HP 6125XLG Blade Switch
Layer 2—LAN Switching
Part number: 5998-5368a
Software version: Release 240x
Document version: 6W101-20150515

Advertising

   Related Manuals for HP 6125XLG

   Summary of Contents for HP 6125XLG

  • Page 1: Configuration Guide

    HP 6125XLG Blade Switch Layer 2—LAN Switching Configuration Guide Part number: 5998-5368a Software version: Release 240x Document version: 6W101-20150515...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring Ethernet interfaces ··································································································································· 1   Configuring a management Ethernet interface ·············································································································· 1   Ethernet interface naming conventions ··························································································································· 1   Configuring common Ethernet interface settings ··········································································································· 2   Splitting a 40-GE interface and combining split 10-GE interfaces ····································································· 2  ...

  • Page 4: Table Of Contents

    Network requirements ··········································································································································· 31   Configuration procedure ······································································································································ 31   Verifying the configuration ··································································································································· 32   Configuring MAC Information ·································································································································· 33   Configuration guidelines ··············································································································································· 33   Enabling MAC Information ··········································································································································· 33   Configuring the MAC Information mode ····················································································································· 34  ...

  • Page 5: Table Of Contents

    Layer 2 dynamic aggregation configuration example ······················································································ 59   Layer 2 aggregation load sharing configuration example ··············································································· 61   Layer 2 edge aggregate interface configuration example ··············································································· 63   Layer 3 static aggregation configuration example ···························································································· 65   Layer 3 dynamic aggregation configuration example ······················································································ 66  ...

  • Page 6: Table Of Contents

    Configuring the port priority ······································································································································· 102   Configuring the port link type ····································································································································· 103   Configuration restrictions and guidelines ········································································································· 103   Configuration procedure ···································································································································· 103   Configuring the mode a port uses to recognize and send MSTP packets ····························································· 104  ...

  • Page 7: Table Of Contents

    Setting the loop detection interval ······························································································································ 129   Displaying and maintaining loop detection ·············································································································· 129   Loop detection configuration example ······················································································································· 129   Network requirements ········································································································································· 129   Configuration procedure ···································································································································· 130   Verifying the configuration ································································································································· 131   Configuring VLANs ················································································································································· 133  ...

  • Page 8: Table Of Contents

    MRP timers···························································································································································· 175   MVRP registration modes ············································································································································ 175   Protocols and standards ·············································································································································· 176   MVRP configuration task list ········································································································································ 176   Configuration restrictions and guidelines ·················································································································· 176   Configuration prerequisites ········································································································································· 177   Enabling MVRP ····························································································································································· 177   Configuring an MVRP registration mode ···················································································································...

  • Page 9: Table Of Contents

    PBB frame format ················································································································································· 223   PBB frame forwarding ········································································································································· 225   Protocols and standards ····································································································································· 225   PBB configuration task list ··········································································································································· 225   Enabling L2VPN ··························································································································································· 226   Creating a PBB VSI ······················································································································································ 226   Configuring the frame encapsulation type ················································································································ 226  ...

  • Page 10: Table Of Contents

      Configuration procedure ···································································································································· 267   Configuring cut-through Layer 2 forwarding ········································································································· 268   Support and other resources ·································································································································· 269   Contacting HP ······························································································································································ 269   Subscription service ············································································································································ 269   Related information ······················································································································································ 269   Documents ···························································································································································· 269  ...

  • Page 11: Configuring Ethernet Interfaces

    Switch Installation Guide. Configuring a management Ethernet interface The management interface on an HP 6125XLG blade switch is located in the rear of the switch. To configure the blade switch through the management module of the server, you can connect the management module to the management interface.

  • Page 12: Configuring Common Ethernet Interface Settings

    Figure 1 Port numbers External uplink port QSFP+ port SFP+ port 6125XLG 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Backplane Internal downlink port Internal crosslink port A 10-GE interface split from a 40-GE interface is named in the format of interface type A/B/C:D. A/B/C is the interface number of the 40-GE interface and D is the number of the 10-GE interface, which is in the range of 1 to 4.

  • Page 13: Configuring Basic Settings Of An Ethernet Interface

    Step Command Remarks By default, a 40-GE interface is not split and operates as a single interface. The 10-GE interfaces split from a Split the 40-GE interface into using tengige 40-GE interface support the same four 10-GE interfaces. configuration and attributes as common 10-GE interfaces, except that they are numbered in a different way.

  • Page 14

    Step Command Remarks Enter Ethernet interface interface interface-type view. interface-number The default setting is in the format of Set the interface description text interface-name Interface. For example, description. Ten-GigabitEthernet1/1/5 Interface. Set the duplex mode of The default setting is auto for Ethernet duplex { auto | full } the Ethernet interface.

  • Page 15: Configuring The Link Mode Of An Ethernet Interface

    Configuring the link mode of an Ethernet interface CAUTION: After you change the link mode of an Ethernet interface, all commands (except the shutdown command) on the Ethernet interface are restored to their defaults in the new link mode. The interfaces on this switch series can operate either as Layer 2 or Layer 3 Ethernet interfaces (you can set the link mode to bridge or route).

  • Page 16: Configuring Physical State Change Suppression On An Ethernet Interface

    Configuring physical state change suppression on an Ethernet interface IMPORTANT: Do not configure physical state change suppression on an Ethernet interface with MSTP, or Smart Link enabled. The physical link state of an Ethernet interface is either up or down. Each time the physical link of a port goes up or comes down, the interface immediately reports the change to the CPU.

  • Page 17: Configuring Generic Flow Control On An Ethernet Interface

    Internal loopback test—Tests all on-chip functions related to the Ethernet interface. • • External loopback test—Tests the hardware of the Ethernet interface. To perform an external loopback test on the Ethernet interface, connect a loopback plug to the Ethernet interface. The device sends test packets out of the interface, which are expected to loop over the plug and back to the interface.

  • Page 18: Configuring Pfc On An Ethernet Interface

    To perform PFC on a network port of an IRF member device, configure PFC on both the network port • and the IRF physical ports. For information about IRF, see IRF configuration Guide. To ensure correct operations of IRF and other protocols, HP recommends not enabling PFC for • 802.1p priorities 0, 6, and 7.

  • Page 19: Setting The Statistics Polling Interval

    Table 1 The relationship between the PFC function and the generic flow control function priority-flo priority-flow-contr flow-control w-control Remarks ol no-drop dot1p enable You cannot enable flow control by using the flow-control command on a port where PFC is Unconfigurable Configured Configured enabled and PFC is enabled for the specified...

  • Page 20

    As shown in Figure 2, a fiber port typically uses separate fibers for transmitting and receiving packets. The physical state of the fiber port is up only when both transmit and receive fibers are physically connected. If one of the fibers is disconnected, the fiber port does not work. To enable a fiber port to forward traffic over a single link, you can use the port up-mode command.

  • Page 21: Configuring A Layer 2 Ethernet Interface

    Configuring a Layer 2 Ethernet interface Configuring storm suppression You can use the storm suppression function to limit the size of a particular type of traffic (broadcast, multicast, or unknown unicast traffic) on an interface. When the broadcast, multicast, or unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the traffic drops below this threshold.

  • Page 22: Configuring Storm Control On An Ethernet Interface

    Configuring storm control on an Ethernet interface Storm control compares broadcast, multicast, and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet interface. For each type of traffic, storm control provides a lower threshold and a higher threshold. For management purposes, you can configure the interface to output threshold event traps and log messages when monitored traffic exceeds the upper threshold or falls below the lower threshold from the upper threshold.

  • Page 23: Configuring A Layer 3 Ethernet Interface Or Subinterface

    Step Command Remarks Set the control action to take storm-constrain control { block | By default, storm control is when monitored traffic shutdown } disabled. exceeds the upper threshold. By default, the interface outputs log (Optional.) Enable the messages when monitored traffic interface to log storm control storm-constrain enable log exceeds the upper threshold or...

  • Page 24

    Task Command Display the operational and status display interface [ interface-type [ interface-number | information of the specified interface or all interface-number.subnumber ] ] interfaces. Display summary information about the display interface [ interface-type [ interface-number | specified interface or all interfaces. interface-number.subnumber ] ] brief [ description ] Display information about dropped display packet-drop { interface [ interface-type...

  • Page 25: Configuring Loopback, Null, And Inloopback Interfaces

    Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.

  • Page 26: Configuring A Null Interface

    Configuring a null interface A null interface is a virtual interface and is always up, but you can neither use it to forward data packets nor can you configure it with an IP address or link layer protocol. The null interface provides a simpler way to filter packets than ACL.

  • Page 27: Bulk Configuring Interfaces

    The maximum number of interface range names is only limited by the system resources. To • guarantee bulk interface configuration performance, HP recommends that you configure fewer than 1000 interface range names. If a command fails to be executed on the first interface in the interface range, the command is not •...

  • Page 28: Displaying And Maintaining Bulk Interface Configuration

    Step Command Remarks • interface range { interface-type interface-number [ to Use either command. interface-type By using the interface range name interface-number ] } &<1-5> Enter interface range command, you assign a name to an • interface range name name view.

  • Page 29: Configuring The Mac Address Table

    Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry contains a destination MAC address, an outgoing interface, and a VLAN ID. Upon receiving a frame, the device uses the destination MAC address of the frame to look for a match in the MAC address table. If a match is found, the device forwards the frame out of the outgoing interface in the matching entry.

  • Page 30

    Static entries—Static entries are manually added in order to forward frames with a specific • destination MAC address out of their associated interfaces and never age out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—Dynamic entries can be manually configured or dynamically learned in order to forward frames with a specific destination MAC address out of their associated interfaces.

  • Page 31

    Type Description Learns the MAC address (for example, MAC A) of the frame, generates a Multiport unicast MAC dynamic MAC address entry for MAC A, and forwards the frame. However, the address entry generated dynamic MAC address entry does not take effect. Frames destined for MAC A are forwarded based on the multiport unicast MAC address entry.

  • Page 32: Adding Or Modifying A Blackhole Mac Address Entry

    Adding or modifying a blackhole MAC address entry Step Command Remarks Enter system view. system-view By default, no blackhole MAC address entry is configured. Add or modify a blackhole mac-address blackhole MAC address entry. mac-address vlan vlan-id Make sure you have created the VLAN.

  • Page 33: Disabling Mac Address Learning

    Step Command Remarks By default, no multiport unicast MAC address entry is configured mac-address multiport globally. Add or modify a multiport mac-address interface interface-list unicast MAC address entry. Make sure you have created the vlan vlan-id VLAN and assigned the interface to the VLAN.

  • Page 34: Configuring The Aging Timer For Dynamic Mac Address Entries

    information about VSI, see MPLS Configuration Guide. For information about S-channel and EVB, see EVB Configuration Guide. Disabling MAC address learning on an interface With global MAC address learning enabled, you can disable MAC address learning on a single interface. To disable MAC address learning on an interface: Step Command...

  • Page 35: Configuring The Mac Learning Limit On An Interface

    the device deletes the entry. This aging mechanism makes sure the MAC address table could promptly update to accommodate latest network topology changes. Set the aging timer appropriately. A stable network requires a longer aging interval and an unstable network requires a shorter aging interval. An aging interval that is too long might cause the MAC address table to perform the following actions: Retains outdated entries.

  • Page 36: Assigning Mac Learning Priority To An Interface

    To enable the interface to forward frames with unknown source MAC addresses after the upper limit is reached: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view. interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view.

  • Page 37: Enabling Mac Address Synchronization

    Step Command Remarks mac-address mac-learning priority By default, low MAC learning Assign MAC learning priority. { high | low } priority is used. Enabling MAC address synchronization To avoid unnecessary floods and improve forwarding speed, make sure all member devices possess the same MAC address table.

  • Page 38: Enable Mac Address Moving Notifications

    Figure 5 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization: Step Command Remarks Enter system view. system-view Enable MAC address By default, MAC address mac-address mac-roaming enable synchronization. synchronization is disabled. Enable MAC address moving notifications The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist:...

  • Page 39

    Step Command Remarks By default, MAC address moving notifications are disabled. If you do not specify a detection interval, the default setting of 1 minute is used. The interval interval-value option is available in Release 2406P03 and later versions. After you execute this command: •...

  • Page 40: Enabling Snmp Notifications For The Mac Address Table

    Enabling SNMP notifications for the MAC address table After you enable SNMP notifications for the MAC address table, this feature will generate SNMP notifications to notify the NMS of important events. This feature sends the SNMP notifications to the SNMP module of the device. You can set the notification sending parameters in SNMP to determine the attributes of sending notifications.

