HP FlexFabric 12900 Switch Series
Layer 2—LAN Switching
Part number: 5998-7268
Software version: R103x
Document version: 6W100-20150116

Advertising

   Summary of Contents for HP FlexFabric 12900 Series

  • Page 1: Configuration Guide

    HP FlexFabric 12900 Switch Series Layer 2—LAN Switching Configuration Guide Part number: 5998-7268 Software version: R103x Document version: 6W100-20150116...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring Ethernet interfaces ··································································································································· 1   Configuring a management Ethernet interface ·············································································································· 1   Ethernet interface naming conventions ··························································································································· 1   Configuring common Ethernet interface settings ··········································································································· 1   Splitting a 40-GE interface and combining 10-GE breakout interfaces ····························································· 2  ...

  • Page 4: Table Of Contents

    Configuring the device to forward unknown frames after the MAC learning limit on an interface is reached ··· 28   Enabling MAC address synchronization ····················································································································· 29   Enabling ARP fast update for MAC address moves ··································································································· 30   Displaying and maintaining the MAC address table ································································································· 31  ...

  • Page 5: Table Of Contents

    Layer 2 static aggregation configuration example ···························································································· 54   Layer 2 dynamic aggregation configuration example ······················································································ 56   Layer 2 aggregation load sharing configuration example ··············································································· 58   Layer 2 edge aggregate interface configuration example ··············································································· 60   Configuring port isolation ·········································································································································· 63  ...

  • Page 6: Table Of Contents

    Configuring the mode a port uses to recognize and send MSTP packets ······························································· 97   Enabling outputting port state transition information ·································································································· 97   Enabling the spanning tree feature ······························································································································ 98   Enabling the spanning tree feature in STP/RSTP/MSTP mode ········································································· 98  ...

  • Page 7: Table Of Contents

    Configuring port-based VLANs ··································································································································· 127   Introduction to port-based VLAN ······················································································································· 127   Assigning an access port to a VLAN ················································································································ 128   Assigning a trunk port to a VLAN······················································································································ 129   Assigning a hybrid port to a VLAN ··················································································································· 130  ...

  • Page 8: Table Of Contents

    Displaying and maintaining service loopback groups ····························································································· 208   Service loopback group configuration example ······································································································· 209   Network requirements ········································································································································· 209   Configuration procedure ···································································································································· 209   Contacting HP ······························································································································································ 210   Subscription service ············································································································································ 210   Related information ······················································································································································ 210   Documents ···························································································································································· 210  ...

  • Page 9: Configuring Ethernet Interfaces

    Configuring Ethernet interfaces The switch series supports Ethernet interfaces, management Ethernet interfaces, and Console interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide. This document describes how to configure management Ethernet interfaces and Ethernet interfaces. Configuring a management Ethernet interface A management interface uses an RJ-45 connector.

  • Page 10: Splitting A 40-ge Interface And Combining 10-ge Breakout Interfaces

    For example, you can split a 40-GE interface FortyGigE 1/0/16 into four 10-GE breakout interfaces Ten-GigabitEthernet 1/0/16:1 through Ten-GigabitEthernet 1/0/16:4. If an HP 12910 switch with an LSX1FAB10A1 module or an HP 12916 switch with an LSX1FAB16S1 module uses the LSX1QGS16EA1 board, you can split up to twelve of the sixteen 40-GE QSFP+ interfaces on the board.

  • Page 11: Configuring Basic Settings Of An Ethernet Interface

    Combining four 10-GE breakout interfaces into a 40-GE interface IMPORTANT: Before you restart a switch configured with the using fortygige command, save the combining configuration on the switch even if the switch is an IRF member switch. Otherwise, the combining configuration cannot take effect.

  • Page 12: Configuring The Link Mode Of An Ethernet Interface

    Step Command Remarks The default setting is auto for Ethernet interfaces. Set the duplex mode of Copper ports operating at 1000 Mbps and duplex { auto | full | half } the Ethernet interface. fiber ports do not support the half keyword. You cannot configure the duplex mode for a 100-GE CFP interface.

  • Page 13: Configuring Physical State Change Suppression On An Ethernet Interface

    Step Command Remarks Enter system view. system-view Enter Ethernet interface interface interface-type view. interface-number By default, the switch allows jumbo frames within 9216 bytes to pass through Ethernet interfaces. Configure jumbo frame jumboframe enable [ value ] support. If you set the value argument multiple times, the most recent configuration takes effect.

  • Page 14: Performing A Loopback Test On An Ethernet Interface

    Step Command Remarks By default, each time the physical link of a port comes up, the interface immediately reports the change to the CPU. Set the link-up event When this command is configured: link-delay [ msec ] suppression interval. delay-time mode up •...

  • Page 15: Configuring Generic Flow Control On An Ethernet Interface

    Step Command Remarks By default, no loopback test is Perform a loopback test. loopback { external | internal } performed. Configuring generic flow control on an Ethernet interface IMPORTANT: Enabling or disabling flow control on an interface might shut down and then bring up the interface. Make preparations before enabling or disabling this feature.

  • Page 16: Configuring Pfc On An Ethernet Interface

    To perform PFC on a network port of an IRF member switch, configure PFC on both the network port • and the IRF physical ports. For information about IRF, see IRF configuration Guide. To ensure correct operations of IRF and other protocols, HP recommends not enabling PFC for • 802.1p priorities 0, 6, and 7.

  • Page 17: Setting The Statistics Polling Interval

    Table 1 The relationship between the PFC function and the generic flow control function priority-flo priority-flow-contr flow-control w-control Remarks ol no-drop dot1p enable You cannot enable flow control by using the flow-control command on a port where PFC is Unconfigurable Configured Configured enabled and PFC is enabled for the specified...

  • Page 18

    Figure 2 Forcibly bring up a fiber port When Ethernet Correct fiber interfaces cannot When Ethernet interfaces connection be or are not are forcibly brought up forcibly brought up Device A Device A Device A XGE1/0/1 XGE1/0/1 XGE1/0/1 XGE1/0/1 XGE1/0/1 XGE1/0/1 Device B Device B...

  • Page 19: Configuring A Layer 2 Ethernet Interface

    Configuring a Layer 2 Ethernet interface Configuring storm suppression You can use the storm suppression function to limit the size of a particular type of traffic (broadcast, multicast, or unknown unicast traffic) on an interface. When the broadcast, multicast, or unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the traffic drops below this threshold.

  • Page 20

    Exceeds the upper threshold. • • Falls below the lower threshold from the upper threshold. Depending on your configuration, when a particular type of traffic exceeds its upper threshold, the interface does either of the following: Blocks this type of traffic, while forwarding other types of traffic—Even though the interface does •...

  • Page 21: Setting The Mdix Mode Of An Ethernet Interface

    Step Command Remarks By default, the interface sends (Optional.) Enable the traps when monitored traffic interface to send storm control storm-constrain enable trap exceeds the upper threshold or threshold event traps. drops below the lower threshold from the upper threshold. Setting the MDIX mode of an Ethernet interface IMPORTANT: Fiber ports do not support the MDIX mode setting.

  • Page 22: Testing The Cable Connection Of An Ethernet Interface

    Testing the cable connection of an Ethernet interface IMPORTANT: Fiber ports do not support this feature. This feature tests the cable connection of an Ethernet interface and displays cable test results within 5 seconds. The test results include the cable's status and some physical parameters. If any fault is detected, the test results include the length of the faulty cable segment.

  • Page 23

    Task Command Display traffic rate statistics of interfaces in display counters rate { inbound | outbound } interface up state over the last sampling interval. [ interface-type [ interface-number ] ] Display the operational and status information of the specified interface or all display interface [ interface-type [ interface-number ] ] interfaces.

  • Page 24: Configuring Loopback, Null, And Inloopback Interfaces

    Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.

  • Page 25: Configuring A Null Interface

    Configuring a null interface A null interface is a virtual interface and is always up, but you cannot use it to forward data packets or configure it with an IP address or link layer protocol. The null interface provides a simpler way to filter packets than ACL.

  • Page 26

    Task Command Clear the statistics on the inloopback interface. reset counters interface...

  • Page 27: Bulk Configuring Interfaces

    The maximum number of interface range names is limited only by the system resources. To • guarantee bulk interface configuration performance, HP recommends that you configure fewer than 1000 interface range names. After a command is executed in interface range view, one of the following situations might occur: •...

  • Page 28: Configuration Procedure

    Configuration procedure Step Command Remarks Enter system view. system-view • interface range { interface-type interface-number [ to interface-type By using the interface range name interface-number ] } &<1-24> command, you assign a name to an Enter interface range • interface range and can specify this interface range name name view.

  • Page 29: Configuring The Mac Address Table

    Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table.

  • Page 30: Types Of Mac Address Entries

    of port A. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A. Types of MAC address entries A MAC address table can contain the following types of entries: Static entries—A static entry is manually added to forward frames with a specific destination MAC •...

  • Page 31: Configuring Mac Address Entries

    Tasks at a glance (Optional.) Enabling ARP fast update for MAC address moves Configuring MAC address entries Configuration guidelines You cannot add a dynamic MAC address entry if a learned entry already exists with a different • outgoing interface for the MAC address. •...

