service loopback group must contain at least one Ethernet port as its member port, called a service loopback port.
Figure 68 Set the state of each member port in a service loopback group Set the state of a member port Speed, duplex mode, and hardware attributes same as the reference port? More candidate ports than Port number low enough allowed max.
Step… Command… Remarks Required Assign the Ethernet By default, a port does not belong to interface to the port service-loopback group any service loopback group specified service number Perform this command on different ports loopback group to assign multiple ports to a service loopback group Displaying service loopback groups Task…...
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. ...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 217
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 234
uplink policy configuration, 175 configuring link type, 73 operational key, 27 configuring link-aggregation group, 32 outer VLAN. See SVLAN configuring link-aggregation load-sharing, 36 outputting port state information, 74 configuring local-first load-sharing, 38 packet configuring MAC address port learning limit, 21 configuring BPDU tunneling, 94, 96, 97 configuring MAC address table entry, 18 configuring BPDU tunneling destination multicast...
Page 235
link-aggregation member, 26 assigning port to group, 44 MAC address learning, 17 configuration, 44 MAC address table configuration, 17, 18 group configuration, 44 MAC Information configuration, 23, 24 spanning tree configuration, 46, 63, 86 manually configuring MAC address entries, 17 using configuration, 45 member state (link-aggregation), 30, 31 port-based VLAN, 102...