  • Page 41: Mac Address Table Configuration Example

    Figure 6 An example for the display mac-address nickname command MAC address table configuration example Network requirements On a network: Host A at MAC address 000f-e235-dc71 is connected to interface Ten-GigabitEthernet 1/1/5 of • Device and belongs to VLAN 1. Host B at MAC address 000f-e235-abcd), which once behaved suspiciously on the network, also •...

  • Page 42: Verifying The Configuration

    Verifying the configuration # Display the static MAC address entry for interface Ten-GigabitEthernet 1/1/5. [Device] display mac-address static interface ten-gigabitethernet 1/1/5 MAC Address VLAN ID State Port/NickName Aging 000f-e235-dc71 Static XGE1/1/5 # Display information about the blackhole MAC address entries. [Device] display mac-address blackhole MAC Address VLAN ID...

  • Page 43: Configuring Mac Information

    Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor users leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.

  • Page 44: Configuring The Mac Information Mode

    Step Command Remarks Enable MAC Information on mac-address information enable By default, MAC Information is the interface. { added | deleted } disabled on an interface. Configuring the MAC Information mode The following MAC Information modes are available for sending MAC address changes: Syslog—The device sends syslog messages to notify MAC address changes.

  • Page 45: Mac Information Configuration Example

    MAC Information configuration example Network requirements Enable MAC Information on interface Ten-GigabitEthernet 1/1/5 on Device in Figure 7 to send MAC address changes in syslog messages to the log host, Host B, through interface Ten-GigabitEthernet 1/1/6. Figure 7 Network diagram Configuration guidelines When you edit the file /etc/syslog.conf, follow these guidelines: Comments must be on a separate line and must begin with a pound sign (#).

  • Page 46

    # Configure an output rule to output to the log host MAC address logs that have a severity level of at least informational. [Device] info-center source mac loghost level informational Configure the log host, Host B: The following configurations were performed on Solaris. Other UNIX operating systems have similar configurations.

  • Page 47: Configuring Ethernet Link Aggregation

    Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.

  • Page 48: Aggregation States Of Member Ports In An Aggregation Group

    Aggregation states of member ports in an aggregation group A member port in an aggregation group can be in any of the following aggregation states: • Selected—A Selected port can forward traffic. Unselected—An Unselected port cannot forward traffic. • Individual—An Individual port can forward traffic as a normal physical port. A port is placed in •...

  • Page 49: Link Aggregation Modes

    Feature Considerations VLAN attribute configurations include: • Permitted VLAN IDs. • PVID. • Link type (trunk, hybrid, or access). VLAN • Operating mode (promiscuous, trunk promiscuous, host). • VLAN tagging mode. For information about VLAN, see "Configuring VLANs." Protocol configurations—Protocol configurations do not affect the aggregation state of the member •...

  • Page 50: Setting The Aggregation State Of Each Member Port

    If multiple ports have the same priority level, the port that has been Selected (if any) is chosen. If • multiple ports with the same priority level have been Selected, the one with the smallest port number is chosen. • If multiple ports have the same priority level and none of them has been Selected, the port with the smallest port number is chosen.

  • Page 51: Aggregating Links In Dynamic Mode

    Aggregating links in dynamic mode Dynamic aggregation mode is implemented through IEEE 802.3ad Link Aggregation Control Protocol (LACP). LACP LACP uses LACPDUs to exchange aggregation information between LACP-enabled devices. Each member port in an LACP-enabled aggregation group exchanges information with its peer. When a member port receives an LACPDU, it compares the received information with information received on the other member ports.

  • Page 52: How Dynamic Link Aggregation Works

    LACP timeout interval The LACP timeout interval specifies how long a member port waits to receive LACPDUs from the peer port. If a local member port fails to receive LACPDUs from the peer within the LACP timeout interval, the member port considers the peer failed. The LACP timeout interval also determines the LACPDU sending rate of the peer.

  • Page 53

    Figure 10 Setting the state of a member port in a dynamic aggregation group   Meanwhile, the system with the higher system ID is aware of the aggregation state changes on the remote system. The system sets the aggregation state of local member ports the same as their peer ports. When you aggregate interfaces in dynamic mode, follow these guidelines: A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports.

  • Page 54: Edge Aggregate Interface

    After the Selected port limit is reached, a newly joining port becomes a Selected port if it is more • eligible than a current Selected port. For more information about configuring the maximum number of Selected ports in a dynamic aggregation group, see "Setting the minimum and maximum numbers of Selected ports for an aggregation...

  • Page 55: Configuring An Aggregation Group

    Tasks at a glance (Optional.) Configuring an aggregate interface: • Setting the description for an aggregate interface • Specifying ignored VLANs for a Layer 2 aggregate interface • Setting the MTU for a Layer 3 aggregate interface • Setting the minimum and maximum numbers of Selected ports for an aggregation group •...

  • Page 56: Configuring A Static Aggregation Group

    This switch series supports up to 128 aggregation groups. To ensure the operation of the service • loopback groups, HP recommends configuring no more than 126 aggregation groups . Configuring a static aggregation group To guarantee a successful static aggregation, make sure that the ports at both ends of each link are in the same aggregation state.

  • Page 57: Configuring A Dynamic Aggregation Group

    Step Command Remarks Enter Layer 3 Ethernet interface view: interface interface-type Repeat these two sub-steps to interface-number Assign an interface to the assign more Layer 3 Ethernet specified Layer 3 aggregation Assign the interface to the interfaces to the aggregation group.

  • Page 58

    Step Command Remarks By default, the long LACP timeout Set the short LACP timeout interval (90 seconds) is adopted by interval (3 seconds) on the lacp period short the interface. The peer sends interface. LACPDUs slowly. Configuring a Layer 3 dynamic aggregation group Step Command Remarks...

  • Page 59: Configuring An Aggregate Interface

    Configuring an aggregate interface In addition to the configurations in this section, most of the configurations that can be performed on Layer 2 or Layer 3 Ethernet interfaces can also be performed on Layer 2 or Layer 3 aggregate interfaces. Setting the description for an aggregate interface You can set the description for an aggregate interface for administration purposes, for example, describing the purpose of the interface.

  • Page 60: Setting The Mtu For A Layer 3 Aggregate Interface

    Setting the MTU for a Layer 3 aggregate interface Maximum transmission unit (MTU) of an interface affects IP packets fragmentation and reassembly on the interface. To set the MTU for a Layer 3 aggregate interface: Step Command Remarks Enter system view. system-view interface route-aggregation Enter Layer 3 aggregate...

  • Page 61: Setting The Expected Bandwidth For An Aggregate Interface

    Step Command Remarks Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Set the minimum number of By default, the minimum number of link-aggregation selected-port Selected ports for the Selected ports for the aggregation...

  • Page 62: Enabling Bfd For An Aggregation Group

    Step Command Remarks Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Configure the aggregate By default, an aggregate interface interface as an edge does not operate as an edge lacp edge-port aggregate interface.

  • Page 63: Shutting Down An Aggregate Interface

    Step Command Remarks Enable BFD for the link-aggregation bfd ipv4 source ip-address By default, BFD is disabled for an aggregation destination ip-address aggregation group. group. Shutting down an aggregate interface Make sure no member port in an aggregation group is configured with the loopback command when you shut down the aggregate interface.

  • Page 64: Configuring Load Sharing For Link Aggregation Groups

    Step Command Restore the default settings for the default aggregate interface. Configuring load sharing for link aggregation groups This section explains how to configure load sharing modes for link aggregation groups and how to enable local-first load sharing for link aggregation. Setting load sharing modes for link aggregation groups You can configure the global or group-specific load sharing mode.

  • Page 65: Enabling Local-first Load Sharing For Link Aggregation

    Enabling local-first load sharing for link aggregation Use the local-first load sharing mechanism in a multi-device link aggregation scenario to distribute traffic preferentially across member ports on the ingress card or device rather than all member ports. When you aggregate ports on different member devices in an IRF fabric, you can use local-first load sharing to reduce traffic on IRF links, as shown in Figure 1 1.

  • Page 66: Enabling Link-aggregation Traffic Redirection

    Source IP address. • • Destination IP address. Source MAC address. • Destination MAC address. • • Source and destination IP addresses. Source and destination MAC addresses. • To configure per-flow load sharing algorithm settings for Ethernet link aggregation: Step Command Remarks Enter system view.

  • Page 67: Displaying And Maintaining Ethernet Link Aggregation

    Step Command Remarks Enable link-aggregation traffic link-aggregation lacp By default, link-aggregation traffic redirection. traffic-redirect-notification enable redirection is disabled. Displaying and maintaining Ethernet link aggregation Execute display commands in any view and reset commands in user view. Task Command display interface [ bridge-aggregation | route-aggregation ] [ brief [ down ] ] Display information for an aggregate interface display interface [ { bridge-aggregation |...

  • Page 68

    Figure 12 Network diagram Configuration procedure Configure Device A: # Create VLAN 10, and assign port Ten-GigabitEthernet 1/1/8 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/1/8 [DeviceA-vlan10] quit # Create VLAN 20, and assign port Ten-GigabitEthernet 1/1/9 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port ten-gigabitethernet 1/1/9 [DeviceA-vlan20] quit...

  • Page 69: Layer 2 Dynamic Aggregation Configuration Example

    Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Bridge-Aggregation1...

  • Page 70

    [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/1/8 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Ten-GigabitEthernet 1/1/9 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port ten-gigabitethernet 1/1/9 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic.

  • Page 71: Layer 2 Aggregation Load Sharing Configuration Example

    XGE1/1/6 32768 {ACDEF} XGE1/1/7 32768 {ACDEF} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- XGE1/1/5 32768 0x8000, 000f-e267-57ad {ACDEF} XGE1/1/6 32768 0x8000, 000f-e267-57ad {ACDEF} XGE1/1/7 32768 0x8000, 000f-e267-57ad {ACDEF} The output shows that link aggregation group 1 is a Layer 2 dynamic aggregation group and it contains three Selected ports.

  • Page 72

    [DeviceA] vlan 20 [DeviceA-vlan20] port ten-gigabitethernet 1/1/10 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1. [DeviceA] interface bridge-aggregation 1 # Configure Layer 2 aggregation group 1 to load share packets based on source MAC addresses. [DeviceA-Bridge-Aggregation1] link-aggregation load-sharing mode source-mac [DeviceA-Bridge-Aggregation1] quit # Assign ports Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 to link aggregation group 1.

  • Page 73: Layer 2 Edge Aggregate Interface Configuration Example

    Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Bridge-Aggregation1 Aggregation Mode: Static Loadsharing Type: Shar...

  • Page 74

    Figure 15 Network diagram Configuration procedure Configure the device: # Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic. <Device> system-view [Device] interface bridge-aggregation 1 [Device-Bridge-Aggregation1] link-aggregation mode dynamic # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface. [Device-Bridge-Aggregation1] lacp edge-port [Device-Bridge-Aggregation1] quit # Assign ports Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 to link aggregation...

  • Page 75: Layer 3 Static Aggregation Configuration Example

    -------------------------------------------------------------------------------- XGE1/1/5 32768 0x8000, 0000-0000-0000 {DEF} XGE1/1/6 32768 0x8000, 0000-0000-0000 {DEF} The output shows that Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 are in Individual state when they do not receive any LACPDUs from the server. Both Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 can forward packets, so that zero packet loss is guaranteed. Layer 3 static aggregation configuration example Network requirements On the network shown in...

  • Page 76: Layer 3 Dynamic Aggregation Configuration Example

    Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Route-Aggregation1 Aggregation Mode: Static Loadsharing Type: Shar Port Status Priority Oper-Key -------------------------------------------------------------------------------- XGE1/1/5 32768 XGE1/1/6 32768...

  • Page 77: Layer 3 Edge Aggregate Interface Configuration Example

    [DeviceA] interface ten-gigabitethernet 1/1/7 [DeviceA-Ten-GigabitEthernet1/1/7] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/1/7] quit Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags:...

  • Page 78

    Figure 18 Network diagram Configuration procedure Configure the device: # Create Layer 3 aggregate interface Route-Aggregation 1, and set the link aggregation mode to dynamic. <Device> system-view [Device] interface route-aggregation 1 [Device-Route-Aggregation1] link-aggregation mode dynamic # Configure an IP address and subnet mask for Layer 3 aggregate interface Route-Aggregation 1. [Device-Route-Aggregation1] ip address 192.168.1.1 24 # Configure Layer 3 aggregate interface Route-Aggregation 1 as an edge aggregate interface.

  • Page 79

    XGE1/1/6 32768 {AG} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- XGE1/1/5 32768 0x8000, 0000-0000-0000 {DEF} XGE1/1/6 32768 0x8000, 0000-0000-0000 {DEF} The output shows that Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 are in Individual state when they do not receive any LACPDUs from the server. Both Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 can forward packets, so that zero packet loss is guaranteed.