  • Page 32: Adding Or Modifying A Static Or Dynamic Mac Address Entry On An Interface

    Adding or modifying a static or dynamic MAC address entry on an interface Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter interface view.

  • Page 33

    manner, the device forwards the frame destined for the server group through all ports connected to the servers within the cluster. Figure 3 NLB cluster Device cluster You can configure a multiport unicast MAC address entry globally or on an interface. Configuring a multiport unicast MAC address entry globally Step Command...

  • Page 34: Disabling Mac Address Learning

    Step Command Remarks By default, no multiport unicast MAC address entry is configured on an interface. Make sure you have created the VLAN and assigned the interface to the VLAN. Add the interface to a mac-address multiport Do not configure an interface as multiport unicast MAC mac-address vlan vlan-id the output interface of a multiport...

  • Page 35: Disabling Mac Address Learning On A Vlan

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter interface view. • Enter S-channel interface view: interface s-channel interface-number.channel-id • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel-id By default, MAC address...

  • Page 36: Configuring The Mac Learning Limit On Interfaces

    An aging interval that is too long might cause the MAC address table to retain outdated entries. As a result, the MAC address table resources might be exhausted, and the MAC address table might fail the update to accommodate the latest network changes. An interval that is too short might result in removal of valid entries, which would cause unnecessary floods and possibly affect the device performance.

  • Page 37: Enabling Mac Address Synchronization

    To configure the interface to forward unknown frames after the MAC learning limit is reached: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number Configure the device to By default, the device can forward forward unknown frames mac-address max-mac-count unknown frames received on an...

  • Page 38: Enabling Arp Fast Update For Mac Address Moves

    When Client A roams to AP D, Device B learns a MAC address entry for Client A. Device B advertises it to Device A to ensure service continuity for Client A, as shown in Figure Figure 5 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization: Step Command...

  • Page 39: Displaying And Maintaining The Mac Address Table

    Figure 6 ARP fast update application scenario To enable ARP fast update for MAC address moves: Step Command Remarks Enter system view. system-view Enable ARP fast By default, ARP fast update for update for MAC mac-address mac-move fast-update MAC address moves is disabled. address moves.

  • Page 40

    Configure the MAC address table as follows: • To prevent MAC address spoofing, add a static entry for Host A in the MAC address table of Device. To drop all frames destined for Host B, add a blackhole MAC address entry for the host. •...

  • Page 41: Configuring Mac Information

    Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor user's leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.

  • Page 42: Configuring The Mac Information Mode

    Configuring the MAC Information mode The following MAC Information modes are available for sending MAC address changes: • Syslog—The device sends syslog messages to notify MAC address changes. The device sends syslog messages to the information center, which then outputs them to the monitoring terminal. For more information about information center, see Network Management and Monitoring Configuration Guide.

  • Page 43: Mac Information Configuration Example

    MAC Information configuration example Network requirements Enable MAC Information on interface Ten-GigabitEthernet 1/0/1 on Device in Figure 7 to send MAC address changes in syslog messages to the log host, Host B, of the interface. Figure 7 Network diagram Configuration restrictions and guidelines When you edit the file /etc/syslog.conf, follow these restrictions and guidelines: •...

  • Page 44

    [Device] info-center source mac loghost level informational Configure the log host, Host B: Configure Solaris as follows. Configure other UNIX operating systems in the same way Solaris is configured. Log in to the log host as a root user. Create a subdirectory named Device in directory /var/log/. # mkdir /var/log/Device Create file info.log in the Device directory to save logs from Device.

  • Page 45: Configuring Ethernet Link Aggregation

    Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.

  • Page 46: Operational Key

    Unselected—An Unselected port cannot forward traffic. • • Individual—An Individual port can forward traffic as a normal physical port. A port is placed in Individual state when the following conditions exist: Its aggregate interface is configured as an edge aggregate interface. The port has not received Link Aggregation Control Protocol Data Units (LACPDUs) from its peer port.

  • Page 47: Link Aggregation Modes

    NOTE: The protocol configuration for a member port is effective only when the member port leaves the aggregation group. Link aggregation modes Link aggregation has dynamic and static modes: Static aggregation mode—Aggregation is stable. The aggregation state of the member ports are •...

  • Page 48: Aggregating Links In Dynamic Mode

    Figure 9 Setting the aggregation state of a member port in a static aggregation group For information about configuring the maximum number of Selected ports in a static aggregation group, "Setting the minimum and maximum numbers of Selected ports for an aggregation group."...

  • Page 49: How Dynamic Link Aggregation Works

    other member ports. In this way, the two systems reach an agreement on which ports are placed in the Selected state. LACP functions LACP offers basic LACP functions and extended LACP functions, as described in Table Table 3 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP priority,...

  • Page 50

    The local system (the actor) and the remote system (the partner) negotiate a reference port by using the following workflow: Compare the system IDs. (A system ID contains the system LACP priority and the system MAC address.) The lower the LACP priority, the smaller the system ID. If LACP priority values are the same, the two systems compare their MAC addresses.

  • Page 51

    Figure 10 Setting the state of a member port in a dynamic aggregation group   Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the remote system, sets the aggregation state of local member ports the same as their peer ports. When you aggregate interfaces in dynamic mode, follow these guidelines: A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports.

  • Page 52: Edge Aggregate Interface

    After the Selected port limit has been reached, a port joining the aggregation group is placed in • the Selected state if it is more eligible than a current Selected port. For information about configuring the maximum number of Selected ports in a dynamic aggregation group, see "Setting the minimum and maximum numbers of Selected ports for an aggregation group."...

  • Page 53: Configuring An Aggregation Group

    Tasks at a glance (Optional.) Configuring an aggregate interface: • Configuring the description of a Layer 2 aggregate interface • Specifying ignored VLANs on a Layer 2 aggregate interface • Setting the minimum and maximum numbers of Selected ports for an aggregation group •...

  • Page 54: Configuring A Layer 2 Dynamic Aggregation Group

    Step Command Remarks Enter system view. system-view When you create a Layer 2 Create a Layer 2 aggregate aggregate interface, the system interface bridge-aggregation interface and enter Layer 2 automatically creates a Layer 2 interface-number aggregate interface view. static aggregation group numbered the same.

  • Page 55: Configuring A Layer 2 Aggregate Interface

    Step Command Remarks Enter Layer 2 Ethernet interface view: interface interface-type Repeat these two sub-steps to interface-number Assign an interface to the assign more Layer 2 Ethernet specified Layer 2 aggregation Assign the interface to the interfaces to the aggregation group.

  • Page 56: Setting The Minimum And Maximum Numbers Of Selected Ports For An Aggregation Group

    The system ignores the permit state and tagging mode of an ignored VLAN when choosing Selected ports. To configure ignored VLANs on a Layer 2 aggregate interface: Step Command Remarks Enter system view. system-view Enter Layer 2 aggregate interface bridge-aggregation interface view.

  • Page 57: Configuring The Expected Bandwidth Of An Aggregate Interface

    Step Command Remarks Enter Layer 2 aggregate interface bridge-aggregation interface view. interface-number Set the minimum number of By default, the minimum number of link-aggregation selected-port Selected ports for the Selected ports for the aggregation minimum number aggregation group. group is not specified. Set the maximum number of By default, the maximum number of link-aggregation selected-port...

  • Page 58: Shutting Down An Aggregate Interface

    Shutting down an aggregate interface Make sure no member port in an aggregation group is configured with the loopback command when you shut down the aggregate interface. Similarly, a port configured with the loopback command cannot be assigned to an aggregate interface already shut down. For more information about the loopback command, see Layer 2—LAN Switching Command Reference.

  • Page 59: Configuring Load Sharing Modes For Link Aggregation Groups

    Configuring load sharing modes for link aggregation groups You can configure global or group-specific load sharing mode. A link aggregation group preferentially uses the group-specific load sharing mode. If no group-specific load sharing mode is available, the group uses the global load sharing mode. Configuring the global link-aggregation load sharing mode Step Command...

  • Page 60: Enabling Local-first Load Sharing For Link Aggregation

    Destination MAC address. • • Layer 1 MPLS label. Destination IP address and source IP address. • Destination MAC address and source MAC address. • • Layer 1 MPLS label and Layer 2 MPLS label. Enabling local-first load sharing for link aggregation Use local-first load sharing in a multidevice link aggregation scenario to distribute traffic preferentially across member ports on the ingress card or device.

  • Page 61: Enabling Link-aggregation Traffic Redirection

    Step Command Remarks By default, global local-first load Enable global local-first load link-aggregation load-sharing sharing for link aggregation is sharing for link aggregation. mode local-first enabled. Enabling group-specific local-first load sharing for link aggregation Step Command Remarks Enter system view. system-view Enter Layer 2 aggregate interface bridge-aggregation...

  • Page 62: Displaying And Maintaining Ethernet Link Aggregation

    Displaying and maintaining Ethernet link aggregation Execute display commands in any view and reset commands in user view. Task Command display interface [ bridge-aggregation ] [ brief [ down | description ] ] Display information for an aggregate interface or multiple aggregate interfaces. display interface bridge-aggregation interface-number [ brief [ description ] ] Display the local system ID.

