Page 3
The H3C S5830V2 & S5820V2 documentation set includes 16 configuration guides. These guides describe the software features for the H3C S5830V2 & S5820V2 Switch Series and guide you through the software configuration procedures. These guides also provide configuration examples to help you apply software features to different network scenarios.
Page 4
Configuration guide Added and modified features Service loopback group Modified features: Configuring service loopback groups. Release 2310 contains the following changes to LAN switching features over Release 2307: Configuration guide Added and modified features MAC address table Modified features: Enabling MAC address move notifications. Added features: Configuring many-to-one VLAN mapping in a VLAN mapping network with static IP address assignment.
Page 5
Configuration guide Added and modified features Added features: • Configuring the expected bandwidth of an interface. • Configuring Layer 3 aggregate group. • Configuring an edge aggregate interface. • Configuring LACP operating mode. • Configuring Layer 3 aggregate subinterface. Ethernet link aggregation •...
Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your switch. About the H3C S5830V2 & S5820V2 documentation set The H3C S5830V2 & S5820V2 documentation set includes: Category Documents Purposes...
Category Documents Purposes Provides a complete guide to hardware installation Installation guide and hardware specifications. H3C LSWM1HFANSC & Provides the physical views, specifications, LSWM1HFANSCB Fan installation procedures, and removal procedures for Assemblies Installation hot-swappable fan assemblies. H3C LSVM1FANSC & Provides the physical views, specifications,...
Contents Configuring Ethernet interfaces ··································································································································· 1 Configuring a management Ethernet interface ·············································································································· 1 Ethernet interface naming conventions ··························································································································· 1 Configuring common Ethernet interface settings ··········································································································· 1 Splitting a 40-GE interface and combining 10-GE breakout interfaces ····························································· 2 ...
Page 11
Configuring the aging timer for dynamic MAC address entries ··············································································· 28 Configuring the MAC learning limit on an interface·································································································· 29 Configuring the device to forward unknown frames after the MAC learning limit on an interface is reached ··· 29 ...
Page 12
Configuring load sharing for link aggregation groups ······························································································ 59 Setting load sharing modes for link aggregation groups ················································································· 59 Enabling local-first load sharing for link aggregation ······················································································· 60 Configuring per-flow load sharing algorithm settings for Ethernet link aggregation ····································· 61 ...
Configuring Ethernet interfaces The switch series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide. This document describes how to configure management Ethernet interfaces and Ethernet interfaces. Configuring a management Ethernet interface A management interface uses an RJ-45 connector.
Splitting a 40-GE interface and combining 10-GE breakout interfaces Splitting a 40-GE QSFP+ interface into four 10-GE breakout interfaces You can use a 40-GE QSFP+ interface as a single interface. To improve port density, reduce costs, and improve network flexibility, you can also split a 40-GE QSFP+ interface into four 10-GE breakout interfaces.
Step Command Remarks After creating the 40-GE interface, the system removes the four 10-GE breakout interfaces. After you combine the four 10-GE breakout interfaces, replace the Reboot the device. dedicated 1-to-4 cable with a dedicated 1-to-1 cable or a 40-GE transceiver module.
Step Command Remarks Create an Ethernet interface interface-type subinterface and enter interface-number.subnumber its view. The default setting is in the format of interface-name Interface. For Set the subinterface description text example, description. Ten-GigabitEthernet1/0/1.1 Interface. Restore the default settings for the Ethernet default subinterface.
Forwards jumbo frames within the specified length. Discards jumbo frames exceeding the specified length without further processing. To configure jumbo frame support in interface view: Step Command Remarks Enter system view. system-view Enter Ethernet interface interface interface-type view. interface-number By default, the device allows jumbo Configure jumbo frame jumboframe enable [ value ] frames within 10000 bytes to pass...
Step Command Remarks By default, the link-down or link-up event is Configure physical immediately reported to the CPU. state change link-delay delay-time If you configure this command multiple times on an suppression on the [ mode { up | updown }] Ethernet interface, the most recent configuration interface.
With Rx flow mode generic control enabled, an interface can receive flow control frames, but it • cannot send flow control frames. When the interface receives a flow control frame from its peer, it suspends sending packets to the peer. When congestion occurs, the interface cannot send flow control frames to the peer.
To perform PFC on a network port of an IRF member device, configure PFC on both the network port and the IRF physical ports. For information about IRF, see IRF configuration Guide. To ensure correct operations of IRF and other protocols, H3C recommends not enabling PFC for •...
Step Command Remarks Enter system view. system-view interface interface-type Enter Ethernet interface view. interface-number By default, auto power-down is Enable auto power-down. port auto-power-down disabled. Enabling EEE energy saving for Ethernet interfaces in up state IMPORTANT: Fiber ports do not support this feature. With Energy Efficient Ethernet (EEE) energy saving, a link-up port enters the low power state if it has not received any packet for a certain period of time.
Forcibly bringing up a fiber port CAUTION: The following operations on a fiber port will cause link updown events before the port finally stays up: Configure the port up-mode command and the speed or duplex command at the same time. •...
The port up-mode command is mutually exclusive with either of the shutdown and loopback • commands. A GE fiber port cannot correctly forward traffic if you configure the port up-mode command on the • port and install any of the following modules into the port: Electro-optical module.
For the suppression threshold that takes effect, see the prompt on the device. Configuration procedure To set storm suppression thresholds on one or multiple Ethernet interfaces: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number Enable broadcast suppression By default, broadcast traffic is...
Configuration guidelines For the same type of traffic, do not configure the storm constrain command together with any of the broadcast-suppression, multicast-suppression, and unicast-suppression commands. Otherwise, the traffic suppression result is not determined. For more information about the broadcast-suppression, multicast-suppression, and unicast-suppression commands, see "Configuring storm suppression."...
MDI mode—Pins 1 and 2 are transmit pins and pins 3 and 6 are receive pins. • • AutoMDIX mode—The interface negotiates pin roles with its peer. To enable the interface to communicate with its peer, set the MDIX mode of the interface mode by using the following guidelines: Generally, set the MDIX mode of the interface to AutoMDIX.
Configuring a Layer 3 Ethernet interface or subinterface Setting the MTU for an Ethernet interface or subinterface The value of maximum transmission unit (MTU) affects the fragmentation and reassembly of IP packets. Typically, you do not need to modify the MTU of an interface. To set the MTU for an Ethernet interface or subinterface: Step Command...
Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.
Configuring a null interface A null interface is a virtual interface and is always up, but you can neither use it to forward data packets nor can you configure it with an IP address or link layer protocol. The null interface provides a simpler way to filter packets than ACL.
Page 36
Task Command Clear the statistics on the null interface. reset counters interface [ null [ 0 ] ]...
The maximum number of interface range names is only limited by the system resources. To • guarantee bulk interface configuration performance, H3C recommends that you configure fewer than 1000 interface range names. If a command fails to be executed on the first interface in the interface range, the command is not •...
Step Command Remarks • interface range { interface-type interface-number [ to Use either command. interface-type By using the interface range name interface-number ] } &<1-5> Enter interface range command, you assign a name to an • interface range name name view.
Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface (or egress RB), and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table.
of port A. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A. Types of MAC address entries A MAC address table can contain the following types of entries: Static entries—A static entry is manually added to forward frames with a specific destination MAC •...
Tasks at a glance (Optional.) Enabling MAC address synchronization (Optional.) Enable MAC address move notifications • Enable MAC address move notifications (for Release 2307) • Enable MAC address move notifications (for Release 2310 and later) (Optional.) Enabling ARP fast update for MAC address moves (Optional.) Enabling SNMP notifications for the MAC address table Configuring MAC address entries...
Step Command Remarks By default, no MAC address Add or modify a entry is configured globally. mac-address { dynamic | static } mac-address static or dynamic interface interface-type interface-number vlan Make sure you have created MAC address vlan-id the VLAN and assigned the entry.
Adding or modifying a multiport unicast MAC address entry You can configure a multiport unicast MAC address entry to associate a unicast destination MAC address with multiple ports. The frame with a destination MAC address matching the entry is sent out of multiple ports.
Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number By default, no multiport unicast MAC address entry is configured Add the interface to a on the interface.
An aging interval that is too long might cause the MAC address table to retains outdated entries. As a result, the MAC address table resources might be exhausted, and the MAC address table might fail to update to accommodate the latest network changes. An interval that is too short might result in removal of valid entries, which would cause unnecessary floods and possibly affect the device performance.
You can enable or disable forwarding of unknown frames after the MAC learning limit is reached. To enable the device to forward unknown frames after the MAC learning limit is reached: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view.
Enabling MAC address synchronization To avoid unnecessary floods and improve forwarding speed, make sure all member devices have the same MAC address table. After you enable MAC address synchronization, each member device advertises learned MAC address entries to other member devices. As shown in Figure Device A and Device B form an IRF fabric enabled with MAC address synchronization.
Figure 4 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization: Step Command Remarks Enter system view. system-view Enable MAC address By default, MAC address mac-address mac-roaming enable synchronization. synchronization is disabled. Enable MAC address move notifications (for Release 2307) The outgoing interface for a MAC address entry learned on interface A is changed to interface B when...
To enable MAC address move notifications: Step Command Remarks Enter system view. system-view By default, MAC address move notifications are disabled. After you execute this command: • If the device is configured with the snmp-agent trap Enable MAC address enable mac-address mac-address notification mac-move move notifications.
Step Command Remarks Enter system view. system-view By default, MAC address move notifications are disabled. After you execute this command: • If the device is configured with the snmp-agent trap Enable MAC address mac-address notification mac-move enable mac-address move notifications. [ interval interval-value ] command, the system sends SNMP notifications to the...
Figure 5 ARP fast update application scenario To enable ARP fast update for MAC address moves: Step Command Remarks Enter system view. system-view Enable ARP fast By default, ARP fast update for update for MAC mac-address mac-move fast-update MAC address moves is disabled. address moves.
Configuration procedure # Add a static MAC address entry for MAC address 000f-e235-dc71 on Ten-GigabitEthernet 1/0/1 that belongs to VLAN 1. <Device> system-view [Device] mac-address static 000f-e235-dc71 interface ten-gigabitethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1. [Device] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer to 500 seconds for dynamic MAC address entries.
Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor users leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.
Trap—The device sends SNMP notifications to notify MAC address changes. In this mode, the • device sends SNMP notifications to the NMS. For more information about SNMP, see Network Management and Monitoring Configuration Guide. To configure the MAC Information mode: Step Command Remarks...
Figure 7 Network diagram Configuration guidelines When you edit the file /etc/syslog.conf, follow these guidelines: • Comments must be on a separate line and must begin with a pound sign (#). No redundant spaces are allowed after the file name. •...
Page 58
# mkdir /var/log/Device # touch /var/log/Device/info.log Edit the file syslog.conf in directory /etc/ and add the following contents: # Device configuration messages local4.info /var/log/Device/info.log In this configuration, local4 is the name of the logging facility that the log host uses to receive logs, and info is the informational level.
Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
The port rate of an aggregate interface equals the total rate of its member ports in Selected state, and its duplex mode is the same as that of the Selected member ports. For more information about the states of member ports in an aggregation group, see "Aggregation states of member ports in an aggregation group."...
Feature Considerations VLAN attribute configurations include: • Permitted VLAN IDs. • PVID. • Link type (trunk, hybrid, or access). VLAN • Operating mode (promiscuous, trunk promiscuous, host). • VLAN tagging mode. For information about VLAN, see "Configuring VLANs." Protocol configurations—Protocol configurations do not affect the aggregation state of the member •...
The candidate port at the top is chosen as the reference port. If two ports have the same port priority, duplex mode, and speed, the original Selected port is chosen. If more than one such original Selected port exists, the one with the lower port number is chosen. Setting the aggregation state of each member port After a static aggregation group reaches the limit on Selected ports, ports attempting to join the group are put in Unselected state.
LACP LACP uses LACPDUs to exchange aggregation information between LACP-enabled devices. Each member port in an LACP-enabled aggregation group exchanges information with its peer. When a member port receives an LACPDU, it compares the received information with information received on the other member ports.
The LACP timeout interval also determines the LACPDU sending rate of the peer. You can configure the LACP timeout interval as the short timeout interval (3 seconds) or the long timeout interval (90 seconds). If you configure the short timeout interval, the peer sends LACPDUs fast (one LACPDU per second). If you configure the long timeout interval, the peer sends LACPDUs slowly (one LACPDU every 30 seconds).
Page 65
Figure 10 Setting the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID is aware of the aggregation state changes on the remote system. The system sets the aggregation state of local member ports the same as their peer ports. When you aggregate interfaces in dynamic mode, follow these guidelines: A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports.
After the Selected port limit has been reached, a port joining the aggregation group is put in • Selected state if it is more eligible than a current member port. For more information about configuring the maximum number of Selected ports in a dynamic aggregation group, see "Setting the minimum and maximum numbers of Selected ports for an aggregation...
Tasks at a glance (Optional.) Configuring an aggregate interface: • Configuring the description of an aggregate interface • Specifying ignored VLANs on a Layer 2 aggregate interface • Configuring the MTU of a Layer 3 aggregate interface • Setting the minimum and maximum numbers of Selected ports for an aggregation group •...
This switch series supports up to 128 aggregation groups. To ensure the operation of the service • loopback groups, H3C recommends configuring no more than 126 aggregation groups . Configuring a static aggregation group To guarantee a successful static aggregation, make sure that the ports at both ends of each link are in the same aggregation state.
Step Command Remarks Enter Layer 3 Ethernet interface view: interface interface-type Repeat these two sub-steps to interface-number Assign an interface to the assign more Layer 3 Ethernet specified Layer 3 aggregation Assign the interface to the interfaces to the aggregation group.
Page 70
Step Command Remarks By default, the long LACP timeout interval (90 seconds) is adopted by the interface. The peer sends LACPDUs slowly. Configure the short LACP Do not configure the short LACP timeout interval (3 seconds) lacp period short timeout interval before performing on the interface.
Step Command Remarks Configure the port priority for link-aggregation port-priority The default setting is 32768. the interface. port-priority By default, the long LACP timeout interval (90 seconds) is adopted by the interface. The peer sends LACPDUs slowly. Configure the short LACP Do not configure the short LACP timeout interval (3 seconds) lacp period short...
Specifying ignored VLANs on a Layer 2 aggregate interface By default, to become Selected ports, the member ports must have the same VLAN permit state and VLAN tagging mode as the corresponding Layer 2 aggregate interface. The system ignores the permit state and tagging mode of an ignored VLAN when choosing Selected ports.
When the number of member ports eligible to be Selected is smaller than the minimum threshold: • All member ports change to the Unselected state. The link of the aggregate interface goes down. When the minimum threshold is reached, the eligible member ports change to the Selected state, •...
Step Command Remarks By default, the expected Configure the expected bandwidth bandwidth-value bandwidth (in kbps) is the interface bandwidth of the interface. baud rate divided by 1000. Configuring an edge aggregate interface When you configure an edge aggregate interface, follow these restrictions and guidelines: This configuration takes effect on only the aggregate interface corresponding to a dynamic •...
BFD packets. When the link is recovered and the local port is placed in the Selected state again, the local port establishes a new session with the peer port. BFD notifies the Ethernet link aggregation module that the peer port is reachable. Because BFD provides fast failure detection, the local and peer systems of a dynamic aggregate link can negotiate the aggregation state of their member ports faster.
Restoring the default settings for an aggregate interface You can return all configurations on an aggregate interface to default settings. To restore the default settings for an aggregate interface: Step Command Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view.
Step Command Remarks • Enter Layer 2 aggregate interface view interface bridge-aggregation interface-number Enter aggregate interface view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Configure the load sharing link-aggregation load-sharing mode The default settings are the same mode for the aggregation { destination-ip | destination-mac | as the global load sharing mode.
Step Command Remarks Enable local-first load sharing link-aggregation load-sharing By default, local-first load sharing for link aggregation. mode local-first for link aggregation is enabled. Configuring per-flow load sharing algorithm settings for Ethernet link aggregation This feature is available in Release 231 1P04 and later versions. Configure the per-flow load sharing algorithm and algorithm seed to optimize traffic distribution on aggregate links based on existing per-flow load sharing settings.
Link-aggregation traffic redirection applies only to dynamic link aggregation groups and takes • effect on only known unicast packets. To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of • the aggregate link. To prevent packet loss that might occur at a reboot, do not enable spanning tree together with •...
Ethernet link aggregation configuration examples Layer 2 static aggregation configuration example Network requirements As shown in Figure 12, perform the following tasks: Configure a Layer 2 static aggregation group on both Device A and Device B. • Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end. •...
[DeviceA-Ten-GigabitEthernet1/0/2] quit [DeviceA] interface ten-gigabitethernet 1/0/3 [DeviceA-Ten-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 [DeviceA-Bridge-Aggregation1] quit Configure Device B in the same way Device A is configured.
Page 82
Figure 13 Network diagram Configuration procedure Configure Device A: # Create VLAN 10, and assign the port Ten-GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Ten-GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port ten-gigabitethernet 1/0/5 [DeviceA-vlan20] quit...
[DeviceA-Bridge-Aggregation1] quit Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,...
Page 84
Figure 14 Network diagram Configuration procedure Configure Device A: # Create VLAN 10, and assign the port Ten-GigabitEthernet 1/0/5 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/0/5 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Ten-GigabitEthernet 1/0/6 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port ten-gigabitethernet 1/0/6 [DeviceA-vlan20] quit...
Page 85
[DeviceA] interface bridge-aggregation 2 # Configure the load sharing criterion for link aggregation group 2 as the destination MAC addresses of packets. [DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac [DeviceA-Bridge-Aggregation2] quit # Assign ports Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 to link aggregation group 2.
Each aggregation group contains two Selected ports. • # Display all the group-specific load sharing modes on Device A. [DeviceA] display link-aggregation load-sharing mode interface Bridge-Aggregation1 Load-Sharing Mode: source-mac address Bridge-Aggregation2 Load-Sharing Mode: destination-mac address The output shows that: Link aggregation group 1 load shares packets based on source MAC addresses. •...
Verifying the configuration # Display detailed information about all aggregation groups on the device when the server is not configured with dynamic link aggregation. [Device] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing,...
XGE1/0/3 32768 {ACDEF} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- XGE1/0/1 32768 0x8000, 000f-e267-57ad {ACDEF} XGE1/0/2 32768 0x8000, 000f-e267-57ad {ACDEF} XGE1/0/3 32768 0x8000, 000f-e267-57ad {ACDEF} The output shows that: • Link aggregation group 1 is a non-load-shared Layer 3 dynamic aggregation group. The aggregation group contains three Selected ports.
Page 91
Verifying the configuration # Display detailed information about all aggregation groups on the device when the server is not configured with dynamic link aggregation. [Device] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing,...
Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other, but they can communicate with ports outside the isolation group. Assigning a port to an isolation group The device supports multiple isolation groups, which can be configured manually.
Task Command Display isolation group information. display port-isolate group [ group-number ] Port isolation configuration example Network requirements As shown in Figure 19, configure port isolation on the device so that the hosts can access the Internet but cannot communicate with each other at Layer 2. Figure 19 Network diagram Configuration procedure # Create isolation group 2.
Page 94
[Device] display port-isolate group 2 Port isolation group information: Group ID: 2 Group members: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 The output shows that interfaces Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 are assigned to isolation group 2, so that Host A, Host B, and Host C are isolated from each other at layer 2.
Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called "leaf nodes". The root bridge is not permanent, but can change with changes of the network topology.
Path cost Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust. Calculation process of the STP algorithm The spanning tree calculation process described in the following sections is a simplified process for example only.
Page 98
Table 5 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device compares the priority of the received configuration BPDU with that of the configuration BPDU generated by the port: • If the former priority is lower, the device discards the received configuration BPDU and keeps the configuration BPDU the port generated.
Page 99
Table 6, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID. Table 6 Initial state of each device Configuration BPDU on the Device Port name port Port A1 {0, 0, 0, Port A1} Device A Port A2 {0, 0, 0, Port A2}...
Page 100
Configuration BPDU on Device Comparison process ports after comparison Port B1 performs the following actions: Receives the configuration BPDU of Port A1 {0, 0, 0, Port A1}. Determines that the received configuration BPDU is superior to its existing configuration BPDU {1, 0, 1, Port •...
Page 101
Configuration BPDU on Device Comparison process ports after comparison Device C performs the following actions: Compares the configuration BPDUs of all its ports. Decides that the configuration BPDU of Port C1 is the optimum. Selects Port C1 as the root port with the configuration •...
Page 102
After the comparison processes described in Table 7, a spanning tree with Device A as the root bridge is established, as shown in Figure Figure 22 The final calculated spanning tree The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded according to these guidelines: Upon network initiation, every device regards itself as the root bridge, generates configuration •...
Because each VLAN runs STP or RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled H3C device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled H3C device supports fast network convergence like RSTP when connected to PVST-enabled H3C devices or third-party devices enabled with Rapid PVST.
PVST limitations—Because each VLAN has its spanning tree, the amount of PVST BPDUs is • proportional to the number of VLANs on a trunk port. When the trunk port permits too many VLANs, both resources and calculations for maintaining the VLAN spanning trees increase dramatically. If a status change occurs on the trunk port that permits multiple VLANs, the device CPU will be overburdened with recalculation of the affected spanning trees.
Page 105
Figure 23 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2 MSTI 2 VLAN 2 MSTI 2 Other VLANs MSTI 0 Other VLANs MSTI 0 MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1 MSTI 1 VLAN 1...
Page 106
Same VLAN-to-instance mapping configuration • • Same MSTP revision level Physically linked together • Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region. Figure The switched network comprises four MST regions, MST region 1 through MST region 4. •...
Page 107
The regional root of MSTI 1 is Device B. • • The regional root of MSTI 2 is Device C. The regional root of MSTI 0 (also known as the IST) is Device A. • Common root bridge The common root bridge is the root bridge of the CIST. Figure 23, the common root bridge is a device in MST region 1.
Master port—Serves as a port on the shortest path from the local MST region to the common root • bridge. The master port is not always located on the regional root. It is a root port on the IST or CIST and still a master port on the other MSTIs.
MSTI calculation Within an MST region, MSTP generates different MSTIs for different VLANs based on the VLAN-to-instance mappings. For each spanning tree, MSTP performs a separate calculation process similar to spanning tree calculation in STP. For more information, see "Calculation process of the STP algorithm."...
To connect a spanning tree network to a TRILL network, make sure the following requirements are • met: The spanning tree protocol is disabled on the TRILL network. An edge port is used to connect the spanning tree network to the TRILL network. The edge port can quickly transit to the forwarding state.
Tasks at a glance (Optional.) Configuring protection functions RSTP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority •...
PVST configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority • (Optional.) Configuring the network diameter of a switched network •...
MSTP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Required.) Configuring an MST region • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority •...
RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transits to • the STP mode when it receives STP BPDUs from the peer device. A port in this mode does not transit to the MSTP mode when it receives MSTP BPDUs from the peer device. •...
MST region revision level. • • VLAN-to-instance mapping entries in the MST region. The configuration of MST region-related parameters (especially the VLAN-to-instance mapping table) might cause MSTP to begin a new spanning tree calculation. To reduce the possibility of topology instability, the MST region configuration takes effect only after you activate it by doing one of the following: •...
If you specify multiple secondary root bridges for the instance, the secondary root bridge with the • lowest MAC address is given priority. If you do not specify a secondary root bridge, a new root bridge is calculated. • You can specify one root bridge for each spanning tree, regardless of the device priority settings. Once you specify a device as the root bridge or a secondary root bridge, you cannot change its priority.
You can configure the maximum hops of an MST region based on the STP network size. H3C recommends that you configure the maximum hops to a value that is greater than the maximum hops of each edge device to the root bridge.
• Max age ≥ 2 × (hello time + 1 second) H3C recommends not manually setting the spanning tree timers. H3C recommends that you specify the network diameter and letting spanning tree protocols automatically calculate the timers based on the network diameter.
H3C recommends that you use the automatically calculated value. An appropriate hello time setting enables the device to promptly detect link failures on the network • without using excessive network resources. If the hello time is too long, the device mistakes packet loss for a link failure and triggers a new spanning tree calculation process.
By setting an appropriate BPDU transmission rate, you can limit the rate at which the port sends BPDUs. Setting an appropriate rate also prevents spanning tree protocols from using excessive network resources when the network topology changes. H3C recommends that you use the default setting.
Configuration procedure To configure a port as an edge port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type interface-number aggregate interface view. Configure the current ports as By default, all ports are stp edged-port edge ports.
Page 122
To specify a standard for the device to use when it calculates the default path cost: Step Command Remarks Enter system view. system-view Specify a standard for the device to use when it stp pathcost-standard The default setting is legacy. calculates the default path { dot1d-1998 | dot1t | legacy } costs of its ports.
Page 123
Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 Aggregate interface containing two Selected 1000 ports Aggregate interface containing three Selected ports Aggregate interface containing four Selected ports Single port 1000 Aggregate interface containing two Selected ports Aggregate interface 20 Gbps containing three Selected...
Configuring path costs of ports When the path cost of a port changes, the system re-calculates the role of the port and initiates a state transition. To configure the path cost of a port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type interface-number...
You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that • operates in full duplex mode. H3C recommends that you use the default setting and letting the device automatically detect the port link type.
Configuring the mode a port uses to recognize and send MSTP packets A port can receive and send MSTP packets in the following formats: dot1s—802.1s-compliant standard format • legacy—Compatible format • By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format.
Enabling the spanning tree feature You must enable the spanning tree feature for the device before any other spanning tree related configurations can take effect. In STP, RSTP, or MSTP mode, make sure the spanning tree feature is enabled globally and on the desired ports. In PVST mode, make sure the spanning tree feature is enabled globally, in the desired VLANs, and on the desired ports.
• which causes the peer port to transit to STP mode. When you disable TRILL and enable STP on a port, H3C recommends that you perform mCheck on both the port and the peer port. Configuration procedure Performing mCheck globally...
The devices of different vendors in the same MST region cannot communicate with each other. To enable communication between an H3C device and a third-party device in the same MST region, enable Digest Snooping on the H3C device port connecting them.
Configuration procedure Use this feature when your H3C device is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view.
[DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceA-Ten-GigabitEthernet1/0/1] quit [DeviceA] stp global config-digest-snooping # Enable Digest Snooping on Ten-GigabitEthernet 1/0/1 of Device B and enable global Digest Snooping on Device B. <DeviceB> system-view [DeviceB] interface ten-gigabitethernet 1/0/1 [DeviceB-Ten-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceB-Ten-GigabitEthernet1/0/1] quit [DeviceB] stp global config-digest-snooping Configuring No Agreement Check...
Figure 28 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implementation might be limited. For example: The upstream device uses a rapid transition mechanism similar to that of RSTP. •...
No Agreement Check configuration example Network requirements As shown in Figure Device A connects to a third-party device that has a different spanning tree implementation. Both • devices are in the same region. The third-party device (Device B) is the regional root bridge, and Device A is the downstream •...
Figure 30 TC Snooping application scenario To avoid traffic interruption, you can enable TC Snooping on the IRF fabric. After receiving a TC-BPDU through a port, the IRF fabric updates MAC address table and ARP table entries associated with the port's VLAN.
Configuring protection functions A spanning tree device supports the following protection functions: • BPDU guard Root guard • Loop guard • Port role restriction • TC-BPDU transmission restriction • • TC-BPDU guard BPDU drop • Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers.
supersedes the current legal root bridge, causing an undesired change of the network topology. The traffic that should go over high-speed links is switched to low-speed links, resulting in network congestion. To prevent this situation, MSTP provides the root guard function. If root guard is enabled on a port of a root bridge, this port plays the role of designated port on all MSTIs.
Step Command Remarks Enable the loop guard By default, loop guard is stp loop-protection function for the ports. disabled. Configuring port role restriction CAUTION: Use this feature with caution, because enabling port role restriction on a port might affect the connectivity of the spanning tree topology.
10 seconds after the device receives the first TC-BPDU. For TC-BPDUs received in excess of the limit, the device performs a forwarding address entry flush when the time period expires. This prevents frequent flushing of forwarding address entries. H3C recommends that you enable TC-BPDU guard.
Displaying and maintaining the spanning tree Execute display commands in any view and reset command in user view. Task Command Display information about ports blocked by spanning tree display stp abnormal-port protection functions. display stp bpdu-statistics [ interface interface-type interface-number [ instance Display BPDU statistics on ports.
Figure 31 Network diagram Configuration procedure Configure VLANs and VLAN member ports: (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
Page 141
<DeviceB> system-view [DeviceB] stp region-configuration [DeviceB-mst-region] region-name example # Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively. [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0.
# Activate MST region configuration. [DeviceD-mst-region] active region-configuration [DeviceD-mst-region] quit # Enable the spanning tree feature globally. [DeviceD] stp global enable Verifying the configuration In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0.
Ten-GigabitEthernet1/0/2 ALTE DISCARDING NONE Ten-GigabitEthernet1/0/3 ALTE DISCARDING NONE Ten-GigabitEthernet1/0/1 ROOT FORWARDING NONE Ten-GigabitEthernet1/0/2 ALTE DISCARDING NONE Ten-GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw each MSTI mapped to each VLAN, as shown in Figure Figure 32 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30...
Figure 33 Network diagram Device A Device B Permit: all VLAN XGE1/0/3 XGE1/0/3 Permit: VLAN 10, 20 Permit: VLAN 20, 30 XGE1/0/3 XGE1/0/3 Permit: VLAN 20, 40 Device C Device D Configuration procedure Configure VLANs and VLAN member ports: (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.
# Configure the device as the root bridge of VLAN 40. [DeviceC] stp vlan 40 root primary # Enable the spanning tree feature globally and in VLAN 10, VLAN 20, and VLAN 40. [DeviceC] stp global enable [DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST.
Page 146
# Display brief spanning tree information on Device D. [DeviceD] display stp brief VLAN ID Port Role STP State Protection Ten-GigabitEthernet1/0/1 ALTE DISCARDING NONE Ten-GigabitEthernet1/0/2 ROOT FORWARDING NONE Ten-GigabitEthernet1/0/3 ALTE DISCARDING NONE Ten-GigabitEthernet1/0/1 ROOT FORWARDING NONE Ten-GigabitEthernet1/0/2 ALTE DISCARDING NONE Ten-GigabitEthernet1/0/3 ROOT FORWARDING...
Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts, waste network resources, and sometimes even paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.
Figure 36 Inner frame header for loop detection The inner frame header for loop detection contains the following fields: Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • • Version—Protocol version, which is always 0x0000. Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. •...
VLAN. The per-port configuration applies to the individual port only when the port belongs to the specified VLAN. Per-port configurations take precedence over global configurations. H3C recommends not enabling loop detection on TRILL ports, because TRILL networks prevent loops from being generated. For information more about TRILL, see TRILL Configuration Guide.
Step Command Remarks Enter Layer 2 Ethernet interface interface interface-type view or Layer 2 aggregate interface-number interface view. Enable loop detection on the loopback-detection enable vlan Disabled by default. port. { vlan-list | all } Configuring the loop protection action You can configure the loop protection action globally or on specific ports.
Step Command Remarks By default, the switch generates Configure the loop protection loopback-detection action a log but performs no action on action on the interface. shutdown the port on which a loop is detected. Setting the loop detection interval With loop detection enabled, the switch sends loop detection frames at a specified interval. A shorter interval offers more sensitive detection but consumes more resources.
Figure 37 Network diagram Device A XGE1/0/1 XGE1/0/2 Device B Device C VLAN 100 Configuration procedure Configure Device A: # Create VLAN 100, and globally enable loop detection for the VLAN. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] quit [DeviceA] loopback-detection global enable vlan 100 # Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100.
# Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100. [DeviceB] interface ten-gigabitethernet 1/0/1 [DeviceB-Ten-GigabitEthernet1/0/1] port link-type trunk [DeviceB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 [DeviceB-Ten-GigabitEthernet1/0/1] quit [DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port link-type trunk [DeviceB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceB-Ten-GigabitEthernet1/0/2] quit Configure Device C:...
Page 154
The output shows that the device has removed the loops from Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 according to the shutdown action. Use the display interface command to display the status of Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 on Device A. # Display the status of Ten-GigabitEthernet 1/0/1 on Device A. [DeviceA] display interface ten-gigabitethernet 1/0/1 Ten-GigabitEthernet1/0/1 current state: DOWN (Loop detection down) # Display the status of Ten-GigabitEthernet 1/0/2 on Device A.
Configuring VLANs This chapter provides an overview of VLANs and explains how to configure them. Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. As the medium is shared, collisions and broadcasts are common in an Ethernet LAN.
Figure 39 VLAN tag placement and format A VLAN tag includes the following fields: TPID—16-bit tag protocol identifier that indicates whether a frame is VLAN-tagged. By default, the • TPID value is 0x8100, indicating that the frame is VLAN-tagged. However, device vendors can set TPID to different values.
Step Command Remarks The default setting is VLAN vlan-id, which is Configure the the ID of the VLAN. For example, the description text description of the VLAN. description of VLAN 100 is VLAN 0100 by default. NOTE: • As the system default VLAN, VLAN 1 cannot be created or deleted. You cannot use the undo vlan command to delete a dynamic VLAN, a VLAN with a QoS policy •...
Step Command Remarks Configure the MTU for the mtu size The default setting is 1500 bytes. VLAN interface. By default, the expected bandwidth (in Configure the expected bandwidth bandwidth-value kbps) is the interface baud rate divided bandwidth of the interface. by 1000.
For a hybrid or trunk port, the PVID setting of the port does not change. You can use a nonexistent VLAN as the PVID for a hybrid or trunk port, but not for an access port. H3C recommends that you set the same PVID for local and remote ports. •...
Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet • The configuration made in Layer 2 interface view: aggregate interface view applies interface interface-type to the aggregate interface and its interface-number aggregation member ports.
Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • The configuration made in • Enter Layer 2 Ethernet interface Layer 2 aggregate interface view: view applies to the aggregate interface interface-type interface and its aggregation interface-number member ports.
Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • The configuration made in • Enter Layer 2 Ethernet interface Layer 2 aggregate interface view: view applies to the aggregate interface interface-type interface and its aggregation interface-number member ports.
Configuring an IP subnet-based VLAN Task Command Remarks Enter system view. system-view If the specified VLAN does not exist, this Enter VLAN view. vlan vlan-id command first creates the VLAN and enters VLAN view of this VLAN. By default, a VLAN is not associated with any IP subnets or IP addresses.
Configuring protocol-based VLANs Introduction The protocol-based VLAN feature assigns inbound packets to different VLANs based on their protocol types and encapsulation formats. The protocols available for VLAN assignment include IP, IPX, and AT. The encapsulation formats include Ethernet II, 802.3 raw, 802.2 LLC, and 802.2 SNAP. A protocol template defines a protocol type and an encapsulation format.
Step Command Remarks • The configurations made in Layer 2 Ethernet interface view apply only to the port. • Enter Layer 2 Ethernet • The configurations made in Layer 2 interface view: aggregate interface view apply to the interface interface-type aggregate interface and its interface-number aggregation member ports.
VLAN configuration examples Port-based VLAN configuration example Network requirements As shown in Figure Host A and Host C belong to Department A. VLAN 100 is assigned to Department A. • Host B and Host D belong to Department B. VLAN 200 is assigned to Department B. •...
Verifying the configuration # Verify that Host A and Host C can ping each other, but they both fail to ping Host B. (Details not shown.) # Verify that Host B and Host D can ping each other, but they both fail to ping Host A. (Details not shown.) # Verify that VLANs 100 and 200 are correctly configured on Device A.
Page 168
Figure 41 Network diagram Configuration procedure Configuring Device C: # Associate IP subnet 192.168.5.0/24 with VLAN 100. <DeviceC> system-view [DeviceC] vlan 100 [DeviceC-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0 [DeviceC-vlan100] quit # Associate IP subnet 192.168.50.0/24 with VLAN 200. [DeviceC] vlan 200 [DeviceC-vlan200] ip-subnet-vlan ip 192.168.50.0 255.255.255.0 [DeviceC-vlan200] quit # Configure Ten-GigabitEthernet 1/0/11 to permit packets from VLAN 100 to pass through.
[DeviceC-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged [DeviceC-Ten-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 100 [DeviceC-Ten-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 200 [DeviceC-Ten-GigabitEthernet1/0/1] quit Configure Device A and Device B to allow packets from VLANs 100 and 200 to pass through, respectively. (Details not shown.) Verifying the configuration # Display information about all IP subnet-based VLANs.
Page 170
Figure 42 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server XGE1/0/11 XGE1/0/12 XGE1/0/1 XGE1/0/2 Device L2 Switch A L2 Switch B IPv4 Host A IPv6 Host A IPv4 Host B IPv6 Host B VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration procedure In this example, L2 Switch A and L2 Switch B use the factory configuration.
Page 171
[Device-vlan100] protocol-vlan 2 mode ethernetii etype 0806 [Device-vlan100] quit # Configure Ten-GigabitEthernet 1/0/1 as a hybrid port to forward packets from VLANs 100 and 200 untagged. [Device] interface ten-gigabitethernet 1/0/1 [Device-Ten-GigabitEthernet1/0/1] port link-type hybrid [Device-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate Ten-GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
Page 172
IPv6 # Display protocol-based VLANs on the ports of Device. [Device] display protocol-vlan interface all Interface: Ten-GigabitEthernet1/0/1 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: Ten-GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4...
Configuring super VLANs Super VLAN, also called "VLAN aggregation," was introduced to save IP address space. A super VLAN is associated with multiple sub VLANs. These sub VLANs use the VLAN interface of the super VLAN (also known as a super VLAN interface) as the gateway for Layer 3 communication. Sub VLANs are isolated at Layer 2.
VLAN. Configuring a super VLAN interface H3C recommends not configuring VRRP for the VLAN interface of a super VLAN, because the configuration affects network performance. For more information about VRRP, see High Availability Configuration Guide.
Displaying and maintaining super VLANs Execute the display command in any view. Task Command Display information about super VLANs and all sub display supervlan [ supervlan-id ] VLANs associated with each super VLAN. Super VLAN configuration example Network requirements As shown in Figure Create super VLAN 10, and configure its VLAN interface IP address as 10.0.0.1/24.
# Create VLAN 2, and assign Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 to the VLAN. [Sysname] vlan 2 [Sysname-vlan2] port ten-gigabitethernet 1/0/1 ten-gigabitethernet 1/0/2 [Sysname-vlan2] quit # Create VLAN 3, and assign Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 to the VLAN. [Sysname] vlan 3 [Sysname-vlan3] port ten-gigabitethernet 1/0/3 ten-gigabitethernet 1/0/4 [Sysname-vlan3] quit # Create VLAN 5, and assign Ten-GigabitEthernet 1/0/5 and Ten-GigabitEthernet 1/0/6 to the VLAN.
Page 177
Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static It is a sub VLAN. Route interface: Configured Ipv4 address: 10.0.0.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: none Untagged ports: Ten-GigabitEthernet1/0/3 Ten-GigabitEthernet1/0/4 VLAN ID: 5 VLAN type: static It is a sub VLAN.
Configuring the private VLAN The private VLAN feature uses a two-tier VLAN structure, including a primary VLAN and secondary VLANs. This feature simplifies the network configuration and saves VLAN resources. A primary VLAN is used for upstream data exchange. A primary VLAN can be associated with multiple secondary VLANs.
Configure a downlink port, for example, the port connecting Device B to a host in Figure 38, to operate in host mode. The downlink port can be automatically assigned to the secondary VLAN and its associated primary VLAN. If a downlink port allows multiple secondary VLANs, configure the port to operate in trunk secondary mode.
Page 180
Step Command Remarks Use either command. By default, ports in the same secondary VLAN can communicate with each other at Enable Layer 2 Layer 2. • undo private-vlan isolated communication for ports in the This configuration takes effect only • private-vlan community same secondary VLAN.
Page 181
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. • Configure the downlink port to operate in host mode: port private-vlan host Configure the downlink port By default, an interface does not •...
Displaying and maintaining the private VLAN Execute the display command in any view. Task Command Display information about primary VLANs and the display private-vlan [ primary-vlan-id ] secondary VLANs associated with each primary VLAN. Private VLAN configuration examples Private VLAN configuration example in promiscuous mode Network requirements As shown in Figure...
Page 183
# Create VLANs 2 and 3, which are to be configured as secondary VLANs. [DeviceB] vlan 2 to 3 # Configure the uplink port Ten-GigabitEthernet 1/0/5 to operate in promiscuous mode in VLAN [DeviceB] interface ten-gigabitethernet 1/0/5 [DeviceB-Ten-GigabitEthernet1/0/5] port private-vlan 5 promiscuous [DeviceB-Ten-GigabitEthernet1/0/5] quit # Assign the downlink port Ten-GigabitEthernet 1/0/1 to VLAN 3, and configure the port to operate in host mode.
Page 184
[DeviceC-Ten-GigabitEthernet1/0/4] port private-vlan host [DeviceC-Ten-GigabitEthernet1/0/4] quit # Associate the secondary VLANs 3 and 4 with the primary VLAN 6. [DeviceC] vlan 6 [DeviceC-vlan6] private-vlan secondary 3 to 4 [DeviceC-vlan6] quit Verifying the configuration # Display the private VLAN configuration on Device B. [DeviceB] display private-vlan Primary VLAN ID: 5 Secondary VLAN ID: 2-3...
Private VLAN configuration example in trunk promiscuous mode Network requirements As shown in Figure VLAN 5 and VLAN 10 are primary VLANs on Device B. The uplink port Ten-GigabitEthernet 1/0/1 • permits the packets from VLAN 5 and VLAN 10 to pass through tagged. On Device B, the downlink port Ten-GigabitEthernet 1/0/2 permits secondary VLAN 2, and the •...
Page 186
[DeviceB] vlan 6 [DeviceB-vlan6] quit [DeviceB] vlan 8 [DeviceB-vlan8] quit # Configure the uplink port Ten-GigabitEthernet 1/0/1 to operate in trunk promiscuous mode in VLANs 5 and 10. [DeviceB] interface ten-gigabitethernet 1/0/1 [DeviceB-Ten-GigabitEthernet1/0/1] port private-vlan 5 10 trunk promiscuous [DeviceB-Ten-GigabitEthernet1/0/1] quit # Assign the downlink port Ten-GigabitEthernet 1/0/2 to VLAN 2, and configure the port to operate in host mode.
Page 187
# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, and configure the port to permit packets from VLAN 5 and VLAN 10 to pass through tagged. [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port link-type hybrid [DeviceA-Ten-GigabitEthernet1/0/1] port hybrid vlan 5 10 tagged [DeviceA-Ten-GigabitEthernet1/0/1] quit Verifying the configuration # Verify configurations of the primary VLANs, for example, VLAN 5, on Device B.
Private VLAN configuration example in trunk promiscuous and trunk secondary modes Network requirements As shown in Figure VLAN 10 and VLAN 20 are primary VLANs on Device A. The uplink port Ten-GigabitEthernet • 1/0/5 permits the packets from VLAN 10 and VLAN 20 to pass through tagged. VLAN 1 1, VLAN 12, VLAN 21, and VLAN 22 are secondary VLANs on Device A.
Page 189
[DeviceA] vlan 11 to 12 [DeviceA] vlan 21 to 22 # Associate the secondary VLANs 11 and 12 with the primary VLAN 10. [DeviceA] vlan 10 [DeviceA-vlan10] private-vlan secondary 11 12 [DeviceA-vlan10] quit # Associate the secondary VLANs 21 and 22 with the primary VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] private-vlan secondary 21 22 [DeviceA-vlan20] quit...
Page 190
[DeviceB] interface ten-gigabitethernet 1/0/4 [DeviceB-Ten-GigabitEthernet1/0/4] port access vlan 11 [DeviceB-Ten-GigabitEthernet1/0/4] quit # Assign the port Ten-GigabitEthernet 1/0/3 to VLAN 21. [DeviceB] interface ten-gigabitethernet 1/0/3 [DeviceB-Ten-GigabitEthernet1/0/3] port access vlan 21 [DeviceB-Ten-GigabitEthernet1/0/3] quit Configure Device C: # Create VLAN 10 and VLAN 20. <DeviceC>...
Secondary VLANs 1 1 and 12 are associated with primary VLAN 10. • • Secondary VLANs 21 and 22 are associated with primary VLAN 20. Secondary VLAN Layer 3 communication configuration example Network requirements As shown in Figure Primary VLAN 10 on Device B is associated with secondary VLANs 2 and 3. •...
[DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port access vlan 2 [DeviceB-Ten-GigabitEthernet1/0/2] port private-vlan host [DeviceB-Ten-GigabitEthernet1/0/2] quit # Assign the downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3, and configure the port to operate in host mode. [DeviceB] interface ten-gigabitethernet 1/0/3 [DeviceB-Ten-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-Ten-GigabitEthernet1/0/3] port private-vlan host [DeviceB-Ten-GigabitEthernet1/0/3] quit # Enable Layer 3 communication between secondary VLANs 2 and 3 that are associated with primary...
Page 194
Name: VLAN 0002 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/3 The Route interface field in the output is Configured, indicating that secondary VLANs 2 and 3 are...
Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute messages. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
MRP messages MRP messages include Join, New, Leave, and LeaveAll. Join and New messages are declarations, and Leave and LeaveAll messages are withdrawals. Join message An MRP participant sends a Join message to request the peer participant to register the specific attribute. When receiving a Join message from the peer participant, an MRP participant registers the specific attribute and propagates the Join message to all other participants on the device.
MRP deregisters all attributes that have not been re-registered to periodically clear useless attributes in the network. MRP timers MRP uses the following timers to control message transmission. Periodic timer The Periodic timer controls the transmission of MRP messages. An MRP participant starts its own Periodic timer upon startup, and stores MRP messages to be sent before the Periodic timer expires.
Normal An MVRP participant in normal registration mode performs dynamic VLAN registrations and deregistrations. Fixed An MVRP participant in fixed registration mode disables deregistering dynamic VLANs and drops received MVRP packets. The MVRP participant does not deregister or register dynamic VLANs. Forbidden An MVRP participant in forbidden registration mode disables registering dynamic VLANs and drops received MVRP packets.
Configuration prerequisites Before configuring MVRP, perform the following tasks: • Make sure all MSTIs in the network are effective and each MSTI is mapped to an existing VLAN on each device in the network, because MVRP runs on a per-MSTI basis. Configure the involved ports as trunk ports, because MVRP takes effect only on trunk ports.
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. Optional. Configure an MVRP mvrp registration { fixed | The default setting is normal registration mode. forbidden | normal } registration mode. Configuring MRP timers To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.
To restore the default settings of the timers, H3C recommends restoring the Join timer first, followed • by the Leave and LeaveAll timers. Table 11 Dependencies of the Join, Leave, and LeaveAll timers Timer Lower limit Upper limit Join 20 centiseconds...
MVRP configuration example Network requirements As shown in Figure 50, create VLAN 10 on Device A and VLAN 20 on Device B. Configure MSTP, map VLAN 10 to MSTI 1, map VLAN 20 to MSTI 2, and map the other VLANs to MSTI 0. Configure MVRP and set the MVRP registration mode to normal, so that Device A, Device B, Device C, and Device D can register and deregister dynamic VLANs and keep identical VLAN configuration for each MSTI.
Page 203
# Configure the MST region name, VLAN-to-instance mappings, and revision level. [DeviceA-mst-region] region-name example [DeviceA-mst-region] instance 1 vlan 10 [DeviceA-mst-region] instance 2 vlan 20 [DeviceA-mst-region] revision-level 0 # Manually activate the MST region configuration. [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Configure Device A as the primary root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Globally enable the spanning tree feature.
Page 204
[DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 2 vlan 20 [DeviceB-mst-region] revision-level 0 # Manually activate the MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Configure Device B as the primary root bridge of MSTI 2. [DeviceB] stp instance 2 root primary # Globally enable the spanning tree feature.
Page 205
[DeviceC-mst-region] region-name example [DeviceC-mst-region] instance 1 vlan 10 [DeviceC-mst-region] instance 2 vlan 20 [DeviceC-mst-region] revision-level 0 # Manually activate the MST region configuration. [DeviceC-mst-region] active region-configuration [DeviceC-mst-region] quit # Configure Device C as the root bridge of MSTI 0. [DeviceC] stp instance 0 root primary # Globally enable the spanning tree feature.
# Configure port Ten-GigabitEthernet 1/0/1 as a trunk port, and configure it to permit VLANs 20 and [DeviceD] interface ten-gigabitethernet 1/0/1 [DeviceD-Ten-GigabitEthernet1/0/1] port link-type trunk [DeviceD-Ten-GigabitEthernet1/0/1] port trunk permit vlan 20 40 # Enable MVRP on port Ten-GigabitEthernet 1/0/1. [DeviceD-Ten-GigabitEthernet1/0/1] mvrp enable [DeviceD-Ten-GigabitEthernet1/0/1] quit # Configure port Ten-GigabitEthernet 1/0/2 as a trunk port, and configure it to permit VLAN 40.
Page 211
Declared VLANs : Propagated VLANs : The output shows that the VLAN information on Ten-GigabitEthernet 1/0/3 is not changed after you set the MVRP registration mode to fixed on Ten-GigabitEthernet 1/0/3. # Delete VLAN 10 on Device A. [DeviceA] undo vlan 10 # Display the local MVRP VLAN information on Ten-GigabitEthernet 1/0/3.
Configuring QinQ This document uses the following terms: CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses • on the private network. SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service •...
As shown in Figure 52, customer A has remote sites CE 1 and CE 4. Customer B has remote sites CE 2 and CE 3. The CVLANs of the two customers overlap. The service provider assigns SVLANs 3 and 4 to customer networks A and B, respectively.
The inner 802.1Q tag of QinQ frames is treated as part of payload. For correct transmission of QinQ frames, H3C recommends that you set the MTU to a minimum of 1504 bytes for each port on the forwarding path of QinQ frames. This value is the sum of the default Ethernet interface MTU (1500 bytes) and a VLAN tag's size (4 bytes).
Step Command Remarks By default, the link type of Configure the port link type. port link-type { hybrid | trunk } ports is access. • For hybrid ports: By default, trunk ports allow port hybrid vlan vlan-id-list { tagged Configure the port to allow only packets from VLAN 1 to | untagged } packets from its PVID and the...
Protocol type Value IPX/SPX 0x8137 IS-IS 0x8000 LACP 0x8809 802.1X 0x888E LLDP 0x88CC 802.1ag 0x8902 Cluster 0x88A7 Reserved 0xFFFD/0xFFFE/0xFFFF Configuring the CVLAN TPID Step Command Remarks Enter system view. system-view Configure the TPID value for qinq ethernet-type customer-tag The default setting is 0x8100 for CVLAN tags.
Page 217
Alternatively, you can configure a QoS policy to set the 802.1p priority in the SVLAN by using one of the following methods: Sets an 802.1p priority value in the SVLAN tag depending on the VLAN ID or 802.1p priority in the •...
Step Command Remarks By default, the device does not trust the 802.1p priority carried in frames. Configure the port to trust the 802.1p priority in qos trust dot1p Skip this step if the incoming frames. remark dot1p customer-dot1p-trust command is configured. Enable QinQ.
Figure 53 Network diagram VLANs 30 to 90 VLANs 10 to 70 CE 3 CE 4 Site 3 Site 2 Company B Company A XGE1/0/3 XGE1/0/3 XGE1/0/2 XGE1/0/2 VLANs 100 and 200 PE 1 PE 2 TPID = 0x8200 XGE1/0/1 XGE1/0/1 Service provider network Company A...
Page 220
[PE1-Ten-GigabitEthernet1/0/3] port link-type trunk [PE1-Ten-GigabitEthernet1/0/3] port trunk permit vlan 200 30 to 90 # Configure VLAN 200 as the PVID for the port. [PE1-Ten-GigabitEthernet1/0/3] port trunk pvid vlan 200 # Enable QinQ on the port. [PE1-Ten-GigabitEthernet1/0/3] qinq enable [PE1-Ten-GigabitEthernet1/0/3] quit Configuring PE 2 Configure Ten-GigabitEthernet 1/0/1: # Configure the port as a trunk port, and assign it to VLAN 200 and VLANs 30 through 90.
VLAN transparent transmission configuration example Network requirements As shown in Figure The service provider assigns VLAN 100 to a company's VLANs 10 through 50. • VLAN 3000 is the dedicated VLAN of the company on the service provider network. • Configure QinQ on PE 1 and PE 2 to provide Layer 2 connectivity for CVLANs 10 through 50 over the service provider network.
Page 222
[PE1-Ten-GigabitEthernet1/0/1] quit Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 3000. [PE1] interface ten-gigabitethernet 1/0/2 [PE1-Ten-GigabitEthernet1/0/2] port link-type trunk [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 3000 [PE1-Ten-GigabitEthernet1/0/2] quit Configuring PE 2 Configure Ten-GigabitEthernet 1/0/1: # Configure the port as a trunk port, and assign it to VLANs 10 through 50, 100, and 3000.
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. H3C provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag.
Page 224
Figure 55 Application scenario of one-to-one and many-to-one VLAN mapping Figure 55, the network is planned as follows: Each home gateway uses different VLANs to transmit the PC, VoD, and VoIP services. • To further sub-classify each type of traffic by customer, configure one-to-one VLAN mapping on the •...
Application scenario of one-to-two and two-to-two VLAN mapping Figure 56 shows a typical application scenario of one-to-two and two-to-two VLAN mapping. In this scenario, the two remote sites of the same VPN must communicate across two SP networks. Figure 56 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively.
Page 226
Figure 57 Basic VLAN mapping concepts Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping Figure 58, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: Replaces the CVLAN with the SVLAN for the uplink traffic. •...
Page 227
Figure 59 Many-to-one VLAN mapping implementation One-to-two VLAN mapping Figure 60, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic. For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission.
Figure 61 Two-to-two VLAN mapping implementation Two-to-two VLAN mapping SVLAN CVLAN Data SVLAN’ CVLAN’ Data Customer SP network network SVLAN CVLAN Data SVLAN’ CVLAN’ Data Uplink traffic Downlink traffic Network-side port Customer-side port General configuration restrictions and guidelines When you configure VLAN mapping, follow these restrictions and guidelines: When you configure one-to-two VLAN mapping on a QinQ-enabled port, the switch operates as •...
Tasks at a glance Remarks Configuring many-to-one VLAN mapping: Configure many-to-one VLAN mapping on the campus • Configuring many-to-one VLAN mapping in a switch as shown in Figure network with dynamic IP address assignment Complete one of the tasks based on the IP address •...
Configuring many-to-one VLAN mapping Configure many-to-one VLAN mapping on campus switches (see Figure 55) to transmit the same type of traffic from different users in one VLAN. Configuring many-to-one VLAN mapping in a network with dynamic IP address assignment In a network where IP addresses are dynamically assigned, configure many-to-one VLAN mapping with DHCP snooping.
Page 231
To enable ARP detection: Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id By default, ARP detection is disabled. For more information about ARP detection Enable ARP detection. arp detection enable configuration commands, see Security Command Reference. Configuring the customer-side port Step Command...
Step Command Remarks • Configure the port as a trunk port: port link-type trunk By default, the link type of a port is Set the link type of the port. • access. Configure the port as a hybrid port: port link-type hybrid By default: •...
Page 233
Use the reset arp snooping command to clear this ARP snooping entry by specifying the ip ip-address option. Wait for this ARP snooping entry to be aged out. Customer-side many-to-one VLAN mapping is not supported on Layer 2 aggregate interfaces. •...
Step Command Remarks By default: • A trunk port allows only packets • port trunk permit vlan Assign the port to the original from VLAN 1 to pass through. vlan-id-list VLANs and the translated • A hybrid port is an untagged •...
The MTU of an interface is 1500 bytes by default. After a VLAN tag is added to a packet, the packet length is added by 4 bytes. When you configure one-to-two VLAN mapping, H3C recommends that you set the MTU to a minimum of 1504 bytes on interfaces in the service provider network.
Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate interface aggregate interface view. view: interface bridge-aggregation interface-number • Configure the port as a trunk port: port link-type trunk By default, the link type of a...
Page 237
Each household subscribes to PC, VoD, and VoIP services, and obtains the IP address through • DHCP. On the home gateways, VLANs 1, 2, and 3 are assigned to PC, VoD, and VoIP traffic, respectively. • To isolate traffic of the same service type from different households, configure one-to-one VLAN mappings on the wiring-closet switches.
Page 238
Figure 62 Network diagram Configuration procedure Configure Switch A: # Create the original VLANs. <SwitchA> system-view [SwitchA] vlan 2 to 3 # Create the translated VLANs. [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure the customer-side port Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to all original VLANs and translated VLANs.
Page 241
# Configure the network-side port Ten-GigabitEthernet 1/0/3 to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destinated to the user network. [SwitchC] interface ten-gigabitethernet 1/0/3 [SwitchC-Ten-GigabitEthernet1/0/3] vlan mapping nni # Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign the port to the translated VLANs.
303-304 One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • • The two sites use different VPN access services from different service providers, SP 1 and SP 2. SP 1 assigns VLAN 100 to Site 1 and Site 2.
Page 243
[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-Ten-GigabitEthernet1/0/2] quit Configure PE 2: # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 100. <PE2> system-view [PE2] interface ten-gigabitethernet 1/0/1 [PE2-Ten-GigabitEthernet1/0/1] port link-type trunk [PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 [PE2-Ten-GigabitEthernet1/0/1] quit # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 100.
Page 244
[PE4-Ten-GigabitEthernet1/0/2] vlan mapping nest single 6 nested-vlan 200 [PE4-Ten-GigabitEthernet1/0/2] quit Verifying the configuration # Verify the VLAN mappings on PE 1. [PE1] display vlan mapping Interface Ten-GigabitEthernet1/0/1: Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN # Verify the VLAN mappings on PE 3. [PE3] display vlan mapping Interface Ten-GigabitEthernet1/0/1: Outer VLAN...
Configuring PBB Overview IEEE 802.1ah Provider Backbone Bridge (PBB) is a MAC-in-MAC Layer 2 VPN technology. It interconnects multiple provider bridged networks to build a large-scale end-to-end Layer 2 provider bridged network. PBB network model As shown in Figure 64, the PBB network includes backbone edge bridges and backbone core bridges. Backbone edge bridges connect customer sites or provider bridge networks to the PBB network.
A provider bridge network (PBN) connects a PBBN to a customer network. A customer network can connect to a PBBN directly or through a PBN. A backbone edge bridge (BEB) is an edge device in a PBBN. A BEB encapsulates frames from a customer network by using PBB.
Page 247
Table 14 describes key fields in the frame. Table 14 PBB frame fields Field Full name Description Destination B-MAC, outer destination MAC address in a PBB Backbone destination MAC frame. It is the MAC address of the BEB at the destination end B-DA address of the PBBN tunnel.
PBB is not available on S5820V2-52QF switches labeled with the product code LS-5820V2-52QF-H5. The product code label is located on the rear panel. For more information about the product code location, see H3C S5830V2&S5820V2 Switch Series Installation Guide. PBB configuration task list You need to configure PBB only on BEBs.
Tasks at a glance (Required.) Configuring a B-VLAN for a PBB VSI (Required.) Configuring an uplink port (Required.) Configuring a downlink port Enabling L2VPN Step Command Remarks Enter system view. system-view Enable L2VPN. l2vpn enable By default, L2VPN is disabled. Creating a PBB VSI You must assign a unique I-SID to each PBB VSI for identification.
Step Command Remarks Enter VSI view. vsi vsi-name Configure the VSI as a PBB VSI, specify a PBB I-SID for the pbb i-sid i-sid PBB VSI, and enter PBB VSI view. Specify an encapsulation type By default, the VLAN encapsulation encapsulation { ethernet | vlan } for the PBB VSI.
Step Command Remarks Specify the port as the uplink By default, a port is not configured port for the specified or all pbb uplink { all | vsi vsi-name-list } as the uplink port of any PBB VSI. PBB VSIs. Configuring a downlink port On the BEB, frames from the customer network are mapped to a PBB VSI based on match criteria configured on downlink ports.
# Specify B-VLAN 20 for the PBB VSI. [BEB1-vsi-aaa-1] bvlan 20 [BEB1-vsi-aaa-1] quit [BEB1-vsi-aaa] quit # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, assign it to VLAN 20, and configure it as an uplink port of the PBB VSI. [BEB1] interface ten-gigabitethernet 1/0/1 [BEB1-Ten-GigabitEthernet1/0/1] port link-type trunk [BEB1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 20 [BEB1-Ten-GigabitEthernet1/0/1] pbb uplink vsi aaa...
Use the display vlan all command to verify that the following settings are configured on all BCBs: The B-VLAN is created on each BCB. All ports on the path between the BEBs are assigned to the B-VLAN. If the problem persists, contact H3C Support.
Configuring LLDP You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see "Configuring Ethernet interfaces"). Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB.
Page 257
LLDP frame encapsulated in SNAP • Figure 70 SNAP-encapsulated LLDP frame Table 16 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as that Destination MAC address for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.
Page 258
Organizationally specific TLVs and LLDP-MED TLVs are used for enhanced device management. They are defined by standardization or other organizations and are optional for LLDPDUs. Basic management TLVs • Table 17 lists the basic management TLV types. Some of them are mandatory for LLDPDUs. Table 17 Basic management TLVs Type Description...
Page 259
ETS Recommendation ETS recommendation. Priority-based Flow Control. Application protocol. NOTE: H3C devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs •...
Type Description Allows a network device or terminal device to advertise the VLAN Network Policy ID of a port, the VLAN type, and the Layer 2 and Layer 3 priorities for applications. Allows a network device or terminal device to advertise power Extended Power-via-MDI supply capability.
Transmitting LLDP frames An LLDP agent operating in TxRx mode or Tx mode sends LLDP frames to its directly connected devices both periodically and when the local configuration changes. To prevent LLDP frames from overwhelming the network during times of frequent changes to local device information, LLDP uses the token bucket mechanism to rate limit LLDP frames.
To use LLDP together with OpenFlow, you must enable LLDP globally on OpenFlow switches. To prevent LLDP from affecting topology discovery of OpenFlow controllers, H3C recommends that you disable LLDP on ports of OpenFlow instances. For more information about OpenFlow, see OpenFlow Configuration Guide.
Service bridge mode—LLDP supports nearest bridge agents and nearest non-TPMR bridge agents. • LLDP processes the LLDP frames with destination MAC addresses for these agents and transparently transmits the LLDP frames with other destination MAC addresses in the VLAN. • Customer bridge mode—LLDP supports nearest bridge agents, nearest non-TPMR bridge agents, and nearest customer bridge agents.
Setting the LLDP re-initialization delay When the LLDP operating mode changes on a port, the port initializes the protocol state machines after an LLDP re-initialization delay. By adjusting the delay, you can avoid frequent initializations caused by frequent changes to the LLDP operating mode on a port. To set the LLDP re-initialization delay for ports: Step Command...
Step Command Remarks Set the token bucket size for lldp max-credit credit-value The default setting is 5. sending LLDP frames. Set the LLDP frame lldp timer tx-delay delay The default setting is 2 seconds. transmission delay. Set the number of LLDP frames sent each time fast LLDP frame lldp fast-count count The default setting is 4.
CDP compatibility enables a switch to use LLDP to perform the following tasks: • Receive and recognize the CDP packets from the directly-connected device. Send CDP packets to the directly-connected device. • The packets that the switch sends to the neighboring CDP device carry the device ID, the ID of the port connecting to the neighboring device, the port IP address, the PVID, and the TTL.
Detects configuration errors on peer devices. Remotely configures the peer device if the peer device accepts the configuration. • NOTE: H3C devices support only the remote configuration function. Figure 72 DCBX application scenario DCBX enables lossless packet transmission on DCE networks. As shown in...
In IEEE Std 802.1Qaz-201 1: • ETS Configuration ETS Recommendation H3C devices can send these types of DCBX information to a server's or disk device's adapter supporting FCoE, but they cannot accept them. DCBX configuration task list Tasks at a glance (Required.)
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface-number interface view. By default, LLDP is enabled on Enable LLDP. lldp enable an interface. By default, DCBX TLV Enable the interface to lldp tlv-enable dot1-tlv dcbx advertising is disabled on an advertise DCBX TLVs.
Page 273
Step Command Remarks An Ethernet frame header ACL number is in the range of 4000 to 4999. An IPv4 advanced ACL number is in the range of 3000 to Create an Ethernet frame 3999. acl number acl-number [ name header ACL or an IPv4 acl-name ] [ match-order { auto | DCBX Rev 1.00 supports only advanced ACL and enter ACL...
Step Command Remarks • (Method 1) To the outgoing traffic of all ports: qos apply policy policy-name global outbound • (Method 2) To the outgoing • Configurations made in system traffic of a Layer 2 Ethernet view take effect on all ports. interface: Apply the QoS policy.
For more information about the qos map-table, qos map-table color, and import commands, see ACL and QoS Command Reference. Configuring group-based WRR queuing You can configure group-based WRR queuing to allocate bandwidth. To configure group-based WRR queuing: Step Command Remarks Enter system view.
Step Command Remarks By default, PFC is disabled for all 802.1p priorities. H3C recommends that you enable Enable PFC for the specified priority-flow-control no-drop PFC for the 802.1p priority of 802.1p priorities. dot1p dot1p-list FCoE traffic. If you enable PFC for multiple 802.1p priorities, packet...
Step Command Remarks By default, the DCBX version is not configured. It is autonegotiated by the Configure the DCBX dcbx version { rev100 | rev101 | local port and the peer port. IEEE Std version. standard } 802.1Qaz-2011 (standard version) is used as the initial version for negotiation at the local end.
Displaying and maintaining LLDP Execute display commands in any view. Task Command display lldp local-information [ global | interface interface-type Display local LLDP information. interface-number ] Display the information contained display lldp neighbor-information [ [ [ interface interface-type in the LLDP TLVs sent from interface-number ] [ agent { nearest-bridge | nearest-customer | neighboring devices.
Page 279
# Enable LLDP on Ten-GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] lldp enable # Set the LLDP operating mode to Rx on Ten-GigabitEthernet 1/0/1. [SwitchA-Ten-GigabitEthernet1/0/1] lldp admin-status rx [SwitchA-Ten-GigabitEthernet1/0/1] quit # Enable LLDP on Ten-GigabitEthernet 1/0/2. By default, LLDP is enabled on ports. [SwitchA] interface ten-gigabitethernet 1/0/2 [SwitchA-Ten-GigabitEthernet1/0/2] lldp enable # Set the LLDP operating mode to Rx on Ten-GigabitEthernet 1/0/2.
Page 280
Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 21 Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP : Enable Admin status...
Page 281
Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 16 Number of received unknown TLV : 0 # Remove the link between Switch A and Switch B.
LLDP status information of port 2 [Ten-GigabitEthernet1/0/2]: LLDP agent nearest-bridge: Port status of LLDP : Enable Admin status : RX_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0...
Page 283
Figure 74 Network diagram Configuration procedure Enable LLDP and DCBX TLV advertising: # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp global enable # Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] lldp enable [SwitchA-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx Configure the DCBX version as Rev.
Page 284
[SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy plcy outbound [SwitchA-Ten-GigabitEthernet1/0/1] quit Configure ETS parameters: # Configure the 802.1p-to-local priority mapping table to map 802.1p priority value 3 to local precedence 3. (This is the default mapping table. You can modify this configuration as needed.) [SwitchA] qos map-table dot1p-lp [SwitchA-maptbl-dot1p-lp] import 3 export 3 [SwitchA-maptbl-dot1p-lp] quit...
Page 285
Priority Group ID of Priority 3: 15 Priority Group ID of Priority 2: 1 Priority Group ID of Priority 5: 5 Priority Group ID of Priority 4: 4 Priority Group ID of Priority 7: 7 Priority Group ID of Priority 6: 6 Priority Group 0 Percentage: 2 Priority Group 1 Percentage: 4 Priority Group 2 Percentage: 6...
Page 286
Number of Traffic Classes Supported: 8 DCBX Parameter Information Parameter Type: Local Pad Byte Present: Yes DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 0 Priority Group ID of Priority 3: 1 Priority Group ID of Priority 2: 0 Priority Group ID of Priority 5: 0 Priority Group ID of Priority 4: 0...
Page 287
PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No PFC Enabled on Priority 7: No Number of Traffic Classes Supported: 6 DCBX Parameter Information Parameter Type: Remote Pad Byte Present: No DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data PFC Enabled on Priority 0: No PFC Enabled on Priority 1: No...
Configuring service loopback groups A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: Tunnel—Supports unicast tunnel traffic.
Displaying and maintaining service loopback groups Execute display commands in any view. Task Command Display information about service loopback groups. display service-loopback group [ number ] Service loopback group configuration example Network requirements All Ethernet ports on Device A support the tunnel service. Assign Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to a service loopback group to loop GRE packets sent out by the device back to the device.
Configuring cut-through Layer 2 forwarding A cut-through forwarding-enabled device forwards a frame after it receives the first 64 bytes of the frame. This feature reduces the transmission time of a frame within the device, and enhances forwarding performance. To configure cut-through forwarding: Step Command Remarks...
Index Numerics LLDP advertisable TLV, LLDP+DCBX TLV advertisement, 10-GE interface aggregating combine, link. See Ethernet link aggregation 40-GE interface split, aging 802.x MAC address table timer, 802.3 LLDPDU TLV types, spanning tree max age timer, 802.X algorithm 802.1Q-in-802.1Q. Use QinQ STP calculation, 802.x alternate port (MST),...
Page 292
bridging PBB network model, backbone spanning tree root bridge, core bridge. See spanning tree root bridge (device), edge bridge. See BEBBCB spanning tree secondary root bridge (device), MAC address. See B-MAC bulk PBB core bridge network model, interface configuration, PBB edge bridge network model, interface configuration display, service instance identifier.
Page 294
private VLAN (trunk secondary), VLAN mapping (one-to-one), 212, protocol-based VLAN, 147, 147, VLAN mapping (one-to-two), 217, PVST, 95, VLAN mapping (two-to-two), 218, QinQ, 195, VLAN mapping many-to-one customer-side port (dynamic IP address assignment), QinQ CVLAN tag TPID value, VLAN mapping many-to-one customer-side port QinQ SVLAN tag TPID value, (static IP address assignment), QinQ VLAN tag TPID value,...
Page 295
LLDP+DCBX TLV advertisement, displaying default bulk interface configuration, Ethernet link aggregate interface default Ethernet interface, settings, Ethernet link aggregation, designated inloopback interface, MST port, LAN switching PBB, STP bridge, LLDP, STP port, loop detection, detecting loopback interface, Ethernet link aggregation group BFD, MAC address table, device MVRP,...
Page 296
MST, Energy Efficient Ethernet. See see EEE spanning tree, energy-saving functions, EEE energy saving, entry enabling ARP fast update enabling for MAC address move, ARP fast update for MAC address move, Ethernet Ethernet interface auto power-down, interface. See Ethernet interface Ethernet interface EEE energy saving, link aggregation.
Page 298
forcing Layer 2 Ethernet interface fiber port, Ethernet link aggregate group min/max number Selected ports, format Ethernet link aggregation group, LAN switching PBB frame format, Ethernet link aggregation group (dynamic), LLDP frame encapsulated in Ethernet II, Ethernet link aggregation group (static), LLDP frame encapsulated in SNAP format, Ethernet link aggregation group configuration, LLDP frame encapsulation format,...
Page 299
configuring null, LAN switching edge aggregate interface, edge aggregate interface configuration, edge aggregate interface configuration, Ethernet aggregate interface configuration, Ethernet aggregate interface (description), Ethernet link aggregation basic concepts, Ethernet aggregate interface configuration, Ethernet link aggregation configuration, 42, 49, Ethernet link aggregate interface default Ethernet link aggregation dynamic mode, settings, Ethernet link aggregation group (dynamic),...
Page 300
Ethernet link aggregate interface shutdown, QinQ VLAN transparent transmission configuration, Ethernet link aggregation (dynamic), super VLAN configuration, 156, 156, Ethernet link aggregation (static), super VLAN sub VLAN configuration, Ethernet link aggregation configuration, 42, 49, VLAN basic configuration, Ethernet link aggregation group VLAN configuration, 138, (dynamic), 52, VLAN interface basic configuration,...
Page 301
port-based VLAN access port assignment, agent, port-based VLAN access port assignment (in APP parameter configuration, interface view), basic concepts, port-based VLAN access port assignment (in basic configuration, 245, VLAN view), bridge mode configuration, port-based VLAN hybrid port assignment, CDP compatibility configuration, port-based VLAN trunk port assignment, configuration, 238, 244, private VLAN configuration,...
Page 303
MAC change notification interval, MSTP VLAN-to-instance mapping table, MAC Information one-to-one VLAN mapping, configuration, 38, one-to-two VLAN mapping, enable, two-to-two VLAN mapping, mode configuration, master port (MST), queue length configuration, max age timer (STP), MAC relay (LLDP agent), maximum transmission unit. Use maintaining mCheck Ethernet interface,...
Page 304
LLDP TxRx, 243, protocols and standards, MAC Information syslog, regional root, MAC Information trap, relationships, MVRP registration fixed mode, spanning tree max age timer, MVRP registration forbidden mode, spanning tree port mode configuration, MVRP registration mode, VLAN-to-instance mapping table, MVRP registration normal mode, spanning tree mCheck, 1 1 1 Layer 3 Ethernet aggregate interface,...
Page 305
Ethernet link aggregation configuration port-based VLAN access port assignment (in types, interface view), Ethernet link aggregation dynamic mode, port-based VLAN access port assignment (in VLAN view), Ethernet link aggregation edge aggregate interface, port-based VLAN hybrid port assignment, Ethernet link aggregation LACP, port-based VLAN trunk port assignment, Ethernet link aggregation member port private VLAN configuration,...
Page 308
Ethernet link aggregate interface (expected Layer 3 edge aggregate interface, bandwidth), Layer 3 Ethernet link aggregation (dynamic), Ethernet link aggregate interface default Layer 3 Ethernet link aggregation (static), settings, Layer 3 Ethernet link aggregation group Ethernet link aggregate interface shutdown, (dynamic), Ethernet link aggregation Layer 3 Ethernet link aggregation group (static),...
Page 309
spanning tree forward delay timer, 802.1p-to-local priority mapping, spanning tree loop guard, 1 19 Ethernet link aggregation LACP, spanning tree path cost calculation LLDP PFC 802.1p priority, standard, MAC address table learning priority, spanning tree path cost configuration, 104, QinQ SVLAN tag 802.1p priority, spanning tree port link type configuration, spanning tree device priority, spanning tree port mode configuration,...
Page 310
configuring Ethernet interface jumbo frame configuring Layer 2 Ethernet link aggregation support, (static), configuring Ethernet interface link mode, configuring Layer 2 Ethernet link aggregation group (dynamic), configuring Ethernet interface PFC, configuring Layer 2 Ethernet link aggregation group configuring Ethernet interface physical state (static), change suppression, configuring Layer 2 Ethernet link aggregation load...
Page 311
configuring MAC address table dynamic aging configuring spanning tree Digest timer, Snooping, 1 13 configuring MAC address table entry, configuring spanning tree edge port, configuring MAC address table learning limit on configuring spanning tree No Agreement interface, Check, 1 16 configuring MAC address table unknown frame configuring spanning tree port link type, forwarding,...
Page 312
configuring VLAN mapping many-to-one enabling loop detection (port-specific), customer-side port (static IP address enabling MAC address move notification, 32, assignment), enabling MAC address synchronization configuring VLAN mapping many-to-one globally, network-side port (dynamic IP address enabling MAC Information, assignment), enabling MVRP, configuring VLAN mapping many-to-one enabling MVRP GVRP compatibility, network-side port (static IP address...
Page 313
setting 802.1p priority in QinQ SVLAN PVID (port-based VLAN), tags, PVST, 78, See also setting Ethernet interface statistics polling configuration, 95, interval, feature enable, 1 10 setting Ethernet link aggregate group min/max mode set, number Selected ports, port links, setting Ethernet link aggregation group load sharing mode, setting Layer 2 Ethernet interface MDIX QinQ...