Page 1: Configuration Guide
Configuration Guide Abstract This document describes the software features for the HP 5820X & 5800 Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...
Page 3: Table Of Contents
Contents Ethernet interface configuration ·································································································································· 1 Ethernet interface naming conventions ··················································································································1 Management Ethernet interface······························································································································1 Switchable operating mode of Ethernet interfaces ·······························································································1 General Ethernet interface configuration························································································································2 Configuring basic settings of an Ethernet interface ······························································································2 Configuring the operating mode of an Ethernet interface ···················································································3 Configuring flow control on an Ethernet interface································································································4 Configuring link change suppression on an Ethernet interface···········································································7 Configuring loopback testing on an Ethernet interface························································································8...
Page 4 Enabling MAC Information globally ··················································································································· 32 Enabling MAC Information on an interface ······································································································· 32 Configuring MAC Information mode ·················································································································· 33 Configuring the interval for sending Syslog or trap messages········································································· 33 Configuring the MAC Information queue length································································································ 33 MAC Information configuration example···················································································································· 33 Ethernet link aggregation configuration ···················································································································35 Basic concepts ·······················································································································································...
Page 5 Configuring the maximum port rate ···················································································································· 77 Configuring ports as edge ports·························································································································· 77 Configuring path costs of ports···························································································································· 78 Configuring port priority······································································································································· 80 Configuring the link type of ports ························································································································ 80 Configuring the mode a port uses to recognize/send MSTP packets ····························································· 81 Enabling the output of port state transition information ····················································································...
Page 6 Isolate-user-VLAN configuration example ··················································································································135 Voice VLAN configuration······································································································································ 138 OUI addresses ·····················································································································································138 Voice VLAN assignment modes·························································································································138 Security mode and normal mode of voice VLANs···························································································141 Configuring a voice VLAN··········································································································································142 Configuration prerequisites ································································································································142 Configuring QoS priority settings for voice traffic on an interface································································142 Configuring a port to operate in automatic voice VLAN assignment mode ·················································143 Configuring a port to operate in manual voice VLAN assignment mode ·····················································143 Displaying and maintaining voice VLAN ··················································································································144...
Page 7 States of service loopback ports ························································································································227 Configuring a service loopback group······················································································································228 Displaying and maintaining service loopback groups ····························································································229 Service loopback group configuration example·······································································································229 Support and other resources ·································································································································· 231 Contacting HP ······························································································································································231 Subscription service ············································································································································231 Related information······················································································································································231 Documents····························································································································································231 Websites ······························································································································································231...
Page 8: Ethernet Interface Configuration
Ethernet interface configuration Ethernet interface naming conventions The GE and 10-GE interfaces on the HP 5800 and HP 5820X switch series are named in the format of interface-type A/B/C, where the following definitions apply: A represents the ID of the switch in an IRF virtual device. If the switch is not assigned to any IRF •...
Page 9: General Ethernet Interface Configuration
operating in Layer 3 mode, the Ethernet interface acts as a Layer 3 interface. For more information, see “Configuring the operating mode of an Ethernet interface.” General Ethernet interface configuration This section describes the attributes and configurations common to Layer 2 and Layer 3 Ethernet interfaces. For specific attributes, see “Configuring a Layer 2 Ethernet interface”...
Page 10: Configuring The Operating Mode Of An Ethernet Interface
To avoid packet loss caused by congestion, you must perform the same PFC configuration on all ports • that the packets pass through. To configure DCBX on the port of an HP 5820X switch series, you must use the priority-flow-control • auto command to enable PFC. Otherwise, PFC data cannot be advertised. For more information about DCBX, see the chapter “LLDP configuration.”...
Page 11: Configuring Flow Control On An Ethernet Interface
The following flow control mechanisms are available: Generic flow control, which controls transmission on a link for all packets as a whole. Both the HP •...
Page 12 To do… Use the command… Remarks Enter system view system-view — interface interface-type interface- Enter Ethernet interface view — number Enable TxRx mode flow Required. flow-control control Use either command. By default, flow control is Enable Rx mode flow control flow-control receive enable disabled on an Ethernet interface.
Page 13 HP recommends that you enable PFC for only one 802.1p priority to ensure lossless transmission of traffic, for example, traffic of a FCoE-based data center. Packet loss might still occur if you enable PFC for multiple 802.1p priorities.
Page 14: Configuring Link Change Suppression On An Ethernet Interface
On an HP 5800 or HP 5820X switch, you can configure link down suppression or link up suppression, but not both.
Page 15: Configuring Loopback Testing On An Ethernet Interface
Configuring loopback testing on an Ethernet interface Perform loopback testing on an Ethernet interface to check whether the interface functions properly. The Ethernet interface cannot forward data packets during the testing. Loopback testing falls into the following categories: Internal loopback testing, which tests all on-chip functions related to Ethernet interfaces. As shown in •...
Page 16: Setting The Statistics Polling Interval On An Ethernet Interface
Setting the statistics polling interval on an Ethernet interface To set the statistics polling interval on an Ethernet interface: To do… Use the command… Remarks Enter system view system-view — interface interface-type interface- Enter Ethernet interface view — number Optional. Set the statistics polling interval on the Ethernet flow-interval interval...
Page 17: Configuring A Layer 2 Ethernet Interface
Disabled by default This feature is only available on the HP 5800AF-48G Switch (JG225A). When you configure the eee enable command on a link-up port, the port automatically goes down and Configuring a Layer 2 Ethernet interface...
Page 18: Enabling Link-Down Port Auto Power-Down
To do… Use the command… Remarks Create a port group and enter port-group manual port-group- Required. port group view name Assign Ethernet interfaces to group-member interface-list Required. the port group Optional. By default, all Ethernet interfaces in a port group are up. To bring Shut down all Ethernet shutdown up all Ethernet interfaces shut...
Page 19: Configuring Traffic Storm Protection
A traffic storm occurs when a large amount of broadcast, multicast, or unknown unicast packets congest a network. The HP 5800 and the HP 5820X switches provide the following storm protection approaches: Storm suppression, which enables you to limit the size of monitored traffic passing through an •...
Page 20 Configuring storm suppression on an Ethernet interface Use the following guidelines to set one suppression threshold for broadcast, multicast, and unknown unicast traffic separately on an Ethernet interface: Set the threshold as a percentage of the interface transmission capability. • Set the threshold in kbps, limiting the number of kilobits of monitored traffic passing through the •...
Page 21: Enabling Single-Port Loopback Detection On An Ethernet Interface
Shuts down automatically. The interface shuts down automatically, and stops forwarding any traffic. • To bring up the interface, perform the undo shutdown command or disable the storm constrain function. To configure the storm constrain function on an Ethernet interface: To do…...
Page 22 Table 3 Actions to take upon detection of a loop condition Actions Port type No protective action is configured A protective action is configured • Put the interface in controlled mode. The interface discards all incoming • Perform the configured protective packets, but still forwards outgoing action.
Page 23: Enabling Multi-Port Loopback Detection
To do… Use the command… Remarks Optional. By default, a looped interface discards all incoming packets but still forwards outgoing packets; the system generates traps and deletes all MAC address entries Set the protective action to loopback-detection action of the looped interface. take on the interface when a { shutdown | semi-block | no- With the shutdown keyword used,...
Page 24: Setting The Mdi Mode Of An Ethernet Interface
the loop condition. For more information, see “Enabling single-port loopback detection on an Ethernet interface.” Multi-port loopback detection is implemented on the basis of single-port loopback detection configurations on Ethernet interfaces. To implement multi-port loopback detection, you must enable single- port loopback detection on one or multiple Ethernet interfaces on the switch.
Page 25: Enabling Bridging On An Ethernet Interface
To do… Use the command… Remarks interface interface-type interface- Enter Ethernet interface view — number Optional. Set the MDI mode of the By default, a copper Ethernet mdi { across | auto | normal } Ethernet interface interface operates in auto mode to negotiate pin roles with its peer.
Page 26: Configuring The Connection Mode Of An Ethernet Interface
Configuring the connection mode of an Ethernet interface This feature is available only on the internal 10-GE interfaces of the HP 5800-48G-PoE+ Switch(JC101A), HP 5800-48G-PoE+ TAA Switch(JG242A), HP 5820X- 1 4XG-SFP+ Switch(JC106A), and HP 5820X- 1 4XG- SFP+ TAA Switch(JG259A).
Page 27: Pfc Configuration Example
To do… Use the command… Remarks Display the statistics on the rate of the packets passing through the display counters rate { inbound | outbound } interfaces that are of a specific interface [ interface-type ] [ | { begin | Available in any view type and are in the up state in the exclude | include } regular-expression ]...
Page 28 Configuration procedure Configure Switch A Configure DCBX to advertise the PFC data. • # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] lldp enable [SwitchA-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx # Enable PFC in auto mode on interface Ten-GigabitEthernet 1/0/1, and enable PFC for 802.1p priority value 3 on the interface.
Page 29: Loopback And Null Interface Configuration
Loopback and null interface configuration Loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits. The physical layer state and link layer protocols of a loopback interface are always up unless the • loopback interface is shut down manually. Assign a loopback interface an IP address with an all-F mask to save the IP address resources.
Page 30: Null Interface
To do… Use the command… Remarks Optional. Shut down the loopback shutdown By default, a loopback interface is interface up once created. Restore the default settings for default Optional. the interface Configure settings such as IP addresses and IP routes on Loopback interfaces. For more information, see the Layer 3—IP Services Configuration Guide and Layer 3—IP Routing Configuration Guide.
Page 31: Displaying And Maintaining Loopback And Null Interfaces
Displaying and maintaining loopback and null interfaces To do… Use the command… Remarks display interface loopback [ brief [ down ] ] [ | Display information { begin | exclude | include } regular-expression ] about loopback Available in any view display interface loopback interface-number [ brief ] interfaces [ | { begin | exclude | include } regular-expression ]...
Page 32: Mac Address Table Configuration
MAC address table configuration Every Ethernet switch maintains a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which port a MAC address (or host) can be reached. When forwarding a frame, the switch first looks up the MAC address of the frame in the MAC address table for a match.
Page 33: Mac Address Table-Based Frame Forwarding
to block all packets destined for a specific user for security concerns, you can configure the MAC address of this user as a blackhole MAC address entry. To adapt to network changes and prevent inactive entries from occupying table space, an aging mechanism is adopted for dynamic MAC address entries.
Page 34: Disabling Mac Address Learning On A Vlan
To do… Use the command… Remarks Enter system view system-view — interface interface-type interface- Enter interface view — number Required. Configure a MAC address mac-address { dynamic | static } Ensure that you have created the table entry mac-address vlan vlan-id VLAN and assign the interface to the VLAN When you configure a static MAC address entry on an interface that belongs to a specific isolate-user-...
Page 35: Configuring The Mac Learning Limit On Ports
To do… Use the command… Remarks Enter system view system-view — Optional Configure the aging timer for mac-address timer { aging dynamic MAC address entries seconds | no-aging } 300 seconds by default Reduce broadcasts on a stable network by disabling the aging timer to prevent dynamic entries from unnecessarily aging out.
Page 36 Figure 7 MAC address tables of devices when Client A associates with AP C If Client A roams to AP D, Device B learns the MAC address of Client A and advertises it to Device A to ensure service continuity for Client A, as shown in Figure Figure 8 MAC address tables of devices when Client A roams to AP D To enable MAC address roaming:...
Page 37: Displaying And Maintaining Mac Address Tables
Displaying and maintaining MAC address tables To do… Use the command… Remarks display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type Display MAC address table Available in any interface-number ] | blackhole ] [ vlan vlan-id ] information view [ count ] ] [ | { begin | exclude | include } regular-...
Page 38 # Display information about the blackhole MAC address table. [Sysname] display mac-address blackhole MAC ADDR VLAN ID STATE PORT INDEX AGING TIME 000f-e235-abcd Blackhole NOAGED 1 mac address(es) found # View the aging time of dynamic MAC address entries. [Sysname] display mac-address aging-time Mac address aging time: 500s...
Page 39: Mac Information Configuration
MAC Information configuration To monitor a network, you need to monitor users joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users joining and leaving a network by monitoring their MAC addresses. With the MAC Information function, Layer 2 Ethernet interfaces send Syslog or trap messages to the monitor end in the network when they learn or delete MAC addresses.
Page 40: Configuring Mac Information Mode
To do… Use the command… Remarks Required Enable MAC Information on mac-address information enable the interface { added | deleted } Disabled by default To enable MAC Information on an Ethernet interface, enable MAC Information globally first. Configuring MAC Information mode To configure MAC Information mode: To do…...
Page 41 Enable MAC Information on GigabitEthernet 1/0/1 on Device. Device sends MAC address changes • in Syslog messages to Host B through GigabitEthernet 1/0/3. Host B analyzes and displays the Syslog messages. Figure 9 Network diagram for MAC Information configuration Configuration procedure Configure Device to send Syslog messages to Host B.
Page 42: Ethernet Link Aggregation Configuration
Ethernet link aggregation configuration Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an aggregate link. Link aggregation delivers the following benefits: Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed •...
Page 43 Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of this operational key. In an aggregation group, all selected member ports are assigned the same operational key. Configuration classes Every configuration setting on a port may affect its aggregation state.
Page 44 (MAD) mechanism of the IRF feature is implemented. HP functions 5800 and HP 5820X switch series can participate in LACP MAD either as an IRF member device or an intermediate device. For more information about IRF, member devices, intermediate devices, and the LACP MAD mechanism, see IRF Configuration Guide.
Page 45: Aggregating Links In Static Mode
Table 7 A comparison between static and dynamic aggregation modes Aggregation LACP status on Pros Cons mode member ports The member ports do not adjust Aggregation is stable. The the aggregation state aggregation state of the member according to that of the peer Static Disabled ports are not affected by the peer...
Page 46: Aggregating Links In Dynamic Mode
Figure 11 Set the aggregation state of a member port in a static aggregation group To ensure stable aggregation state and service continuity, do not change port attributes or class-two configurations on any member port. If a static aggregation group has reached the limit on selected ports, any port joins the group is placed in the unselected state to avoid traffic interruption on the current selected ports.
Page 47 Compare the system ID (comprising the system LACP priority and the system MAC address). The system with the lower LACP priority value wins out. If they are the same, compare the system MAC addresses. The system with the lower MAC address wins. The system with the smaller system ID selects the port with the smallest port ID as the reference port.
Page 48: Load Sharing Criteria For Link Aggregation Groups
Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the remote system, sets the aggregation state of local member ports the same as their peer ports. To ensure stable aggregation state and service continuity, do not change port attributes or class-two configurations on any member port.
Page 49: Configuring A Static Aggregation Group
You cannot assign a port to a Layer 2 aggregation group if any of the features listed in Table 8 configured on the port. Table 8 Features incompatible with Layer 2 aggregation groups Feature Reference RRPP RRPP configuration in the High Availability Configuration Guide MAC authentication MAC authentication configuration in the Security Configuration Guide Port security...
Page 50: Configuring An Aggregate Interface
To do... Use the command... Remarks Enter system view system-view — Optional. By default, the system LACP priority is 32,768. Set the system LACP priority lacp system-priority system-priority Changing the system LACP priority may affect the aggregation state of the ports in a dynamic aggregation group.
Page 51: Enabling Link State Traps For An Aggregate Interface
To do... Use the command... Remarks Enter system view system-view — Enter Layer 2 aggregate interface bridge-aggregation — interface view interface-number Optional. Configure the description By default, the description of an description text of the aggregate interface interface is interface-name Interface, such as Bridge-Aggregation1 Interface.
Page 52: Shutting Down An Aggregate Interface
When the minimum threshold is reached, the eligible member ports change to the selected state, • and the link of the aggregate interface goes up. To set the minimum number of selected ports for an aggregation group: To do... Use the command... Remarks Enter system view system-view...
Page 53 CAUTION: By default, an aggregation group uses the global link-aggregation load sharing criterion or criteria. Configure the group-specific link-aggregation load sharing criteria to overwrite the global ones, except those specified with the destination-port, source-port, or ingress-port keywords. Determine how traffic is load-shared across a link aggregation group by configuring load sharing criteria. The criteria can be service port numbers, IP addresses, MAC addresses, receiving ports, or any combination.
Page 54: Enabling Local-First Load Sharing For Link Aggregation
To do… Use the command… Remarks Required. Configure the load link-aggregation load-sharing mode By default, an aggregation group sharing criteria for the { destination-ip | destination-mac | uses the global link-aggregation load aggregation group source-ip | source-mac } * sharing criteria. Set the following group-specific load sharing criteria: Source IP address •...
Page 55: Enabling Link-Aggregation Traffic Redirection
To do... Use the command... Remarks Enter system view system-view — Optional Enable local-first load-sharing link-aggregation load-sharing for link aggregation mode local-first Enabled by default Enabling link-aggregation traffic redirection CAUTION: Link-aggregation traffic redirection applies only to dynamic link aggregation groups. •...
Page 56: Ethernet Link Aggregation Configuration Examples
To do... Use the command... Remarks display link-aggregation load-sharing mode Display the global or group- [ interface [ bridge-aggregation interface- Available in any specific link-aggregation load number ] ] [ | { begin | exclude | include } view sharing criteria regular-expression ] Display detailed link aggregation display link-aggregation member-port...
Page 57 Figure 14 Network diagram for Layer 2 static aggregation Configuration procedure Configure Device A # Create VLAN 10, and assign port GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign port GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit...
Page 58: Layer 2 Dynamic Aggregation Configuration Example
Configuring GigabitEthernet1/0/1... Done. Configuring GigabitEthernet1/0/2... Done. Configuring GigabitEthernet1/0/3... Done. [DeviceA-Bridge-Aggregation1] quit # Configure the device to use the source and destination MAC addresses of packets as the global link- aggregation load sharing criteria. [DeviceA] link-aggregation load-sharing mode source-mac destination-mac Configure Device B Configure Device B as you configure Device A.
Page 59 Figure 15 Network diagram for Layer 2 dynamic aggregation Configuration procedure Configure Device A # Create VLAN 10, and assign port GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign port GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit...
Page 60 [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 Please wait... Done. Configuring GigabitEthernet1/0/1... Done. Configuring GigabitEthernet1/0/2... Done. Configuring GigabitEthernet1/0/3... Done. [DeviceA-Bridge-Aggregation1] quit # Configure the device to use the source and destination MAC addresses of packets as the global link- aggregation load sharing criteria. [DeviceA] link-aggregation load-sharing mode source-mac destination-mac Configure Device B Configure Device B as you configure Device A.
Page 61: Port Isolation Configuration
VLAN. The HP 5800 and the HP 5820X switch series support only one isolation group called isolation group 1. This isolation group is created automatically and cannot be deleted. There is no limit on the number of member ports.
Page 62: Displaying And Maintaining Isolation Groups
Displaying and maintaining isolation groups To do… Use the command… Remarks display port-isolate group [ | Display information about the isolation group { begin | exclude | include } Available in any view regular-expression ] Port isolation configuration example Network requirements As shown in Figure Hosts A, B, and C are connected to port GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and...
Page 63 [Device-GigabitEthernet1/0/3] port-isolate enable # Display information about the isolation group. <Device> display port-isolate group Port-isolate group information: Uplink port support: NO Group ID: 1 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3...
Page 64: Mstp Configuration
MSTP configuration As a Layer 2 management protocol, the STP eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the mean time, allows for link redundancy. Like many other protocols, STP evolves as the network grows. The later versions of STP are the RSTP and the MSTP.
Page 65: Basic Concepts In Stp
Basic concepts in STP Root bridge A tree network must have a root bridge. There is only one root bridge in the entire network. The root bridge is not fixed, but can change along with changes of the network topology. Upon initialization of a network, each device generates and sends out configuration BPDUs periodically with itself as the root bridge.
Page 66: How Stp Works
Path cost Path cost is a reference value used for link selection in STP. By calculating path costs, STP selects relatively robust links and blocks redundant links, and finally prunes the network into a loop-free tree. How STP works STP has the following workflow: Initial state Upon initialization of a device, each port generates a BPDU with itself as the root bridge, in which the root path cost is 0, designated bridge ID is the device ID, and the designated port is the port itself.
Page 67 Table 11 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device performs the following: • If the received configuration BPDU has a lower priority than that of the configuration BPDU generated by the port, the device discards the received configuration BPDU and does not process the configuration BPDU of this port.
Page 68 Initial state of each device Table 12 Initial state of each device Device Port name Configuration BPDU on the port Port A1 {0, 0, 0, Port A1} Device A Port A2 {0, 0, 0, Port A2} Port B1 {1, 0, 1, Port B1} Device B Port B2 {1, 0, 1, Port B2}...
Page 69 Configuration BPDU on Device Comparison process ports after comparison • Port B1 receives the configuration BPDU of Port A1 {0, 0, 0, Port A1}, finds that the received configuration BPDU is superior to its existing configuration BPDU {1, 0, 1, Port •...
Page 70 Configuration BPDU on Device Comparison process ports after comparison • Device C finds that the root path cost of Port C1 (10) (root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10)) is larger than that of Port C2 (9) (root path cost of the received configuration BPDU (5) plus path cost of Port C2 (4)), decides that the configuration BPDU of Port C2 is the optimum, and...
Page 71: Introduction To Rstp
If a path becomes faulty, the root port on this path no longer receives new configuration BPDUs and • the old configuration BPDUs will be discarded because of timeout. The device generates a configuration BPDU with itself as the root and sends out the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.
Page 72: Basic Concepts In Mstp
Although RSTP supports rapid network convergence, it has the same drawback as STP—All bridges within a LAN share the same spanning tree, so redundant links cannot be blocked based on VLAN, and the packets of all VLANs are forwarded along the same spanning tree. Features of MSTP Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP and RSTP.
Page 73 Figure 21 Network diagram and topology of MST region 3 As shown in Figure 20, a switched network comprises four MST regions, and each MST region comprises four devices running MSTP. Figure 21 shows the networking topology of MST region 3. This section describes some basic concepts of MSTP.
Page 74 The CST is a single spanning tree that connects all MST regions in a switched network. If you regard each MST region as a device, the CST is a spanning tree calculated by these devices through STP or RSTP. For example, the blue lines in Figure 20 represent the CST.
Page 75 Figure 22 Port roles MSTP calculation involves these port roles: Root port: Forwards data for a non-root bridge to the root bridge. The root bridge does not have • any root port. Designated port: Forwards data to the downstream network segment or device. •...
Page 76: How Mstp Works
A port state is not exclusively associated with a port role. Table 14 lists the port states supported by each port role (“√” indicates that the port supports this state, and “—” indicates that the port does not support this state). Table 14 Port states supported by different port roles Port role (right) Root port/master...
Page 77: Protocols And Standards
Loop guard • TC-BPDU guard • BPDU drop • Protocols and standards MSTP is documented in: IEEE 802.1d: Media Access Control (MAC) Bridges • IEEE 802.1w: Part 3: Media Access Control (MAC) Bridges—Amendment 2: Rapid Reconfiguration • IEEE 802.1s: Virtual Bridged Local Area Networks—Amendment 3: Multiple Spanning Trees •...
Page 78: Configuring Mstp
Task Remarks Configuring an MST region Required Configuring the work mode of an MSTP device Optional Configuring the timeout factor Optional Configuring the maximum port rate Optional Configuring ports as edge ports Optional Configuring the leaf Configuring path costs of ports Optional nodes Configuring port priority...
Page 79: Configuring The Root Bridge Or A Secondary Root Bridge
To configure an MST region: To do... Use the command... Remarks Enter system view system-view — Enter MST region view stp region-configuration — Optional. Configure the MST region region-name name The MST region name is the MAC name address by default. Optional.
Page 80: Configuring The Work Mode Of An Mstp Device
There is only one root bridge in effect in a spanning tree instance. If two or more devices have been • designated to be root bridges of the same spanning tree instance, MSTP selects the device with the lowest MAC address as the root bridge. When the root bridge of an instance fails or is shut down, the secondary root bridge (if you have •...
Page 81: Configuring The Priority Of A Device
To configure the MSTP work mode: To do... Use the command... Remarks Enter system view system-view — Required Configure the work mode of stp mode { stp | rstp | mstp } MSTP MSTP mode by default Configuring the priority of a device CAUTION: After configuring a device as the root bridge or a secondary root bridge, you cannot change the •...
Page 82: Configuring The Network Diameter Of A Switched Network
Max age ƒ 2 × (hello time + 1 second) • HP does not recommend that you set the timers manually. Instead, you can use the stp bridge-diameter command to set the network diameter, and let the network automatically adjust the three timers according to the network size.
Page 83: Configuring The Timeout Factor
If the max age is too long, the network may fail to timely detect link failures and fail to timely launch spanning tree calculations, reducing the auto-sensing capability of the network. HP recommends that you use the default setting. Configuring the timeout factor The timeout factor is a parameter used to decide the timeout time in the following formula: Timeout time = timeout factor ×...
Page 84: Configuring The Maximum Port Rate
By setting an appropriate maximum port rate, you can limit the rate at which the port sends BPDUs and prevent MSTP from using excessive network resources when the network becomes instable. HP recommends that you use the default setting. Configuring ports as edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.
Page 85: Configuring Path Costs Of Ports
the port can be blocked and changes to the forwarding state after a period twice the forward delay. In the waiting period, service traffic is interrupted. Among loop guard, root guard and edge port settings, only one function (whichever is configured the earliest) can take effect on a port at the same time.
Page 86 Path cost Link speed Port type IEEE 802.1d-1998 IEEE 802.1t Private standard Aggregate interface 500,000 1400 containing 4 selected ports Single Port 200,000 Aggregate interface 100,000 containing 2 selected ports 100 Mbps Aggregate interface 66,666 containing 3 selected ports Aggregate interface 50,000 containing 4 selected ports Single Port...
Page 87: Configuring Port Priority
Configuration example # Specify that the device use IEEE 802.1d- 1 998 to calculate the default path costs of its ports. <Sysname> system-view [Sysname] stp pathcost-standard dot1d-1998 # Set the path cost of GigabitEthernet 1/0/3 on MSTI 2 to 200. <Sysname>...
Page 88: Configuring The Mode A Port Uses To Recognize/Send Mstp Packets
If the current port is a Layer 2 aggregate interface or if it works in full duplex mode, you can configure the link to which the current port connects as a point-to-point link. HP recommends that you use the default setting, and let MSTP detect the link status automatically.
Page 89: Enabling The Output Of Port State Transition Information
To do... Use the command... Remarks Required. Configure the mode the port uses to stp compliance { auto | dot1s recognize/send MSTP packets | legacy } auto by default. MSTP provides the MSTP packet format incompatibility guard function. In MSTP mode, if a port is configured to recognize/send MSTP packets in a mode other than auto, and receives a packet in a format different from the specified type, the port will become a designated port and remain in the discarding state to prevent the occurrence of a loop.
Page 90: Performing Mcheck
To do... Use the command... Remarks Optional. Enable the MSTP feature for the By default, MSTP is enabled for stp enable ports all ports after it is enabled for the device globally. In system view, you can use the stp enable or undo stp enable command to enable or disable STP globally.
Page 91 You must enable digest snooping both globally and on associated ports to make it take effect. HP recommends that you enable digest snooping on all associated ports first and then globally, making the configuration take effect on all configured ports and reducing impact on the network.
Page 92: Configuring No Agreement Check
As shown in Figure Device A and Device B connect to Device C, which is a third-party device. All these devices are in • the same region. Enable digest snooping on Device A’s and Device B’s ports that connect Device C, so that the three •...
Page 93 For MSTP, the downstream device’s root port sends an agreement packet only after it receives an • agreement packet from the upstream device. For RSTP, the downstream device sends an agreement packet regardless of whether an agreement • packet from the upstream device is received. Figure 24 shows the rapid state transition mechanism on MSTP designated ports.
Page 94: Configuring Tc Snooping
Configure the same region name, revision level and VLAN-to-instance mappings on the two devices, • assigning them to the same region. Configuring the no agreement check function To make the no agreement check feature take effect, enable it on the root port. To configure no agreement check: To do...
Page 95 high availability. The IRF virtual device transparently transmits STP BPDUs from Customer 1 at Layer 2. Other customer networks (such as Customer 2) act the same as Customer 1. Figure 27 TC snooping application scenario In the network, the IRF virtual device transparently transmits the received STP BPDUs and does not participate in STP calculations.
Page 96: Configuring Protection Functions
Configuring protection functions An MSTP-enabled device supports the following protection functions: BPDU guard • Root guard • Loop guard • TC-BPDU guard • BPDU drop • Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers.
Page 97 the link connected to this port in the MSTI). If the port receives no BPDUs with a higher priority within twice the forwarding delay, it will revert to its original state. Make this configuration on a designated port. To enable root guard: To do...
Page 98 6 by default period after it receives the first TC-BPDU NOTE: HP does not recommend you to disable this feature. Enabling BPDU drop In an STP-enabled network, after receiving BPDUs, a device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious attackers to forge BPDUs to attack the network: By continuously sending forged BPDUs, they can make all devices in the network perform STP calculations all the time.
Page 99: Displaying And Maintaining Mstp
Displaying and maintaining MSTP To do... Use the command... Remarks Display information about abnormally display stp abnormal-port [ | { begin | Available in any view blocked ports exclude | include } regular-expression ] display stp bpdu-statistics [ interface interface-type interface-number Display BPDU statistics on ports Available in any view [ instance instance-id ] ] [ | { begin |...
Page 100 Figure 28 Network diagram for MSTP configuration Configuration procedure VLAN and VLAN member port configuration Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B, respectively, create VLAN 10, VLAN 20, and VLAN 40 on Device C, and create VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.
Page 101 <DeviceB> system-view [DeviceB] stp region-configuration [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable MSTP globally.
Page 102 [DeviceD-mst-region] quit # Enable MSTP globally. [DeviceD] stp enable Verifying the configurations Use the display stp brief command to display brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A. [DeviceA] display stp brief MSTID Port...
Page 103 Figure 29 MSTIs mapped to different VLANs MSTI mapped VLAN 10 MSTI mapped to VLAN 20 MSTI mapped to VLAN 30 MSTI mapped to VLAN 40 Root device Normal link Blocked link...
Page 104: Bpdu Tunneling Configuration
PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to User A network 2. Depending on the device models, HP devices support BPDU tunneling for the following protocols: • DLDP •...
Page 105: Bpdu Tunneling Implementation
PAGP • PVST • • UDLD • • BPDU tunneling implementation The BPDU tunneling implementations for different protocols are all similar. This section describes how BPDU tunneling is implemented by taking the STP as an example. The term STP in this document includes STP, RSTP, and MSTP. STP calculates the topology of a network by transmitting BPDUs among devices in the network.
Page 106: Configuring Bpdu Tunneling
in the service provider network, ensuring consistent spanning tree calculation throughout User A network, without affecting the spanning tree calculation of the service provider network. Assume a BPDU is sent from User A network 1 to User A network 2. The BPDU is sent using the following workflow: At the ingress of the service provider network, PE 1 changes the destination MAC address of the BPDU from 0x0180-C200-0000 to a special multicast MAC address, 0x010F-E200-0003 (the...
Page 107: Configuring Destination Multicast Mac Address For Bpdus
Enabling BPDU tunneling for a protocol in Ethernet interface view or port group view To enable BPDU tunneling for a protocol in Ethernet interface view or port group view: To do... Use the command... Remarks Enter system view system-view — Enter Enter Ethernet interface interface-type interface-...
Page 108: Bpdu Tunneling Configuration Examples
BPDU tunneling configuration examples BPDU tunneling for STP configuration example Network requirements As shown in Figure CE 1 and CE 2 are edges devices on the geographically dispersed network of User A; PE 1 and PE • 2 are edge devices on the service provider network. All ports that connect service provider devices and customer devices are access ports and belong to •...
Page 109: Bpdu Tunneling For Pvst Configuration Example
[PE2] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Create VLAN 2 and assign GigabitEthernet 1/0/2 to VLAN 2. [PE2] vlan 2 [PE2-vlan2] quit [PE2] interface gigabitethernet 1/0/2 [PE2-GigabitEthernet1/0/2] port access vlan 2 # Disable STP on GigabitEthernet 1/0/2, and then enable BPDU tunneling for STP on it. [PE2-GigabitEthernet1/0/2] undo stp enable [PE2-GigabitEthernet1/0/2] bpdu-tunnel dot1q stp BPDU tunneling for PVST configuration example...
Page 110 [PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q stp [PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q pvst Configuration on PE 2 # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE2> system-view [PE2] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure GigabitEthernet 1/0/2 as a trunk port and assign it to all VLANs. [PE2] interface gigabitethernet 1/0/2 [PE2-GigabitEthernet1/0/2] port link-type trunk [PE2-GigabitEthernet1/0/2] port trunk permit vlan all...
Page 111: Vlan Configuration
VLAN configuration Ethernet is a network technology based on the CSMA/CD mechanism. As the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, VLAN was introduced to break a LAN down into separate VLANs. VLANs are isolated from each other at Layer 2. A VLAN is a bridging domain, and all broadcast traffic is contained within it, as shown in Figure Figure 34 A VLAN diagram...
Page 112: Types Of Vlan
IEEE 802.1Q inserts a four-byte VLAN tag after the DA&SA field, as shown in Figure Figure 36 The position and format of VLAN tag A VLAN tag comprises the following fields: TPID, priority, CFI, and VLAN ID. The 16-bit TPID field with a value of 0x8100 indicates that the frame is VLAN-tagged. •...
Page 113: Configuring Basic Vlan Settings
Configuring basic VLAN settings To configure basic VLAN settings: To do… Use the command… Remarks Enter system view system-view — Optional. vlan { vlan-id1 [ to vlan-id2 ] | Create VLANs Use this command to create VLANs in all } bulk.
Page 114: Port-Based Vlan Configuration
To do… Use the command… Remarks Optional. Assign an IP address to the ip address ip-address { mask | No IP address is assigned to any VLAN VLAN interface mask-length } [ sub ] interface by default. Optional. Configure the description of VLAN interface name is used by description text the VLAN interface...
Page 115: Assigning An Access Port To A Vlan
VLAN, see the chapter “Voice VLAN configuration.” HP recommends that you set the same default VLAN ID for the local and remote ports. Make sure that a port is assigned to its default VLAN. Otherwise, when the port receives frames tagged with the default VLAN ID or untagged frames (including protocol packets such as MSTP BPDUs), the port filters out these frames.
Page 116: Assigning A Trunk Port To A Vlan
To do… Use the command… Remarks Required. Enter VLAN view vlan vlan-id If the specified VLAN does not exist, this command creates the VLAN first. Assign one or a group of Required. access ports to the current port interface-list By default, all ports belong to VLAN 1. VLAN To assign an access port (in interface view) or multiple access ports (in port group view) to a VLAN: To do…...
Page 117: Assigning A Hybrid Port To A Vlan
To do… Use the command… Remarks Enter system view system-view — Required. Enter Enter Ethernet interface interface-type interface- Use either command. interface interface view number view • In Ethernet interface view, the (including subsequent configurations apply Ethernet to the current port. Enter Layer 2 interface •...
Page 118: Port-Based Vlan Configuration Example
To do… Use the command… Remarks Required. Enter Enter Ethernet interface interface-type interface- Use either command. interface interface view number view • In Ethernet interface view, the (including subsequent configurations apply Ethernet to the current port. Enter Layer 2 interface interface bridge-aggregation •...
Page 119 To ensure communication security and avoid broadcast storms, VLANs are configured in the • enterprise network to isolate Layer 2 traffic of different departments. VLAN 100 is assigned to Department A, and VLAN 200 is assigned to Department B. Ensure that hosts within the same VLAN can communicate with each other. Host A can communicate •...
Page 120: Mac-Based Vlan Configuration
Route Interface: not configured Description: protocol VLAN for IPv4 Name: VLAN 0100 Tagged Ports: GigabitEthernet1/0/3 Untagged Ports: GigabitEthernet1/0/1 [DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not configured Description: protocol VLAN for IPv6 Name: VLAN 0200 Tagged Ports: GigabitEthernet1/0/3...
Page 121 multiple MAC address-to-VLAN entries, enable the MAC-based VLAN feature and dynamic MAC-based VLAN assignment on the port. When the port receives a frame that matches a MAC address-to-VLAN entry configured on the port, the port dynamically joins the corresponding MAC-based VLAN. Dynamic MAC-based VLAN assignment uses the following workflows.
Page 122: Configuring Mac-Based Vlan
If you configure both static and dynamic MAC-based VLAN assignment on the same port, dynamic MAC- based VLAN assignment applies, and the port drops the frames that do not exactly match any MAC address-to-VLAN entry. Approach 3: Dynamic MAC-based VLAN Use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication based on MAC addresses) to implement secure, flexible terminal access.
Page 123 Configuring dynamic MAC-based VLAN assignment With dynamic MAC-based VLAN assignment enabled, packets are delivered to the CPU for processing. The packet processing mode has the highest priority and overrides the configuration of MAC learning limit and disabling of MAC address learning. When dynamic MAC-based VLAN assignment is enabled, do not configure the MAC learning limit or disable MAC address learning.
Page 124: Mac-Based Vlan Configuration Example
When you use the mac-vlan trigger enable command to enable dynamic MAC-based VLAN assignment, HP recommends that you configure the vlan precedence mac-vlan command, so that VLANs are assigned based on single MAC addresses preferentially. When dynamic MAC-based VLAN assignment is enabled, HP does not recommend configuring the vlan precedence ip-subnet-vlan command, which will make the system assign VLANs based on IP subnets, because the configuration does not take effect.
Page 125 Laptop 1 and Laptop 2 are owned by different departments. The two departments use VLAN 100 • and VLAN 200, respectively. Each laptop can access only its own department server no matter which meeting room it is used in. The MAC address of Laptop 1 is 000d-88f8-4e71, and that of Laptop 2 is 0014-222c-aa69. •...
Page 126 # Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 1/0/1 Configure GigabitEthernet 1/0/1 as a hybrid port that sends packets of VLANs 100 and 200 untagged, and enable MAC-based VLAN on it. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type hybrid [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait...
Page 127: Protocol-Based Vlan Configuration
-------------------------------------------------------- 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN address count:2 Configuration guidelines MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is typically configured on the downlink ports of access layer devices, and cannot be configured together with the link aggregation function. Protocol-based VLAN configuration Introduction to protocol-based VLAN Protocol-based VLAN configuration applies to hybrid ports only.
Page 128 CAUTION: dsap-id ssap-id Do not configure both the arguments in the protocol-vlan command as 0xe0 or • 0xff when configuring the user-defined template for llc encapsulation. Otherwise, the encapsulation format of the matching packets will be the same as that of the ipx llc or ipx raw packets, respectively. etype-id When you use the mode keyword to configure a user-defined protocol template, do not set •...
Page 129: Protocol-Based Vlan Configuration Example
To do… Use the command… Remarks Required. Configure current hybrid ports to permit the packets of the port hybrid vlan vlan-id-list By default, all hybrid ports specified protocol-based VLANs { tagged | untagged } permit packets of VLAN 1 to to pass through pass through only.
Page 130 [Device-vlan100] quit # Create VLAN 200, and assign port GigabitEthernet 1/0/12 to VLAN 200. [Device] vlan 200 [Device-vlan200] description protocol VLAN for IPv6 [Device-vlan200] port gigabitethernet 1/0/12 # Create an IPv6 protocol template in the view of VLAN 200, and an IPv4 protocol template in the view of VLAN 100.
Page 131: Ip Subnet-Based Vlan Configuration
Protocol Index Protocol Type ====================================================== ipv4 VLAN ID:200 Protocol Index Protocol Type ====================================================== ipv6 # Display protocol-based VLAN information on the ports of Device. [Device-GigabitEthernet1/0/2] display protocol-vlan interface all Interface: GigabitEthernet 1/0/1 VLAN ID Protocol Index Protocol Type ====================================================== ipv4 ipv6 Interface: GigabitEthernet 1/0/2 VLAN ID...
Page 132: Displaying And Maintaining Vlan
To do… Use the command… Remarks Required. Use either command. Enter Ethernet interface interface-type interface view interface-number • In Ethernet interface view, the subsequent configurations apply to the current port. Enter Layer 2 Enter interface bridge-aggregation • In port group view, the aggregate interface interface-number...
Page 133 To do... Use the command… Remarks Display protocol information and display protocol-vlan vlan { vlan-id [ to vlan- protocol indexes of the specified id ] | all } [ | { begin | exclude | include } Available in any view VLANs regular-expression ] display protocol-vlan interface { interface-...
Page 134: Super Vlan Configuration
Super VLAN configuration Super VLAN, also called “VLAN aggregation,” was introduced to save the IP address space. A super VLAN is associated with multiple sub-VLANs. Create a VLAN interface for a super VLAN and assign an IP address for the VLAN interface. However, you cannot create a VLAN interface for a sub- VLAN.
Page 135: Displaying And Maintaining Super Vlan
Configure DHCP, DHCPv6, Layer 3 multicast, and dynamic routing for the VLAN interface of a super VLAN. However, only DHCP and DHCPv6 take effect. Configuring VRRP for the VLAN interface of a super VLAN affects network performance. HP does not recommend you to configure this function Displaying and maintaining super VLAN To do…...
Page 136: Super Vlan Configuration Example
Super VLAN configuration example Network requirements As shown in Figure Create super VLAN 10, and configure the IPv4 address and IPv6 address of its VLAN interface as • 10.0.0.1/24 and 2001::1/64. Create the sub-VLANs VLAN 2, VLAN 3, and VLAN 5. •...
Page 137 # Create VLAN 3, and assign GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to it. [Sysname] vlan 3 [Sysname-vlan3] port gigabitethernet 1/0/3 gigabitethernet 1/0/4 [Sysname-vlan3] quit # Create VLAN 5, and assign GigabitEthernet 1/0/5 and GigabitEthernet 1/0/6 to it. [Sysname] vlan 5 [Sysname-vlan5] port gigabitethernet 1/0/5 gigabitethernet 1/0/6 [Sysname-vlan5] quit # Configure VLAN 10 as the super VLAN, and configure VLAN 2, VLAN 3, and VLAN 5 as its sub-...
Page 138 It is a Sub VLAN. Route Interface: configured Ip Address: 10.0.0.1 Subnet Mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: GigabitEthernet1/0/3 GigabitEthernet1/0/4 VLAN ID: 5 VLAN Type: static It is a Sub VLAN. Route Interface: configured Ip Address: 10.0.0.1 Subnet Mask: 255.255.255.0 Description: VLAN 0005...
Page 139: Isolate-User-Vlan Configuration
Isolate-user-VLAN configuration An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, both an isolate-user-VLAN and secondary VLANs are configured on the same device. The isolate-user-VLAN implementation delivers the following benefits: Isolate-user-VLANs are mainly used for upstream data exchange. An isolate-user-VLAN can be •...
Page 140: Configuration Restrictions And Guidelines
For more information about the promiscuous and host mode commands, see Layer 2—LAN Switching Command Reference. Configuration restrictions and guidelines To enable users in the isolate-user-VLAN to communicate with other networks at Layer 3, Configure • VLAN interfaces for the isolate-user-VLAN and the secondary VLANs, and configure the gateway IP address for the isolate-user-VLAN interface (you do not need to configure IP addresses for the secondary VLAN interfaces).
Page 141: Displaying And Maintaining Isolate-User-Vlan
Step Command Remarks Enter Layer 2 Ethernet or aggregate interface view: interface interface-type interface- number By default, a port does not interface bridge-aggregation Configure the uplink port operate in promiscuous mode or interface-number for the isolate-user-VLAN. host mode in a VLAN. Configure the port to operate in promiscuous mode in a specific VLAN:...
Page 142: Isolate-User-Vlan Configuration Example
Isolate-user-VLAN configuration example Network requirements As shown in Figure Connect Device A to downstream devices Device B and Device C. • Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port GigabitEthernet • 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3. Assign GigabitEthernet 1/0/2 to VLAN 2 and GigabitEthernet 1/0/1 to VLAN 3.
Page 143 # Configure the secondary VLANs. [DeviceB] vlan 2 to 3 # Configure the uplink port GigabitEthernet 1/0/5 to operate in promiscuous mode in VLAN 5. [DeviceB] interface gigabitethernet 1/0/5 [DeviceB-GigabitEthernet1/0/5] port isolate-user-vlan 5 promiscuous [DeviceB-GigabitEthernet1/0/5] quit # Assign downlink ports GigabitEthernet 1/0/1 to VLAN 3 and GigabitEthernet 1/0/2 to VLAN 2, and configure the ports to operate in host mode.
Page 144 Verifying the configurations # Display the isolate-user-VLAN configuration on Device B. [DeviceB] display isolate-user-vlan Isolate-user-VLAN VLAN ID : 5 Secondary VLAN ID : 2-3 VLAN ID: 5 VLAN Type: static Isolate-user-VLAN type : isolate-user-VLAN Route Interface: not configured Description: VLAN 0005 Name: VLAN 0005 Tagged Ports: none...
Page 145: Voice Vlan Configuration
Voice VLAN configuration As voice communication technologies grow more mature, voice devices are more and more widely deployed, especially on broadband networks, where voice traffic and data traffic often co-exist. Usually, compared to data traffic, voice traffic is given a higher transmission priority for the purpose of reducing transmission delay and packet loss.
Page 146 system automatically assigns the receiving port to the voice VLAN, issues ACL rules and configures the packet precedence. Configure voice VLAN aging time on the device. The system will remove a port from the voice VLAN if no packet is received from the port during the aging time. Assigning/removing ports to/from a voice VLAN are automatically performed by the system.
Page 147 Table 17 Required configurations on ports of different links types in order for the ports to support tagged voice traffic Voice VLAN Support for Port link type assignment tagged voice Configuration requirements mode traffic Automatic Access — Manual Configure the default VLAN of the port, which Automatic cannot be the voice VLAN, and assign the port to its default VLAN.
Page 148: Security Mode And Normal Mode Of Voice Vlans
MAC addresses checking. TIP: HP does not recommend that you transmit both voice traffic and non-voice traffic in a voice VLAN. If you have to, ensure that the voice VLAN security mode is disabled.
Page 149: Configuring A Voice Vlan
Configuring a voice VLAN Configuration prerequisites Before you configure a voice VLAN, complete the following tasks: Create a VLAN • Configure QoS priority settings for voice VLAN traffic on an interface before enabling voice VLAN • on the interface. If the configuration order is reversed, your priority configuration will fail. For more information, see “Configuring QoS priority settings for voice traffic on an interface.”...
Page 150: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode
to use the 802.1p priority in incoming packets for priority mapping. For more information about this command, see the ACL and QoS Configuration Guide. Configuring a port to operate in automatic voice VLAN assignment mode To set a port to operate in automatic voice VLAN assignment mode: To do...
Page 151: Displaying And Maintaining Voice Vlan
To do... Use the command... Remarks Optional. Enable the voice VLAN voice vlan security enable security mode Enabled by default. Optional. By default, each voice VLAN has Add a recognizable OUI voice vlan mac-address oui mask default OUI addresses configured. address oui-mask [ description text ] For the default OUI addresses of...
Page 152: Voice Vlan Configuration Examples
Voice VLAN configuration examples Automatic voice VLAN mode configuration example Network requirements As shown in Figure The MAC address of IP phone A is 001 1- 1 100-0001. The phone connects to a downstream device • named PC A whose MAC address is 0022- 1 100-0002 and to GigabitEthernet 1/0/1 on an upstream device named Device A.
Page 153 [DeviceA] voice vlan mac-address 0011-1100-0001 mask ffff-ff00-0000 description IP phone [DeviceA] voice vlan mac-address 0011-2200-0001 mask ffff-ff00-0000 description IP phone # Configure GigabitEthernet 1/0/1 as a hybrid port. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type hybrid # Configure GigabitEthernet 1/0/1 to operate in automatic voice VLAN assignment mode. By default, a port operates in automatic voice VLAN assignment mode (optional).
Page 154: Manual Voice Vlan Assignment Mode Configuration Example
Manual voice VLAN assignment mode configuration example Network requirements Create VLAN 2 and configure it as a voice VLAN permitting only voice traffic to pass through. • The IP phones send untagged voice traffic. Configure GigabitEthernet 1/0/1 as a hybrid port. •...
Page 155 <DeviceA> display voice vlan oui Oui Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 0011-2200-0000 ffff-ff00-0000 test 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current voice VLAN state.
Page 156: Gvrp Configuration
GVRP configuration The GARP provides a generic framework for devices in a bridged LAN, such as end stations and switches, to register and deregister attribute values. The GARP GVRP is a GARP application that registers and deregisters VLAN attributes. GVRP is based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network.
Page 157 A GARP participant sends Join messages when it wants to register with other participants its attributes (including manually configured attributes), and when it receives Join messages from other participants. There are two types of Join messages, JoinEmpty and JoinIn. A GARP participant sends a JoinEmpty message to declare an attribute not registered on it. •...
Page 158 LeaveAll timer When a GARP application is enabled, a LeaveAll timer starts. The GARP participant sends a LeaveAll message when the timer expires. Then, the LeaveAll timer restarts to begin a new cycle. The LeaveAll timer and all other GARP timers also restart when the GARP participant receives a LeaveAll message. Because a LeaveAll message deregisters all attributes in the entire network, do not set the LeaveAll timer too short.
Page 159: Gvrp
Field Description Value Consists of an Attribute Length, an Attribute Attribute Event, and an Attribute –– Value Length of an attribute, inclusive of Attribute length 2 to 255 (in bytes) the attribute length field • 0x00: LeaveAll event • 0x01: JoinEmpty event •...
Page 160: Gvrp Configuration Task List
GVRP configuration task list Complete these tasks to configure GVRP: Task Remarks Configuring GVRP functions Required Configuring GARP timers Optional GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes effect on the current interface only. GVRP configuration made in port group view takes effect on all member ports in the group.
Page 161: Configuring Garp Timers
To do… Use the command… Remarks Optional. Configure the GVRP registration mode on gvrp registration { fixed | the ports forbidden | normal } normal. by default. For more information about the port link-type trunk and port trunk permit vlan all commands, see the chapter “VLAN configuration commands.”...
Page 162: Displaying And Maintaining Gvrp
As shown in Table 21, the value ranges for GARP timers are dependent on one another: If you want to set a value beyond the value range for a timer, you may change the value range by • tuning the value of another related timer. If you want to restore the default settings of the timers, restore the Hold timer first, and then the Join, •...
Page 163: Gvrp Configuration Examples
GVRP configuration examples GVRP normal registration mode configuration example Network requirements As shown in Figure Device A and Device B are connected through their GigabitEthernet 1/0/1 ports. • Enable GVRP and configure the normal registration mode on ports to enable the registration and •...
Page 164: Gvrp Fixed Registration Mode Configuration Example
[DeviceB-vlan3] quit Verify the configuration Use the display gvrp local-vlan command to display the local VLAN information maintained by GVRP on ports. For example: # Display the local VLAN information maintained by GVRP on port GigabitEthernet 1/0/1 of Device A. [DeviceA] display gvrp local-vlan interface gigabitethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default),2-3...
Page 165: Gvrp Forbidden Registration Mode Configuration Example
[DeviceA] vlan 2 [DeviceA-vlan2] quit Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1, and set the GVRP registration mode to fixed on the port.
Page 166 Figure 52 Network diagram for GVRP forbidden registration mode configuration Configuration procedure Configure Device A # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1, and set the GVRP registration mode to forbidden on the port.
Page 167 According to the output, information about VLAN 1 is registered through GVRP, but static VLAN information of VLAN 2 on the local device and dynamic VLAN information of VLAN 3 on Device B are not. # Display the local VLAN information maintained by GVRP on port GigabitEthernet 1/0/1 of Device B. [DeviceB] display gvrp local-vlan interface gigabitethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default)
Page 168: Qinq Configuration
QinQ configuration Throughout this document, CVLANs, also called “inner VLANs,” refer to the VLANs that a customer uses on the private network. SVLANs, also called “outer VLANs,” refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers. QinQ stands for 802.1Q in 802.1Q.
Page 169: Qinq Frame Structure
Figure 53 Typical QinQ application scenario As shown in Figure 53, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20. The service provider assigns SVLAN 3 for customer network A, and SVLAN 4 for customer network B.
Page 170: Implementations Of Qinq
Figure 54 Single-tagged Ethernet frame header vs. double-tagged Ethernet frame header The default MTU of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. HP recommends you to increase the MTU of each interface on the service provider network to at least 1504 bytes. For more information about interface MTU configuration, see the chapter “Ethernet port configuration.”...
Page 171: Protocols And Standards
The switch determines whether a received frame carries a SVLAN or CVLAN tag by checking the TPID value. For example, if a frame carries a SVLAN tag with TPID value 0x9100 and a CVLAN tag with TPID value 0x8100, and the configured TPID value of the SVLAN tag is 0x9100 and that of the CVLAN tag is 0x8200, the switch considers that the frame carries only the SVLAN tag but not the CVLAN tag.
Page 172: Configuring Basic Qinq
Task Remarks Configuring an outer VLAN tagging policy Optional Configuring selective Configuring an inner-outer VLAN 802.1p priority Optional QinQ mapping Configuring inner VLAN ID substitution Optional Configuring the TPID value in VLAN tags Optional QinQ requires configurations only on the service provider network. QinQ configurations made in Ethernet interface view take effect on the current interface only.
Page 173: Configuring Selective Qinq
VLAN tags based on different inner VLAN tags. The selective QinQ feature of the HP 5800&5820X Switch Series is achieved through QoS policies. To enable the switch to tag tagged packets based on inner VLAN tags, follow these steps: Configure a class to match packets with certain tags;...
Page 174: Configuring An Inner-Outer Vlan 802.1P Priority Mapping
ACL and QoS Configuration Guide Configuring an inner-outer VLAN 802.1p priority mapping The HP 5800&5820X switches series achieve the following inner-outer VLAN 802.1p priority mapping modes through QoS policies: Marking the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p •...
Page 175 Copying the 802.1p priority in the inner VLAN tags to the outer VLAN tags. • If you set the trusted packet priority type to 802.1p priority on a port with QinQ or selective QinQ enabled, the port automatically copies the 802.1p priority from the inner VLAN tag to the outer VLAN tag when adding the outer VLAN tag to each packet.
Page 176: Configuring Inner Vlan Id Substitution
To do... Use the command... Remarks Return to system view quit — Enter Layer 2 Required. interface interface-type interface- Enter the Ethernet port Use either command. number Ethernet view • Settings made in Layer 2 port view Ethernet interface view take of the effect only on the current port.
Page 177: Configuring The Tpid Value In Vlan Tags
To do... Use the command... Remarks Associate the traffic class with the classifier classifier-name behavior Required. traffic behavior defined earlier behavior-name Return to system view quit — Enter Layer 2 Required. interface interface-type interface- Ethernet port Use either command. number Enter the view •...
Page 178: Qinq Configuration Examples
For more information about customer-side QinQ, see the chapter “VLAN mapping configuration.” SVLAN TPID and QinQ cannot both be configured on a port at the same time. QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure Provider A and Provider B are edge switches on the service provider network and are interconnected •...
Page 179 [ProviderA-GigabitEthernet1/0/1] port access vlan 10 # Enable basic QinQ on GigabitEthernet 1/0/1. [ProviderA-GigabitEthernet1/0/1] qinq enable [ProviderA-GigabitEthernet1/0/1] quit Configure GigabitEthernet 1/0/2 • # Configure GigabitEthernet 1/0/2 as a hybrid port and configure VLAN 50 as the default VLAN of the port. [ProviderA] interface gigabitethernet 1/0/2 [ProviderA-GigabitEthernet1/0/2] port link-type hybrid [ProviderA-GigabitEthernet1/0/2] port hybrid pvid vlan 50...
Page 180: Selective Qinq Configuration Example
[ProviderB] interface gigabitethernet 1/0/3 [ProviderB-GigabitEthernet1/0/3] port link-type trunk [ProviderB-GigabitEthernet1/0/3] port trunk permit vlan 10 50 # Set the TPID value in the outer tag to 0x8200. [ProviderB-GigabitEthernet1/0/3] qinq ethernet-type service-tag 8200 [ProviderB-GigabitEthernet1/0/3] quit Configuration on third-party switches Configure the third-party switches between Provider A and Provider B as follows: configure the port connecting GigabitEthernet 1/0/3 of Provider A and that connecting GigabitEthernet 1/0/3 of Provider B to allow tagged frames of VLAN 10 and 50 to pass through.
Page 181 Configure PE 1: Configure GigabitEthernet 1/0/1: # Configure GigabitEthernet 1/0/1 as a hybrid port to permit frames of VLAN 100 and VLAN 200 to pass through untagged. <PE1> system-view [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type hybrid [PE1-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged [PE1-GigabitEthernet1/0/1] quit # Create class A10 and configure the class to match frames with CVLAN 10.
Page 182 # Configure traffic behavior T100 to mark matching packets with CVLAN 30. [PE1] traffic behavior T100 [PE1-behavior-T100] remark customer-vlan-id 30 [PE1-behavior-T100] quit # Create class A200 and configure the class to match frames with CVLAN 20 and SVLAN 200. [PE1] traffic classifier A200 [PE1-classifier-A200] if-match customer-vlan-id 20 [PE1-classifier-A200] if-match service-vlan-id 200 [PE1-classifier-A200] quit...
Page 183 [PE2-behavior-P200] nest top-most vlan-id 200 [PE2-behavior-P200] quit # Create a QoS policy named qinq, associate traffic class A30 with traffic behavior P100, and associate traffic class A40 with traffic behavior P200. [PE2] qos policy qinq [PE2-qospolicy-qinq] classifier A30 behavior P100 [PE2-qospolicy-qinq] classifier A40 behavior P200 [PE2-qospolicy-qinq] quit # Enable basic QinQ on the port.
Page 184 # Set the TPID value in the outer tag to 0x8200. [PE2-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200 [PE2-GigabitEthernet1/0/2] quit On the third-party devices between PE 1 and PE 2, configure the port that connects to PE 1 and that connecting to PE 2 to allow tagged frames of VLAN 100 and VLAN 200 to pass through.
Page 185: Vlan Mapping Configuration
VLAN mapping configuration VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP 5800&5820X series provides the following types of VLAN mapping: One-to-one VLAN mapping—Replaces one VLAN tag with another. Use one-to-one VLAN mapping • to sub-classify traffic from a particular VLAN for granular QoS control.
Page 186: Application Scenario Of Two-To-Two Vlan Mapping
Figure 58 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 - > VLAN 101 VLAN 2 - > VLAN 201 VLAN 3 VoIP VLAN 3 - > VLAN 301 Wiring - closet switch VLAN 1 VLAN 1 - >...
Page 187: Concepts And Terms
Figure 59 Application scenario of two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively. The VLAN assigned for VPN A is VLAN 10 in the SP 1 network and VLAN 20 in the SP 2 network. If Site 1 sends a packet to Site 2, the packet is processed on the way to its destination using the following workflow: When the packet tagged with VLAN 2 arrives at the edge of network SP 1, PE 1 tags the packet...
Page 188: Vlan Mapping Implementations
Uplink traffic: Traffic transmitted from the customer network to the service provider network. • Downlink traffic: Traffic transmitted from the service provider network to the customer network. • Network-side port: A port connected to the service provider network. • Customer-side port: A port connected to the customer network. •...
Page 189: Configuring Vlan Mapping
Figure 62 Many-to-one VLAN mapping implementation CVLAN 1 Data SVLAN Data Inbound uplink policy CVLAN n Data SVLAN Data Customer SP network network CVLAN Data SVLAN Data DHCP snooping table lookup Network-side port Customer-side port Uplink traffic Downlink traffic Each DHCP snooping entry contains information about one DHCP client, including its IP address, MAC address, and CVLAN.
Page 190: Configuring One-To-One Vlan Mapping
Configuring one-to-one VLAN mapping Perform one-to-one VLAN mapping on wiring-closet switches (see Figure 58) to isolate traffic by both user and traffic type. Perform these tasks to configure one-to-one VLAN mapping: Task Description Configuring an uplink policy Creates CVLAN-to-SVLAN mappings (required). Configuring a downlink policy Creates SVLAN-to-CVLAN mappings (required).
Page 191 To do... Use the command... Remarks Repeat these steps to configure Configure an SVLAN as the if-match service-vlan-id vlan-id one class for each SVLAN. match criterion Return to system view quit Create a traffic behavior and traffic behavior behavior-name enter traffic behavior view Required.
Page 192: Configuring Many-To-One Vlan Mapping
To do... Use the command... Remarks Required. Configure the port as a trunk port port link-type trunk The default link type of ports is access. Required. port trunk permit vlan { vlan-id-list Assign the port to SVLANs By default, a trunk port is | all } in only VLAN 1.
Page 193 Enabling ARP detection in SVLANs The ARP detection function enables a switch to modify the VLAN attributes of ARP packets, which is impossible under the normal ARP packet processing procedure. For more information about ARP detection, see the Security Configuration Guide. To enable ARP detection in all SVLANs: To do...
Page 194: Configuring Two-To-Two Vlan Mapping
To do... Use the command... Remarks Required. Assign the port to CVLANs port trunk permit vlan { vlan-id-list By default, a trunk port is in only and SVLANs | all } VLAN 1. Required. Enable customer-side QinQ qinq enable downlink By default, customer-side QinQ is disabled on all ports.
Page 195 Task Description Configuring an uplink policy for the Replaces foreign SVLANs with local SVLANs for uplink traffic customer-side port (required). Configuring an uplink policy for the Replaces foreign CVLANs with local CVLANs for uplink traffic network-side port (required). Configuring a downlink policy for the Replaces local SVLANs and CVLANs with foreign SVLANs and customer-side port CVLANs (required).
Page 196 To do... Use the command... Remarks Create a class and enter class traffic classifier tcl-name [ operator view and ] Required. Specify a foreign CVLAN as a Repeat these steps to if-match customer-vlan-id vlan-id match criterion create one class for each local SVLAN and foreign Specify a local SVLAN as a match if-match service-vlan-id vlan-id...
Page 197 To do... Use the command... Remarks Create a QoS policy and enter qos policy policy-name Required. QoS policy view Required. Associate the class with the classifier tcl-name behavior behavior- Repeat this step to create behavior name other class-behavior associations. Configuring the customer-side port To configure the customer-side port: To do...
Page 198: Vlan Mapping Configuration Examples
VLAN mapping configuration examples One-to-one and many-to-one VLAN mapping configuration example Network requirements As shown in Figure 64, assign one VLAN for each type of traffic from each user on the wiring-closet switches. To prevent the maximum number of VLANs from being exceeded on Switch D, perform many-to-one VLAN mapping on Switch C to transmit the same type of traffic from different users in one VLAN: use VLAN 501 for PC traffic, VLAN 502 for VoD traffic, and VLAN 503 for VoIP traffic.
Page 199: Configuring Switch A
Figure 64 Network diagram for one-to-one and many-to-one VLAN mapping configuration DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 GE1/0/1 GE1/0/3 Wiring-closet Switch A VLAN 1 GE1/0/2...
Page 200 [SwitchA-classifier-c2] if-match customer-vlan-id 2 [SwitchA-classifier-c2] traffic classifier c3 [SwitchA-classifier-c3] if-match customer-vlan-id 3 [SwitchA-classifier-c3] quit [SwitchA] traffic behavior b1 [SwitchA-behavior-b1] remark service-vlan-id 101 [SwitchA-behavior-b1] traffic behavior b2 [SwitchA-behavior-b2] remark service-vlan-id 201 [SwitchA-behavior-b2] traffic behavior b3 [SwitchA-behavior-b3] remark service-vlan-id 301 [SwitchA-behavior-b3] traffic behavior b4 [SwitchA-behavior-b4] remark service-vlan-id 102 [SwitchA-behavior-b4] traffic behavior b5 [SwitchA-behavior-b5] remark service-vlan-id 202...
Page 201 [SwitchA] qos policy p11 [SwitchA-policy-p11] classifier c11 behavior b11 [SwitchA-policy-p11] classifier c22 behavior b22 [SwitchA-policy-p11] classifier c33 behavior b33 [SwitchA-policy-p11] quit [SwitchA] qos policy p22 [SwitchA-policy-p22] classifier c44 behavior b11 [SwitchA-policy-p22] classifier c55 behavior b22 [SwitchA-policy-p22] classifier c66 behavior b33 [SwitchA-policy-p22] quit # Assign customer-side port GigabitEthernet 1/0/1 to CVLANs 1 to 3, and SVLANs 101, 201, and 301, and enable basic QinQ, and apply uplink policy p1 to the incoming traffic and downlink policy p1 1 to...
Page 202 [SwitchC] vlan 101 [SwitchC-vlan101] arp detection enable [SwitchC-vlan101] vlan 201 [SwitchC-vlan201] arp detection enable [SwitchC-vlan201] vlan 301 [SwitchC-vlan301] arp detection enable [SwitchC-vlan301] vlan 102 [SwitchC-vlan102] arp detection enable [SwitchC-vlan102] vlan 202 [SwitchC-vlan202] arp detection enable [SwitchC-vlan202] vlan 302 [SwitchC-vlan302] arp detection enable [SwitchC-vlan302] vlan 103 [SwitchC-vlan103] arp detection enable [SwitchC-vlan103] vlan 203...
Page 203 [SwitchC-behavior-b1] traffic behavior b2 [SwitchC-behavior-b2] remark service-vlan-id 502 [SwitchC-behavior-b2] traffic behavior b3 [SwitchC-behavior-b3] remark service-vlan-id 503 [SwitchC-behavior-b3] quit [SwitchC] qos policy p1 [SwitchC-policy-p1] classifier c1 behavior b1 mode dot1q-tag-manipulation [SwitchC-policy-p1] classifier c2 behavior b2 mode dot1q-tag-manipulation [SwitchC-policy-p1] classifier c3 behavior b3 mode dot1q-tag-manipulation [SwitchC-policy-p1] quit [SwitchC] qos policy p2 [SwitchC-policy-p2] classifier c4 behavior b1 mode dot1q-tag-manipulation...
Page 204: Two-To-Two Vlan Mapping Configuration Example
[SwitchD] interface gigabitethernet 1/0/1 [SwitchD-GigabitEthernet1/0/1] port link-type trunk [SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 501 502 503 Two-to-two VLAN mapping configuration example Network requirements As shown in Figure 65, two VPN A users, Site 1 and Site 2, are in VLAN 10 and VLAN 30, respectively. SP 1 assigns VLAN 100 for VPN A, and SP 2 assigns VLAN 200 for VPN A.
Page 205 # Set port GigabitEthernet 1/0/2 as a trunk port, and assign it to VLAN 100. [PE2] interface gigabitethernet 1/0/2 [PE2-GigabitEthernet1/0/2] port link-type trunk [PE2-GigabitEthernet1/0/2] port trunk permit vlan 100 Configuring PE 3 # Configure an uplink policy down_uplink for customer-side port GigabitEthernet 1/0/1 to substitute SVLAN ID 200 for the SVLAN ID in the incoming traffic tagged with CVLAN 10 and SVLAN 100.
Page 206 [PE3-GigabitEthernet1/0/1] port link-type trunk [PE3-GigabitEthernet1/0/1] port trunk permit vlan 200 [PE3-GigabitEthernet1/0/1] qos apply policy down_uplink inbound [PE3-GigabitEthernet1/0/1] qos apply policy down_downlink outbound [PE3-GigabitEthernet1/0/1] quit # Set network-side port GigabitEthernet 1/0/2 as a trunk port, assign it to VLAN 200, and apply uplink policy up_uplink to the outgoing traffic on the port.
Page 207: Lldp Configuration
LLDP configuration In a heterogeneous network, it is important that different types of network devices from different vendors can discover one another and exchange configuration for interoperability and management sake. A standard configuration exchange platform was created. The IETF drafted the LLDP in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 208 Field Description Frame check sequence, a 32-bit CRC value used to determine the validity of the received Ethernet frame SNAP-encapsulated LLDPDU format Figure 67 SNAP-encapsulated LLDPDU format The fields in the frame are described in Table Table 24 Description of the fields in a SNAP-encapsulated LLDPDU Field Description The MAC address to which the LLDPDU is advertised.
Page 209 TLVs TLVs are type, length, and value sequences that carry information elements. The type field identifies the type of information, the length field measures the length of the information field in octets, and the value field contains the information itself. LLDPDU TLVs fall into these categories: basic management TLVs, organizationally (IEEE 802.1 and IEEE 802.3) specific TLVs, and LLDP-MED (media endpoint discovery) TLVs.
Page 210 HP 5800&5820X series Ethernet switches only support receiving protocol identity TLVs. Layer 3 Ethernet ports do not support IEEE 802.1 organizationally specific TLVs. IEEE 802.3 organizationally specific TLVs Table 27 IEEE 802.3 organizationally specific TLVs Type Description Contains the bit-rate and duplex capabilities of the sending port,...
Page 211: How Lldp Works
Type Description Allows a terminal device to advertise its asset ID. The typical case is Asset ID that the user specifies the asset ID for the endpoint to facilitate directory management and asset tracking. Allows a network device to advertise the appropriate location Location Identification identifier information for a terminal device to use in the context of location-based applications...
Page 212: Protocols And Standards
Protocols and standards IEEE 802.1AB-2005, Station and Media Access Control Connectivity Discovery • ANSI/TIA- 1 057, Link Layer Discovery Protocol for Media Endpoint Devices • DCB Capability Exchange Protocol Specification Rev 1.0 • DCB Capability Exchange Protocol Base Specification Rev 1.01 •...
Page 213: Setting The Lldp Operating Mode
To do… Use the command… Remarks Enter Enter Layer 2/Layer interface interface-type Ethernet 3 Ethernet interface interface-number interface view Required. view or Use either command. port port-group manual port-group- Enter port group view group name view Optional. Enable LLDP lldp enable By default, LLDP is enabled on a port.
Page 214: Enabling Lldp Polling
Enabling LLDP polling With LLDP polling enabled, a device checks for local configuration changes periodically. Upon detecting a configuration change, the device sends LLDPDUs to inform the neighboring devices of the change. To enable LLDP polling: To do… Use the command… Remarks Enter system view system-view...
Page 215: Configuring The Management Address And Its Encoding Format
To do… Use the command… Remarks Optional. lldp tlv-enable { basic-tlv { all | port- By default, all types of description | system-capability | system- LLDP TLVs, except IEEE description | system-name } | dot3-tlv { all 802.1 organizationally Configure the advertisable | link-aggregation | mac-physic | max- specific TLVs, network TLVs (Layer 3 Ethernet...
Page 216: Setting Other Lldp Parameters
To do… Use the command… Remarks Optional. Configure the encoding format of lldp management-address- By default, the management the management address as format string address is encapsulated in the character string numeric format. Setting other LLDP parameters The Time To Live TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device.
Page 217: Configuring Cdp Compatibility
To do… Use the command… Remarks Enter system view system-view — Enter Enter Layer interface interface-type interface- Ethernet 2/Layer 3 Ethernet number Required. interface interface view view or Use either command. Enter port group port group port-group manual port-group-name view view Required.
Page 218: Configuring Dcbx
Remotely configures the peer device, if the peer device accepts the configuration. • DCBX is supported only on the 10-GE ports of HP 5820X series Ethernet switches, and only the remote configuration function is supported. Figure 69 DCBX application scenario DCBX enables lossless packet transmission on DCE networks.
Page 219: Dcbx Configuration Task List
HP devices can send the three types of DCBX information to a server adapter supporting FCoE, but cannot receive these types of DCBX information. DCBX configuration task list Complete these tasks to configure DCBX: Task Remarks Enabling LLDP and DCBX TLV advertising...
Page 220 packets to 3. If the negotiation succeeds, all FCoE and FIP packets that the server adapter sends to the device carry the 802.1p priority 3. To configure APP parameters: To do… Use the command… Remarks Enter system view system-view — Required.
Page 221: Configuring Ets Parameters
To do… Use the command… Remarks Apply the Use any approach. Enter Layer 2 interface interface-type interface- QoS policy Ethernet The global configuration number to the interface view is effective for all outgoing interfaces. The packets of a configuration made on an Apply the policy Layer 2 interface is effective only...
Page 222: Configuring Pfc Parameters
To do… Use the command… Remarks Required. By default, the switch does not Configure the interface or interfaces use the priority in incoming to use the 802.1p priority in qos trust dot1p packets, but the priority of the incoming packets for priority receiving port as the 802.1p mapping priority of the incoming...
Page 223: Configuring Lldp Trapping
To advertise the PFC data, you must enable PFC in auto-negotiation mode. HP recommends you to enable PFC only for the 802.1p priority of the FCoE traffic. Packet loss might occur because of congestion, if you enable PFC for multiple 802.1p priorities.
Page 224: Displaying And Maintaining Lldp
To configure LLDP trapping: To do… Use the command… Remarks Enter system view system-view — Enter Enter Layer 2/Layer 3 interface interface-type interface- Ethernet Ethernet interface number interface view Required. view or Use either command. port Enter port group view port-group manual port-group-name group view...
Page 225: Lldp Configuration Examples
LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure 70, the NMS and Switch A are located in the same Ethernet. An MED device and Switch B are connected to GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A. Enable LLDP on the ports of Switch A and Switch B to monitor the link between Switch A and Switch B and the link between Switch A and the MED device on the NMS.
Page 226 [SwitchB-GigabitEthernet1/0/1] quit Verify the configuration # Display the global LLDP status and port LLDP status on Switch A. [SwitchA] display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days,0 hours,4 minutes,40 seconds Transmit interval : 30s...
Page 227: Cdp-Compatible Lldp Configuration Example
LLDP neighbor information last changed time: 0 days,0 hours,5 minutes,20 seconds Transmit interval : 30s Hold multiplier Reinit delay : 2s Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [GigabitEthernet1/0/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag...
Page 228 Figure 71 Network diagram for CDP-compatible LLDP configuration Configuration procedure Configure a voice VLAN on Switch A # Create VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] quit # Set the link type of GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to trunk and enable voice VLAN on them.
Page 229: Dcbx Configuration Example
Port ID : Port 1 Sofrware version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full CDP neighbor-information of port 2[GigabitEthernet1/0/2]: CDP neighbor index : 2 Chassis ID : SEP00141CBCDBFF Port ID : Port 1 Sofrware version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex...
Page 230 Configure APP parameters # Create Ethernet frame header ACL 4000 and configure the ACL to permit FCoE packets (whose protocol number is 0x8906) and FIP packets (whose protocol number is 0x8914) to pass through. [SwitchA] acl number 4000 [SwitchA-acl-ethernetframe-4000] rule permit type 8906 ffff [SwitchA-acl-ethernetframe-4000] rule permit type 8914 ffff [SwitchA-acl-ethernetframe-4000] quit # Create a class named app_c, specify the operator of the class as OR, and use ACL 4000 as the match...
Page 231 Verify the configuration Through the specific menu on the DC server, you can see the data exchange procedure between the DC server and Switch A to verify the configuration. Take a Qlogic adapter on the DC server for example. The data exchange procedure is: Wed Aug 25 15:08:56 CST 2010 DCBX TLV (Type-Length-Value) Data...
Page 232 DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 2 Priority Group ID of Priority 3: 3 Priority Group ID of Priority 2: 1 Priority Group ID of Priority 5: 5 Priority Group ID of Priority 4: 4 Priority Group ID of Priority 7: 7 Priority Group ID of Priority 6: 6...
Page 233 PFC Enabled on Priority 4: No PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No PFC Enabled on Priority 7: No Number of Traffic Classes Supported: 6 DCBX Parameter Information Parameter Type: Remote Pad Byte Present: No DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data...
Page 234: Service Loopback Group Configuration
Service loopback group configuration The service loopback function is implemented through service loopback groups. A service loopback group must contain at least one Ethernet port as its member port, called a service loopback port. To increase service redirecting throughput, you can assign multiple service loopback ports to a service loopback group.
Page 235: Configuring A Service Loopback Group
Setting the state of service loopback ports The system sets the state of each member port in a service loopback group to selected or unselected by using the following workflow. Select the full-duplex port with the highest rate as the reference port. If two ports have the same duplex mode and speed, the one with the lower port number wins out.
Page 236: Displaying And Maintaining Service Loopback Groups
A service loopback group can be referenced by multiple features at the same time, for example, by multiple tunnel interfaces. Assign more ports to a service loopback group that is likely to be referenced by multiple features at the same time, so that the service loopback group can provide sufficient bandwidth. Change the service type of an existing service loopback group.
Page 237 [SwitchA-GigabitEthernet1/0/3] port service-loopback group 1 [SwitchA-GigabitEthernet1/0/3] quit # Create logical interface Tunnel 1 and reference service loopback group 1 on Tunnel 1. [SwitchA] interface tunnel 1 [SwitchA-Tunnel1] service-loopback-group 1...
Page 238: Support And Other Resources
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Page 239: Conventions
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 240 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 241 47 PVST configuration example, 107 displaying and maintaining, 52 STP configuration example, 106 dynamic aggregation group, 46 examples, 53 contacting HP, 240 documentation Layer 2 dynamic aggregation example, 55 conventions used, 241 Layer 2 static aggregation example, 53 website, 240...
Page 242 manually configuring entries, 28 symbols used, 241 websites, 241 types of entries, 28 icons, 241 MAC Information configuration, 34 isolate-user-VLAN configuring, 34 configuration, 138 displaying and maintaining, 140 enabling globally, 34 example, 141 enabling on an interface, 35 example, 36 LLDP advertisable TLVs, 216 interval for sending Syslog messages, 35...
Page 243 assigning a trunk port, 1 15 why MSTP?, 69 why STP?, 61 assigning an access port, 1 14 work mode of an MSTP device, 78 basic settings, 1 1 1 basic settings of a VLAN interface, 1 1 1 null interface, 25 configuration, 109 configuration, 24 displaying and maintaining, 26...
Page 244 security mode, 147 websites, 241...

This manual is also suitable for:

5800 series

HP 5820X series Configuration Manual

Ethernet Interface Configuration

Loopback and Null Interface Configuration

MAC Address Table Configuration

MAC Information Configuration

Ethernet Link Aggregation Configuration

Port Isolation Configuration

MSTP Configuration

BPDU Tunneling Configuration

VLAN Configuration

Super VLAN Configuration

Isolate-User-VLAN Configuration

Voice VLAN Configuration

GVRP Configuration

Qinq Configuration

VLAN Mapping Configuration

LLDP Configuration

Service Loopback Group Configuration

Support and Other Resources

Quick Links

Configuration Guide

Related Manuals for HP 5820X series

Summary of Contents for HP 5820X series