  • Page 63

    Figure 12 Network diagram Configuration procedure Configure Device A: # Create VLAN 10, and assign port Ten-GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port Ten-GigabitEthernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign port Ten-GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port ten-gigabitethernet 1/0/5 [DeviceA-vlan20] quit...

  • Page 64: Layer 2 Dynamic Aggregation Configuration Example

    Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Bridge-Aggregation1...

  • Page 65

    # Create VLAN 10, and assign the port Ten-GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Ten-GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port ten-gigabitethernet 1/0/5 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to...

  • Page 66: Layer 2 Aggregation Load Sharing Configuration Example

    -------------------------------------------------------------------------------- XGE1/0/1 32768 {ACDEF} XGE1/0/2 32768 {ACDEF} XGE1/0/3 32768 {ACDEF} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- XGE1/0/1 32768 0x8000, 000f-e267-57ad {ACDEF} XGE1/0/2 32768 0x8000, 000f-e267-57ad {ACDEF} XGE1/0/3 32768 0x8000, 000f-e267-57ad {ACDEF} The output shows that: Link aggregation group 1 is a Layer 2 dynamic aggregation group. •...

  • Page 67

    [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/0/5 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Ten-GigabitEthernet 1/0/6 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port ten-gigabitethernet 1/0/6 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1. [DeviceA] interface bridge-aggregation 1 # Configure Layer 2 aggregation group 1 to load share packets based on source MAC addresses.

  • Page 68: Layer 2 Edge Aggregate Interface Configuration Example

    Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,...

  • Page 69

    Configure edge aggregate interface that both Ten-GigabitEthernet 1/0/1 Ten-GigabitEthernet 1/0/2 can forward traffic to improve link reliability. Figure 15 Network diagram Configuration procedure # Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic. <Device> system-view [Device] interface bridge-aggregation 1 [Device-Bridge-Aggregation1] link-aggregation mode dynamic # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface.

  • Page 70

    XGE1/0/1 32768 0x8000, 0000-0000-0000 {DEF} XGE1/0/2 32768 0x8000, 0000-0000-0000 {DEF} The output shows that Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 are in Individual state when they do not receive LACPDUs from the server. Both Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 can forward traffic. When one port fails, its traffic is automatically switched to the other port.

  • Page 71: Configuring Port Isolation

    Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another. The device supports multiple isolation groups, which can be configured manually. The number of ports assigned to an isolation group is not limited.

  • Page 72: Port Isolation Configuration Example

    Task Command Display isolation group information display port-isolate group [ group-number ] Port isolation configuration example Network requirements As shown in Figure 16, LAN users Host A, Host B, and Host C are connected to Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 on the device, respectively. The device connects to the Internet through Ten-GigabitEthernet 1/0/4.

  • Page 73: Verifying The Configuration

    Verifying the configuration # Display information about isolation group 2. [Device-Ten-GigabitEthernet1/0/3] display port-isolate group 2 Port isolation group information: Group ID: 2 Group members: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3...

  • Page 74: Configuring Spanning Tree Protocols

    Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).

  • Page 75: Basic Concepts In Stp

    Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called leaf nodes. The root bridge is not permanent, but can change with changes of the network topology.

  • Page 76: Calculation Process Of The Stp Algorithm

    Figure 17 Designated bridges and designated ports Device A Port A1 Port A2 Device B Device C Port B1 Port C1 Port B2 Port C2 Path cost Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust.

  • Page 77

    Step Description Based on the configuration BPDU and the path cost of the root port, the device calculates a designated port configuration BPDU for each of the other ports. • The root bridge ID is replaced with that of the configuration BPDU of the root port. •...

  • Page 78

    Example of STP calculation Figure 18 provides an example showing how the STP algorithm works. Figure 18 The STP algorithm Device A Priority = 0 Port A1 Port A2 Port B1 Port C1 Port B2 Port C2 Path cost = 4 Device B Device C Priority = 1...

  • Page 79

    Table 7 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison Port A1 performs the following tasks: Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}. Determines that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU.

  • Page 80

    Configuration BPDU on Device Comparison process ports after comparison Port C1 performs the following tasks: Receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}. Determines that the received configuration BPDU is superior to its existing configuration BPDU {2, 0, 2, Port C1}.

  • Page 81

    Configuration BPDU on Device Comparison process ports after comparison Device C determines that the root path cost of Port C1 (10) (root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10)) is larger than that of Port C2 (9) (root path cost of the received configuration BPDU (5) plus path cost of Port C2 (4)).

  • Page 82: Rstp

    If a designated port receives a configuration BPDU with a lower priority than its configuration BPDU, • the port immediately responds with its configuration BPDU. If a path fails, the root port on this path no longer receives new configuration BPDUs and the old •...

  • Page 83: Pvst

    Because each VLAN runs STP or RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled HP device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled HP device supports fast network convergence like RSTP when connected to PVST-enabled HP devices or third-party devices enabled with Rapid PVST.

  • Page 84: Mstp Basic Concepts

    MSTP basic concepts Figure 20 shows a switched network that comprises four MST regions, each MST region comprising four MSTP devices. Figure 21 shows the networking topology of MST region 3. Figure 20 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2...

  • Page 85

    MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: • A spanning tree protocol enabled Same region name • Same VLAN-to-instance mapping configuration •...

  • Page 86

    Regional root The root bridge of the IST or an MSTI within an MST region is the regional root of the IST or MSTI. Based on the topology, different spanning trees in an MST region might have different regional roots, as shown in MST region 3 in Figure •...

  • Page 87: How Mstp Works

    spanning tree device are connected, so the device blocks one of the ports. The blocked port acts as the backup. Edge port—Does not connect to any network device or network segment, but directly connects to a • user host. Master port—Acts as a port on the shortest path from the local MST region to the common root •...

  • Page 88: Mstp Implementation On Devices

    MSTP generates an IST within each MST region through calculation. • • MSTP regards each MST region as a single device and generates a CST among these MST regions through calculation. The CST and ISTs constitute the CIST of the entire network. MSTI calculation Within an MST region, MSTP generates different MSTIs for different VLANs based on the VLAN-to-instance mappings.

  • Page 89: Stp Configuration Task List

    Plan the device roles (the root bridge or leaf node). • When you configure spanning tree protocols, follow these restrictions and guidelines: To connect a spanning tree network to a TRILL network, make sure the following requirements are • met: The spanning tree protocol is disabled on the TRILL network.

  • Page 90: Rstp Configuration Task List

    Tasks at a glance Configuring the leaf nodes: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the device priority • (Optional.) Configuring the timeout factor • (Optional.) Configuring the BPDU transmission rate • (Optional.) Configuring path costs of ports •...

  • Page 91: Pvst Configuration Task List

    PVST configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority • (Optional.) Configuring the network diameter of a switched network •...

  • Page 92: Mstp Configuration Task List

    MSTP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Required.) Configuring an MST region • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority •...

  • Page 93: Configuring An Mst Region

    RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transits to • the STP mode when it receives STP BPDUs from the peer device. A port in this mode does not transit to the MSTP mode when it receives MSTP BPDUs from the peer device. •...

  • Page 94: Configuring The Root Bridge Or A Secondary Root Bridge

    Step Command Remarks Enter system view. system-view Enter MST region view. stp region-configuration Configure the MST region The default setting is the MAC region-name name name. address. Use one of the commands. • instance instance-id vlan Configure the By default, all VLANs in an MST vlan-id-list VLAN-to-instance mapping region are mapped to the CIST (or...

  • Page 95: Configuring The Current Device As The Root Bridge Of A Specific Spanning Tree

    Configuring the current device as the root bridge of a specific spanning tree Step Command Remarks Enter system view. system-view • In STP/RSTP mode: stp root primary Configure the current • In PVST mode: By default, a device does not device as the root stp vlan vlan-id-list root primary function as the root bridge.

  • Page 96: Configuring The Maximum Hops Of An Mst Region

    You can configure the maximum hops of an MST region based on the STP network size. HP recommends that you configure the maximum hops to a value that is greater than the maximum hops of each edge device to the root bridge.

  • Page 97: Configuring Spanning Tree Timers

    • Max age ≥ 2 × (hello time + 1 second) HP recommends not manually setting the spanning tree timers. HP recommends that you specify the network diameter and letting spanning tree protocols automatically calculate the timers based on the network diameter.

  • Page 98

    If the max age timer is too long, the device might fail to promptly detect link failures and quickly launch spanning tree calculations, reducing the auto-sensing capability of the network. HP recommends that you use the automatically calculated value.

  • Page 99: Configuring The Bpdu Transmission Rate

    By setting an appropriate BPDU transmission rate, you can limit the rate at which the port sends BPDUs. Setting an appropriate rate also prevents spanning tree protocols from using excessive network resources when the network topology changes. HP recommends that you use the default setting.

  • Page 100: Configuring Path Costs Of Ports

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type interface-number aggregate interface view. Configure the current ports as By default, all ports are stp edged-port edge ports. non-edge ports. Configuring path costs of ports Path cost is a parameter related to the rate of a port. On a spanning tree device, a port can have different path costs in different MSTIs.

  • Page 101

    Step Command Remarks Enter system view. system-view Specify a standard for the device to use when it stp pathcost-standard The default setting is legacy. calculates the default path { dot1d-1998 | dot1t | legacy } costs of its ports. Table 9 Mappings between the link speed and the path cost Path cost Link speed Port type...

  • Page 102

    Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 Aggregate interface containing two Selected 1000 ports Aggregate interface containing three Selected ports Aggregate interface containing four Selected ports Single port 1000 Aggregate interface containing two Selected ports Aggregate interface 20 Gbps containing three Selected...

  • Page 103

    Configuring path costs of ports When the path cost of a port changes, the system recalculates the role of the port and initiates a state transition. To configure the path cost of a port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type interface-number...

  • Page 104: Configuring The Port Link Type

    You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that • operates in full duplex mode. HP recommends that you use the default setting and letting the device automatically detect the port link type.

  • Page 105: Configuring The Mode A Port Uses To Recognize And Send Mstp Packets

    Configuring the mode a port uses to recognize and send MSTP packets A port can receive and send MSTP packets in the following formats: dot1s—802.1s-compliant standard format • legacy—Compatible format • By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format.

  • Page 106: Enabling The Spanning Tree Feature

    Enabling the spanning tree feature You must enable the spanning tree feature for the device before any other spanning tree related configurations can take effect. In STP, RSTP, or MSTP mode, make sure the spanning tree feature is enabled globally and on the desired ports. In PVST mode, make sure the spanning tree feature is enabled globally, in the desired VLANs, and on the desired ports.

  • Page 107: Performing Mcheck

    • which causes the peer port to transit to STP mode. When you disable TRILL and enable STP on a port, HP recommends that you perform mCheck on both the port and the peer port. Configuration procedure Performing mCheck globally...

  • Page 108: Configuring Digest Snooping

    The devices of different vendors in the same MST region cannot communicate with each other. To enable communication between an HP device and a third-party device in the same MST region, enable Digest Snooping on the HP device port connecting them.

  • Page 109

    Configuration procedure You can enable Digest Snooping only on the HP device that is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping: Step Command Remarks Enter system view. system-view...

  • Page 110: Configuring No Agreement Check

    [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceA-Ten-GigabitEthernet1/0/1] quit [DeviceA] stp global config-digest-snooping # Enable Digest Snooping on Ten-GigabitEthernet 1/0/1 of Device B and enable global Digest Snooping on Device B. <DeviceB> system-view [DeviceB] interface ten-gigabitethernet 1/0/1 [DeviceB-Ten-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceB-Ten-GigabitEthernet1/0/1] quit [DeviceB] stp global config-digest-snooping Configuring No Agreement Check...

  • Page 111: Configuration Prerequisites

    Figure 25 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implementation might be limited as follows: The upstream device uses a rapid transition mechanism similar to that of RSTP. •...

  • Page 112: No Agreement Check Configuration Example

    No Agreement Check configuration example Network requirements As shown in Figure 26, Device A connects to a third-party device that has a different spanning tree implementation. Both devices are in the same region. The third-party device (Device B) is the regional root bridge, and Device A is the downstream device. Figure 26 Network diagram Configuration procedure # Enable No Agreement Check on Ten-GigabitEthernet 1/0/1 of Device A.

  • Page 113: Enabling Root Guard

    Notifies the NMS that these ports have been shut down by the spanning tree protocol. • The device reactivates the shutdown ports after a detection interval. For more information about this detection interval, see Fundamentals Configuration Guide. BPDU guard does not take effect on loopback-testing-enabled ports. For more information about loopback testing, see "Configuring Ethernet interfaces."...

  • Page 114: Enabling Loop Guard

    Enabling loop guard By continuing to receive BPDUs from the upstream device, a device can maintain the state of the root port and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail to receive BPDUs from the upstream devices. In this case, the device reselects the following port roles: •...

  • Page 115: Configuring Tc-bpdu Transmission Restriction

    10 seconds after the device receives the first TC-BPDU. For TC-BPDUs received in excess of the limit, the device performs a forwarding address entry flush when the time period expires. This prevents frequent flushing of forwarding address entries. HP recommends that you enable TC-BPDU guard.

  • Page 116: Displaying And Maintaining The Spanning Tree

    Step Command Remarks (Optional.) Configure the maximum number of forwarding address entry stp tc-protection threshold The default setting is 6. flushes that the device can perform every number 10 seconds. Displaying and maintaining the spanning tree Execute display commands in any view and reset command in user view. Task Command Display information about ports blocked by spanning tree...

  • Page 117: Spanning Tree Configuration Example

    Spanning tree configuration example MSTP configuration example Network requirements As shown in Figure 27, all devices on the network are in the same MST region. Device A and Device B work at the distribution layer. Device C and Device D work at the access layer. Configure MSTP so that packets of different VLANs are forwarded along different spanning trees.

  • Page 118

    # Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively. [DeviceA-mst-region] instance 1 vlan 10 [DeviceA-mst-region] instance 3 vlan 30 [DeviceA-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceA-mst-region] revision-level 0 # Activate MST region configuration.

  • Page 119

    # Specify the device as the root bridge of MSTI 4. [DeviceC] stp instance 4 root primary # Enable the spanning tree feature globally. [DeviceC] stp global enable Configure Device D: # Enter MST region view, and configure the MST region name as example. <DeviceD>...

  • Page 120: Pvst Configuration Example

    Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device C. [DeviceC] display stp brief MST ID Port Role STP State Protection Ten-GigabitEthernet1/0/1 DESI FORWARDING NONE Ten-GigabitEthernet1/0/2 ROOT FORWARDING NONE Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE Ten-GigabitEthernet1/0/1 ROOT FORWARDING NONE Ten-GigabitEthernet1/0/2 ALTE DISCARDING...

  • Page 121

    Configure PVST to meet the following requirements: • Packets of a VLAN are forwarded along the spanning trees of the VLAN. VLAN 10, VLAN 20, and VLAN 30 are terminated on the distribution layer devices, and VLAN 40 • is terminated on the access layer devices. The root bridge of VLAN 10 and VLAN 20 is Device A.

  • Page 122

    [DeviceB] stp vlan 10 20 30 enable Configure Device C: # Set the spanning tree mode to PVST. <DeviceC> system-view [DeviceC] stp mode pvst # Configure the device as the root bridge of VLAN 40. [DeviceC] stp vlan 40 root primary # Enable the spanning tree feature globally and in VLAN 10, VLAN 20, and VLAN 40.

  • Page 123

    Ten-GigabitEthernet1/0/1 ROOT FORWARDING NONE Ten-GigabitEthernet1/0/2 ALTE DISCARDING NONE Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief VLAN ID Port Role STP State Protection Ten-GigabitEthernet1/0/1 ALTE DISCARDING NONE Ten-GigabitEthernet1/0/2 ROOT FORWARDING...

  • Page 124: Configuring Loop Detection

    Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmission can waste network resources and sometimes can paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.

  • Page 125: Loop Detection Interval

    Figure 32 Inner frame header for loop detection The inner frame header for loop detection contains the following fields: Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • • Version—Protocol version, which is always 0x0000. Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. •...

  • Page 126: Port Status Auto Recovery

    VLANs. The per-port configuration applies to the individual port only when the port belongs to the specified VLANs. Per-port configurations take precedence over global configurations. HP recommends not enabling loop detection on TRILL ports, because TRILL networks prevent loops from being generated. For information more about TRILL, see TRILL Configuration Guide.

  • Page 127: Configuring The Loop Protection Action

    Step Command Remarks Enter Layer 2 Ethernet interface interface interface-type view or Layer 2 aggregate interface-number interface view. Enable loop detection on the loopback-detection enable vlan Disabled by default. port. { vlan-list | all } Configuring the loop protection action You can configure the loop protection action globally or on a per-port basis.

  • Page 128: Setting The Loop Detection Interval

    Step Command Remarks By default, the device generates Configure the loop protection loopback-detection action a log but performs no action on action on the interface. shutdown the port on which a loop is detected. Setting the loop detection interval With loop detection enabled, the device sends loop detection frames at a specified interval. A shorter interval offers more sensitive detection but consumes more resources.

  • Page 129

    Figure 33 Network diagram Device A XGE1/0/1 XGE1/0/2 Device B Device C VLAN 100 Configuration procedure Configure Device A: # Create VLAN 100, and globally enable loop detection for the VLAN. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] quit [DeviceA] loopback-detection global enable vlan 100 # Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100.

  • Page 130

    # Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100. [DeviceB] interface ten-gigabitethernet 1/0/1 [DeviceB-Ten-GigabitEthernet1/0/1] port link-type trunk [DeviceB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 [DeviceB-Ten-GigabitEthernet1/0/1] quit [DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port link-type trunk [DeviceB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceB-Ten-GigabitEthernet1/0/2] quit Configure Device C:...

  • Page 131

    Loop detection interval is 35 second(s). No loopback is detected. The output shows that the device has removed the loops from Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 according to the shutdown action. # Display the status of Ten-GigabitEthernet 1/0/1 on devices, for example, Device A. [DeviceA] display interface ten-gigabitethernet 1/0/1 Ten-GigabitEthernet1/0/1 current state: DOWN (Loop detection down) The output shows that Ten-GigabitEthernet 1/0/1 is already shut down by the loop detection module.