  • Page 80: Configuring Port Isolation

    Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other, but they can communicate with ports outside the isolation group. Assigning a port to an isolation group The device supports multiple isolation groups, which can be configured manually.

  • Page 81: Port Isolation Configuration Example

    Task Command display port-isolate group [ group-number ] [ | { begin | Display isolation group information. exclude | include } regular-expression ] Port isolation configuration example Network requirements As shown in Figure 19, configure port isolation on the device so that the hosts can access the Internet but cannot communicate with each other at Layer 2.

  • Page 82

    Verifying the configuration # Display information about isolation group 2. [Device] display port-isolate group 2 Port isolation group information: Group ID: 2 Group members: Ten-GigabitEthernet1/1/5 Ten-GigabitEthernet1/1/6 Ten-GigabitEthernet1/1/7 The output shows that interfaces Ten-GigabitEthernet 1/1/5, Ten-GigabitEthernet 1/1/6, and Ten-GigabitEthernet 1/1/7 are assigned to isolation group 2, so that Host A, Host B, and Host C are isolated from each other at layer 2.

  • Page 83: Configuring Spanning Tree Protocols

    Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).

  • Page 84: Basic Concepts In Stp

    Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called "leaf nodes". The root bridge is not permanent, but can change with changes of the network topology.

  • Page 85: Calculation Process Of The Stp Algorithm

    Path cost Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust. Calculation process of the STP algorithm The spanning tree calculation process described in the following sections is a simplified process for example only.

  • Page 86

    Table 5 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device compares the priority of the received configuration BPDU with that of the configuration BPDU generated by the port. • If the former priority is lower, the device discards the received configuration BPDU and keeps the configuration BPDU the port generated.

  • Page 87

    Table 6, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID. Table 6 Initial state of each device Configuration BPDU on the Device Port name port Port A1 {0, 0, 0, Port A1} Device A Port A2 {0, 0, 0, Port A2}...

  • Page 88

    Configuration BPDU on Device Comparison process ports after comparison Port B1 performs the following actions: Receives the configuration BPDU of Port A1 {0, 0, 0, Port A1}. Determines that the received configuration BPDU is superior to its existing configuration BPDU {1, 0, 1, Port •...

  • Page 89

    Configuration BPDU on Device Comparison process ports after comparison Device C performs the following actions: Compares the configuration BPDUs of all its ports. Decides that the configuration BPDU of Port C1 is the optimum. Selects Port C1 as the root port with the configuration •...

  • Page 90

    After the comparison processes described in Table 7, a spanning tree with Device A as the root bridge is established, as shown in Figure Figure 22 The final calculated spanning tree The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded according to these guidelines: Upon network initiation, every device regards itself as the root bridge and generates configuration •...

  • Page 91: Rstp

    Because each VLAN runs STP or RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled HP device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled HP device supports fast network convergence like RSTP when connected to PVST-enabled HP devices or third-party devices enabled with Rapid PVST.

  • Page 92: Mstp Features

    PVST limitations—Because each VLAN has its spanning tree, the amount of PVST BPDUs is • proportional to the number of VLANs on a trunk or hybrid port. When the trunk or hybrid port permits too many VLANs, both resources and calculations for maintaining the VLAN spanning trees increase dramatically.

  • Page 93

    Figure 23 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2 MSTI 2 VLAN 2 MSTI 2 Other VLANs MSTI 0 Other VLANs MSTI 0 MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1 MSTI 1 VLAN 1...

  • Page 94

    Same VLAN-to-instance mapping configuration • • Same MSTP revision level Physically linked together • Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region. In Figure The switched network comprises four MST regions, MST region 1 through MST region 4. •...

  • Page 95

    The regional root of MSTI 2 is Device C. • • The regional root of MSTI 0 (also known as the IST) is Device A. Common root bridge The common root bridge is the root bridge of the CIST. Figure 23, the common root bridge is a device in MST region 1.

  • Page 96: How Mstp Works

    Master port—Serves as a port on the shortest path from the local MST region to the common root • bridge. The master port is not always located on the regional root. It is a root port on the IST or CIST and still a master port on the other MSTIs.

  • Page 97: Mstp Implementation On Devices

    MSTI calculation Within an MST region, MSTP generates different MSTIs for different VLANs based on the VLAN-to-instance mappings. For each spanning tree, MSTP performs a separate calculation process similar to spanning tree calculation in STP. For more information, see "Calculation process of the STP algorithm."...

  • Page 98: Stp Configuration Task List

    When both TRILL and a spanning tree protocol are enabled on a port, TRILL processes the BPDUs • received on the port. To make sure the STP network can interoperate with the TRILL network, disable the spanning tree protocol on TRILL ports. For more information about TRILL, see TRILL Configuration Guide.

  • Page 99: Rstp Configuration Task List

    RSTP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority • (Optional.) Configuring the network diameter of a switched network •...

  • Page 100: Pvst Configuration Task List

    PVST configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority • (Optional.) Configuring the network diameter of a switched network •...

  • Page 101: Mstp Configuration Task List

    MSTP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Required.) Configuring an MST region • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority •...

  • Page 102: Configuration Restrictions And Guidelines

    RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transits to • the STP mode when it receives STP BPDUs from the peer device. A port in this mode does not transit to the MSTP mode when it receives MSTP BPDUs from the peer device. •...

  • Page 103: Configuring The Root Bridge Or A Secondary Root Bridge

    MST region revision level. • • VLAN-to-instance mapping entries in the MST region. The configuration of MST region-related parameters (especially the VLAN-to-instance mapping table) might cause MSTP to begin a new spanning tree calculation. To reduce the possibility of topology instability, the MST region configuration takes effect only after you activate it by doing one of the following: •...

  • Page 104: Configuring The Current Device As The Root Bridge Of A Specific Spanning Tree

    If you specify multiple secondary root bridges for the instance, the secondary root bridge with the • lowest MAC address is given priority. If you do not specify a secondary root bridge, a new root bridge is calculated. • You can specify one root bridge for each spanning tree, regardless of the device priority settings. Once you specify a device as the root bridge or a secondary root bridge, you cannot change its priority.

  • Page 105: Configuring The Maximum Hops Of An Mst Region

    You can configure the maximum hops of an MST region based on the STP network size. HP recommends that you configure the maximum hops to a value that is greater than the maximum hops of each edge device to the root bridge.

  • Page 106: Configuring Spanning Tree Timers

    • Max age ≥ 2 × (hello time + 1 second) HP recommends not manually setting the spanning tree timers. HP recommends that you specify the network diameter and letting spanning tree protocols automatically calculate the timers based on the network diameter.

  • Page 107: Configuration Procedure

    HP recommends that you use the automatically calculated value. An appropriate hello time setting enables the device to promptly detect link failures on the network • without using excessive network resources. If the hello time is too long, the device mistakes packet loss for a link failure and triggers a new spanning tree calculation process.

  • Page 108: Configuring The Bpdu Transmission Rate

    By setting an appropriate BPDU transmission rate, you can limit the rate at which the port sends BPDUs. Setting an appropriate rate also prevents spanning tree protocols from using excessive network resources when the network topology changes. HP recommends that you use the default setting.

  • Page 109

    Configuration procedure To configure a port as an edge port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type interface-number aggregate interface view. Configure the current ports as By default, all ports are stp edged-port edge ports.

  • Page 110

    To specify a standard for the device to use when it calculates the default path cost: Step Command Remarks Enter system view. system-view Specify a standard for the device to use when it stp pathcost-standard The default setting is legacy. calculates the default path { dot1d-1998 | dot1t | legacy } costs of its ports.

  • Page 111

    Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 Aggregate interface containing two Selected 1000 ports Aggregate interface containing three Selected ports Aggregate interface containing four Selected ports Single port 1000 Aggregate interface containing two Selected ports Aggregate interface 20 Gbps containing three Selected...

  • Page 112: Configuring Path Costs Of Ports

    Configuring path costs of ports When the path cost of a port changes, the system re-calculates the role of the port and initiates a state transition. To configure the path cost of a port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type interface-number...

  • Page 113: Configuring The Port Link Type

    You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that • operates in full duplex mode. HP recommends that you use the default setting and letting the device automatically detect the port link type.

  • Page 114: Configuring The Mode A Port Uses To Recognize And Send Mstp Packets

    Configuring the mode a port uses to recognize and send MSTP packets A port can receive and send MSTP packets in the following formats: dot1s—802.1s-compliant standard format • legacy—Compatible format • By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format.

  • Page 115: Enabling The Spanning Tree Feature

    Enabling the spanning tree feature You must enable the spanning tree feature for the device before any other spanning tree related configurations can take effect. In STP, RSTP, or MSTP mode, make sure the spanning tree feature is enabled globally and on the desired ports. In PVST mode, make sure the spanning tree feature is enabled globally, in the desired VLANs, and on the desired ports.

  • Page 116: Performing Mcheck

    • which causes the peer port to transit to STP mode. When you disable TRILL and enable STP on a port, HP recommends that you perform mCheck on both the port and the peer port. Configuration procedure Performing mCheck globally...

  • Page 117: Configuring Digest Snooping

    The devices of different vendors in the same MST region cannot communicate with each other. To enable communication between an HP device and a third-party device in the same MST region, enable Digest Snooping on the HP device port connecting them.

  • Page 118

    Configuration procedure Use this feature on when your HP device is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view.

  • Page 119: Configuring No Agreement Check

    [DeviceA] interface ten-gigabitethernet 1/1/5 [DeviceA-Ten-GigabitEthernet1/1/5] stp config-digest-snooping [DeviceA-Ten-GigabitEthernet1/1/5] quit [DeviceA] stp global config-digest-snooping # Enable Digest Snooping on Ten-GigabitEthernet 1/1/5 of Device B and enable global Digest Snooping on Device B. <DeviceB> system-view [DeviceB] interface ten-gigabitethernet 1/1/5 [DeviceB-Ten-GigabitEthernet1/1/5] stp config-digest-snooping [DeviceB-Ten-GigabitEthernet1/1/5] quit [DeviceB] stp global config-digest-snooping Configuring No Agreement Check...

  • Page 120: Configuration Prerequisites

    Figure 28 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implementation might be limited. For example: The upstream device uses a rapid transition mechanism similar to that of RSTP. •...

  • Page 121: No Agreement Check Configuration Example

    No Agreement Check configuration example Network requirements As shown in Figure Device A connects to a third-party device that has a different spanning tree implementation. Both • devices are in the same region. The third-party device (Device B) is the regional root bridge, and Device A is the downstream •...

  • Page 122

    Figure 30 TC Snooping application scenario To avoid traffic interruption, you can enable TC Snooping on the IRF fabric. After receiving a TC-BPDU through a port, the IRF fabric updates MAC address table and ARP table entries associated with the port's VLAN.

  • Page 123: Configuring Protection Functions

    Configuring protection functions A spanning tree device supports the following protection functions: • BPDU guard Root guard • Loop guard • Port role restriction • TC-BPDU transmission restriction • • TC-BPDU guard BPDU drop • Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers.

  • Page 124: Enabling Loop Guard

    supersedes the current legal root bridge, causing an undesired change of the network topology. The traffic that should go over high-speed links is switched to low-speed links, resulting in network congestion. To prevent this situation, MSTP provides the root guard function. If the root guard function is enabled on a port of a root bridge, this port plays the role of designated port on all MSTIs.

  • Page 125: Configuring Port Role Restriction

    Step Command Remarks Enable the loop guard By default, loop guard is stp loop-protection function for the ports. disabled. Configuring port role restriction CAUTION: Use this feature with caution, because enabling port role restriction on a port might affect the connectivity of the spanning tree topology.

  • Page 126: Enabling Tc-bpdu Guard

    10 seconds after the device receives the first TC-BPDU. For TC-BPDUs received in excess of the limit, the device performs a forwarding address entry flush when the time period expires. This prevents frequent flushing of forwarding address entries. HP recommends that you enable TC-BPDU guard.

  • Page 127: Displaying And Maintaining The Spanning Tree

    Displaying and maintaining the spanning tree Execute display commands in any view and reset command in user view. Task Command Display information about ports blocked by spanning tree display stp abnormal-port protection functions. display stp bpdu-statistics [ interface interface-type interface-number [ instance Display BPDU statistics on ports.

  • Page 128

    Figure 31 Network diagram Configuration procedure Configure VLANs and VLAN member ports: (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.

  • Page 129

    <DeviceB> system-view [DeviceB] stp region-configuration [DeviceB-mst-region] region-name example # Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively. [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0.

  • Page 130

    # Activate MST region configuration. [DeviceD-mst-region] active region-configuration [DeviceD-mst-region] quit # Enable the spanning tree feature globally. [DeviceD] stp global enable Verifying the configuration In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0.

  • Page 131: Pvst Configuration Example

    Ten-GigabitEthernet1/1/6 ALTE DISCARDING NONE Ten-GigabitEthernet1/1/7 ALTE DISCARDING NONE Ten-GigabitEthernet1/1/5 ROOT FORWARDING NONE Ten-GigabitEthernet1/1/6 ALTE DISCARDING NONE Ten-GigabitEthernet1/1/7 ROOT FORWARDING NONE Based on the output, you can draw each MSTI mapped to each VLAN, as shown in Figure Figure 32 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30...

  • Page 132

    Figure 33 Network diagram Configuration procedure Configure VLANs and VLAN member ports: (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.

  • Page 133

    # Configure the device as the root bridge of VLAN 40. [DeviceC] stp vlan 40 root primary # Enable the spanning tree feature globally and in VLAN 10, VLAN 20, and VLAN 40. [DeviceC] stp global enable [DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST.

  • Page 134

    # Display brief spanning tree information on Device D. [DeviceD] display stp brief VLAN ID Port Role STP State Protection Ten-GigabitEthernet1/1/5 ALTE DISCARDING NONE Ten-GigabitEthernet1/1/6 ROOT FORWARDING NONE Ten-GigabitEthernet1/1/7 ALTE DISCARDING NONE Ten-GigabitEthernet1/1/5 ROOT FORWARDING NONE Ten-GigabitEthernet1/1/6 ALTE DISCARDING NONE Ten-GigabitEthernet1/1/7 ROOT FORWARDING...

  • Page 135: Configuring Loop Detection

    Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts, waste network resources, and sometimes even paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.

  • Page 136: Loop Detection Interval

    Figure 36 Inner frame header for loop detection The inner frame header for loop detection contains the following fields: Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • • Version—Protocol version, which is always 0x0000. Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. •...

  • Page 137: Port Status Auto Recovery

    VLAN. The per-port configuration applies to the individual port only when the port belongs to the specified VLAN. Per-port configurations take precedence over global configurations. HP recommends not enabling loop detection on TRILL ports, because TRILL networks prevent loops from being generated. For information more about TRILL, see TRILL Configuration Guide.

  • Page 138: Configuring The Loop Protection Action

    Step Command Remarks Enter Layer 2 Ethernet interface interface interface-type view or Layer 2 aggregate interface-number interface view. Enable loop detection on the loopback-detection enable vlan Disabled by default. port. { vlan-list | all } Configuring the loop protection action You can configure the loop protection action globally or on specific ports.

  • Page 139: Setting The Loop Detection Interval

    Step Command Remarks By default, the switch generates Configure the loop protection loopback-detection action a log but performs no action on action on the interface. shutdown the port on which a loop is detected. Setting the loop detection interval With loop detection enabled, the switch sends loop detection frames at a specified interval. A shorter interval offers more sensitive detection but consumes more resources.

  • Page 140

    Figure 37 Network diagram Device A XGE1/1/5 XGE1/1/6 Device B Device C VLAN 100 Configuration procedure Configure Device A: # Create VLAN 100, and globally enable loop detection for the VLAN. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] quit [DeviceA] loopback-detection global enable vlan 100 # Configure Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 as trunk ports, and assign them to VLAN 100.

  • Page 141

    # Configure Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 as trunk ports, and assign them to VLAN 100. [DeviceB] interface ten-gigabitethernet 1/1/5 [DeviceB-Ten-GigabitEthernet1/1/5] port link-type trunk [DeviceB-Ten-GigabitEthernet1/1/5] port trunk permit vlan 100 [DeviceB-Ten-GigabitEthernet1/1/5] quit [DeviceB] interface ten-gigabitethernet 1/1/6 [DeviceB-Ten-GigabitEthernet1/1/6] port link-type trunk [DeviceB-Ten-GigabitEthernet1/1/6] port trunk permit vlan 100 [DeviceB-Ten-GigabitEthernet1/1/6] quit Configure Device C:...

  • Page 142

    The output shows that the device has removed the loops from Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 according to the shutdown action. Use the display interface command to display the status of Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 on Device A. # Display the status of Ten-GigabitEthernet 1/1/5 on Device A. [DeviceA] display interface ten-gigabitethernet 1/1/5 Ten-GigabitEthernet1/1/5 current state: DOWN (Loop detection down) # Display the status of Ten-GigabitEthernet 1/1/6 on Device A.

  • Page 143: Configuring Vlans

    Configuring VLANs This chapter provides an overview of VLANs and explains how to configure them. Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. As the medium is shared, collisions and broadcasts are common in an Ethernet LAN.

  • Page 144: Protocols And Standards

    Figure 39 VLAN tag placement and format A VLAN tag includes the following fields: TPID—16-bit tag protocol identifier that indicates whether a frame is VLAN-tagged. By default, the • TPID value is 0x8100, indicating that the frame is VLAN-tagged. However, device vendors can set TPID to different values.

  • Page 145: Configuring Basic Settings Of A Vlan Interface

    Step Command Remarks The default setting is VLAN vlan-id, which is Configure the the ID of the VLAN. For example, the description text description of the VLAN. description of VLAN 100 is VLAN 0100 by default. NOTE: • As the system default VLAN, VLAN 1 cannot be created or removed. You cannot use the undo vlan command to delete a dynamic VLAN, a VLAN with a QoS policy •...

  • Page 146: Configuring Port-based Vlans

    Step Command Remarks Configure the MTU for the mtu size The default setting is 1500 bytes. VLAN interface. By default, the expected bandwidth (in Configure the expected bandwidth bandwidth-value kbps) is the interface baud rate divided bandwidth of the interface. by 1000.

  • Page 147: Assigning An Access Port To A Vlan

    For a hybrid or trunk port, the PVID setting of the port does not change. You can use a nonexistent VLAN as the PVID for a hybrid or trunk port, but not for an access port. HP recommends setting the same PVID for local and remote ports. •...

  • Page 148: Assigning A Trunk Port To A Vlan

    Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet • The configuration made in Layer 2 interface view: aggregate interface view applies interface interface-type to the aggregate interface and its interface-number aggregation member ports.

  • Page 149: Assigning A Hybrid Port To A Vlan

    Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • The configuration made in • Enter Layer 2 Ethernet interface Layer 2 aggregate interface view: view applies to the aggregate interface interface-type interface and its aggregation interface-number member ports.

  • Page 150: Configuring Ip Subnet-based Vlans

    Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • The configuration made in • Enter Layer 2 Ethernet interface Layer 2 aggregate interface view: view applies to the aggregate interface interface-type interface and its aggregation interface-number member ports.

  • Page 151: Configuring An Ip Subnet-based Vlan

    Configuring an IP subnet-based VLAN Task Command Remarks Enter system view. system-view If the specified VLAN does not exist, this Enter VLAN view. vlan vlan-id command first creates the VLAN and enters VLAN view of this VLAN. By default, a VLAN is not associated with any IP subnets or IP addresses.

  • Page 152: Configuring Protocol-based Vlans

    Configuring protocol-based VLANs Introduction The protocol-based VLAN feature assigns inbound packets to different VLANs based on their protocol types and encapsulation formats. The protocols available for VLAN assignment include IP, IPX, and AT. The encapsulation formats include Ethernet II, 802.3 raw, 802.2 LLC, and 802.2 SNAP. A protocol template defines a protocol type and an encapsulation format.

  • Page 153: Displaying And Maintaining Vlans

    Step Command Remarks • The configurations made in Layer 2 Ethernet interface view apply only to the port. • Enter Layer 2 Ethernet • The configurations made in Layer 2 interface view: aggregate interface view apply to the interface interface-type aggregate interface and its interface-number aggregation member ports.

  • Page 154: Vlan Configuration Examples

    VLAN configuration examples Port-based VLAN configuration example Network requirements As shown in Figure Host A and Host C belong to Department A. VLAN 100 is assigned to Department A. • Host B and Host D belong to Department B. VLAN 200 is assigned to Department B. •...

  • Page 155: Ip Subnet-based Vlan Configuration Example

    Verifying the configuration # Verify that Host A and Host C can ping each other, but they both fail to ping Host B. (Details not shown.) # Verify that Host B and Host D can ping each other, but they both fail to ping Host A. (Details not shown.) # Verify that VLANs 100 and 200 are correctly configured on Device A.

  • Page 156: Configuration Considerations

    Figure 41 Network diagram Device A Device B VLAN 100 VLAN 200 XGE1/1/11 XGE1/1/12 Device C XGE1/1/5 192.168.5.0/24 192.168.50.0/24 Office Configuration considerations To meet the network requirements, you must perform the following tasks: Create VLANs 100 and 200. Associate IP subnets 192.168.5.0/24 and 192.168.50.0/24 with the VLANs 100 and 200, respectively.

  • Page 157: Protocol-based Vlan Configuration Example

    # Configure Ten-GigabitEthernet1/1/12 as a hybrid port to forward packets from VLAN 200 tagged. [DeviceC] interface ten-gigabitethernet 1/1/12 [DeviceC-Ten-GigabitEthernet1/1/12] port link-type hybrid [DeviceC-Ten-GigabitEthernet1/1/12] port hybrid vlan 200 tagged [DeviceC-Ten-GigabitEthernet1/1/12] quit # Associate Ten-GigabitEthernet 1/1/5 with IP subnet-based VLANs 100 and 200. [DeviceC] interface ten-gigabitethernet 1/1/5 [DeviceC-Ten-GigabitEthernet1/1/5] port link-type hybrid [DeviceC-Ten-GigabitEthernet1/1/5] port hybrid vlan 100 200 untagged...

  • Page 158

    Figure 42 Network diagram Configuration procedure In this example, L2 Switch A and L2 Switch B use the factory defaults. Configure Device: # Create VLAN 100, and configure the description for VLAN 100 as protocol VLAN for IPv4. <Device> system-view [Device] vlan 100 [Device-vlan100] description protocol VLAN for IPv4 # Assign Ten-GigabitEthernet 1/1/11 to VLAN 100.

  • Page 159

    [Device-vlan100] protocol-vlan 2 mode ethernetii etype 0806 [Device-vlan100] quit # Configure Ten-GigabitEthernet 1/1/5 as a hybrid port to forward packets from VLANs 100 and 200 untagged. [Device] interface ten-gigabitethernet 1/1/5 [Device-Ten-GigabitEthernet1/1/5] port link-type hybrid [Device-Ten-GigabitEthernet1/1/5] port hybrid vlan 100 200 untagged # Associate Ten-GigabitEthernet 1/1/5 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.

  • Page 160

    IPv6 # Display protocol-based VLANs on the ports of Device. [Device] display protocol-vlan interface all Interface: Ten-GigabitEthernet1/1/5 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: Ten-GigabitEthernet 1/1/6 VLAN ID Protocol index Protocol type Status IPv4...

  • Page 161: Configuring Super Vlans

    Configuring super VLANs Super VLAN, also called "VLAN aggregation," was introduced to save IP address space. A super VLAN is associated with multiple sub-VLANs. These sub-VLANs use the VLAN interface of the super VLAN (also known as a super VLAN interface) as the gateway for Layer 3 communication. Sub-VLANs are isolated at Layer 2.

  • Page 162: Configuring A Super Vlan Interface

    VLAN. Configuring a super VLAN interface HP recommends not configuring VRRP for a super VLAN interface, because the configuration affects network performance. For more information about VRRP, see High Availability Configuration Guide. To configure a VLAN interface for a super VLAN:...

  • Page 163: Displaying And Maintaining Super Vlans

    Displaying and maintaining super VLANs Execute the display command in any view. Task Command Display information about super VLANs and their display supervlan [ supervlan-id ] associated sub-VLANs. Super VLAN configuration example Network requirements As shown in Figure Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 are in VLAN 2. •...

  • Page 164

    [Sysname-Vlan-interface10] quit # Create VLAN 2, and assign Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 to the VLAN. [Sysname] vlan 2 [Sysname-vlan2] port ten-gigabitethernet 1/1/5 ten-gigabitethernet 1/1/6 [Sysname-vlan2] quit # Create VLAN 3, and assign Ten-GigabitEthernet 1/1/7 and Ten-GigabitEthernet 1/1/8 to the VLAN. [Sysname] vlan 3 [Sysname-vlan3] port ten-gigabitethernet 1/1/7 ten-gigabitethernet 1/1/8 [Sysname-vlan3] quit...

  • Page 165

    Tagged ports: none Untagged ports: Ten-GigabitEthernet1/1/5 Ten-GigabitEthernet1/1/6 VLAN ID: 3 VLAN type: Static It is a sub VLAN. Route interface: Configured Ipv4 address: 10.0.0.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: none Untagged ports: Ten-GigabitEthernet1/1/7 Ten-GigabitEthernet1/1/8 VLAN ID: 5 VLAN type: static...

  • Page 166: Configuring The Private Vlan

    Configuring the private VLAN The private VLAN feature uses a two-tier VLAN structure, including a primary VLAN and secondary VLANs. This feature simplifies the network configuration and saves VLAN resources. A primary VLAN is used for upstream data exchange. A primary VLAN can be associated with multiple secondary VLANs.

  • Page 167

    When the port allows multiple primary VLANs, configure the port as a trunk promiscuous − port of these primary VLANs. The trunk promiscuous port can be automatically assigned to the primary VLANs and their associated secondary VLANs. Configure a downlink port, for example, the port connecting Device B to a host in Figure 38, as a host port.

  • Page 168

    Step Command Remarks Use either command. By default, ports in the same secondary VLAN can communicate with each other at Layer 2. This configuration takes effect Enable Layer 2 • undo private-vlan isolated when the following conditions communication for ports in the •...

  • Page 169

    Step Command Remarks Return to system view. quit Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. • Configure the downlink port as a host port: port private-vlan host Configure the downlink port By default, a port is not a host or as a host or trunk secondary •...

  • Page 170: Displaying And Maintaining The Private Vlan

    Displaying and maintaining the private VLAN Execute the display command in any view. Task Command Display information about primary VLANs and their display private-vlan [ primary-vlan-id ] associated secondary VLANs. Private VLAN configuration examples Promiscuous port configuration example Network requirements As shown in Figure 45, configure the private VLAN feature to meet the following requirements:...

  • Page 171

    # Create VLANs 2 and 3. [DeviceB] vlan 2 to 3 # Configure the uplink port Ten-GigabitEthernet 1/1/9 as a promiscuous port of VLAN 5. [DeviceB] interface ten-gigabitethernet 1/1/9 [DeviceB-Ten-GigabitEthernet1/1/9] port private-vlan 5 promiscuous [DeviceB-Ten-GigabitEthernet1/1/9] quit # Assign the downlink port Ten-GigabitEthernet 1/1/5 to VLAN 3, and configure the port as a host port.

  • Page 172: Trunk Promiscuous Port Configuration Example

    # Associate secondary VLANs 3 and 4 with primary VLAN 6. [DeviceC] vlan 6 [DeviceC-vlan6] private-vlan secondary 3 to 4 [DeviceC-vlan6] quit Verifying the configuration # Verify the private VLAN configurations on the devices, for example, on Device B. [DeviceB] display private-vlan Primary VLAN ID: 5 Secondary VLAN ID: 2-3 VLAN ID: 5...

  • Page 173

    On Device B, the downlink port Ten-GigabitEthernet 1/1/6 permits secondary VLAN 2. The • downlink port Ten-GigabitEthernet 1/1/7 permits secondary VLAN 3. Secondary VLANs 2 and 3 are associated with primary VLAN 5. • On Device B, the downlink port Ten-GigabitEthernet 1/1/10 permits secondary VLAN 6. The downlink port Ten-GigabitEthernet 1/1/12 permits secondary VLAN 8.

  • Page 174

    # Assign the downlink port Ten-GigabitEthernet 1/1/6 to VLAN 2, and configure the port as a host port. [DeviceB] interface ten-gigabitethernet 1/1/6 [DeviceB-Ten-GigabitEthernet1/1/6] port access vlan 2 [DeviceB-Ten-GigabitEthernet1/1/6] port private-vlan host [DeviceB-Ten-GigabitEthernet1/1/6] quit # Assign the downlink port Ten-GigabitEthernet 1/1/7 to VLAN 3, and configure the port as a host port.

  • Page 175: Trunk Promiscuous And Trunk Secondary Port Configuration Example

    Verifying the configuration # Verify the primary VLAN configurations on Device B. The following output uses primary VLAN 5 as an example. [DeviceB] display private-vlan 5 Primary VLAN ID: 5 Secondary VLAN ID: 2-3 VLAN ID: 5 VLAN type: Static Private VLAN type: Primary Route interface: Not configured Description: VLAN 0005...

  • Page 176

    VLANs 10 and 20 are primary VLANs on Device A. The uplink port Ten-GigabitEthernet 1/1/9 • permits the packets from VLANs 10 and 20 to pass through tagged. VLANs 1 1, 12, 21, and 22 are secondary VLANs on Device A. •...

  • Page 177

    [DeviceA-vlan10] quit # Associate secondary VLANs 21 and 22 with primary VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] private-vlan secondary 21 22 [DeviceA-vlan20] quit # Configure the uplink port Ten-GigabitEthernet 1/1/9 as a trunk promiscuous port of VLANs 10 and 20. [DeviceA] interface ten-gigabitethernet 1/1/9 [DeviceA-Ten-GigabitEthernet1/1/9] port private-vlan 10 20 trunk promiscuous [DeviceA-Ten-GigabitEthernet1/1/9] quit...

  • Page 178

    [DeviceB-Ten-GigabitEthernet1/1/7] port access vlan 21 [DeviceB-Ten-GigabitEthernet1/1/7] quit Configure Device C: # Create VLANs 10 and 20. <DeviceC> system-view [DeviceC] vlan 10 [DeviceC-vlan10] quit [DeviceC] vlan 20 [DeviceC-vlan20] quit # Configure Ten-GigabitEthernet1/1/9 as a hybrid port to forward packets from VLANs 10 and VLAN 20 tagged.

  • Page 179

    Name: VLAN 0012 Tagged ports: Ten-GigabitEthernet1/1/9 Untagged ports: Ten-GigabitEthernet1/1/7 # Verify the configuration of primary VLAN 20 on Device A. [DeviceA] display private-vlan 20 Primary VLAN ID: 20 Secondary VLAN ID: 21-22 VLAN ID: 20 VLAN type: Static Private-vlan type: Primary Route interface: Not configured Description: VLAN 0020 Name: VLAN 0020...

  • Page 180: Secondary Vlan Layer 3 Communication Configuration Example

    Secondary VLAN Layer 3 communication configuration example Network requirements As shown in Figure 48, configure the private VLAN feature to meet the following requirements: Primary VLAN 10 on Device B is associated with secondary VLANs 2 and 3. The IP address of •...

  • Page 181

    [DeviceB] interface ten-gigabitethernet 1/1/7 [DeviceB-Ten-GigabitEthernet1/1/7] port access vlan 3 [DeviceB-Ten-GigabitEthernet1/1/7] port private-vlan host [DeviceB-Ten-GigabitEthernet1/1/7] quit # Enable Layer 3 communication between secondary VLANs 2 and 3 that are associated with primary VLAN 10. [DeviceB] interface vlan-interface 10 [DeviceB-Vlan-interface10] private-vlan secondary 2 3 # Assign the IP address 192.168.1.1/24 to VLAN-interface 10.

  • Page 182

    Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/1/5 Ten-GigabitEthernet1/1/7 The Route interface field in the output is Configured, indicating that secondary VLANs 2 and 3 are interoperable at Layer 3.

  • Page 183: Configuring Mvrp

    Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute messages. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.

  • Page 184: Mrp Messages

    MRP messages MRP messages include Join, New, Leave, and LeaveAll. Join and New messages are declarations, and Leave and LeaveAll messages are withdrawals. Join message An MRP participant sends a Join message to request the peer participant to register the specific attribute. When receiving a Join message from the peer participant, an MRP participant registers the specific attribute and propagates the Join message to all other participants on the device.

  • Page 185: Mrp Timers

    MRP deregisters all attributes that have not been re-registered to periodically clear useless attributes in the network. MRP timers MRP uses the following timers to control message transmission. Periodic timer The Periodic timer controls the transmission of MRP messages. An MRP participant starts its own Periodic timer upon startup, and stores MRP messages to be sent before the Periodic timer expires.

  • Page 186

    Normal An MVRP participant in normal registration mode performs dynamic VLAN registrations and deregistrations. Fixed An MVRP participant in fixed registration mode disables deregistering dynamic VLANs and drops received MVRP packets. The MVRP participant does not deregister or register dynamic VLANs. Forbidden An MVRP participant in forbidden registration mode disables registering dynamic VLANs and drops received MVRP packets.

  • Page 187

    Configuration prerequisites Before configuring MVRP, perform the following tasks: • Make sure all MSTIs in the network are effective and each MSTI is mapped to an existing VLAN on each device in the network, because MVRP runs on a per-MSTI basis. Configure the involved ports as trunk ports, because MVRP takes effect only on trunk ports.

  • Page 188: Configuring Mrp Timers

    Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. Optional. Configure an MVRP mvrp registration { fixed | The default setting is normal registration mode. forbidden | normal } registration mode. Configuring MRP timers To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.

  • Page 189: Enabling Gvrp Compatibility

    To restore the default settings of the timers, HP recommends restoring the Join timer first, followed by • the Leave and LeaveAll timers. Table 11 Dependencies of the Join, Leave, and LeaveAll timers Timer Lower limit Upper limit Join 20 centiseconds...

  • Page 190: Mvrp Configuration Example

    MVRP configuration example Network requirements As shown in Figure 50, create VLAN 10 on Device A and VLAN 20 on Device B. Configure MSTP, map VLAN 10 to MSTI 1, map VLAN 20 to MSTI 2, and map the other VLANs to MSTI 0. Configure MVRP and set the MVRP registration mode to normal, so that Device A, Device B, Device C, and Device D can register and deregister dynamic VLANs and keep identical VLAN configuration for each MSTI.

  • Page 191

    # Configure the MST region name, VLAN-to-instance mappings, and revision level. [DeviceA-mst-region] region-name example [DeviceA-mst-region] instance 1 vlan 10 [DeviceA-mst-region] instance 2 vlan 20 [DeviceA-mst-region] revision-level 0 # Manually activate the MST region configuration. [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Configure Device A as the primary root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Globally enable the spanning tree feature.

  • Page 192

    [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 2 vlan 20 [DeviceB-mst-region] revision-level 0 # Manually activate the MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Configure Device B as the primary root bridge of MSTI 2. [DeviceB] stp instance 2 root primary # Globally enable the spanning tree feature.

  • Page 193

    [DeviceC-mst-region] region-name example [DeviceC-mst-region] instance 1 vlan 10 [DeviceC-mst-region] instance 2 vlan 20 [DeviceC-mst-region] revision-level 0 # Manually activate the MST region configuration. [DeviceC-mst-region] active region-configuration [DeviceC-mst-region] quit # Configure Device C as the root bridge of MSTI 0. [DeviceC] stp instance 0 root primary # Globally enable the spanning tree feature.

  • Page 194

    # Configure port Ten-GigabitEthernet 1/1/5 as a trunk port, and configure it to permit VLANs 20 and [DeviceD] interface ten-gigabitethernet 1/1/5 [DeviceD-Ten-GigabitEthernet1/1/5] port link-type trunk [DeviceD-Ten-GigabitEthernet1/1/5] port trunk permit vlan 20 40 # Enable MVRP on port Ten-GigabitEthernet 1/1/5. [DeviceD-Ten-GigabitEthernet1/1/5] mvrp enable [DeviceD-Ten-GigabitEthernet1/1/5] quit # Configure port Ten-GigabitEthernet 1/1/6 as a trunk port, and configure it to permit VLAN 40.

  • Page 195

    Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : None Declared VLANs : 1(default) Propagated VLANs : None ----[Ten-GigabitEthernet1/1/7]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer...

  • Page 196

    1(default), 20 Propagated VLANs : 1(default) ----[Ten-GigabitEthernet1/1/6]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default), 10 Declared VLANs : 1(default), 20...

  • Page 197

    Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default), 10, 20 Declared VLANs : 1(default) Propagated VLANs : 1(default), 10 ----[Ten-GigabitEthernet1/1/6]---- Config...

  • Page 198

    Declared VLANs : 1(default) Propagated VLANs : 1(default), 20 ----[Ten-GigabitEthernet1/1/6]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default)

  • Page 199

    Declared VLANs : Propagated VLANs : The output shows that the VLAN information on Ten-GigabitEthernet 1/1/7 is not changed after you set the MVRP registration mode to fixed on Ten-GigabitEthernet 1/1/7. # Delete VLAN 10 on Device A. [DeviceA] undo vlan 10 # Display the local MVRP VLAN information on Ten-GigabitEthernet 1/1/7.

  • Page 200: Configuring Qinq

    Configuring QinQ This document uses the following terms: CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses • on the private network. SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service •...

  • Page 201: Qinq Implementations

    As shown in Figure 52, customer A has remote sites CE 1 and CE 4. Customer B has remote sites CE 2 and CE 3. The CVLANs of the two customers overlap. The service provider assigns SVLANs 3 and 4 to customers A and B, respectively.

  • Page 202: Restrictions And Guidelines

    The inner 802.1Q tag of QinQ frames is treated as part of the payload. For correct transmission of • QinQ frames, HP recommends that you set the MTU to a minimum of 1504 bytes for ports on the QinQ frame forwarding path. This value is the sum of the default Ethernet interface MTU (1500 bytes) and the length (4 bytes) of a VLAN tag.

  • Page 203: Configuring The Tpid In Vlan Tags

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. By default, the link type of Set the port link type. port link-type { hybrid | trunk } ports is access.

  • Page 204: Configuring The Cvlan Tpid

    Protocol type Value IPv6 0x86DD PPPoE 0x8863/0x8864 MPLS 0x8847/0x8848 IPX/SPX 0x8137 IS-IS 0x8000 LACP 0x8809 802.1X 0x888E LLDP 0x88CC 802.1ag 0x8902 Cluster 0x88A7 Reserved 0xFFFD/0xFFFE/0xFFFF Configuring the CVLAN TPID Step Command Remarks Enter system view. system-view Configure the TPID value for qinq ethernet-type customer-tag The default setting is 0x8100 for CVLAN tags.

  • Page 205

    If the 802.1p priority is trusted, the port copies the 802.1p priority in the CVLAN tag to the SVLAN • tag. If port priority is trusted, the port sets the 802.1p priority in the SVLAN to be the same as the port •...

  • Page 206: Displaying And Maintaining Qinq

    Step Command Remarks By default, the device does not trust the 802.1p priority carried in frames. Configure the port to trust the 802.1p priority in qos trust dot1p Skip this step if the incoming frames. remark dot1p customer-dot1p-trust command is configured. Enable QinQ.

  • Page 207

    Figure 53 Network diagram VLANs 30 to 90 VLANs 10 to 70 CE 3 CE 4 Site 3 Site 2 Company B Company A XGE1/1/7 XGE1/1/7 XGE1/1/6 XGE1/1/6 VLANs 100 and 200 PE 1 PE 2 TPID = 0x8200 XGE1/1/5 XGE1/1/5 Service provider network Company A...

  • Page 208: Vlan Transparent Transmission Configuration Example

    # Configure VLAN 200 as the PVID of Ten-GigabitEthernet 1/1/7. [PE1-Ten-GigabitEthernet1/1/7] port trunk pvid vlan 200 # Enable QinQ on Ten-GigabitEthernet 1/1/7. [PE1-Ten-GigabitEthernet1/1/7] qinq enable [PE1-Ten-GigabitEthernet1/1/7] quit Configure PE 2: # Configure Ten-GigabitEthernet 1/1/5 as a trunk port, and assign it to VLAN 200 and VLANs 30 through 90.

  • Page 209

    The service provider assigns VLAN 100 to a company's VLANs 10 through 50. • • VLAN 3000 is the dedicated VLAN of the company on the service provider network. Configure QinQ on PE 1 and PE 2 to provide Layer 2 connectivity for CVLANs 10 through 50 over the service provider network.

  • Page 210

    [PE2] interface ten-gigabitethernet 1/1/5 [PE2-Ten-GigabitEthernet1/1/5] port link-type trunk [PE2-Ten-GigabitEthernet1/1/5] port trunk permit vlan 100 3000 10 to 50 # Configure VLAN 100 as the PVID of Ten-GigabitEthernet 1/1/5. [PE1-Ten-GigabitEthernet1/1/5] port trunk pvid vlan 100 # Enable QinQ on Ten-GigabitEthernet 1/1/5. [PE2-Ten-GigabitEthernet1/1/5] qinq enable # Configure Ten-GigabitEthernet 1/1/5 to transparently transmit frames from VLAN 3000.

  • Page 211: Configuring Vlan Mapping

    Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag.

  • Page 212

    Figure 55 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 Wiring-closet switch VLAN 1 VLAN 1 ->...

  • Page 213: Application Scenario Of One-to-two And Two-to-two Vlan Mapping

    Application scenario of one-to-two and two-to-two VLAN mapping Figure 56 shows a typical application scenario of one-to-two and two-to-two VLAN mapping. In this scenario, the two remote sites of the same VPN must communicate across two SP networks. Figure 56 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively.

  • Page 214

    Figure 57 Basic VLAN mapping concepts Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping Figure 58, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: Replaces the CVLAN with the SVLAN for the uplink traffic. •...

  • Page 215

    Figure 59 Many-to-one VLAN mapping implementation One-to-two VLAN mapping Figure 60, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic. For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission.

  • Page 216

    Figure 61 Two-to-two VLAN mapping implementation Two-to-two VLAN mapping SVLAN CVLAN Data SVLAN’ CVLAN’ Data Customer SP network network SVLAN CVLAN Data SVLAN’ CVLAN’ Data Uplink traffic Downlink traffic Network-side port Customer-side port Configuration restrictions and guidelines When you configure VLAN mapping, follow these restrictions and guidelines: When you configure one-to-two VLAN mapping on a QinQ-enabled port, the switch operates as •...

  • Page 217: Configuring One-to-one Vlan Mapping

    Tasks at a glance Remarks Configuring many-to-one VLAN mapping Configure many-to-one VLAN mapping on the campus • Configuring many-to-one VLAN mapping in a switch as shown in Figure network with dynamic IP address assignment Complete one of the tasks based on the IP address •...

  • Page 218: Configuring Many-to-one Vlan Mapping

    Configuring many-to-one VLAN mapping Configure many-to-one VLAN mapping on campus switches (see Figure 55) to transmit the same type of traffic from different users in one VLAN. Configuring many-to-one VLAN mapping in a network with dynamic IP address assignment In a network where IP addresses are dynamically assigned, configure many-to-one VLAN mapping with DHCP snooping.

  • Page 219

    Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id By default, ARP detection is disabled. For more information about ARP detection Enable ARP detection. arp detection enable configuration commands, see Security Command Reference. Configuring the customer-side port Step Command Remarks...

  • Page 220: Configuring Many-to-one Vlan Mapping In A Network With Static Ip Address Assignment

    Step Command Remarks • Configure the port as a trunk port: port link-type trunk By default, the link type of a Set the port link type. • Configure the port as a hybrid port is access. port: port link-type hybrid By default, a trunk port is •...

  • Page 221

    To ensure correct traffic forwarding from the service provider network to the customer network, do • not configure many-to-one VLAN mapping together with uRPF. For more information about uRPF, see Security Configuration Guide. Configuration task list Tasks at a glance •...

  • Page 222: Configuring One-to-two Vlan Mapping

    The MTU of an interface is 1500 bytes by default. After a VLAN tag is added to a packet, the packet length is added by 4 bytes. When you configure one-to-two VLAN mapping, HP recommends that you set the MTU to a minimum of 1504 bytes on interfaces in the service provider network. For more information about the MTU, see "Configuring Ethernet...

  • Page 223: Configuring Two-to-two Vlan Mapping

    Step Command Remarks Configure the link type of the By default, the link type of a port link-type hybrid port as hybrid. port is access. Assign the port to the original port hybrid vlan vlan-id-list { tagged | By default, a hybrid port is an VLANs.

  • Page 224: Displaying And Maintaining Vlan Mapping

    Displaying and maintaining VLAN mapping Execute the display commands in user view. Task Command Display VLAN mapping display vlan mapping [ interface interface-type interface-number ] information. VLAN mapping configuration examples One-to-one and many-to-one VLAN mapping configuration example Network requirements As shown in Figure •...

  • Page 225

    Figure 62 Network diagram Configuration procedure Configure Switch A: # Create the original VLANs. <SwitchA> system-view [SwitchA] vlan 2 to 3 # Create the translated VLANs. [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure the customer-side port Ten-GigabitEthernet 1/1/5 as a trunk port, and assign the port to all original VLANs and translated VLANs.

  • Page 226: Enable Dhcp Snooping

    [SwitchA-Ten-GigabitEthernet1/1/5] port trunk permit vlan 1 2 3 101 201 301 # Configure one-to-one VLAN mappings on Ten-GigabitEthernet 1/1/5 to map VLANs 1, 2, and 3 to VLANs 101, 201, and 301, respectively. [SwitchA-Ten-GigabitEthernet1/1/5] vlan mapping 1 translated-vlan 101 [SwitchA-Ten-GigabitEthernet1/1/5] vlan mapping 2 translated-vlan 201 [SwitchA-Ten-GigabitEthernet1/1/5] vlan mapping 3 translated-vlan 301 [SwitchA-Ten-GigabitEthernet1/1/5] quit # Configure the customer-side port Ten-GigabitEthernet 1/1/6 as a trunk port, and assign the port...

  • Page 227

    [SwitchC-vlan303] arp detection enable [SwitchC-vlan303] vlan 104 [SwitchC-vlan104] arp detection enable [SwitchC-vlan104] vlan 204 [SwitchC-vlan204] arp detection enable [SwitchC-vlan204] vlan 304 [SwitchC-vlan304] arp detection enable [SwitchC-vlan304] vlan 501 [SwitchC-vlan501] arp detection enable [SwitchC-vlan501] vlan 502 [SwitchC-vlan502] arp detection enable [SwitchC-vlan502] vlan 503 [SwitchC-vlan503] arp detection enable [SwitchC-vlan503] quit # Configure the customer-side port Ten-GigabitEthernet 1/1/5 as a trunk port, and assign the port...

  • Page 228

    # Configure the network-side port Ten-GigabitEthernet 1/1/7 to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destined for the user network. [SwitchC] interface ten-gigabitethernet 1/1/7 [SwitchC-Ten-GigabitEthernet1/1/7] vlan mapping nni # Configure Ten-GigabitEthernet 1/1/7 as a trunk port, and assign the port to the translated VLANs.

  • Page 229: One-to-two And Two-to-two Vlan Mapping Configuration Example

    303-304 One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • • The two sites use different VPN access services from different service providers, SP 1 and SP 2. SP 1 assigns VLAN 100 to Site 1 and Site 2.

  • Page 230

    [PE1-Ten-GigabitEthernet1/1/6] port link-type trunk [PE1-Ten-GigabitEthernet1/1/6] port trunk permit vlan 100 [PE1-Ten-GigabitEthernet1/1/6] quit Configure PE 2: # Configure Ten-GigabitEthernet 1/1/5 as a trunk port, and assign the port to VLAN 100. <PE2> system-view [PE2] interface ten-gigabitethernet 1/1/5 [PE2-Ten-GigabitEthernet1/1/5] port link-type trunk [PE2-Ten-GigabitEthernet1/1/5] port trunk permit vlan 100 [PE2-Ten-GigabitEthernet1/1/5] quit # Configure Ten-GigabitEthernet 1/1/6 as a trunk port, and assign the port to VLAN 100.

  • Page 231

    # Configure a one-to-two VLAN mapping on the customer-side port Ten-GigabitEthernet 1/1/6 to add SVLAN tag 200 to traffic from VLAN 6. [PE4-Ten-GigabitEthernet1/1/6] vlan mapping nest single 6 nested-vlan 200 [PE4-Ten-GigabitEthernet1/1/6] quit Verifying the configuration # Verify the VLAN mappings on PE 1. [PE1] display vlan mapping Interface Ten-GigabitEthernet1/1/5: Outer VLAN...

  • Page 232: Configuring Pbb

    Configuring PBB Overview IEEE 802.1ah Provider Backbone Bridge (PBB) is a MAC-in-MAC Layer 2 VPN technology. It interconnects multiple provider bridged networks to build a large scale end-to-end Layer 2 provider bridged network. PBB network model As shown in Figure 64, the PBB network is a provider backbone bridge network.

  • Page 233: Pbb Frame Format

    A network connecting a PBBN to a customer network is a provider bridge network (PBN). A customer network can connect to a PBBN directly or through a PBN. A backbone edge bridge (BEB) is an edge device in a PBBN. A BEB encapsulates frames from a customer network by using PBB.

  • Page 234

    Figure 65 PBB frame format Table 14 describes key fields in the frame. Table 14 PBB frame key fields Field Full name Description Destination B-MAC, outer destination MAC address in a PBB Backbone destination MAC frame. It is the MAC address of the BEB at the destination end B-DA address of the PBBN tunnel.

  • Page 235: Pbb Frame Forwarding

    PBB frame forwarding Figure 66 PBB frame forwarding As shown in Figure 66, a PBB frame is forwarded in the PBBN by using the following process: BEB 1 encapsulates a customer frame with the corresponding B-MAC, B-VLAN, and I-SID. Then it forwards the frame to the BCB through its uplink port.

  • Page 236: Enabling L2vpn

    Enabling L2VPN Step Command Remarks Enter system view. system-view Enable L2VPN. l2vpn enable By default, L2VPN is disabled. Creating a PBB VSI You must assign a unique I-SID to each PBB VSI for identification. The name of a PBB VSI can be different on different PBB nodes, but its I-SID must be the same across the PBBN.

  • Page 237: Configuring A B-vlan For A Pbb Vsi

    Configuring a B-VLAN for a PBB VSI Only PBB VSIs with the same I-SID and B-VLAN can communicate. To make a PBB VSI take effect, you must specify a B-VLAN for the PBB VSI. You can specify only one B-VLAN for a PBB VSI, and you can specify the same B-VLAN for different PBB VSIs.

  • Page 238: Configuring A Downlink Port

    Configuring a downlink port On the BEB, frames from the customer network are mapped to a PBB VSI based on match criteria configured on downlink ports. PBB frames from the PBBN are decapsulated in the corresponding PBB VSI. They are forwarded out of the corresponding downlink ports based on their customer MAC addresses. You can specify one or multiple downlink ports for a PBB VSI.

  • Page 239: Configuration Procedures

    BEB 1 connects to the core network through Ten-GigabitEthernet 1/1/5, and it connects to Device • A in customer network A through Ten-GigabitEthernet 1/1/6. BEB 2 connects to the core network through Ten-GigabitEthernet 1/1/5, and it connects to Device • B in customer network B through Ten-GigabitEthernet 1/1/6.

  • Page 240

    # Configure Ten-GigabitEthernet 1/1/6 as a trunk port, and assign it to all VLANs. [BEB1] interface ten-gigabitethernet 1/1/6 [BEB1-Ten-GigabitEthernet1/1/6] port link-type trunk [BEB1-Ten-GigabitEthernet1/1/6] port trunk permit vlan all # Create service instance 1 on Ten-GigabitEthernet 1/1/6. [BEB1-Ten-GigabitEthernet1/1/6] service-instance 1 # Configure the service instance to match all 802.1q tagged frames. Associate the service instance with the PBB VSI aaa, and set the access mode to Ethernet.

  • Page 241

    For more information about the display l2vpn vsi verbose command, see MPLS Command Reference. Use the display l2vpn vsi verbose command on all BEBs to determine whether they are consistently configured, especially the I-SID and B-VLAN. PBB configurations on the BEBs should be consistent. Use the display vlan all command on all BCBs to determine the following: Whether the B-VLAN on the BEBs is created on each BCB.

  • Page 242: Configuring Lldp

    Configuring LLDP You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see "Configuring Ethernet interfaces"). Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management.

  • Page 243

    Figure 68 LLDP neighbor relationships LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or SNAP frames. LLDP frame encapsulated in Ethernet II • Figure 69 Ethernet II-encapsulated LLDP frame Table 15 Fields in an Ethernet II-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised.

  • Page 244

    LLDP frame encapsulated in SNAP • Figure 70 SNAP-encapsulated LLDP frame Table 16 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as that Destination MAC address for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.

  • Page 245

    Organizationally specific TLVs and LLDP-MED TLVs are used for enhanced device management; they are defined by standardization or other organizations and are optional to LLDPDUs. Basic management TLVs • Table 17 lists the basic management TLV types. Some of them are mandatory to LLDPDUs. Table 17 Basic management TLVs Type Description...

  • Page 246

    ETS Recommendation ETS recommendation. Priority-based Flow Control. Application protocol. NOTE: HP devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs •...

  • Page 247: Working Mechanism

    Type Description Allows a network device or terminal device to advertise the VLAN Network Policy ID of the specific port, the VLAN type, and the Layer 2 and Layer 3 priorities for specific applications. Allows a network device or terminal device to advertise power Extended Power-via-MDI supply capability.

  • Page 248

    Transmitting LLDP frames An LLDP agent operating in TxRx mode or Tx mode sends LLDP frames to its directly connected devices both periodically and when the local configuration changes. To prevent LLDP frames from overwhelming the network during times of frequent changes to local device information, LLDP uses the token bucket mechanism to rate limit LLDP frames.

  • Page 249: Performing Basic Lldp Configuration

    To use LLDP together with OpenFlow, you must enable LLDP globally on OpenFlow switches. To prevent LLDP from affecting topology discovery of OpenFlow controllers, HP recommends that you disable LLDP on ports of OpenFlow instances. For more information about OpenFlow, see OpenFlow Configuration Guide.

  • Page 250: Configuring The Lldp Bridge Mode

    Configuring the LLDP bridge mode The following LLDP bridge modes are available: • Service bridge mode—In service bridge mode, LLDP supports nearest bridge agents and nearest non-TPMR bridge agents. LLDP processes the LLDP frames with destination MAC addresses for these agents and transparently transmits the LLDP frames with other destination MAC addresses in the VLAN.

  • Page 251: Setting The Lldp Re-initialization Delay

    Step Command Remarks By default: • The nearest bridge agent operates in txrx mode. • The nearest customer • In Layer 2, Layer 3, or management bridge agent and Ethernet interface view: nearest non-TPMR lldp [ agent { nearest-customer | bridge agent operate in nearest-nontpmr } ] admin-status disable mode.

  • Page 252: Configuring The Advertisable Tlvs

    Step Command Remarks Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface-number interface view, or Layer 2/Layer 3 aggregate interface view. • In Layer 2, Layer 3, or management Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] check-change-interval interval Enable LLDP polling and set...

  • Page 253

    Step Command Remarks • lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | By default: management-address-tlv [ ip-address ] } | dot1-tlv { all | port-vlan-id | • Nearest bridge agents link-aggregation | dcbx | can advertise all types protocol-vlan-id [ vlan-id ] | vlan-name of LLDP TLVs except the...

  • Page 254: Configuring The Management Address And Its Encoding Format

    Step Command Remarks By default: • Nearest non-TPMR • lldp agent nearest-nontpmr tlv-enable bridge agents can { basic-tlv { all | management-address-tlv advertise only EVB [ ip-address ] | port-description | TLVs. system-capability | system-description | • Nearest customer system-name } | dot1-tlv { all | evb | bridge agents can port-vlan-id } } advertise basic TLVs...

  • Page 255: Setting Other Lldp Parameters

    Step Command Remarks • In Layer 2, Layer 3, or management Ethernet interface view: By default: lldp [ agent { nearest-customer | nearest-nontpmr } ] • Nearest bridge agents and tlv-enable basic-tlv Allow LLDP to advertise the nearest customer bridge agents management-address-tlv management address in LLDP can advertise the management...

  • Page 256: Setting An Encapsulation Format For Lldp Frames

    Step Command Remarks Set the token bucket size for lldp max-credit credit-value The default setting is 5. sending LLDP frames. Set the LLDP frame lldp timer tx-delay delay The default setting is 2 seconds. transmission delay. Set the number of LLDP frames sent each time fast LLDP frame lldp fast-count count The default setting is 4.

  • Page 257

    Device ID. • • ID of the port connecting to the neighboring device. Port IP address. • PVID. • • TTL. The port IP address is the main IP address of the VLAN interface in up state. The interface's corresponding VLAN ID is the lowest among the VLANs permitted on the port. If none of the VLAN interfaces of the permitted VLANs is assigned an IP address or all VLAN interfaces are down, no port IP address will be advertised.

  • Page 258: Configuring Dcbx

    Detects configuration errors on peer devices. Remotely configures the peer device if the peer device accepts the configuration. • NOTE: HP devices support only the remote configuration function. Figure 72 DCBX application scenario DCBX enables lossless packet transmission on DCE networks. As shown in...

  • Page 259: Dcbx Configuration Task List

    ETS Recommendation. PFC. APP. HP devices can send these types of DCBX information to a server's or disk device's adapter supporting FCoE. However, HP devices cannot accept these types of DCBX information. DCBX configuration task list Tasks at a glance (Required.)

  • Page 260: Configuring App Parameters

    Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface-number interface view. By default, LLDP is enabled on Enable LLDP. lldp enable an interface. By default, DCBX TLV Enable the interface to lldp tlv-enable dot1-tlv dcbx advertising is disabled on an advertise DCBX TLVs.

  • Page 261

    Step Command Remarks An Ethernet frame header ACL number is in the range of 4000 to 4999. An IPv4 advanced ACL number is in the range of 3000 to Create an Ethernet frame 3999. acl number acl-number [ name header ACL or an IPv4 acl-name ] [ match-order { auto | DCBX Rev 1.00 supports only advanced ACL and enter ACL...

  • Page 262: Configuring Ets Parameters

    Step Command Remarks • (Method 1) To the outgoing traffic of all ports: qos apply policy policy-name global outbound • (Method 2) To the outgoing • Configurations made in system traffic of a Layer 2 Ethernet view take effect on all ports. interface: Apply the QoS policy.

  • Page 263: Configuring Pfc Parameters

    For more information about the qos map-table, qos map-table color, and import commands, see ACL and QoS Command Reference. Configuring group-based WRR queuing You can configure group-based WRR queuing to allocate bandwidth. To configure group-based WRR queuing: Step Command Remarks Enter system view.

  • Page 264: Configuring The Dcbx Version

    Step Command Remarks By default, PFC is disabled for all 802.1p priorities. HP recommends that you enable Enable PFC for specific 802.1p priority-flow-control no-drop PFC for the 802.1p priority of priorities. dot1p dot1p-list FCoE traffic. If you enable PFC for multiple 802.1p priorities, packet...

  • Page 265: Configuring Lldp Trapping And Lldp-med Trapping

    Step Command Remarks By default, the DCBX version is Configure the DCBX dcbx version { rev100 | rev101 | autonegotiated by two interfaces, with version. standard } the standard version as the initial version for negotiation at the local end. Configuring LLDP trapping and LLDP-MED trapping LLDP trapping or LLDP-MED trapping notifies the network management system of events such as newly detected neighboring devices and link malfunctions.

  • Page 266: Basic Lldp Configuration Example

    Task Command display lldp local-information [ global | interface interface-type Display local LLDP information. interface-number ] Display the information contained display lldp neighbor-information [ [ [ interface interface-type in the LLDP TLVs sent from interface-number ] [ agent { nearest-bridge | nearest-customer | neighboring devices.

  • Page 267

    [SwitchA-Ten-GigabitEthernet1/1/6] lldp admin-status rx [SwitchA-Ten-GigabitEthernet1/1/6] quit Configure Switch B: # Enable LLDP globally. <SwitchB> system-view [SwitchB] lldp global enable # Enable LLDP on Ten-GigabitEthernet 1/1/5. (You can skip this step because LLDP is enabled on ports by default.) Set the LLDP operating mode to Tx. [SwitchB] interface ten-gigabitethernet 1/1/5 [SwitchB-Ten-GigabitEthernet1/1/5] lldp enable [SwitchB-Ten-GigabitEthernet1/1/5] lldp admin-status tx...

  • Page 268

    Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 16 Number of received unknown TLV : 0 LLDP status information of port 2 [Ten-GigabitEthernet1/1/6]: LLDP agent nearest-bridge: Port status of LLDP...

  • Page 269

    [SwitchA] display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 1 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days, 0 hours, 5 minutes, 20 seconds Transmit interval : 30s Fast transmit interval : 1s Transmit credit max...

  • Page 270: Dcbx Configuration Example

    Number of sent optional TLV Number of received unknown TLV : 0 LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV...

  • Page 271

    Configuration procedure Enable LLDP and DCBX TLV advertising: # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp global enable # Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] lldp enable [SwitchA-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx [SwitchA-Ten-GigabitEthernet1/0/1] quit Configure APP parameters: # Create Ethernet frame header ACL 4000, and configure the ACL to permit FCoE frames (whose...

  • Page 272

    # Enable byte-count WRR queuing on interface Ten-GigabitEthernet 1/0/1, and configure queue 3 on the interface to use strict priority queuing. [SwitchA-Ten-GigabitEthernet1/0/1] qos wrr byte-count [SwitchA-Ten-GigabitEthernet1/0/1] qos wrr 3 group sp Enable interface Ten-GigabitEthernet 1/0/1 to automatically negotiate with its peer to decide whether to enable PFC, and enable PFC for 802.1 priority 3.

  • Page 273

    Priority Group 5 Percentage: 18 Priority Group 6 Percentage: 27 Priority Group 7 Percentage: 31 Number of Traffic Classes Supported: 8 DCBX Parameter Information Parameter Type: Remote Pad Byte Present: Yes DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 2 Priority Group ID of Priority 3: 15...

  • Page 274

    Priority Group ID of Priority 5: 0 Priority Group ID of Priority 4: 0 Priority Group ID of Priority 7: 0 Priority Group ID of Priority 6: 0 Priority Group 0 Percentage: 50 Priority Group 1 Percentage: 50 Priority Group 2 Percentage: 0 Priority Group 3 Percentage: 0 Priority Group 4 Percentage: 0 Priority Group 5 Percentage: 0...

  • Page 275

    PFC Enabled on Priority 1: No PFC Enabled on Priority 2: No PFC Enabled on Priority 3: Yes PFC Enabled on Priority 4: No PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No PFC Enabled on Priority 7: No Number of Traffic Classes Supported: 6 DCBX Parameter Information Parameter Type: Local...

  • Page 276: Configuring Service Loopback Groups

    Configuring service loopback groups A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: Tunnel—Supports unicast tunnel traffic.

  • Page 277: Displaying And Maintaining Service Loopback Groups

    Displaying and maintaining service loopback groups Execute display commands in any view. Task Command Display information about the service loopback group. display service-loopback group [ number ] Service loopback group configuration example Network requirements All Ethernet ports on Device A support the tunnel service. Assign Ten-GigabitEthernet 1/1/5 through Ten-GigabitEthernet 1/1/7 to a service loopback group to loop GRE packets sent out by the device back to the device.

  • Page 278: Configuring Cut-through Layer 2 Forwarding

    Configuring cut-through Layer 2 forwarding A cut-through forwarding-enabled device forwards a frame after it receives the first 64 bytes of the frame. This feature reduces the transmission time of a frame within the device, and enhances forwarding performance. To configure cut-through forwarding: Step Command Remarks...

  • Page 279: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 280: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 281

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 282: Index

    Index Numerics link. See Ethernet link aggregation aging 10-GE interface MAC address table timer, combine, spanning tree max age timer, 40-GE interface split, algorithm 802.x STP calculation, 802.1 LLDPDU TLV types, alternate port (MST), 802.1p-to-local priority mapping, APP parameter (LLDP), 802.3 LLDPDU TLV types, ARP detection LLDP PFC 802.1p priority,...

  • Page 283

    service instance identifier. See I-SID interface configuration, VLAN. See B-VLAN interface configuration display, backing up B-VLAN MST backup port, configuration, bandwidth Ethernet link aggregate interface (expected calculating bandwidth), MSTI calculation, LLDP ETS parameters, MSTP CIST calculation, basic management LLDPDU TLV types, spanning tree port path cost calculation standard, Ethernet link aggregation group BFD,...

  • Page 284

    Ethernet link aggregation group (dynamic), LLDP group-based WRR queuing, Ethernet link aggregation group (static), LLDP management address, Ethernet link aggregation group BFD, LLDP management address encoding format, Ethernet link aggregation group load sharing LLDP PFC parameter, mode, LLDP trapping, Ethernet link aggregation load sharing, LLDP-MED trapping, Ethernet subinterface basic settings, loop detection, 125, 127,...

  • Page 285

    secondary VLAN Layer 3 communication, VLAN mapping many-to-one network-side port (static IP address assignment), 21 1 service loopback group, 266, 266, configuring RSTP, spanning tree, 73, Converged Enhanced Ethernet. Use CEE spanning tree BPDU transmission rate, cost spanning tree device priority, spanning tree port path cost calculation spanning tree Digest Snooping, 107, standard,...

  • Page 286

    Ethernet interface configuration, null interface, LAN switching LLDP configuration, port isolation, LAN switching PBB configuration, private VLAN, Layer 2 cut-through forwarding QinQ, configuration, service loopback group, LLDP basic configuration, 239, spanning tree, 1 17 LLDP CDP compatibility, super VLAN, LLDP configuration, VLAN, LLDP DCBX configuration, 248, 260, VLAN mapping,...

  • Page 287

    MAC address moving notification, port-based VLAN access port assignment, MAC address synchronization, port-based VLAN access port assignment (in interface view), MAC Information, port-based VLAN access port assignment (in VLAN MVRP, view), MVRP GVRP compatibility, port-based VLAN hybrid port assignment, QinQ, port-based VLAN trunk port assignment, SNMP notification for MAC address table, private VLAN configuration, 156, 157,...

  • Page 288

    aggregate interface, reference port, aggregate interface (description), reference port choice, aggregate interface configuration, static mode, aggregate interface default settings, traffic redirection, aggregate interface shutdown, traffic redirection restrictions, aggregation group, Ethernet link aggregation group basic concepts, BFD configuration, configuration, 37, 44, Ethernet subinterface configuration types, basic settings configuration,...

  • Page 289

    MAC address table multiport unicast entry, ignored VLAN MAC Information configuration, 33, Layer 2 aggregate interface, port-based VLAN frame handling, implementing QinQ CVLAN Ethernet frame header tag, many-to-one VLAN mapping, 203, QinQ implementation, MSTP device implementation, QinQ SVLAN Ethernet frame header tag, one-to-one VLAN mapping, 203, VLAN frame encapsulation, one-to-two VLAN mapping, 203,...

  • Page 290

    private VLAN promiscuous port configuration, private VLAN trunk promiscuous and trunk L2VPN secondary port configuration, LAN switching PBB enable, private VLAN trunk promiscuous port LACP configuration, Ethernet link aggregation, QinQ basic configuration, secondary VLAN Layer 3 communication, private VLAN configuration, 156, 157, troubleshooting PBB, private VLAN configuration trunk promiscuous troubleshooting PBB customer frames cannot be...

  • Page 291

    port-based VLAN access port assignment, Ethernet link aggregation configuration, 37, 44, port-based VLAN access port assignment (in Ethernet link aggregation group (dynamic), 47, interface view), Ethernet link aggregation group (static), 46, port-based VLAN access port assignment (in Ethernet link aggregation group configuration, VLAN view), Ethernet link aggregation group load sharing port-based VLAN hybrid port assignment,...

  • Page 292

    aggregation. See Ethernet link aggregation protocols and standards, Ethernet interface link mode, re-initialization delay, Ethernet link aggregation group BFD, trapping configuration, link layer discovery protocol. Use LLDP LLDP frame MSTP configuration, 1 17 encapsulated in Ethernet II format, PVST configuration, encapsulated in SNAP format, spanning tree configuration, 73, encapsulation format,...

  • Page 293

    spanning tree configuration, 73, MAC address moving notification, spanning tree loop guard, 1 14 manual entries, loop detection multiport unicast entry, configuration, 125, 127, MAC address table learning limit on interface displaying, configuration, enable, MAC Information enable (global), change send interval, enable (port-specific), configuration, 33, interval,...

  • Page 294

    network-side port configuration (dynamic IP LLDP service bridge mode, address assignment), LLDP Tx, 237, network-side port configuration (static IP address LLDP TxRx, 237, assignment), 21 1 MAC Information syslog, mapping MAC Information trap, many-to-one VLAN mapping, MVRP registration fixed mode, MSTP VLAN-to-instance mapping table, MVRP registration forbidden mode, one-to-one VLAN mapping,...

  • Page 295

    port roles, Ethernet link aggregation configuration types, port states, Ethernet link aggregation dynamic mode, protocols and standards, Ethernet link aggregation edge aggregate interface, regional root, Ethernet link aggregation LACP, relationships, Ethernet link aggregation member port spanning tree max age timer, state, 40, spanning tree port mode configuration, Ethernet link aggregation modes,...

  • Page 296

    private VLAN configuration, STP root bridge, private VLAN promiscuous port STP root port, configuration, STP TC Snooping, 1 1 1 private VLAN trunk promiscuous and trunk super VLAN interface configuration, secondary port configuration, VLAN configuration, private VLAN trunk promiscuous port VLAN interface basic configuration, configuration, VLAN mapping many-to-one customer-side port...

  • Page 297

    MAC Information configuration, 33, implementation, 203, MSTP configuration, 1 17 one-to-two VLAN mapping MVRP, 173, 176, application scenario, null interface configuration, configuration, 212, PBB network model, implementation, 203, port isolation configuration, 70, operational key (Ethernet link aggregation), private VLAN configuration, 156, organization-specific LLDPDU TLV types, protocol-based VLAN outputting...

  • Page 298

    frame encapsulation type configuration, Ethernet link aggregation group (dynamic), frame format, Ethernet link aggregation group (static), frame forwarding, Ethernet link aggregation group configuration, L2VPN enable, Ethernet link aggregation LACP, maintaining, Ethernet link aggregation load sharing, network model, Ethernet link aggregation load sharing mode, protocols and standards, Ethernet link aggregation local-first load sharing,...

  • Page 299

    LLDP polling, STP designated port, LLDP re-initialization delay, STP root port, LLDP Rx operating mode, 237, VLAN mapping many-to-one customer-side port configuration (dynamic IP address LLDP Tx operating mode, 237, assignment), LLDP TxRx operating mode, 237, VLAN mapping many-to-one customer-side port loop detection configuration, 125, 127, configuration (static IP address assignment), 21 1...

  • Page 300

    adding MAC address table blackhole entry, configuring inloopback interface, adding MAC address table multiport unicast configuring IP subnet-based VLAN, 140, 141, entry, configuring LAN switching PBB, 225, assigning MAC address table learning priority configuring LAN switching PBB B-VLAN, to interface, configuring LAN switching PBB downlink port, assigning port to isolation group (multiple), configuring LAN switching PBB frame...

  • Page 301

    configuring LLDP management address, configuring PVST, 90, configuring LLDP management address configuring QinQ, 192, encoding format, configuring QinQ basics, configuring LLDP PFC parameters, configuring QinQ CVLAN tag TPID value, configuring LLDP trapping, configuring QinQ SVLAN tag TPID value, configuring LLDP-MED trapping, configuring QinQ transparent transmission for configuring loop detection, 127, VLAN,...

  • Page 302

    configuring VLAN, displaying private VLAN, configuring VLAN (port-based), 136, displaying QinQ, configuring VLAN basic settings, displaying service loopback group, configuring VLAN interface basic settings, displaying spanning tree, 1 17 configuring VLAN mapping, displaying super VLAN, configuring VLAN mapping displaying VLAN, (many-to-one), 208, displaying VLAN mapping, configuring VLAN mapping (many-to-one)

  • Page 303

    maintaining loopback interface, troubleshooting LAN switching PBB customer frames cannot be transmitted, maintaining MVRP, protecting maintaining null interface, spanning tree protection functions, 1 13 maintaining private VLAN, protocol-based VLAN maintaining spanning tree, 1 17 configuration, 142, 142, maintaining super VLAN, protocols and standards maintaining VLAN, Ethernet link aggregation protocol...

  • Page 304

    VLAN transparent transmission spanning tree TC-BPDU transmission restriction, 1 15 configuration, STP Digest Snooping configuration, STP edge port configuration, LLDP APP parameters, STP port link type configuration, LLDP group-based WRR queuing, STP TC Snooping configuration, 1 12 LLDP PFC parameters, STP timer configuration, QinQ SVLAN tag 802.1p priority, root...

  • Page 305

    Ethernet link aggregate group min/max number port link type configuration, Selected ports, port mode configuration, Ethernet link aggregate interface (expected port path cost calculation standard, bandwidth), port path cost configuration, 99, Ethernet link aggregation member port port priority configuration, state, 40, port role restriction, 1 15 Layer 3 aggregate interface (MTU),...

  • Page 306

    basic concepts, switching BPDU forwarding, Ethernet interface configuration, configuration, inloopback interface configuration, 15, designated bridge, loopback interface configuration, 15, designated port, MAC address table configuration, 19, 20, Digest Snooping configuration restrictions, MVRP configuration, 173, 176, edge port configuration restrictions, MVRP GVRP compatibility, feature enable, null interface configuration, 15, loop detection,...

  • Page 307

    VLAN mapping configuration (many-to-one) STP TCN BPDU protocol packets, (dynamic IP address assignment), traffic VLAN mapping configuration (many-to-one) Ethernet link aggregation traffic redirection, (static IP address assignment), transmitting VLAN mapping configuration LLDP frames, (one-to-one), 207, QinQ VLAN transparent transmission, 192, VLAN mapping configuration spanning tree TC-BPDU transmission restriction, 1 15...

  • Page 308

    loop detection configuration, 125, 127, many-to-one customer-side port configuration (dynamic IP address assignment), maintaining, many-to-one customer-side port configuration (static mapping. See VLAN mapping IP address assignment), 21 1 MSTP VLAN-to-instance mapping table, many-to-one implementation, 203, MVRP configuration, 173, 176, many-to-one network-side port configuration MVRP GVRP compatibility, (dynamic IP address assignment), port isolation configuration, 70,...

Comments to this Manuals

Symbols: 0
Latest comments: