H3C S5120-SI series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S5120-SI Series
  6. Configuration manual

H3C S5120-SI series Configuration Manual

Hide thumbs Also See for S5120-SI series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Operating Manual
H3C S5120-SI Switch Series
Layer 2 - LAN Switching Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 1515
Document version: 6W100-20150906

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5120-SI series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S5120-SI series

Summary of Contents for H3C S5120-SI series

  • Page 1 H3C S5120-SI Switch Series Layer 2 - LAN Switching Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 1515 Document version: 6W100-20150906...
  • Page 2 Copyright © 2015, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
  • Page 3 Layer 2 loops, isolate users within a VLAN, transmit customer network packets through the public network, and so on. This preface includes the following topics about the documentation: Audience. • Conventions. • About the H3C S5120-SI documentation set. • Obtaining documentation. • •...
  • Page 4 Convention Description The argument or keyword and argument combination before the ampersand (&) sign can &<1-n> be entered 1 to n times. A line that starts with a pound (#) sign is comments. GUI conventions Convention Description Window names, button names, field names, and menu items are in Boldface. For Boldface example, the New User window appears;...

  • Page 5: Obtaining Documentation

    Release notes compatibility matrix, version upgrade information, maintenance technical support information, and software upgrading. Obtaining documentation Access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the following links to obtain different categories of product documentation:...

  • Page 6: Technical Support

    [Products & Solutions]—Provides information about products and technologies, as well as solutions. [Software Download]—Provides the documentation released with the software version. Technical support service@h3c.com http://www.h3c.com Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 7: Table Of Contents

    Contents Ethernet interface configuration ·································································································································· 1   Ethernet interface naming conventions ··························································································································· 1   Configuring basic settings of an Ethernet interface ······································································································· 1   Configuring duplex mode and speed on an Ethernet interface ·········································································· 1   Setting speed options for auto negotiation on an Ethernet interface ·································································· 2  ...
  • Page 8 Configuring a dynamic aggregation group ······································································································· 31   Configuring an aggregate interface ···························································································································· 32   Configuring the description of an aggregate interface ····················································································· 33   Enabling link state traps for an aggregate interface ························································································· 33   Shutting down an aggregate interface ··············································································································· 33  ...
  • Page 9 Enabling the spanning tree feature ····················································································································· 76   Performing mCheck ··············································································································································· 77   Configuring the VLAN Ignore feature ················································································································· 78   Configuring Digest Snooping ······························································································································· 79   Configuring No Agreement Check······················································································································ 81   Configuring protection functions ·························································································································· 83   Enabling SNMP notifications for PVST topology changes ················································································ 87  ...
  • Page 10 GVRP configuration ················································································································································· 132   Introduction to GVRP ···················································································································································· 132   GARP ···································································································································································· 132   GVRP ····································································································································································· 135   Protocols and standards ····································································································································· 136   GVRP configuration task list ········································································································································ 136   Configuring GVRP functions ········································································································································ 136   Configuring GARP timers ············································································································································ 137  ...
  • Page 11 Index ········································································································································································ 171  ...

  • Page 12: Ethernet Interface Configuration

    Ethernet interface configuration This chapter includes these sections: Ethernet interface naming conventions • Configuring basic settings of an Ethernet interface • Displaying and maintaining an Ethernet interface • Ethernet interface naming conventions The Ethernet interfaces on the S5120-SI Switch Series are numbered in the format of interface-type A/B/C: A represents the ID of the switch in an IRF virtual device.

  • Page 13: Setting Speed Options For Auto Negotiation On An Ethernet Interface

    To do… Use the command… Remarks Optional By default, the description of an Change the description of the interface is the interface name description text interface followed by the "Interface" string, GigabitEthernet1/0/1 Interface for example. Optional The optical port of an SFP port and the electrical port of an Ethernet port whose port rate is configured as Set the duplex mode...

  • Page 14: Configuring Flow Control On An Ethernet Interface

    Figure 1 Speed auto negotiation application scenario As shown in Figure 1, the network card speed of each server in the server cluster (Server 1, Server 2, and Server 3) is 1000 Mbps, and the speed of GigabitEthernet 1/0/4, which provides access to the external network for the server group, is 1000 Mbps too.

  • Page 15: Configuring Link Down Suppression On An Ethernet Interface

    Follow these steps to enable flow control on an interface: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Required Enable flow control flow-control By default, receive flow control is disabled on an interface.

  • Page 16: Configuring A Port Group

    Figure 2 Internal loopback testing External loopback testing, which tests the hardware of Ethernet interfaces. As shown in Figure • external loopback testing is performed on Port 1. To perform external loopback testing on an Ethernet interface, insert a loopback plug into the port. During the external loopback testing, the port sends out a certain number of test packets, which are looped over the plug and back to the interface.

  • Page 17: Enabling The Auto Power-Down Function On An Ethernet Interface

    You create port groups manually. All settings made for a port group apply to all the member ports of the group. For example, you can configure a traffic suppression threshold (see "Configuring Storm Suppression on an Ethernet Interface") for multiple interfaces in bulk by assigning these interfaces to a port group.
  • Page 18 Storm control, which enables you to shut down Ethernet interfaces or block traffic when monitored • traffic exceeds the traffic threshold. It also enables an interface to send trap or log messages when monitored traffic reaches a certain traffic threshold, depending on your configuration. For a particular type of traffic, configure either storm suppression or storm control, but not both.

  • Page 19: Setting The Statistics Polling Interval

    When the traffic exceeds its higher threshold, the interface does either of the following, depending on your configuration: Blocks the particular type of traffic, while forwarding other types of traffic. Even though the interface • does not forward the blocked traffic, it still counts the traffic. When the blocked traffic is detected dropping below the threshold, the interface begins to forward the traffic.

  • Page 20: Configuring Jumbo Frame Support

    To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Optional Set the statistics polling interval on flow-interval interval The default interface statistics the Ethernet interface polling interval is 300 seconds. To display the interface statistics collected in the last polling interval, use the display interface command.
  • Page 21 Table 1 Actions to take upon detection of a loop condition Actions Port type The default protective action is used A protective action is configured • Perform the configured protective • Place the receiving interface in controlled mode. action. The interface does not receive or send packets. •...
  • Page 22 To do… Use the command… Remarks Optional By default, the action for loop protection is block, so that a looped interface is blocked and does not receive or send packets. Set the protective action to take on loopback-detection action { block | With the shutdown keyword the interface when a loop is shutdown }...

  • Page 23: Setting The Mdi Mode Of An Ethernet Interface

    impact of the loop condition. For more information, see "Enabling loopback detection on an Ethernet interface." Multi-port loopback detection is implemented on the basis of single-port loopback detection configurations on Ethernet interfaces. To implement multi-port loopback detection, you must enable single-port loopback detection on one or multiple Ethernet interfaces on the switch.

  • Page 24: Enabling Bridging On An Ethernet Interface

    Follow these steps to set the MDI mode of an Ethernet interface: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Optional Set the MDI mode of the Ethernet By default, a copper Ethernet mdi { across | auto | normal } interface interface operates in auto mode to...

  • Page 25: Displaying And Maintaining An Ethernet Interface

    To do… Use the command… Remarks Test the cable connected to the virtual-cable-test Required Ethernet interface Displaying and maintaining an Ethernet interface To do… Use the command… Remarks display interface [ interface-type ] brief [ down ] [ | { begin | exclude | include } regular-expression ] Display Ethernet interface Available in any view display interface interface-type interface-number...

  • Page 26: Loopback And Null Interface Configuration

    Loopback and null interface configuration This chapter includes these sections: Loopback interface • Null interface • Displaying and maintaining loopback and null interfaces • Loopback interface Introduction to loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits. The physical layer state and link layer protocols of a loopback interface are always up unless the •...

  • Page 27: Configuring A Loopback Interface

    Configuring a loopback interface Follow these steps to configure a loopback interface: To do… Use the command… Remarks Enter system view system-view — Create a Loopback interface and interface loopback — enter Loopback interface view interface-number Optional Set a description for the loopback By default, the description of an description text interface...

  • Page 28: Displaying And Maintaining Loopback And Null Interfaces

    To do… Use the command… Remarks Required The Null 0 interface is the default null interface Enter null interface view interface null 0 on your switch. It cannot be manually created or removed. Optional Set a description for the By default, the description of an interface is the description text null interface interface name followed by the "Interface"...

  • Page 29: Mac Address Table Configuration

    MAC address table configuration NOTE: This document covers the configuration of unicast MAC address table entries, including static, dynamic, and blackhole MAC address table entries. For information about configuring static multicast MAC IP Multicast Configuration Guide address table entries, see This chapter includes these sections: Overview •...

  • Page 30: Types Of Mac Address Table Entries

    Manually configuring MAC address entries With dynamic MAC address learning, a switch does not distinguish between illegitimate and legitimate frames, which can invite security hazards. For example, if a hacker sends frames with a forged source MAC address to a port different from the one where the real MAC address is connected to, the switch will create an entry for the forged MAC address, and forward frames destined for the legal user to the hacker instead.

  • Page 31: Manually Configuring Mac Address Table Entries

    NOTE: The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces. Manually configuring MAC address table entries To fence off MAC address spoofing attacks and improve port security, you can manually add static MAC address table entries to bind ports with MAC addresses.

  • Page 32: Configuring The Mac Learning Limit On Ports

    To do… Use the command… Remarks Enter system view system-view — Optional Configure the aging timer for mac-address timer { aging seconds dynamic MAC address entries | no-aging } 300 seconds by default. You can reduce broadcasts on a stable network by disabling the aging timer to prevent dynamic entries from unnecessarily aging out.

  • Page 33: Mac Address Table Configuration Example

    To do… Use the command… Remarks Display MAC address display mac-address statistics [ | { begin | exclude | Available in any view statistics include } regular-expression ] MAC address table configuration example Network requirements • The MAC address of one host is 000f-e235-dc71 and belongs to VLAN 1. It is connected to GigabitEthernet 1/0/1 of the device.

  • Page 34: Ethernet Link Aggregation Configuration

    Ethernet link aggregation configuration This chapter includes these sections: Overview • Ethernet link aggregation configuration task list • Displaying and maintaining Ethernet link aggregation • • Ethernet link aggregation configuration examples Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an aggregate link.
  • Page 35 NOTE: The rate of an aggregate interface equals the total rate of its member ports in the Selected state, and its duplex mode is the same as the selected member ports. For more information about the states of member ports in an aggregation group, see "Aggregation states of member ports in an aggregation group."...
  • Page 36 Class-one configurations do not affect the aggregation state of the member port even if they are • different from those on the aggregate interface. GVRP and MSTP settings are examples of class-one configurations. NOTE: The class-one configuration for a member port is effective only when the member port leaves the aggregation group.

  • Page 37: Aggregating Links In Static Mode

    Table 4 LACP priorities Type Description Remarks Used by two peer devices (or systems) to determine which one is superior in link aggregation. System LACP The smaller the In dynamic link aggregation, the system that has higher system LACP priority priority value, priority sets the Selected state of member ports on its side first and then the higher the...
  • Page 38 Choosing a reference port The system chooses a reference port from the member ports that are in the up state and have the same class-two configurations as the aggregate interface. The candidate ports are sorted by aggregation priority, duplex, and speed in this order: lowest aggregation priority, full duplex/high speed, full duplex/low speed, half duplex/high speed, and half duplex/low speed.

  • Page 39: Aggregating Links In Dynamic Mode

    Aggregating links in dynamic mode LACP is automatically enabled on all member ports in a dynamic aggregation group. The protocol automatically maintains the aggregation state of ports. The dynamic link aggregation procedure comprises: Choosing a reference port • • Setting the aggregation state of each member port Choosing a reference port The local system (the actor) and the remote system (the partner) negotiate a reference port using the following workflow:...
  • Page 40 Figure 7 Set the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the remote system, sets the aggregation state of local member ports the same as their peer ports. NOTE: To ensure stable aggregation state and service continuity, do not change port attributes or class-two •...

  • Page 41: Load Sharing Criteria For Link Aggregation Groups

    Load sharing criteria for link aggregation groups In a link aggregation group, traffic may be load-shared across the selected member ports based on a set of criteria, depending on your configuration. You can choose one of the following criteria or any combination of them for load sharing: MAC addresses •...

  • Page 42: Configuring A Static Aggregation Group

    CAUTION: Removing an aggregate interface also removes the corresponding aggregation group. At the same time, all member ports leave the aggregation group. Configuring a static aggregation group NOTE: To guarantee a successful static aggregation, ensure that the ports at both ends of each link are in the same aggregation state.

  • Page 43: Configuring An Aggregate Interface

    To do... Use the command... Remarks Optional By default, the system LACP priority is 32768. Set the system LACP priority lacp system-priority system-priority Changing the system LACP priority may affect the aggregation state of the ports in a dynamic aggregation group.

  • Page 44: Configuring The Description Of An Aggregate Interface

    Configuring the description of an aggregate interface You can configure the description of an aggregate interface for administration purposes such as describing the purpose of the interface. Follow these steps to configure the description of an aggregate interface: To do... Use the command...

  • Page 45: Configuring Load Sharing For Link Aggregation Groups

    To do... Use the command... Remarks Enter system view system-view — Enter Layer 2 aggregate interface interface bridge-aggregation — view interface-number Required Shut down the aggregate interface shutdown By default, aggregate interfaces are up. Configuring load sharing for link aggregation groups Configuring load sharing criteria for link aggregation groups You can determine how traffic is load-shared across a link aggregation group by configuring load...

  • Page 46: Enabling Local-First Load Sharing For Link Aggregation

    Enabling local-first load sharing for link aggregation IMPORTANT: Local-first load sharing for link aggregation takes effect on only known unicast packets. Use the local-first load sharing mechanism in a multi-switch link aggregation scenario to distribute traffic preferentially across all member ports on the ingress switch rather than all member ports. When you aggregate ports on different member switches in an IRF fabric, you can use local-first load sharing to reduce traffic on IRF links, as shown in Figure...

  • Page 47: Displaying And Maintaining Ethernet Link Aggregation

    To do... Use the command... Remarks Enter system view system-view — Optional Enable link-aggregation traffic link-aggregation lacp redirection traffic-redirect-notification enable Disabled by default. CAUTION: Link-aggregation traffic redirection applies only to dynamic link aggregation groups and only to known • unicast packets. To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of the •...

  • Page 48: Ethernet Link Aggregation Configuration Examples

    Ethernet link aggregation configuration examples NOTE: In an aggregation group, only ports that have the same port attributes and class-two configurations (see "Configuration classes") as the reference port (see "Reference port") can operate as Selected ports. You must ensure that all member ports have the same port attributes and class-two configurations as the reference port.
  • Page 49 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1...

  • Page 50: Layer 2 Dynamic Aggregation Configuration Example

    ------------------------------------------------------------------------------- BAGG1 none Shar The output shows that link aggregation group 1 is a load shared Layer 2 static aggregation group and it contains three Selected ports. # Display the global link-aggregation load sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address The output shows that all link aggregation groups created on the device perform load sharing based on...
  • Page 51 # Create VLAN 20, and assign port GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-aggregation 1, and configure the link aggregation mode as dynamic. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1 one at a time.
  • Page 52 Actor System ID: 0x8000, 000f-e2ff-0001 Partner ID Select Unselect Share Interface Mode Ports Ports Type ------------------------------------------------------------------------------- BAGG1 0x8000, 000f-e2ff-0002 Shar The output shows that link aggregation group 1 is a load shared Layer 2 dynamic aggregation group and it contains three Selected ports. # Display the global link-aggregation load sharing criteria on Device A.

  • Page 53: Port Isolation Configuration

    Port isolation configuration This chapter includes these sections: Introduction to port isolation • Configuring an isolation group • Displaying and maintaining isolation groups • • Port isolation configuration example Introduction to port isolation Usually, Layer 2 traffic isolation is achieved by assigning ports to different VLANs. To save VLAN resources, port isolation is introduced to isolate ports within a VLAN, allowing for great flexibility and security.

  • Page 54: Displaying And Maintaining Isolation Groups

    To do… Use the command… Remarks Required Add the port/ports to an port-isolate enable group isolation group as an isolated No ports are added to an isolation group-number port/isolated ports group by default. Displaying and maintaining isolation groups To do… Use the command…...
  • Page 55 [Device-GigabitEthernet1/0/1] port-isolate enable group 2 [Device-GigabitEthernet1/0/1] quit [Device] interface gigabitethernet 1/0/2 [Device-GigabitEthernet1/0/2] port-isolate enable group 2 [Device-GigabitEthernet1/0/2] quit [Device] interface gigabitethernet 1/0/3 [Device-GigabitEthernet1/0/3] port-isolate enable group 2 # Display information of isolation group 2. <Device> display port-isolate group 2 Port-isolate group information: Uplink port support: YES Group ID: 2 Group members:...

  • Page 56: Spanning Tree Configuration

    Spanning tree configuration As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, putting them in a standby state, which still allows for link redundancy. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), Per VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).

  • Page 57: Basic Concepts In Stp

    Configuration BPDUs contain sufficient information for the network devices to complete spanning tree calculation. Important fields in a configuration BPDU include the following: Root bridge ID—Comprises the priority and MAC address of the root bridge. • Root path cost—The cost of the path to the root bridge. •...

  • Page 58: Calculation Process Of The Stp Algorithm

    Figure 12 Schematic diagram of designated bridges and designated ports Path cost Path cost is a reference value used for link selection in STP. STP calculates path costs to select the most robust links and block redundant links that are less robust, to prune the network into a loop-free tree. Calculation process of the STP algorithm NOTE: The spanning tree calculation process described in the following sections is a simplified process for...
  • Page 59 Step Description Based on the configuration BPDU and the path cost of the root port, the device calculates a designated port configuration BPDU for each of the other ports. • The root bridge ID is replaced with that of the configuration BPDU of the root port. •...
  • Page 60 Figure 13 The STP algorithm As shown in Figure 13, the priority values of Device A, Device B, and Device C are 0, 1, and 2, and the path costs of links among the three devices are 5, 10, and 4 respectively. Initial state of each device Table 10 Initial state of each device Device...
  • Page 61 Table 11 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison • Port A1 receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}, finds that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU, and discards the received one.
  • Page 62 Configuration BPDU on Device Comparison process ports after comparison • Device C compares the configuration BPDUs of all its ports, decides that the configuration BPDU of Port C1 is the optimum, and selects Port C1 as the root port with the configuration BPDU unchanged.
  • Page 63 Figure 14 The final calculated spanning tree The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded following these guidelines: Upon network initiation, every device regards itself as the root bridge, generates configuration • BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval. If the root port received a configuration BPDU and the received configuration BPDU is superior to •...

  • Page 64: Rstp

    The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded. RSTP RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster than STP.

  • Page 65: Mstp Features

    MSTP features Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP, RSTP, and PVST. In addition to supporting rapid network convergence, it also provides a better load sharing mechanism for redundant links by allowing data flows of different VLANs to be forwarded along separate paths. MSTP provides the following features: MSTP divides a switched network into multiple regions, each of which contains multiple spanning •...
  • Page 66 Figure 16 Network diagram and topology of MST region 3 To MST region 4 MST region 3 Device A Device B MSTI 1 MSTI 2 Regional root MSTI Device C Device D MSTI 0 VLAN 1 MSTI 1 Topology of MSTIs in MST region 3 VLAN 2&3 MSTI 2 Other VLANs...
  • Page 67 An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 15, MSTI 0 is the IST in MST region 3. CIST The common and internal spanning tree (CIST) is a single spanning tree that connects all devices in a switched network.
  • Page 68 MSTP calculation involves the following port roles: • Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. Designated port—Forwards data to the downstream network segment or device. • Alternate port—The backup port for a root port or master port. When the root port or master port •...

  • Page 69: How Mstp Works

    How MSTP works MSTP divides an entire Layer 2 network into multiple MST regions, which are connected by a calculated CST. Inside an MST region, multiple spanning trees are calculated. Each spanning tree is called an "MSTI." Among these MSTIs, MSTI 0 is the IST. Like STP, MSTP uses configuration BPDUs to calculate spanning trees.

  • Page 70: Spanning Tree Configuration Task Lists

    Spanning tree configuration task lists Before configuring a spanning tree, you must determine the spanning tree protocol to be used (STP, RSTP, PVST, or MSTP) and plan the device roles (the root bridge or leaf node). NOTE: If GVRP and a spanning tree protocol are enabled on a device at the same time, GVRP packets are •...

  • Page 71: Rstp Configuration Task List

    Task Remarks Required Setting the spanning tree mode Configure the device to work in STP mode. Configuring the device priority Optional Configuring the timeout factor Optional Configuring the leaf Configuring the maximum port rate Optional nodes Configuring path costs of ports Optional Configuring the port priority Optional...

  • Page 72: Pvst Configuration Task List

    Task Remarks Configuring edge ports Optional Configuring path costs of ports Optional Configuring the port priority Optional Configuring the port link type Optional Enabling the output of port state transition information Optional Enabling the spanning tree feature Required Performing mCheck Optional Configuring the VLAN Ignore feature Optional...

  • Page 73: Mstp Configuration Task List

    Task Remarks Configuring the port priority Optional Configuring the port link type Optional Enabling the output of port state transition information Optional Enabling the spanning tree feature Required Performing mCheck Optional Configuring the VLAN Ignore feature Optional Configuring protection functions Optional Enabling SNMP notifications for PVST topology changes Optional...

  • Page 74: Configuring The Spanning Tree

    VLANs for which PVST maintains instances does not exceed the lowest n. An H3C device running PVST can communicate with third-party devices running PVST or Rapid PVST. When H3C devices running...

  • Page 75: Configuring An Mst Region

    On a trunk or hybrid port, the PVST mode is compatible with any other spanning tree mode in only • VLAN 1. Follow these steps to set the spanning tree mode: To do… Use the command… Remarks Enter system view system-view —...

  • Page 76: Configuring The Root Bridge Or A Secondary Root Bridge

    To do… Use the command… Remarks display stp region-configuration [ | Optional Display the activated configuration { begin | exclude | include } information of the MST region Available in any view regular-expression ] NOTE: Two or more spanning tree devices belong to the same MST region only if they are configured to have •...

  • Page 77: Configuring The Device Priority

    Configuring the current device as a secondary root bridge of a specific spanning tree Follow these steps to configure the current device as a secondary root bridge of a specific spanning tree: To do… Use the command… Remarks Enter system view system-view —...

  • Page 78: Configuring The Maximum Hops Of An Mst Region

    Configuring the maximum hops of an MST region By setting the maximum hops of an MST region, you can restrict the region size. The maximum hops configured on the regional root bridge will be used as the maximum hops of the MST region. Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value.
  • Page 79 Max age ≥ 2 × (hello time + 1 second) H3C does not recommend you to manually set the spanning tree timers. Instead, you can specify the network diameter and let spanning tree protocols automatically calculate the timers based on the network diameter.

  • Page 80: Configuring The Timeout Factor

    If the forward delay timer is too long, network convergence might take a long time. H3C recommends you to use the default setting. An appropriate hello time setting enables the device to promptly detect link failures on the network •...

  • Page 81: Configuring Edge Ports

    By setting an appropriate maximum port rate, you can limit the rate at which the port sends BPDUs and prevent spanning tree protocols from using excessive network resources when the network becomes unstable. H3C recommends you to use the default setting. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.

  • Page 82: Configuring Path Costs Of Ports

    Configuring path costs of ports Path cost is a parameter related to the rate of a port. On a spanning tree device, a port can have different path costs in different MSTIs. Setting appropriate path costs allows VLAN traffic flows to be forwarded along different physical links, achieving VLAN-based load balancing.
  • Page 83 Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 Aggregate interface 666,666 1600 containing 3 Selected ports Aggregate interface 500,000 1400 containing 4 Selected ports Single port 200,000 Aggregate interface 100,000 containing 2 Selected ports 100 Mbps Aggregate interface 66,666 containing 3 Selected ports...

  • Page 84: Configuring The Port Priority

    To do… Use the command… Remarks • In STP/RSTP mode: Required stp cost cost Use one of the commands. • In PVST mode: Configure the path cost of the ports By default, the system stp vlan vlan-list cost cost automatically calculates the •...

  • Page 85: Configuring The Port Link Type

    You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that works in full duplex mode. H3C recommends that you use the default setting and let the device to automatically detect the port link type.

  • Page 86: Enabling The Output Of Port State Transition Information

    dot1s—802.1s-compliant standard format • • legacy—Compatible format By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format.

  • Page 87: Enabling The Spanning Tree Feature

    Enabling the spanning tree feature You must enable the spanning tree feature for the device before any other spanning tree related configurations can take effect. Enabling the spanning tree feature (in STP/RSTP/MSTP mode) In STP/RSTP/MSTP mode, make sure that the spanning tree feature is enabled globally and on the desired ports.

  • Page 88: Performing Mcheck

    To do… Use the command… Remarks Optional Enable the spanning tree feature for the port or group of stp enable By default, the spanning tree ports feature is enabled on all ports. NOTE: You can disable the spanning tree feature for certain ports with the undo stp enable command to •...

  • Page 89: Configuring The Vlan Ignore Feature

    To do… Use the command… Remarks Perform mCheck stp mcheck Required NOTE: An mCheck operation takes effect on a device that operates in MSTP, RSTP, or PVST mode. Configuring the VLAN Ignore feature Traffic of a VLAN on a complex network may be blocked by the spanning tree. Figure 18 VLAN connectivity blocked by MSTP As shown in Figure...

  • Page 90: Configuring Digest Snooping

    To enable communication between an H3C device and a third-party device, enable the Digest Snooping feature on the port that connects the H3C device to the third-party device in the same MST region. NOTE: Before you enable Digest Snooping, make sure that associated devices of different vendors are connected...
  • Page 91 Configuring the Digest Snooping feature You can enable Digest Snooping only on the H3C device that is connected to a third-party device that uses its private key to calculate the configuration digest. Follow these steps to configure Digest Snooping: To do…...

  • Page 92: Configuring No Agreement Check

    Figure 20 Network diagram MST region Device C (Root bridge) Root port GE1/0/1 GE1/0/2 Designated port Blocked port Normal link GE1/0/1 GE1/0/1 Blocked link GE1/0/2 GE1/0/2 Device A Device B Configuration procedure # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device A and enable global Digest Snooping on Device A.
  • Page 93 Figure 21 Rapid state transition of an MSTP designated port Figure 22 Rapid state transition of an RSTP designated port Upstream device Downstream device The root port blocks non-edge (1) Proposal for rapid transition ports, changes to the forwarding state, and sends an Agreement to the upstream device.

  • Page 94: Configuring Protection Functions

    To do… Use the command… Remarks Enter system view system-view — • Enter Ethernet interface view or Layer 2 aggregate interface view: Required Enter interface or port group interface interface-type interface-number view Use one of the commands. • Enter port group view: port-group manual port-group-name Required Enable No Agreement Check...
  • Page 95 Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers. The access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new spanning tree calculation process.
  • Page 96 To do… Use the command… Remarks • Enter Ethernet interface view or Layer 2 aggregate interface view: Required Enter interface view or port interface interface-type interface-number group view Use one of the commands. • Enter port group view: port-group manual port-group-name Required Enable the root guard function stp root-protection...
  • Page 97 The default setting is 6. perform every 10 seconds NOTE: H3C does not recommend you disable this feature. Enabling BPDU drop In a spanning tree network, after receiving BPDUs, the device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious attackers to attack the network by forging BPDUs.

  • Page 98: Enabling Snmp Notifications For Pvst Topology Changes

    Enabling SNMP notifications for PVST topology changes This task enables the device to generate logs and report PVST topology changes to SNMP when the device detects topology changes or receives a TCN BPDU. For the event notifications to be sent correctly, you must also configure SNMP on the device.

  • Page 99: Spanning Tree Configuration Examples

    To do… Use the command… Remarks Available in user Clear the spanning tree statistics reset stp [ interface interface-list ] view Spanning tree configuration examples MSTP configuration example Network requirements As shown in Figure All devices on the network are in the same MST region. Device A and Device B work at the •...
  • Page 100 # Enter MST region view; configure the MST region name as example; map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4 respectively; configure the revision level of the MST region as 0. <DeviceA> system-view [DeviceA] stp region-configuration [DeviceA-mst-region] region-name example [DeviceA-mst-region] instance 1 vlan 10...
  • Page 101 # Activate MST region configuration. [DeviceC-mst-region] active region-configuration [DeviceC-mst-region] quit # Specify the current device as the root bridge of MSTI 4. [DeviceC] stp instance 4 root primary # Enable the spanning tree feature globally. [DeviceC] stp enable Configure Device D: # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4 respectively, and configure the revision level of the MST region as 0.
  • Page 102 GigabitEthernet1/0/2 DESI FORWARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE GigabitEthernet1/0/1 DESI FORWARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device C. [DeviceC] display stp brief MSTID Port Role STP State Protection GigabitEthernet1/0/1 DESI FORWARDING NONE GigabitEthernet1/0/2 ROOT FORWARDING NONE...

  • Page 103: Pvst Configuration Example

    PVST configuration example Network requirements As shown in Figure Device A and Device B work at the distribution layer. Device C and Device D work at the access • layer. Configure PVST so that packets of VLANs 10, 20, 30, and 40 are forwarded along different •...
  • Page 104 [DeviceB] stp vlan 30 root primary # Enable the spanning tree feature globally and on VLANs 10, 20, and 30. [DeviceB] stp enable [DeviceB] stp vlan 10 20 30 enable Configure Device C: # Set the spanning tree mode to PVST. <DeviceC>...
  • Page 105 GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE FORWARDING NONE GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE FORWARDING NONE GigabitEthernet1/0/3 DESI DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief VLAN Port Role STP State Protection GigabitEthernet1/0/1...

  • Page 106: Vlan Configuration

    VLAN configuration This chapter includes these sections: Introduction to VLAN • Configuring basic VLAN settings • Configuring basic settings of a VLAN interface • • Port-based VLAN configuration MAC-based VLAN configuration • Protocol-based VLAN configuration • Displaying and maintaining VLAN •...

  • Page 107: Vlan Fundamentals

    Improving LAN security. By assigning user groups to different VLANs, you can isolate them at Layer • 2. To enable communication between VLANs, routers or Layer 3 switches are required. Flexible virtual workgroup creation. As users from the same workgroup can be assigned to the same •...

  • Page 108: Types Of Vlan

    NOTE: The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, other • encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw, are also supported by Ethernet. The VLAN tag fields are also added to frames encapsulated in these formats for VLAN identification.

  • Page 109: Configuring Basic Settings Of A Vlan Interface

    To do… Use the command… Remarks Optional Configure the description of description text VLAN ID is used by default, VLAN 0001 for the current VLAN example. NOTE: As the default VLAN, VLAN 1 cannot be created or removed. • You cannot manually create or remove VLANs reserved for special purposes. •...

  • Page 110: Port-Based Vlan Configuration

    To do… Use the command… Remarks Optional • When the device starts up with empty configuration, the software initial settings are used, and no IP address is configured for a VLAN Assign an IP address to the ip address ip-address { mask | interface.

  • Page 111: Default Vlan

    "Voice VLAN configuration." • H3C recommends that you set the same default VLAN ID for the local and remote ports. Make sure that a port is assigned to its default VLAN. Otherwise, when the port receives frames tagged • with the default VLAN ID or untagged frames (including protocol packets such as MSTP BPDUs), the port filters out these frames.

  • Page 112: Assigning An Access Port To A Vlan

    Actions (in the inbound direction) Actions (in the outbound Port type direction) Untagged frame Tagged frame Send the frame if its VLAN is carried on the port. The frame is sent with the VLAN tag removed Hybrid or intact depending on your configuration with the port hybrid vlan command.

  • Page 113: Assigning A Trunk Port To A Vlan

    To do… Use the command… Remarks Optional Assign the current access port(s) to a port access vlan vlan-id By default, all access ports belong VLAN to VLAN 1. NOTE: Before assigning an access port to a VLAN, create the VLAN first. •...

  • Page 114: Assigning A Hybrid Port To A Vlan

    NOTE: To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access • first. After configuring the default VLAN for a trunk port, you must use the port trunk permit vlan command •...

  • Page 115: Port-Based Vlan Configuration Example

    NOTE: To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access • first. After you use the port link-type { access | hybrid | trunk } command to change the link type of an •...
  • Page 116 [DeviceA-vlan100] quit # Create VLAN 200, and assign port GigabitEthernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port gigabitethernet 1/0/2 [DeviceA-vlan200] quit # Configure port GigabitEthernet 1/0/3 as a trunk port, and assign it to VLANs 100 and 200, enabling GigabitEthernet 1/0/3 to forward traffic of VLANs 100 and 200 to Device B.

  • Page 117: Mac-Based Vlan Configuration

    MAC-based VLAN configuration Introduction to MAC-based VLAN The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. The following approaches are available for configuring MAC-based VLANs: Approach 1: Static MAC-based VLAN assignment Static MAC-based VLAN assignment applies to networks containing a small number of VLAN users. In such a network, you can create a MAC address-to-VLAN map containing multiple MAC address-to-VLAN entries on a port, enable the MAC-based VLAN feature on the port, and assign the port to MAC-based VLANs.
  • Page 118 If not, the port drops the frame. • If the source MAC address of the frame matches no MAC-to-VLAN entry, the port processes the frame depending on whether the VLAN ID of the frame is the PVID. If yes, the port determines whether it allows PVID: if yes, the port forwards the frame within the PVID;...

  • Page 119: Configuring Mac-Based Vlan

    Configuring MAC-based VLAN NOTE: MAC-based VLANs are available only on hybrid ports. • The MAC-based VLAN feature is mainly configured on the downlink ports of the user access devices. Do • not enable this function together with link aggregation. Configuring static MAC-based VLAN assignment Follow these steps to configure static MAC-based VLAN assignment: To do...
  • Page 120 NOTE: With dynamic MAC-based VLAN assignment enabled, packets are delivered to the CPU for processing. • The packet processing mode has the highest priority and overrides the configuration of MAC learning limit. When dynamic MAC-based VLAN assignment is enabled, do not configure the MAC learning limit.

  • Page 121: Mac-Based Vlan Configuration Example

    To do... Use the command... Remarks Optional Disable the default VLAN of By default, source MAC unknown the port from forwarding packets are forwarded in the default source-unknown packets that port pvid disable VLAN of the incoming port if they do do not match any MAC not match any MAC address-to-VLAN address-to-VLAN mapping...
  • Page 122 Figure 33 Network diagram for MAC-based VLAN configuration Configuration consideration • Create VLANs 100 and 200. Configure the uplink ports of Device A and Device C as trunk ports, and assign them to VLANs 100 • and 200. • Configure the downlink ports of Device B as trunk ports, and assign them to VLANs 100 and 200. Configure the uplink ports of Device B as access ports connecting to the servers respectively, and assign them to VLANs 100 and 200 respectively.
  • Page 123 [DeviceA-GigabitEthernet1/0/1] port link-type hybrid [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceA-GigabitEthernet1/0/1] mac-vlan enable [DeviceA-GigabitEthernet1/0/1] quit # To enable the laptops to access Server 1 and Server 2, configure the uplink port GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 200...

  • Page 124: Protocol-Based Vlan Configuration

    Total MAC VLAN address count:2 Configuration guidelines MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is typically configured on the downlink ports of access layer devices, and cannot be configured together with the link aggregation function. Protocol-based VLAN configuration Introduction to protocol-based VLAN NOTE: Protocol-based VLAN configuration applies to hybrid ports only.
  • Page 125 To do… Use the command… Remarks protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode Create a protocol template for the { ethernetii etype etype-id | llc Required VLAN { dsap dsap-id [ ssap ssap-id ] |...

  • Page 126: Protocol-Based Vlan Configuration Example

    CAUTION: dsap-id ssap-id Do not configure both the arguments in the protocol-vlan command as 0xe0 or • 0xff when configuring the user-defined template for llc encapsulation. Otherwise, the encapsulation format of the matching packets will be the same as that of the ipx llc or ipx raw packets respectively. etype-id When you use the mode keyword to configure a user-defined protocol template, do not set •...
  • Page 127 Configuration procedure Configuration on Device # Create VLAN 100, and assign port GigabitEthernet 1/0/1 1 to VLAN 100. <Device> system-view [Device] vlan 100 [Device-vlan100] description protocol VLAN for IPv4 [Device-vlan100] port gigabitethernet 1/0/11 [Device-vlan100] quit # Create VLAN 200, and assign port GigabitEthernet 1/0/12 to VLAN 200. [Device] vlan 200 [Device-vlan200] description protocol VLAN for IPv6 [Device-vlan200] port gigabitethernet 1/0/12...

  • Page 128: Displaying And Maintaining Vlan

    Verification The hosts and the server in VLAN 100 can ping one another successfully. The hosts and the server in VLAN 200 can ping one another successfully. The hosts/server in VLAN 100 cannot ping the hosts/server in VLAN 200, and vice versa. Display protocol-based VLAN information on Device to check whether the configurations have become valid.
  • Page 129 To do... Use the command… Remarks display mac-vlan { all | dynamic | Display MAC address-to-VLAN mac-address mac-address [ mask mac-mask ] Available in any view entries | static | vlan vlan-id } [ | { begin | exclude | include } regular-expression ] Display all interfaces with display mac-vlan interface [ | { begin |...

  • Page 130: Voice Vlan Configuration

    Voice VLAN configuration This chapter includes these sections: Overview • Configuring a voice VLAN • Displaying and maintaining voice VLAN • • Voice VLAN configuration examples Overview As voice communication technologies grow more mature, voice devices are more and more widely deployed, especially on broadband networks, where voice traffic and data traffic often co-exist.

  • Page 131: Automatically Identifying Ip Phones Through Lldp

    Number OUI address Vendor 0004-0d00-0000 Avaya phone 00d0-1e00-0000 Pingtel phone 0060-b900-0000 Philips/NEC phone 00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone NOTE: • In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE.
  • Page 132 reboot, ensuring that existing voice connections can work normally. In this case, port assignment to the voice VLAN is not triggered by voice traffic streams. Figure 35 PCs and IP phones connected in series access the network In manual mode, you need to manually assign an IP phone accessing port to a voice VLAN. Then, •...
  • Page 133 Voice VLAN Support for Port link type assignment tagged voice Configuration requirements mode traffic Make all the configurations required for the automatic mode. In addition, assign the port to Manual the voice VLAN. Configure the default VLAN of the port, which cannot be the voice VLAN, and configure the Automatic port to permit packets of its default VLAN to pass...

  • Page 134: Security Mode And Normal Mode Of Voice Vlans

    MAC addresses checking. TIP: H3C does not recommend that you transmit both voice traffic and non-voice traffic in a voice VLAN. If you have to, ensure that the voice VLAN security mode is disabled.

  • Page 135: Configuring A Voice Vlan

    Configuring a voice VLAN Configuration prerequisites Before you configure a voice VLAN, complete the following tasks: Create a VLAN • Configure QoS priority settings for voice VLAN traffic on an interface before enabling voice VLAN • on the interface. If the configuration order is reversed, your priority configuration will fail. For more information, see "Configuring QoS priority settings for voice traffic on an interface."...

  • Page 136: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode

    NOTE: Configure the QoS priority settings for voice traffic on an interface before enabling voice VLAN on the interface. If the configuration order is reversed, your priority trust setting will fail. Configuring a port to operate in automatic voice VLAN assignment mode Follow these steps to set a port to operate in automatic voice VLAN assignment mode: To do...

  • Page 137: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode

    Configuring a port to operate in manual voice VLAN assignment mode Follow these steps to set a port to operate in manual voice VLAN assignment mode: To do... Use the command... Remarks Enter system view system-view — Optional Enable the voice VLAN security voice vlan security enable mode Enabled by default.

  • Page 138: Configuration Prerequisites

    LLDP System Capabilities TLV received on a port shows that the peer is phone capable, the switch determines that the peer is an IP phone and sends an LLDP TLV carrying the voice VLAN configuration to the peer. When the IP phone discovery process is complete, the port will automatically join the voice VLAN and improve the transmission priority of the voice traffic for the IP phone.
  • Page 139 The MAC address of IP phone A is 001 1- 1 100-0001. The phone connects to a downstream device • named PC A whose MAC address is 0022- 1 100-0002 and to GigabitEthernet 1/0/1 on an upstream device named Device A. •...

  • Page 140: Manual Voice Vlan Assignment Mode Configuration Example

    [DeviceA-GigabitEthernet1/0/1] voice vlan mode auto # Configure VLAN 2 as the voice VLAN for GigabitEthernet 1/0/1. [DeviceA-GigabitEthernet1/0/1] voice vlan 2 enable [DeviceA-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2. [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type hybrid [DeviceA-GigabitEthernet1/0/2] voice vlan mode auto [DeviceA-GigabitEthernet1/0/2] voice vlan 2 enable Verification # Display the OUI addresses, OUI address masks, and description strings.
  • Page 141 Figure 38 Network diagram for manual voice VLAN assignment mode configuration Device A Device B Internet VLAN 2 GE1/0/1 GE1/0/1 VLAN 2 0755-2002 010-1001 OUI: 0011-2200-0000 Mask: ffff-ff00-0000 Configuration procedure # Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.) <DeviceA>...
  • Page 142 # Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 1 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE DSCP...

  • Page 143: Gvrp Configuration

    GVRP configuration The Generic Attribute Registration Protocol (GARP) provides a generic framework for devices in a bridged LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes. GVRP is based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network.
  • Page 144 When a port receives a declaration for a VLAN attribute, it registers the VLAN attribute carried in • the declaration and joins the VLAN. When a port receives a withdrawal for a VLAN attribute, it deregisters the VLAN attribute carried •...
  • Page 145 A GARP participant may declare an attribute twice to ensure reliable transmission. The Join timer sets the interval between the two declarations. A GARP participant starts a Join timer when it declares an attribute value or receives a JoinIn message for the attribute value.

  • Page 146: Gvrp

    Table 18 Description on the GARP message fields Field Description Value GARP Protocol Data Unit –– GARP PDU Protocol identifier for GARP PDU 0x0001 Protocol ID One or multiple messages, each containing an attribute type and an –– Message attribute list Indicates the end of a GARP PDU 0x00 End mark...

  • Page 147: Protocols And Standards

    Fixed––Allows manual creation and registration of VLANs, prevents VLAN deregistration, and • registers all known VLANs on other ports on the trunk port. Forbidden––Deregisters all VLANs (except VLAN 1) and prevents any further VLAN creation or • registration on the trunk port. Protocols and standards IEEE 802.1Q, Virtual Bridged Local Area Networks •...

  • Page 148: Configuring Garp Timers

    To do… Use the command… Remarks Required Configure the link type of the ports as trunk port link-type trunk Access by default Required By default, a trunk port is Assign the trunk ports to all VLANs port trunk permit vlan all assigned to VLAN 1 only.

  • Page 149: Displaying And Maintaining Gvrp

    To do… Use the command… Remarks interface configuration takes effect on a view, or port or all ports in a port-group. port-group manual Enter port-group port-group port-group-name view view Optional garp timer hold timer-value Configure the Hold timer 10 centiseconds by default Optional garp timer join timer-value Configure the Join timer...

  • Page 150: Gvrp Configuration Examples

    To do… Use the command… Remarks display gvrp status [ | { begin | exclude | Display the global GVRP state Available in any view include } regular-expression ] display gvrp vlan-operation interface Display the information about interface-type interface-number [ | { begin Available in any view dynamic VLAN operations on ports | exclude | include } regular-expression ]...

  • Page 151: Gvrp Fixed Registration Mode Configuration Example

    # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN).
  • Page 152 # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1 and set the GVRP registration mode to fixed on the port. [DeviceA-GigabitEthernet1/0/1] gvrp [DeviceA-GigabitEthernet1/0/1] gvrp registration fixed [DeviceA-GigabitEthernet1/0/1] quit...

  • Page 153: Gvrp Forbidden Registration Mode Configuration Example

    GVRP forbidden registration mode configuration example Network requirements As shown in Figure Device A and Device B are connected through their GigabitEthernet 1/0/1 ports. • Enable GVRP and configure the forbidden registration mode on ports to prevent the registration and •...
  • Page 154 Verify the configuration Use the display gvrp local-vlan command to display the local VLAN information maintained by GVRP on ports. For example: # Display the local VLAN information maintained by GVRP on port GigabitEthernet 1/0/1 of Device A. [DeviceA] display gvrp local-vlan interface gigabitethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default) According to the output, information about VLAN 1 is registered through GVRP, but static VLAN...

  • Page 155: Qinq Configuration

    QinQ configuration This chapter includes these sections: Introduction to QinQ • QinQ configuration task list • QinQ configuration examples • NOTE: inner VLANs Throughout this document, customer network VLANs (CVLANs), also called " ", refer to the VLANs that a customer uses on the private network; service provider network VLANs (SVLANs), also outer VLANs called "...

  • Page 156: Qinq Frame Structure

    Figure 44 Typical QinQ application scenario As shown in Figure 44, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20. The service provider assigns SVLAN 3 for customer network A, and SVLAN 4 for customer network B.

  • Page 157: Implementations Of Qinq

    QinQ packet is 1508 bytes, which comprises two four-byte VLAN tags and one 1500-byte standard Ethernet frame. Implementations of QinQ H3C provides the following QinQ implementations: basic QinQ and selective QinQ. Basic QinQ Basic QinQ enables a port to tag any incoming frames with its default VLAN tag, regardless of whether they have been tagged or not.

  • Page 158: Protocols And Standards

    The switch determines whether a received frame carries a VLAN tag by checking the TPID value. For example, if a frame carries a VLAN tag with TPID value 0x8100, but the configured TPID value is 0x9100, the switch considers that the frame does not carry any VLAN tag. In addition, the systems of different vendors may set the TPID of the outer VLAN tag of QinQ frames to different values.

  • Page 159: Configuring Basic Qinq

    NOTE: QinQ requires configurations only on the service provider network. • QinQ configurations made in Ethernet interface view take effect on the current interface only. Those • made in Layer 2 aggregate interface view take effect on the current aggregate interface and all the member ports in the aggregation group.

  • Page 160: Configuring The Tpid Value In Vlan Tags

    To do... Use the command... Remarks Required Enter QinQ view and configure the By default, the default VLAN tag qinq vid vlan-id outer VLAN tag for the port to add of the receiving port is added as the outer VLAN tag. Tag frames of specific inner VLANs raw-vlan-id inbound { all | Required...
  • Page 161 Configure the edge switches and third-party devices to enable communication between the • branches of Company A through SVLAN 100, and communication between the branches of Company B through SVLAN 200. Figure 47 Network diagram for basic QinQ configuration Configuration procedure NOTE: Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through.

  • Page 162: Selective Qinq Configuration Example

    Configure GigabitEthernet 1/0/3. • # Configure VLAN 200 as the default VLAN of GigabitEthernet 1/0/3. [PE1] interface gigabitethernet 1/0/3 [PE1-GigabitEthernet1/0/3] port access vlan 200 # Enable basic QinQ on the port. [PE1-GigabitEthernet1/0/3] qinq enable [PE1-GigabitEthernet1/0/3] quit Configuration on PE 2 •...
  • Page 163 Configure the edge switches and third-party devices to allow frames from CVLAN 10 to be • transmitted between the branches via SVLAN 100 and frames from CVLAN 20 to be transmitted between the branches via SVLAN 200. Figure 48 Network diagram for selective QinQ configuration Configuration procedure NOTE: Make sure that the devices in the service provider network have been configured to allow QinQ packets to...
  • Page 164 [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200 # Set the TPID in the VLAN tags to 0x8200. [PE1-GigabitEthernet1/0/2] qinq ethernet-type 8200 [PE1-GigabitEthernet1/0/2] quit Configuration on PE 2 Configure GigabitEthernet 1/0/1. • # Configure GigabitEthernet 1/0/1 as a hybrid port to permit frames of VLAN 100 and VLAN 200 to pass through untagged.

  • Page 165: Lldp Configuration

    LLDP configuration This chapter includes these sections: Overview • LLDP configuration task list • Displaying and maintaining LLDP • • LLDP configuration examples Overview Background In a heterogeneous network, it is important that different types of network devices from different vendors can discover one another and exchange configuration for interoperability and management sake.
  • Page 166 Figure 49 Ethernet II-encapsulated LLDPDU format The fields in the frame are described in Table Table 21 Description of the fields in an Ethernet II-encapsulated LLDPDU Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address.
  • Page 167 Field Description The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used. The SNAP type for the upper layer protocol. It is 0xAAAA-0300-0000-88CC Type for LLDP.
  • Page 168 Indicates protocols supported on the port. An LLDPDU can carry multiple Protocol Identity different TLVs of this type. NOTE: H3C S5120-SI Switch Series only supports receiving protocol identity TLVs. IEEE 802.3 organizationally specific TLVs Table 25 IEEE 802.3 organizationally specific TLVs Type...

  • Page 169: How Lldp Works

    NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. H3C devices send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.

  • Page 170: Protocols And Standards

    Disable mode. A port in this mode does not send or receive LLDPDUs. • When the LLDP operating mode of a port changes, its LLDP protocol state machine re-initializes. To prevent LLDP from being initialized too frequently during times of frequent operating mode change, you can configure a re-initialization delay.

  • Page 171: Performing Basic Lldp Configuration

    Task Remarks Configuring CDP compatibility Optional Configuring LLDP trapping Optional NOTE: LLDP-related configurations made in Ethernet interface view take effect only on the current port, and those made in port group view take effect on all ports in the current port group. Performing basic LLDP configuration Enabling LLDP To make LLDP take effect on certain ports, you must enable LLDP both globally and on these ports.

  • Page 172: Setting The Lldp Re-Initialization Delay

    To do… Use the command… Remarks or port group view Enter port group view port-group manual port-group-name Optional lldp admin-status { disable | rx | tx | Set the LLDP operating mode txrx } TxRx by default Setting the LLDP re-initialization delay When LLDP operating mode changes on a port, the port initializes the protocol state machines after a certain delay.

  • Page 173: Configuring The Management Address And Its Encoding Format

    To do… Use the command… Remarks view or Enter port group port group port-group manual port-group-name view view lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name } | Optional dot1-tlv { all | port-vlan-id | protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] } | dot3-tlv By default, all types of { all | link-aggregation | mac-physic |...

  • Page 174: Setting Other Lldp Parameters

    To do… Use the command… Remarks Optional By default, the management address is sent through LLDPDUs. Allow LLDP to advertise the For a Layer 2 Ethernet port, the management address in LLDPDUs and lldp management-address-tlv management address is the main IP configure the advertised management [ ip-address ] address of the lowest-ID VLAN...

  • Page 175: Setting An Encapsulation Format For Lldpdus

    Setting an encapsulation format for LLDPDUs LLDPDUs can be encapsulated in the following formats: Ethernet II or SNAP frames. • With Ethernet II encapsulation configured, an LLDP port sends LLDPDUs in Ethernet II frames and only processes incoming, Ethernet II encapsulated LLDPDUs. With SNAP encapsulation configured, an LLDP port sends LLDPDUs in SNAP frames and only •...

  • Page 176: Configuration Prerequisites

    Configuration prerequisites Before you configure CDP compatibility, complete the following tasks: • Globally enable LLDP. Enable LLDP on the port connecting to an IP phone and configure the port to operate in TxRx mode. • Configuring CDP compatibility CDP-compatible LLDP operates in one of the follows modes: TxRx: The CDP packets can be transmitted and received.

  • Page 177: Displaying And Maintaining Lldp

    To do… Use the command… Remarks Enter Ethernet Enter Layer 2 Ethernet interface interface-type interface-number Required interface view interface view or port group Use either command. Enter port group view port-group manual port-group-name view Required Enable LLDP trapping lldp notification remote-change enable Disabled by default Quit to system view quit...
  • Page 178 Figure 52 Network diagram for basic LLDP configuration Configuration procedure Configure Switch A # Enable LLDP globally (you can skip this step because LLDP is enabled globally by default). <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 (you can skip this step because LLDP is enabled on ports by default), and set the LLDP operating mode to Rx.
  • Page 179 Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [GigabitEthernet1/0/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s Number of neighbors: Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0 Port 2 [GigabitEthernet1/0/2]:...

  • Page 180: Cdp-Compatible Lldp Configuration Example

    Polling interval : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s...

  • Page 181: Verify The Configuration

    [SwitchA-GigabitEthernet1/0/1] port link-type trunk [SwitchA-GigabitEthernet1/0/1] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-type trunk [SwitchA-GigabitEthernet1/0/2] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/2] quit Configure CDP-compatible LLDP on Switch A # Enable LLDP globally and enable LLDP to be compatible with CDP globally. [SwitchA] lldp enable [SwitchA] lldp compliance cdp # Enable LLDP (you can skip this step because LLDP is enabled on ports by default), configure LLDP to...
  • Page 182 Index C D E G H I L M N O P Q R S V Ethernet link aggregation configuration task list,30 Configuring a voice VLAN,124 Configuring an aggregate interface,32 GVRP configuration examples,139 Configuring an aggregation group,30 GVRP configuration task list,136 Configuring an isolation group,42...
  • Page 183 Security mode and normal mode of voice VLANs,123 Spanning tree configuration examples,88 QinQ configuration examples,149 Spanning tree configuration task lists,59 QinQ configuration task list,147 STP,45 RSTP,53 Voice VLAN assignment modes,120 Voice VLAN configuration examples,127...

Table of Contents