  • Page 132: Configuring Vlans

    Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.

  • Page 133: Protocols And Standards

    A VLAN tag includes the following fields: • TPID—16-bit tag protocol identifier that indicates whether a frame is VLAN-tagged. By default, the TPID value is 0x8100, indicating that the frame is VLAN-tagged. However, device vendors can set TPID to different values. For compatibility with neighbor devices, configure the TPID value on the device to be the same as the neighbor device.

  • Page 134: Configuring Basic Settings Of A Vlan Interface

    Step Command Remarks By default, the description of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. Configure the description text If the VLAN ID has fewer than four digits, description of the VLAN. leading zeros are added.

  • Page 135: Configuring Port-based Vlans

    For a hybrid or trunk port, the PVID setting of the port does not change. You can use a nonexistent VLAN as the PVID for a hybrid or trunk port, but not for an access port. HP recommends that you set the same PVID for a local port and its peer. •...

  • Page 136: Assigning An Access Port To A Vlan

    To prevent a port from dropping untagged packets or PVID-tagged packets, assign the port to its • PVID. How ports of different link types handle frames Actions Access Trunk Hybrid In the • If the PVID is permitted on the port, tags the frame with the PVID inbound Tags the frame with the tag.

  • Page 137: Assigning A Trunk Port To A Vlan

    Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet • The configuration made in Layer 2 interface view: aggregate interface view applies interface interface-type to the aggregate interface and its interface-number aggregation member ports.

  • Page 138: Assigning A Hybrid Port To A Vlan

    Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • The configuration made in • Enter Layer 2 Ethernet interface Layer 2 aggregate interface view: view applies to the aggregate interface interface-type interface and its aggregation interface-number member ports.

  • Page 139: Displaying And Maintaining Vlans

    Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • The configuration made in • Enter Layer 2 Ethernet interface Layer 2 aggregate interface view: view applies to the aggregate interface interface-type interface and its aggregation interface-number member ports.

  • Page 140: Port-based Vlan Configuration Example

    Port-based VLAN configuration example Network requirements As shown in Figure Host A and Host C belong to Department A. VLAN 100 is assigned to Department A. • Host B and Host D belong to Department B. VLAN 200 is assigned to Department B. •...

  • Page 141

    Verifying the configuration # Verify that Host A and Host C can ping each other, but they both fail to ping Host B. (Details not shown.) # Verify that Host B and Host D can ping each other, but they both fail to ping Host A. (Details not shown.) # Verify that VLANs 100 and 200 are correctly configured on devices, for example, on Device A.

  • Page 142: Configuring The Private Vlan

    Configuring the private VLAN The private VLAN feature uses a two-tier VLAN structure, including a primary VLAN and secondary VLANs. This feature simplifies the network configuration and saves VLAN resources. A primary VLAN is used for upstream data exchange. A primary VLAN can be associated with multiple secondary VLANs.

  • Page 143: Configuration Restrictions And Guidelines

    Configure a downlink port (for example, the port connecting Device B to a host in Figure 37) as a host port. The host port can be automatically assigned to the secondary VLAN and its associated primary VLAN. If a downlink port allows multiple secondary VLANs, configure the port as a trunk secondary port.

  • Page 144

    Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. • Configure the uplink port as a promiscuous port of the specified VLAN: port private-vlan vlan-id Configure the uplink port as a By default, a port is not a promiscuous promiscuous or trunk...

  • Page 145: Displaying And Maintaining The Private Vlan

    Step Command Remarks Associate the primary VLAN By default, a primary VLAN is not with the specified secondary private-vlan secondary vlan-id-list associated with any secondary VLANs. VLAN. Return to system view. quit Enter VLAN interface view of the primary VLAN interface: interface vlan-interface vlan-id...

  • Page 146: Private Vlan Configuration Examples

    Private VLAN configuration examples Promiscuous port configuration example Network requirements As shown in Figure 38, configure the private VLAN feature to meet the following requirements: On Device B, VLAN 5 is a primary VLAN that is associated with secondary VLANs 2 and 3. •...

  • Page 147

    [DeviceB-Ten-GigabitEthernet1/0/1] port access vlan 3 [DeviceB-Ten-GigabitEthernet1/0/1] port private-vlan host [DeviceB-Ten-GigabitEthernet1/0/1] quit # Assign the downlink port Ten-GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port. [DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port access vlan 2 [DeviceB-Ten-GigabitEthernet1/0/2] port private-vlan host [DeviceB-Ten-GigabitEthernet1/0/2] quit # Associate secondary VLANs 2 and 3 with primary VLAN 5.

  • Page 148: Trunk Promiscuous Port Configuration Example

    VLAN ID: 5 VLAN type: Static Private VLAN type: Primary Route interface: Not configured Description: VLAN 0005 Name: VLAN 0005 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/5 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged...

  • Page 149

    On Device B, the downlink port Ten-GigabitEthernet 1/0/2 permits secondary VLAN 2. The • downlink port Ten-GigabitEthernet 1/0/3 permits secondary VLAN 3. Secondary VLANs 2 and 3 are associated with primary VLAN 5. • On Device B, the downlink port Ten-GigabitEthernet 1/0/6 permits secondary VLAN 6. The downlink port Ten-GigabitEthernet 1/0/8 permits secondary VLAN 8.

  • Page 150

    # Assign the downlink port Ten-GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port. [DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port access vlan 2 [DeviceB-Ten-GigabitEthernet1/0/2] port private-vlan host [DeviceB-Ten-GigabitEthernet1/0/2] quit # Assign the downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3, and configure the port as a host port.

  • Page 151

    Verifying the configuration # Display primary VLAN configurations on Device B. The following output uses primary VLAN 5 as an example. [DeviceB] display private-vlan 5 Primary VLAN ID: 5 Secondary VLAN ID: 2-3 VLAN ID: 5 VLAN type: Static Private VLAN type: Primary Route interface: Not configured Description: VLAN 0005 Name: VLAN 0005...

  • Page 152: Trunk Promiscuous And Trunk Secondary Port Configuration Example

    Trunk promiscuous and trunk secondary port configuration example Network requirements As shown in Figure 40, configure the private VLAN feature to meet the following requirements: VLANs 10 and 20 are primary VLANs on Device A. The uplink port Ten-GigabitEthernet 1/0/5 on •...

  • Page 153

    # Create VLANs 11, 12, 21, and 22, which are to be configured as secondary VLANs. [DeviceA] vlan 11 to 12 [DeviceA] vlan 21 to 22 # Associate secondary VLANs 11 and 12 with primary VLAN 10. [DeviceA] vlan 10 [DeviceA-vlan10] private-vlan secondary 11 12 [DeviceA-vlan10] quit # Associate secondary VLANs 21 and 22 with primary VLAN 20.

  • Page 154

    # Assign the port Ten-GigabitEthernet 1/0/4 to VLAN 11. [DeviceB] interface ten-gigabitethernet 1/0/4 [DeviceB-Ten-GigabitEthernet1/0/4] port access vlan 11 [DeviceB-Ten-GigabitEthernet1/0/4] quit # Assign the port Ten-GigabitEthernet 1/0/3 to VLAN 21. [DeviceB] interface ten-gigabitethernet 1/0/3 [DeviceB-Ten-GigabitEthernet1/0/3] port access vlan 21 [DeviceB-Ten-GigabitEthernet1/0/3] quit Configure Device C: # Create VLANs 10 and 20.

  • Page 155

    VLAN ID: 12 VLAN type: Static Private-vlan type: Secondary Route interface: Not configured Description: VLAN 0012 Name: VLAN 0012 Tagged ports: Ten-GigabitEthernet1/0/5 Untagged ports: Ten-GigabitEthernet1/0/3 The output shows that: The trunk promiscuous port Ten-GigabitEthernet 1/0/5 is a tagged member of primary VLAN 10 •...

  • Page 156: Secondary Vlan Layer 3 Communication Configuration Example

    Route interface: Not configured Description: VLAN 0022 Name: VLAN 0022 Tagged ports: Ten-GigabitEthernet1/0/5 Untagged ports: Ten-GigabitEthernet1/0/1 The output shows that: • The trunk promiscuous port Ten-GigabitEthernet 1/0/5 is a tagged member of primary VLAN 20 and secondary VLANs 21 and 22. The trunk secondary port Ten-GigabitEthernet 1/0/2 is a tagged member of primary VLAN 20 •...

  • Page 157

    # Configure VLAN 10 as a primary VLAN, and associate VLAN 2 and VLAN 3 with primary VLAN 10 as secondary VLANs. [DeviceB] vlan 10 [DeviceB-vlan10] private-vlan primary [DeviceB-vlan10] private-vlan secondary 2 3 [DeviceB-vlan10] quit # Configure the uplink port Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 10. [DeviceB] interface ten-gigabitethernet 1/0/1 [DeviceB-Ten-GigabitEthernet1/0/1] port private-vlan 10 promiscuous [DeviceB-Ten-GigabitEthernet1/0/1] quit...

  • Page 158

    Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1...

  • Page 159: Configuring Qinq

    Configuring QinQ This document uses the following terms: CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses • on the private network. SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service •...

  • Page 160: Qinq Implementations

    As shown in Figure 43, customer A has remote sites CE 1 and CE 4. Customer B has remote sites CE 2 and CE 3. The CVLANs of the two customers overlap. The service provider assigns SVLANs 3 and 4 to customers A and B, respectively.

  • Page 161: Restrictions And Guidelines

    The inner 802.1Q tag of QinQ frames is treated as part of the payload. For correct transmission of • QinQ frames, HP recommends that you set the MTU to a minimum of 1504 bytes for each port on the forwarding path of QinQ frames. This value is the sum of the default Ethernet interface MTU (1500 bytes) and the length (4 bytes) of a VLAN tag.

  • Page 162: Configuring Transparent Transmission For Vlans

    Configuring transparent transmission for VLANs You can exclude traffic of a VLAN (for example, the management VLAN) from the QinQ tagging action on a customer-side port. This VLAN is called a transparent VLAN. To ensure successful transmission for a transparent VLAN, follow these configuration guidelines: Set the link type of the port to trunk or hybrid, and assign the port to the VLAN.

  • Page 163: Configuring The Cvlan Tpid

    The TPID in a tagged Ethernet frame is in the same position as the EtherType field in an untagged Ethernet frame. To ensure correct packet type identification, do not set the TPID value to any of the values listed Table 1 Table 11 Reserved EtherType values Protocol type Value...

  • Page 164: Setting The 802.1p Priority In Svlan Tags

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. qinq ethernet-type service-tag The default setting is 0x8100 for Configure the SVLAN TPID. hex-value SVLAN tags. Setting the 802.1p priority in SVLAN tags By default, a QinQ-enabled port copies the 802.1p priority in the CVLAN tag to the SVLAN tag.

  • Page 165: Displaying And Maintaining Qinq

    Step Command Remarks Associate the traffic class classifier classifier-name behavior with the traffic behavior in behavior-name the QoS policy. Return to system view. quit Enter Layer 2 Ethernet interface interface-type interface-number interface view. By default, the device trusts the priority carried in frames.

  • Page 166

    Figure 44 Network diagram VLANs 30 to 90 VLANs 10 to 70 CE 3 CE 4 Site 3 Site 2 Company B Company A XGE1/0/3 XGE1/0/3 XGE1/0/2 XGE1/0/2 VLANs 100 and 200 PE 1 PE 2 TPID = 0x8200 XGE1/0/1 XGE1/0/1 Service provider network Company A...

  • Page 167: Vlan Transparent Transmission Configuration Example

    # Set the PVID to 200 on Ten-GigabitEthernet 1/0/3. [PE1-Ten-GigabitEthernet1/0/3] port trunk pvid vlan 200 # Enable QinQ on Ten-GigabitEthernet 1/0/3. [PE1-Ten-GigabitEthernet1/0/3] qinq enable [PE1-Ten-GigabitEthernet1/0/3] quit Configuring PE 2: # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLAN 200 and VLAN 30 through VLAN 90.

  • Page 168

    The service provider assigns VLAN 100 to a company's VLANs 10 through 50. • • VLAN 3000 is the dedicated VLAN of the company on the service provider network. Configure QinQ on PE 1 and PE 2 to provide Layer 2 connectivity for CVLANs 10 through 50 over the service provider network.

  • Page 169

    <PE2> system-view [PE2] interface ten-gigabitethernet 1/0/1 [PE2-Ten-GigabitEthernet1/0/1] port link-type trunk [PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 10 to 50 # Set the PVID to 100 on Ten-GigabitEthernet 1/0/1. [PE1-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on Ten-GigabitEthernet 1/0/1. [PE2-Ten-GigabitEthernet1/0/1] qinq enable # Configure Ten-GigabitEthernet 1/0/1 to transparently transmit frames from VLAN 3000.

  • Page 170: Configuring Vlan Mapping

    Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. One-to-two VLAN mapping—Tags single-tagged packets with an outer VLAN tag.

  • Page 171: Application Scenario Of One-to-two And Two-to-two Vlan Mapping

    Figure 46 Application scenario of one-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 - > VLAN 101 VLAN 2 - > VLAN 201 VLAN 3 VoIP VLAN 3 - > VLAN 301 Wiring - closet switch VLAN 1 VLAN 1 - >...

  • Page 172: Vlan Mapping Implementations

    Figure 47 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively. The SP 1 network assigns SVLAN 10 to Site 1. The SP 2 network assigns SVLAN 20 to Site 2. When the packet from Site 1 arrives at PE 1, PE 1 tags the packet with SVLAN 10 by using one-to-two VLAN mapping.

  • Page 173

    Figure 48 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 49, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: Replaces the CVLAN with the SVLAN for the uplink traffic. •...

  • Page 174: Vlan Mapping Configuration Task List

    Figure 50 One-to-two VLAN mapping implementation Two-to-two VLAN mapping As shown in Figure 51, two-to-two VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: Replaces the CVLAN and the SVLAN with the CVLAN' and the SVLAN' for the uplink traffic. •...

  • Page 175: Configuring One-to-one Vlan Mapping

    The CVLAN tag of packets matching the one-to-one VLAN mapping configuration is replaced with the specified SVLAN tag. Packets not matching the one-to-one VLAN mapping are tagged with the PVID tag. For more information about QinQ, see "Configuring QinQ." When VLAN mapping is enough for meeting your requirements, use VLAN mapping. When you •...

  • Page 176: Configuring One-to-two Vlan Mapping

    The MTU of an interface is 1500 bytes by default. After a VLAN tag is added to a packet, the packet length is added by 4 bytes. HP recommends setting the MTU to a minimum of 1504 bytes for ports on the forwarding path of the packet in the service provider network.

  • Page 177: Displaying And Maintaining Vlan Mapping

    different VLANs to communicate at Layer 2 across two service provider networks that use different VLAN assignment schemes. Before you configure two-to-two VLAN mapping, create the original VLANs and the translated VLANs. To configure two-to-two VLAN mapping: Step Command Remarks Enter system view.

  • Page 178

    On the home gateways, VLANs 1, 2, and 3 are assigned to PC, VoD, and VoIP traffic, respectively. • To isolate traffic of the same service type from different households, configure one-to-one VLAN mappings on the wiring-closet switches to assign one VLAN to each type of traffic from each household. Figure 52 Network diagram Configuration procedure Configure Switch A:...

  • Page 179: One-to-two And Two-to-two Vlan Mapping Configuration Example

    # Configure one-to-one VLAN mappings on Ten-GigabitEthernet 1/0/1 to map VLANs 1, 2, and 3 to VLANs 101, 201, and 301, respectively. [SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 1 translated-vlan 101 [SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 2 translated-vlan 201 [SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 3 translated-vlan 301 [SwitchA-Ten-GigabitEthernet1/0/1] quit # Configure the customer-side port Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to all original VLANs and translated VLANs.

  • Page 180

    SP 1 assigns VLAN 100 to Site 1 and Site 2. SP 2 assigns VLAN 200 to Site 1 and Site 2. • Configure one-to-two and two-to-two VLAN mappings to enable the two branches to communicate across networks SP 1 and SP 2. Figure 53 Network diagram SP 1 SP 2...

  • Page 181

    # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLAN 100. [PE2] interface ten-gigabitethernet 1/0/2 [PE2-Ten-GigabitEthernet1/0/2] port link-type trunk [PE2-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE2-Ten-GigabitEthernet1/0/2] quit Configure PE 3: # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 100 and 200. <PE3>...

  • Page 182

    # Verify VLAN mapping information on PE 3. [PE3] display vlan mapping Interface Ten-GigabitEthernet1/0/1: Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN # Verify VLAN mapping information on PE 4. [PE4] display vlan mapping Interface Ten-GigabitEthernet1/0/2: Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN...

  • Page 183: Configuring Lldp

    Configuring LLDP You can set an Ethernet interface to work in Layer 3 mode by using the port link-mode route command (see "Configuring Ethernet interfaces"). Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration.

  • Page 184

    Figure 54 LLDP neighbor relationships LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or SNAP frames. LLDP frame encapsulated in Ethernet II • Figure 55 Ethernet II-encapsulated LLDP frame Table 12 Fields in an Ethernet II-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised.

  • Page 185

    LLDP frame encapsulated in SNAP • Figure 56 SNAP-encapsulated LLDP frame Table 13 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as that Destination MAC address for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.

  • Page 186

    Organizationally specific TLVs and LLDP-MED TLVs are used for enhanced device management. They are defined by standardization or other organizations and are optional to LLDPDUs. Basic management TLVs • Table 14 lists the basic management TLV types. Some of them are mandatory to LLDPDUs. Table 14 Basic management TLVs Type Description...

  • Page 187

    ETS Recommendation ETS recommendation. Priority-based Flow Control. Application protocol. NOTE: HP devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs •...

  • Page 188: Work Mechanism

    Type Description Allows a network device or terminal device to advertise the VLAN Network Policy ID of a port, the VLAN type, and the Layer 2 and Layer 3 priorities for specific applications. Allows a network device or terminal device to advertise power Extended Power-via-MDI supply capability.

  • Page 189

    Transmitting LLDP frames An LLDP agent operating in TxRx mode or Tx mode sends LLDP frames to its directly connected devices both periodically and when the local configuration changes. To prevent LLDP frames from overwhelming the network during times of frequent changes to local device information, LLDP uses the token bucket mechanism to rate limit LLDP frames.

  • Page 190: Performing Basic Lldp Configuration

    To use LLDP together with OpenFlow, you must enable LLDP globally on OpenFlow switches. To prevent LLDP from affecting topology discovery of OpenFlow controllers, HP recommends that you disable LLDP on ports of OpenFlow instances. For more information about OpenFlow, see OpenFlow Configuration Guide.

  • Page 191: Setting The Lldp Operating Mode

    Step Command Remarks Enter system view. system-view Configure LLDP to operate By default, LLDP operates in lldp mode service-bridge in service bridge mode. customer bridge mode. Setting the LLDP operating mode Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface-number...

  • Page 192: Enabling Lldp Polling

    Enabling LLDP polling With LLDP polling enabled, a device periodically searches for local configuration changes. When the device detects a configuration change, it sends LLDP frames to inform neighboring devices of the change. To enable LLDP polling: Step Command Remarks Enter system view.

  • Page 193

    Step Command Remarks • lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | By default: management-address-tlv [ ip-address ] } | dot1-tlv { all | port-vlan-id | • Nearest bridge agents link-aggregation | dcbx | can advertise all types protocol-vlan-id [ vlan-id ] | vlan-name of LLDP TLVs except the...

  • Page 194: Configuring The Management Address And Its Encoding Format

    Step Command Remarks By default: • Nearest non-TPMR • lldp agent nearest-nontpmr tlv-enable bridge agents can { basic-tlv { all | management-address-tlv advertise only EVB [ ip-address ] | port-description | TLVs. system-capability | system-description | • Nearest customer system-name } | dot1-tlv { all | evb | bridge agents can port-vlan-id } } advertise basic TLVs...

  • Page 195: Setting Other Lldp Parameters

    Step Command Remarks • In Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view: By default: lldp [ agent { nearest-customer | nearest-nontpmr } ] • Nearest bridge agents and tlv-enable basic-tlv Allow LLDP to advertise the nearest customer bridge agents management-address-tlv management address in LLDP can advertise the management...

  • Page 196: Setting An Encapsulation Format For Lldp Frames

    Step Command Remarks Set the token bucket size for lldp max-credit credit-value The default setting is 5. sending LLDP frames. Set the LLDP frame lldp timer tx-delay delay The default setting is 2 seconds. transmission delay. Set the number of LLDP frames sent each time fast LLDP frame lldp fast-count count The default setting is 4.

  • Page 197

    device. The packets that the switch sends to the neighboring CDP device carry the device ID, the ID of the port connecting to the neighboring device, the port IP address, the PVID, and the TTL. The port IP address is the main IP address of the VLAN interface that is in up state and whose corresponding VLAN ID is the lowest among the VLANs permitted on the port.

  • Page 198: Configuring Dcbx

    • Remotely configures the peer device if the peer device accepts the configuration. • NOTE: HP devices support only the remote configuration function. Figure 58 DCBX application scenario DCBX enables lossless packet transmission on DCE networks. As shown in Figure 58, DCBX applies to an FCoE-based data center network, and operates on an access switch.

  • Page 199: Dcbx Configuration Task List

    APP. HP devices can send the these types of DCBX information to a server adapter supporting FCoE, but they cannot receive them. DCBX configuration task list Tasks at a glance (Required.) Enabling LLDP and DCBX TLV advertising Optional.) Configuring the DCBX version (Required.)

  • Page 200: Configuring App Parameters

    After the configuration, LLDP frames sent by the local port carry information about the configured • DCBX version. The local port and peer port do not negotiate the DCBX version. If the DCBX version is autonegotiated, the version IEEE Std 802.1Qaz-201 1 is preferably negotiated. •...

  • Page 201

    Step Command Remarks An Ethernet frame header ACL number is in the range of 4000 to 4999. An IPv4 advanced ACL number is in the range of 3000 to Create an Ethernet frame 3999. acl number acl-number [ name header ACL or an IPv4 acl-name ] [ match-order { auto | DCBX Rev 1.00 supports only advanced ACL and enter ACL...

  • Page 202: Configuring Ets Parameters

    Step Command Remarks • (Method 1) To the outgoing traffic of all ports: qos apply policy policy-name global outbound • (Method 2) To the outgoing • Configurations made in system traffic of a Layer 2 Ethernet view take effect on all ports. interface: Apply the QoS policy.

  • Page 203

    Step Command Configure the behavior to mark packets with the remark local-precedence local-precedence specified local precedence value. Return to system view. quit Create a QoS policy and enter QoS policy view. qos policy policy-name Associate the class with the traffic behavior in the classifier classifier-name behavior behavior-name QoS policy, and apply the association to DCBX.

  • Page 204: Configuring Pfc Parameters

    PFC in enable PFC. autonegotiation mode. By default, PFC is disabled for all 802.1p priorities. HP recommends that you enable Enable PFC for the specified priority-flow-control no-drop PFC for the 802.1p priority of 802.1p priorities. dot1p dot1p-list FCoE traffic.

  • Page 205: Configuring Lldp Trapping And Lldp-med Trapping

    Configuring LLDP trapping and LLDP-MED trapping LLDP trapping or LLDP-MED trapping notifies the network management system of events such as newly detected neighboring devices and link malfunctions. To prevent excessive LLDP traps from being sent when the topology is unstable, set a trap transmission interval for LLDP.

  • Page 206: Lldp Configuration Examples

    Task Command Display the information contained display lldp neighbor-information [ [ [ interface interface-type in the LLDP TLVs sent from interface-number ] [ agent { nearest-bridge | nearest-customer | neighboring devices. nearest-nontpmr } ] [ verbose ] ] | list [ system-name system-name ] ] display lldp statistics [ global | [ interface interface-type Display LLDP statistics.

  • Page 207

    # Enable LLDP on Ten-GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] lldp enable # Set the LLDP operating mode to Rx. [SwitchA-Ten-GigabitEthernet1/0/1] lldp admin-status rx [SwitchA-Ten-GigabitEthernet1/0/1] quit # Enable LLDP on Ten-GigabitEthernet 1/0/2. By default, LLDP is enabled on ports. [SwitchA] interface ten-gigabitethernet 1/0/2 [SwitchA-Ten-GigabitEthernet1/0/2] lldp enable # Set the LLDP operating mode to Rx.

  • Page 208

    Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 21 Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP : Enable Admin status...

  • Page 209

    Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 16 Number of received unknown TLV : 0 # Remove the link between Switch A and Switch B.

  • Page 210: Dcbx Configuration Example

    LLDP status information of port 2 [Ten-GigabitEthernet1/0/2]: LLDP agent nearest-bridge: Port status of LLDP : Enable Admin status : RX_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0...

  • Page 211

    Figure 60 Network diagram Configuration procedure Enable LLDP and DCBX TLV advertising: # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp global enable # Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] lldp enable [SwitchA-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx Configure the DCBX version as Rev.

  • Page 212

    [SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy plcy outbound [SwitchA-Ten-GigabitEthernet1/0/1] quit Configure ETS parameters: # Configure the 802.1p-to-local priority mapping table to map 802.1p priority value 3 to local precedence 3. (This is the default mapping table. You can modify this configuration as needed.) [SwitchA] qos map-table dot1p-lp [SwitchA-maptbl-dot1p-lp] import 3 export 3 [SwitchA-maptbl-dot1p-lp] quit...

  • Page 213

    Priority Group ID of Priority 2: 1 Priority Group ID of Priority 5: 5 Priority Group ID of Priority 4: 4 Priority Group ID of Priority 7: 7 Priority Group ID of Priority 6: 6 Priority Group 0 Percentage: 2 Priority Group 1 Percentage: 4 Priority Group 2 Percentage: 6 Priority Group 3 Percentage: 0...

  • Page 214

    DCBX Parameter Information Parameter Type: Local Pad Byte Present: Yes DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 0 Priority Group ID of Priority 3: 1 Priority Group ID of Priority 2: 0 Priority Group ID of Priority 5: 0 Priority Group ID of Priority 4: 0...

  • Page 215

    PFC Enabled on Priority 6: No PFC Enabled on Priority 7: No Number of Traffic Classes Supported: 6 DCBX Parameter Information Parameter Type: Remote Pad Byte Present: No DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data PFC Enabled on Priority 0: No PFC Enabled on Priority 1: No PFC Enabled on Priority 2: No PFC Enabled on Priority 3: Yes...

  • Page 216: Configuring Service Loopback Groups

    Configuring service loopback groups A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. The device supports only one service loopback group. This group provides services only for unicast tunnel traffic.

  • Page 217: Service Loopback Group Configuration Example

    Task Command Display information about the service loopback group. display service-loopback group [ number ] Service loopback group configuration example Network requirements All Ethernet ports on Device A support the tunnel service. Assign Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to a service loopback group to loop GRE packets sent out by the device back to the device.

  • Page 218: Contacting Hp

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. For a complete list of acronyms and their definitions, see HP FlexNetwork Technology Acronyms.

  • Page 219: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 220

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 221: Index

    Index Numerics address MAC address learning disable, MAC address table address synchronization, 1 VLAN mappingapplication scenario, MAC Information queue length, 1 VLAN mappingconfiguration, 167, advertising 1 VLAN mappingimplementation, 164, LAN switching LLDP advertisable TLV, 2 VLAN mappingapplication scenario, LAN switching LLDP+DCBX TLV advertisement, 2 VLAN mappingconfiguration, 168, aggregating 2 VLAN mappingimplementation, 164,...

  • Page 222

    Ethernet link aggregate interface (expected spanning tree port path cost calculation bandwidth), standard, LAN switching LLDP ETS parameters, spanning tree timeout factor, basic management LLDPDU TLV types, STP algorithm, blackhole entry MAC address table, 22, LAN switching LLDP CDP compatibility, block action (loop detection), 1 17 checking...

  • Page 223

    interface jumbo frame support (Ethernet), loop detection protection action (global), 1 19 interface link mode (Ethernet), loop detection protection action (Layer 2 aggregate interface), 1 19 interface PFC (Ethernet), loop detection protection action (Layer 2 Ethernet interface physical state change suppression interface), 1 19 (Ethernet),...

  • Page 224

    spanning tree protection functions, LAN switching LLDP ETS parameter configuration, spanning tree root bridge, LAN switching LLDP PFC parameter spanning tree root bridge (device), configuration, spanning tree secondary root bridge, LAN switching LLDP+DCBX TLV advertisement, spanning tree secondary root bridge LLDP DCBX version configuration, (device), DCBX version (LLDP),...

  • Page 225

    Layer 2 LAN switching VLAN, QinQ, loop detection, spanning tree BPDU guard, MAC address table, spanning tree feature, port isolation, spanning tree loop guard, private VLAN, spanning tree port state transition information output, QinQ, spanning tree root guard, service loopback group, spanning tree TC-BPDU guard, spanning tree, encapsulating...

  • Page 226

    Layer 2 LAN switching VLAN port-based aggregate group Selected ports min/max, configuration, aggregate interface, link aggregation. See Ethernet link aggregation aggregate interface (description), LLDP DCBX version, aggregate interface configuration, loop detection configuration, aggregate interface default settings, MAC address table configuration, 21, 22, aggregate interface shutdown, MAC Information configuration, 33, aggregation group,...

  • Page 227

    interface external loopback test (Ethernet), QinQ SVLAN Ethernet frame header tag, FCoE generic flow control (Ethernet interface), LAN switching LLDP APP parameters, group LAN switching LLDP DCBX configuration, Ethernet link aggregate group Selected ports min/max, LLDP DCBX version, Ethernet link aggregation, flow control Ethernet link aggregation group, interface generic flow control (Ethernet),...

  • Page 228

    Ethernet link aggregation edge aggregate Ethernet link aggregation edge aggregate interface, 44, interface, 49, inloopback configuration, 16, Ethernet link aggregation group, Layer 2 Ethernet aggregate interface (ignored Ethernet link aggregation group (dynamic), VLAN), Ethernet link aggregation group load sharing loopback configuration, 16, mode, null configuration, 16, Ethernet link aggregation LACP,...

  • Page 229

    Layer 2 LAN switching LLDP trapping, interface configuration (Ethernet), 1, LAN switching LLDP-MED trapping, interface storm suppression (Ethernet), Layer 2 LAN switching LAN switching VLAN interface basics, LAN switching LLDP basic configuration, Layer 2 LAN switching port-based VLAN LAN switching LLDP configuration, assignment (access port), LAN switching LLDP group-based WRR Layer 2 LAN switching port-based VLAN...

  • Page 230

    DCBX version configuration, TLV organization-specific types, displaying, transmitting, enable, load balancing ETS parameter configuration, service loopback group configuration, 208, 208, group-based WRR queuing, load sharing how it works, Ethernet link aggregation configuration, LAN switching LLDP+DCBX TLV advertisement, Ethernet link aggregation group load sharing, LAN switching LLDP-MED trapping Ethernet link aggregation load sharing mode, configuration,...

  • Page 231

    loopback interface MSTP VLAN-to-instance mapping table, configuration, master displaying, MSTP master port, maintaining, max age timer (STP), mCheck spanning tree, MAC address move MDI mode (Ethernet interface), ARP fast update enabling, MDIX mode (Ethernet interface), MAC address table MED (LLDP-MED trapping), address learning, address synchronization, LAN switching LLDP basic configuration, 182,...

  • Page 232

    basic concepts, interface cable connection (Layer 2 Ethernet), CIST, interface common settings configuration (Ethernet), CIST calculation, interface fiber port, common root bridge, interface generic flow control (Ethernet), configuration, 84, interface jumbo frame support (Ethernet), CST, interface link mode (Ethernet), device implementation, interface loopback test (Ethernet), feature enable, interface MDIX mode (Layer 2 Ethernet),...

  • Page 233

    null interface configuration, STP designated port, port isolation group assignment (multiple), STP path cost, private VLAN configuration, STP root bridge, private VLAN promiscuous port STP root port, configuration, VLAN mapping 1\1 implementation, private VLAN trunk promiscuous port VLAN mapping 1\2 implementation, configuration, VLAN mapping 2\2 implementation, private VLAN trunk promiscuous+trunk...

  • Page 234

    configuration, 16, polling interval, displaying, port maintaining, Ethernet aggregate interface, Ethernet aggregate interface (description), Ethernet link aggregate group Selected ports operational key (Ethernet link aggregation), min/max, organization-specific LLDPDU TLV types, Ethernet link aggregate interface (expected outputting bandwidth), spanning tree port state transition Ethernet link aggregate interface default information, settings,...

  • Page 235

    Layer 2 aggregate interface (ignored spanning tree TC-BPDU transmission restriction, VLAN), STP designated port, Layer 2 Ethernet link aggregation (dynamic), STP root port, Layer 2 Ethernet link aggregation (static), port isolation Layer 2 Ethernet link aggregation edge configuration, aggregate interface, configuration (multiple isolation groups), Layer 2 Ethernet link aggregation group display,...

  • Page 236

    assigning Layer 2 LAN switching port-based configuring interface storm control (Layer 2 VLAN trunk port, Ethernet), assigning port isolation group (multiple), configuring interface storm suppression (Layer 2 Ethernet), assigning port-based VLAN access port (interface view), configuring LAN switching LLDP, 181, assigning port-based VLAN access port (VLAN configuring LAN switching LLDP 802.1p-to-local view),...

  • Page 237

    configuring Layer 2 Ethernet link aggregation configuring QinQ, load sharing, configuring QinQ basics, configuring Layer 2 LAN switching port-based configuring QinQ VLAN transparent VLAN, transmission, 154, configuring Layer 2 LAN switching private configuring RSTP, VLAN, configuring secondary VLAN Layer 3 configuring Layer 2 LAN switching VLAN basic communication, settings,...

  • Page 238

    displaying interface, modifying MAC address table entry (global), displaying interface (Ethernet), modifying MAC address table entry (on interface), displaying LAN switching LLDP, modifying MAC address table multiport unicast displaying Layer 2 LAN switching VLAN, entry, displaying loop detection, performing interface loopback test (Ethernet), displaying MAC address table, performing spanning tree mCheck, displaying port isolation,...

  • Page 239

    STP protocol packets, LAN switching LLDPDUs, PVID (port-based VLAN), recovering PVST, 66, See also loop detection port status auto recovery, 1 18 configuration, 83, 1 12 reference port (Ethernet link aggregation), 39, feature enable, region mode set, MST, port links, MST region configuration, MST region max hops, MST regional root,...

  • Page 240

    edge port configuration, feature enable, selecting loop guard enable, Ethernet link aggregation Selected ports maintaining, min/max, mCheck, Ethernet link aggregation selected state, mode set, Ethernet link aggregation unselected state, MST region max hops, service MSTP, 75, See also MSTP LAN switching LLDP service bridge mode, No Agreement Check, 102, service loopback group port link type configuration,...

  • Page 241

    MAC address table entry configuration (on inloopback interface configuration, 16, interface), interface configuration (Ethernet), statistics loopback interface configuration, 16, interface statistics polling interval (Ethernet), MAC address table configuration, 21, 22, storm null interface configuration, 16, interface storm control (Layer 2 Ethernet), spanning tree switched network diameter, interface storm suppression (Layer 2 synchronizing...

  • Page 242

    frame encapsulation, LAN switching LLDP advertisable TLV interface basics configuration, configuration, LAN switching LLDP CDP compatibility, LAN switching LLDP management address Layer 2 Ethernet aggregate interface (ignored configuration, VLAN), LAN switching LLDP management address loop detection configuration, encoding format, maintaining, LAN switching LLDP parameters, mapping.

  • Page 243

    LAN switching LLDP CDP compatibility, QinQ basic configuration, QinQ configuration, 151, QinQ VLAN transparent transmission configuration, WRR queuing LAN switching LLDP group-based WRR queuing,...

Comments to this Manuals

Symbols: 0
Latest comments: