Page 1 HPE FlexNetwork 10500 Switch Series Layer 2—LAN Switching Configuration Guide Part number: 5200-1896 Software version: 10500-CMW710-R7524 Document version: 6W100-20161230...
Page 2 © Copyright 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Page 3: Table Of Contents
Contents Configuring the MAC address table ································································ 1 Overview ···························································································································································· 1 How a MAC address entry is created ········································································································· 1 Types of MAC address entries ··················································································································· 1 MAC address table configuration task list ·········································································································· 2 Configuring MAC address entries ······················································································································ 3 Configuration guidelines ·····························································································································...
Page 4 Configuration restrictions and guidelines ································································································· 28 Configuring a Layer 2 aggregation group ································································································· 29 Configuring a Layer 3 aggregation group ································································································· 30 Configuring an aggregate interface ·················································································································· 32 Configuring the description of an aggregate interface ············································································· 32 Specifying ignored VLANs for a Layer 2 aggregate interface ·································································· 32 Setting the MTU for a Layer 3 aggregate interface ··················································································...
Page 5 IP subnet-based VLAN configuration example ························································································ 75 Protocol-based VLAN configuration example ·························································································· 76 Configuring super VLANs ············································································· 80 Overview ·························································································································································· 80 Super VLAN configuration task list ·················································································································· 80 Creating a sub-VLAN ······································································································································· 80 Configuring a super VLAN ······························································································································· 80 Configuring a super VLAN interface ················································································································ 81 Displaying and maintaining super VLANs ········································································································...
Page 6 MRP timers ············································································································································ 117 MVRP registration modes ······························································································································ 118 Protocols and standards ································································································································ 118 MVRP configuration task list ·························································································································· 118 Configuration restrictions and guidelines ······································································································· 118 Configuration prerequisites ···························································································································· 119 Enabling MVRP ·············································································································································· 119 Setting an MVRP registration mode ··············································································································· 119 Setting MRP timers ········································································································································...
Page 7 Setting the loop protection action on a Layer 2 Ethernet interface or S-channel interface ···················· 166 Setting the loop protection action on a Layer 2 aggregate interface or S-channel aggregate interface 166 Setting the loop detection interval ·················································································································· 167 Displaying and maintaining loop detection ····································································································· 167 Loop detection configuration example ···········································································································...
Page 8 Enabling outputting port state transition information ······················································································ 206 Enabling the spanning tree feature ················································································································ 206 Enabling the spanning tree feature in STP/RSTP/MSTP mode ····························································· 207 Enabling the spanning tree feature in PVST mode ················································································ 207 Performing mCheck ······································································································································· 207 Configuration restrictions and guidelines ······························································································· 208 Performing mCheck globally ··················································································································...
Page 9 Configuring PFC parameters ················································································································· 249 Configuring LLDP trapping and LLDP-MED trapping ···················································································· 249 Setting the source MAC address of LLDP frames to the MAC address of a Layer 3 Ethernet subinterface · 250 Enabling the device to generate ARP or ND entries for received management address LLDP TLVs ··········· 251 Displaying and maintaining LLDP ··················································································································...
Page 10: Configuring The Mac Address Table
Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table. •...
Page 11: Mac Address Table Configuration Task List
• Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.
Page 12: Configuring Mac Address Entries
Configuring MAC address entries Configuration guidelines • You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address. • The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive a reboot if you do not save the configuration.
Page 13: Adding Or Modifying A Blackhole Mac Address Entry
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number • Enter S-channel interface view: interface s-channel interface-number.channel-id • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel-id By default, no MAC address entry is configured on the interface. Add or modify a static or mac-address { dynamic | static } Make sure you have created the...
Page 14: Disabling Mac Address Learning
Figure 1 NLB cluster Device NLB cluster You can configure a multiport unicast MAC address entry globally or on an interface. Configuring a multiport unicast MAC address entry globally Step Command Remarks Enter system view. system-view By default, no multiport unicast MAC address entry is configured mac-address multiport globally.
Page 15: Disabling Global Mac Address Learning
After MAC address learning is disabled, the device immediately deletes existing dynamic MAC address entries. Disabling global MAC address learning After global MAC address learning is disabled, the device stops learning MAC addresses. Global MAC address learning does not take effect on a TRILL network, S-channel, VPLS VSI, EVB VSI, or VXLAN VSI.
Page 16: Setting The Aging Timer For Dynamic Mac Address Entries
Step Command Remarks Enter system view. system-view Enable global MAC address mac-address mac-learning By default, global MAC address learning. enable learning is enabled. Enter VLAN view. vlan vlan-id Disable MAC address undo mac-address By default, MAC address learning learning on the VLAN. mac-learning enable on the VLAN is enabled.
Page 17: Configuring The Unknown Frame Forwarding Rule After The Mac Learning Limit Is Reached
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default, the number of MAC Set the MAC learning limit on mac-address max-mac-count addresses that can be learned on the interface. count an interface is not limited. Configuring the unknown frame forwarding rule after the MAC learning limit is reached You can enable or disable forwarding of unknown frames after the MAC learning limit is reached.
Page 18: Enabling Mac Address Synchronization
To assign MAC learning priority to an interface: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter interface view. • Enter S-channel interface view: interface s-channel interface-number.channel-id •...
Page 19 Figure 2 MAC address tables of devices when Client A accesses AP C MAC address Port MAC address Port MAC A MAC A Device A Device B Port B1 Port A1 AP C AP D Client A When Client A roams to AP D, Device B learns a MAC address entry for Client A. Device B advertises it to Device A to ensure service continuity for Client A, as shown in Figure Figure 3 MAC address tables of devices when Client A roams to AP D...
Page 20: Configuring Mac Address Move Notifications And Suppression
Configuring MAC address move notifications and suppression The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist: • Interface B receives a packet with the MAC address as the source MAC address. •...
Page 21: Enabling Arp Fast Update For Mac Address Moves
Enabling ARP fast update for MAC address moves ARP fast update for MAC address moves allows the device to update an ARP entry immediately after the outgoing interface for a MAC address changes. This feature ensures data connection without interruption. As shown in Figure 4, a mobile user laptop accesses the network by connecting to AP 1 or AP 2.
Page 22: Enabling Snmp Notifications For The Mac Address Table
Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Disable the static source undo mac-address static By default, the static source check feature. source-check enable check feature is enabled.
Page 23: Mac Address Table Configuration Example
Task Command display mac-address statistics Display MAC address statistics. (In standalone mode.) Display the display mac-address mac-move [ slot slot-number ] MAC address move records. (In IRF mode.) Display the MAC display mac-address mac-move [ chassis chassis-number slot address move records. slot-number ] MAC address table configuration example Network requirements...
Page 24 # Display the blackhole MAC address entries. [Device] display mac-address blackhole MAC Address VLAN ID State Port/NickName Aging 000f-e235-abcd Blackhole # Display the aging time of dynamic MAC address entries. [Device] display mac-address aging-time MAC address aging time: 500s.
Page 25: Configuring Mac Information
Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor user's leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.
Page 26: Setting The Mac Change Notification Interval
Step Command Remarks Enter system view. system-view Configure the MAC mac-address information mode The default setting is trap. Information mode. { syslog | trap } Setting the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value.
Page 27: Configuration Restrictions And Guidelines
Configuration restrictions and guidelines When you edit the file /etc/syslog.conf, follow these restrictions and guidelines: • Comments must be on a separate line and must begin with a pound sign (#). • No redundant spaces are allowed after the file name. •...
Page 28 Enable MAC Information on Device: # Enable MAC Information globally. [Device] mac-address information enable # Configure the MAC Information mode as syslog. [Device] mac-address information mode syslog # Enable MAC Information on GigabitEthernet 1/0/1 to enable the port to record MAC address change information when the interface performs either of the following operations: Learns a new MAC address.
Page 29: Configuring Ethernet Link Aggregation
Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
Page 30: Operational Key
• Individual—An Individual port can forward traffic as a normal physical port. A port is placed in the Individual state when the following conditions exist: Its aggregate interface is configured as an edge aggregate interface.  The port has not received Link Aggregation Control Protocol Data Units (LACPDUs) from its ...
Page 31: Link Aggregation Modes
• Protocol configurations—Protocol configurations of a member port do not affect the aggregation state of the member port. MAC address learning and spanning tree settings are examples of protocol configurations. NOTE: • The protocol configurations for an aggregate interface take effect only on the current aggregate interface.
Page 32: Aggregating Links In Dynamic Mode
Figure 8 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Operational key/attribute configurations same as the reference port? More candidate ports than max.
Page 33: Lacp
LACP LACP uses LACPDUs to exchange aggregation information between LACP-enabled devices. Each member port in a dynamic aggregation group can exchange information with its peer. When a member port receives an LACPDU, it compares the received information with information received on the other member ports.
Page 34: How Dynamic Link Aggregation Works
• Long timeout interval—90 seconds. If you use the long timeout interval, the peer sends one LACPDU every 30 seconds. How dynamic link aggregation works Choosing a reference port The system chooses a reference port from the member ports in up state. A Selected port must have the same operational key and attribute configurations as the reference port.
Page 35 Figure 9 Setting the state of a member port in a dynamic aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Operational key/attribute configurations same as the reference port? Operational key/attribute configurations of the peer port same as the peer port of the reference port? More candidate ports than allowed max.
Page 36: Edge Aggregate Interface
Edge aggregate interface Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device. The device forwards traffic by using only one of the physical ports that are connected to the server. To improve link reliability, configure the aggregate interface as an edge aggregate interface.
Page 37: Configuring An Aggregation Group
Configuring an aggregation group This section explains how to configure an aggregation group. Configuration restrictions and guidelines When you configure an aggregation group, follow these restrictions and guidelines: • The maximum number of aggregation groups and the maximum number of Selected ports allowed in an aggregation group vary by the port location, as shown in the following matrix: Maximum Maximum number...
Page 38: Configuring A Layer 2 Aggregation Group
Interface type Reference Interface whose service instance is bound VPLS in MPLS Configuration Guide to a VSI • Table 5 shows the interfaces that cannot be assigned to a Layer 3 aggregation group. Table 5 Interfaces that cannot be assigned to a Layer 3 aggregation group Interface type Reference Interface bound to a cross connect...
Page 39: Configuring A Layer 3 Aggregation Group
Configuring a Layer 2 dynamic aggregation group Step Command Remarks Enter system view. system-view By default, the system LACP priority is 32768. Changing the system LACP Set the system LACP priority. lacp system-priority priority priority might affect the aggregation states of the ports in a dynamic aggregation group.
Page 40 Step Command Remarks When you create a Layer 3 Create a Layer 3 aggregate aggregate interface, the system interface route-aggregation interface and enter Layer 3 automatically creates a Layer 3 interface-number aggregate interface view. static aggregation group numbered the same. Exit to system view.
Page 41: Configuring An Aggregate Interface
Step Command Remarks Set the port priority for the link-aggregation port-priority The default setting is 32768. interface. priority By default, the long LACP timeout interval (90 seconds) is used by the interface. To avoid traffic interruption during Set the short LACP timeout an ISSU, do not set the short interval (3 seconds) for the lacp period short...
Page 42: Setting The Mtu For A Layer 3 Aggregate Interface
Step Command Remarks Enter system view. system-view Enter Layer 2 aggregate interface bridge-aggregation interface view. interface-number By default, a Layer 2 aggregate link-aggregation ignore vlan Specify ignored VLANs. interface does not ignore any vlan-id-list VLANs. Setting the MTU for a Layer 3 aggregate interface The MTU of an interface affects IP packets fragmentation and reassembly on the interface.
Page 43: Setting The Expected Bandwidth For An Aggregate Interface
• Assigning two ports to an aggregation group. • Setting the maximum number of Selected ports to 1 for the aggregation group. Then, only one Selected port is allowed in the aggregation group, and the Unselected port acts as a backup port.
Page 44: Shutting Down An Aggregate Interface
• This configuration takes effect only on the aggregate interface corresponding to a dynamic aggregation group. • Link-aggregation traffic redirection does not operate correctly on an edge aggregate interface. For more information about link-aggregation traffic redirection, see "Enabling link-aggregation traffic redirection."...
Page 45: Restoring The Default Settings For An Aggregate Interface
Restoring the default settings for an aggregate interface You can restore all configurations on an aggregate interface to the default settings. To restore the default settings for an aggregate interface: Step Command Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number •...
Page 46: Enabling Local-First Load Sharing For Link Aggregation
Step Command Remarks sharing mode. destination-mac | destination-port | packet types. ingress-port | source-ip | source-mac | source-port } * Setting the group-specific load sharing mode In Layer 2 aggregate interface view, the switch supports the following load sharing modes: •...
Page 47: Enabling Link-Aggregation Traffic Redirection
Figure 10 Load sharing for multidevice link aggregation in an IRF fabric The egress port for a traffic flow is an aggregate interface that has Selected ports on different IRF member devices Local-first load sharing mechanism enabled? Any Selected ports on the ingress device? Packets are load-shared only Packets are load-shared across...
Page 48: Configuration Procedure
• To prevent packet loss that might occur when a slot reboots, do not enable spanning tree together with link-aggregation traffic redirection. • Link-aggregation traffic redirection does not operate correctly on an edge aggregate interface. • As a best practice, enable link-aggregation traffic redirection on aggregate interfaces. If you enable this feature globally, communication with a third-party peer device might be affected if the peer is not compatible with this feature.
Page 49: Ethernet Link Aggregation Configuration Examples
Task Command for link aggregation member ports. Display summary information about all display link-aggregation summary aggregation groups. display link-aggregation verbose Display detailed information about the [ { bridge-aggregation | route-aggregation } specified aggregation groups. [ interface-number ] ] Clear LACP statistics for the specified link reset lacp statistics [ interface interface-list ] aggregation member ports.
Page 50 [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2...
Page 51: Layer 2 Dynamic Aggregation Configuration Example
Layer 2 dynamic aggregation configuration example Network requirements On the network shown in Figure 12, perform the following tasks: • Configure a Layer 2 dynamic aggregation group on both Device A and Device B. • Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.
Page 52: Layer 2 Aggregation Load Sharing Configuration Example
[DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 [DeviceA-Bridge-Aggregation1] quit Configure Device B in the same way Device A is configured.
Page 53 • Configure link aggregation groups 1 and 2 to load share traffic across aggregation group member ports. Configure link aggregation group 1 to load share packets based on source MAC addresses.  Configure link aggregation group 2 to load share packets based on destination MAC ...
Page 54 [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 [DeviceA-Bridge-Aggregation1] quit # Create Layer 2 aggregate interface Bridge-Aggregation 2. [DeviceA] interface bridge-aggregation 2 # Configure Layer 2 aggregation group 2 to load share packets based on destination MAC addresses. [DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac [DeviceA-Bridge-Aggregation2] quit # Assign ports GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to link aggregation group 2.
Page 55: Layer 2 Edge Aggregate Interface Configuration Example
The output shows that: • Link aggregation groups 1 and 2 are both load-shared Layer 2 static aggregation groups. • Each aggregation group contains two Selected ports. # Display all the group-specific load sharing modes on Device A. [DeviceA] display link-aggregation load-sharing mode interface Bridge-Aggregation1 Load-Sharing Mode: source-mac address Bridge-Aggregation2 Load-Sharing Mode:...
Page 56: Layer 3 Static Aggregation Configuration Example
Verifying the configuration # Display detailed information about all aggregation groups on the device when the server is not configured with dynamic link aggregation. [Device] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual, * -- Management port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing,...
Page 57: Layer 3 Dynamic Aggregation Configuration Example
[DeviceA-Route-Aggregation1] ip address 192.168.1.1 24 [DeviceA-Route-Aggregation1] quit # Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1...
Page 58 Configuration procedure Configure Device A: # Create Layer 3 aggregate interface Route-Aggregation 1. <DeviceA> system-view [DeviceA] interface route-aggregation 1 # Set the link aggregation mode to dynamic. [DeviceA-Route-Aggregation1] link-aggregation mode dynamic # Configure an IP address and subnet mask for Route-Aggregation 1. [DeviceA-Route-Aggregation1] ip address 192.168.1.1 24 [DeviceA-Route-Aggregation1] quit # Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to...
Page 59: Layer 3 Aggregation Load Sharing Configuration Example
GE1/0/3 32768 0x8000, 000f-e267-57ad {ACDEF} The output shows that link aggregation group 1 is a Layer 3 dynamic aggregation group that contains three Selected ports. Layer 3 aggregation load sharing configuration example Network requirements On the network shown in Figure 17, perform the following tasks: •...
Page 60 [DeviceA-Route-Aggregation2] quit # Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to aggregation group 2. [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 2 [DeviceA-GigabitEthernet1/0/3] quit [DeviceA] interface gigabitethernet 1/0/4 [DeviceA-GigabitEthernet1/0/4] port link-aggregation group 2 [DeviceA-GigabitEthernet1/0/4] quit Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A.
Page 61: Layer 3 Edge Aggregate Interface Configuration Example
The output shows that: • Link aggregation group 1 load shares packets based on source IP addresses. • Link aggregation group 2 load shares packets based on destination IP addresses. Layer 3 edge aggregate interface configuration example Network requirements As shown in Figure 18, a Layer 3 dynamic aggregation group is configured on the device.
Page 62 Aggregate Interface: Route-Aggregation1 Aggregation Mode: Dynamic Loadsharing Type: Shar Management VLAN : None System ID: 0x8000, 000f-e267-6c6a Local: Port Status Priority Oper-Key Flag -------------------------------------------------------------------------------- GE1/0/1 32768 {AG} GE1/0/2 32768 {AG} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- GE1/0/1 32768 0x8000, 0000-0000-0000 {DEF} GE1/0/2 32768...
Page 63: Configuring Port Isolation
Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group Before you add a PEX port to a Layer 2 aggregate interface that has been assigned to an isolation group, first remove the aggregate interface from the isolation group.
Page 64: Port Isolation Configuration Example
Port isolation configuration example Network requirements As shown in Figure • LAN users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 on the device, respectively. • The device connects to the Internet through GigabitEthernet 1/0/4. Configure the device to provide Internet access for the hosts, and isolate them from one another at Layer 2.
Page 65 [Device] display port-isolate group 2 Port isolation group information: Group ID: 2 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 Community VLAN ID: None The output shows that GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to isolation group 2. As a result, Host A, Host B, and Host C are isolated from one another at layer 2.
Page 66: Configuring Vlans
Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.
Page 67: Protocols And Standards
TPID to a different value. For compatibility with a neighbor device, set the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide.
Page 68: Configuring Vlan Interfaces
NOTE: • As the system default VLAN, VLAN 1 cannot be created or deleted. • Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN. Configuring VLAN interfaces Hosts of different VLANs use VLAN interfaces to communicate at Layer 3.
Page 69: Configuring Port-Based Vlans
Step Command Remarks VLAN interface. Configuring port-based VLANs Introduction Port-based VLANs group VLAN members by port. A port forwards packets from a VLAN only after it is assigned to the VLAN. Port link type You can set the link type of a port to access, trunk, or hybrid. The port link type determines whether the port can be assigned to multiple VLANs.
Page 70: Assigning An Access Port To A Vlan
Actions Access Trunk Hybrid • Receives the frame if its VLAN ID is the same as In the inbound • the PVID. Receives the frame if its VLAN is permitted on the port. direction for a • • Drops the frame if Drops the frame if its VLAN is not permitted on the port.
Page 71: Assigning A Trunk Port To A Vlan
Step Command Remarks interface-number • Enter S-channel interface view: interface s-channel interface-number.channel-id • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel-id Set the port link type to By default, all ports are port link-type access access. access ports. (Optional.) Assign the By default, all access ports port access vlan vlan-id access port to a VLAN.
Page 72: Configuring Mac-Based Vlans
• To change the link type of a port from trunk to hybrid, set the link type to access first. • To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.
Page 73 a. The port first performs a fuzzy match as follows: − Searches for the MAC-to-VLAN entries whose masks are not all Fs. − Performs a logical AND operation on the source MAC address and each of these masks. If an AND operation result matches the MAC address in a MAC-to-VLAN entry, the port tags the frame with the VLAN ID specific to this entry.
Page 74 − If the VLAN ID of the frame is the PVID of the port, the port determines whether it allows the PVID. If the PVID is allowed, the port forwards the frame within the PVID. If the PVID is not allowed, the port drops the frame.
Page 75: General Configuration Restrictions And Guidelines
When a user passes authentication of the access authentication server, the server assigns the authorization VLAN information for the user to the device. The device then performs the following operations: Generates a MAC-to-VLAN entry by using the source MAC address of the user packet and the authorization VLAN information.
Page 76 • As a best practice to ensure correct operation of 802.1X and MAC authentication, do not use dynamic MAC-based VLAN assignment with 802.1X or MAC authentication. • When dynamic MAC-based VLAN assignment is enabled on a port, the configuration of disabling of MAC address learning does not take effect.
Page 77: Configuring Server-Assigned Mac-Based Vlan
Configuring server-assigned MAC-based VLAN Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number Set the port link type to By default, all ports are port link-type hybrid hybrid. access ports. By default, a hybrid port is an Assign the hybrid port untagged member of the port hybrid vlan vlan-id-list { tagged |...
Page 78: Configuring Protocol-Based Vlans
Task Command Remarks Set the port link type port link-type hybrid By default, all ports are access ports. to hybrid. Assign the hybrid By default, a hybrid port is an port to the specified port hybrid vlan vlan-id-list { tagged | untagged member of the VLAN to IP subnet-based untagged }...
Page 79: Configuring A Vlan Group
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Set the port link type to By default, all ports are access port link-type hybrid hybrid. ports. By default, a hybrid port is an Assign the hybrid port port hybrid vlan vlan-id-list { tagged | untagged member of the VLAN to the specified...
Page 80: Displaying And Maintaining Vlans
Displaying and maintaining VLANs Execute display commands in any view and reset commands in user view. Task Command display interface vlan-interface [ interface-number ] [ brief Display VLAN interface information. [ description | down ] ] Display information about IP display ip-subnet-vlan interface { interface-type subnet-based VLANs that are associated interface-number1 [ to interface-type interface-number2 ] | all }...
Page 81 Figure 23 Network diagram GE1/0/3 GE1/0/3 Device A Device B GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/2 Host A Host B Host C Host D VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration procedure Configure Device A: # Create VLAN 100, and assign GigabitEthernet 1/0/1 to VLAN 100. <DeviceA>...
Page 82: Mac-Based Vlan Configuration Example
VLAN ID: 200 VLAN type: Static Route interface: Not configured Description: VLAN 0200 Name: VLAN 0200 Tagged ports: GigabitEthernet1/0/3 Untagged ports: GigabitEthernet1/0/2 MAC-based VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
Page 83 [DeviceA-vlan200] quit # Associate the MAC addresses of Laptop 1 and Laptop 2 with VLANs 100 and 200, respectively. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member.
Page 84: Ip Subnet-Based Vlan Configuration Example
MAC address Mask VLAN ID Priority State 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN address count: 2 IP subnet-based VLAN configuration example Network requirements As shown in Figure 25, the hosts in the office belong to different IP subnets. Configure Device C to transmit packets from 192.168.5.0/24 and 192.168.50.0/24 in VLANs 100 and 200, respectively.
Page 85: Protocol-Based Vlan Configuration Example
[DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] port link-type hybrid [DeviceC-GigabitEthernet1/0/2] port hybrid vlan 100 tagged [DeviceC-GigabitEthernet1/0/2] quit # Configure GigabitEthernet 1/0/3 as a hybrid port, and assign it to VLAN 200 as a tagged VLAN member. [DeviceC] interface gigabitethernet 1/0/3 [DeviceC-GigabitEthernet1/0/3] port link-type hybrid [DeviceC-GigabitEthernet1/0/3] port hybrid vlan 200 tagged [DeviceC-GigabitEthernet1/0/3] quit # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an...
Page 86 Figure 26 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server GE1/0/3 GE1/0/4 GE1/0/1 GE1/0/2 Device L2 switch A L2 switch B IPv4 host A IPv6 host A IPv4 host B IPv6 host B VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration procedure In this example, L2 Switch A and L2 Switch B use the factory configuration.
Page 87 # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
Page 88 IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...
Page 89: Configuring Super Vlans
Configuring super VLANs The super VLAN feature cannot be used together with the VXLAN IP gateway feature. For more information about VXLAN IP gateways, see VXLAN Configuration Guide. Overview Hosts in a VLAN typically use IP addresses in the same subnet. For Layer 3 interoperability with other VLANs, you can create a VLAN interface for the VLAN and assign an IP address to it.
Page 90: Configuring A Super Vlan Interface
• Do not configure a VLAN as both a super VLAN and a guest VLAN, Auth-Fail VLAN, or critical VLAN. For more information about guest VLANs, Auth-Fail VLANs, and critical VLANs, see Security Configuration Guide. • Do not configure a VLAN as both a super VLAN and a sub-VLAN. •...
Page 91: Displaying And Maintaining Super Vlans
Displaying and maintaining super VLANs Execute display commands in any view. Task Command Display information about super VLANs and their display supervlan [ supervlan-id ] associated sub-VLANs. Super VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in VLAN 2. •...
Page 92: Verifying The Configuration
# Enable local proxy ARP. [DeviceA-Vlan-interface10] local-proxy-arp enable [DeviceA-Vlan-interface10] quit # Create VLAN 2, and assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to the VLAN. [DeviceA] vlan 2 [DeviceA-vlan2] port gigabitethernet 1/0/1 gigabitethernet 1/0/2 [DeviceA-vlan2] quit # Create VLAN 3, and assign GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to the VLAN. [DeviceA] vlan 3 [DeviceA-vlan3] port gigabitethernet 1/0/3 gigabitethernet 1/0/4 [DeviceA-vlan3] quit...
Page 93 Name: VLAN 0002 Tagged ports: None Untagged ports: GigabitEthernet1/0/1 GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static It is a sub VLAN. Route interface: Configured Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: GigabitEthernet1/0/3 GigabitEthernet1/0/4...
Page 94: Configuring The Private Vlan
Configuring the private VLAN VLAN technology provides a method for isolating traffic from customers. At the access layer of a network, customer traffic must be isolated for security or accounting purposes. If VLANs are assigned on a per-user basis, a large number of VLANs will be required. The private VLAN feature saves VLAN resources.
Page 95: Configuration Restrictions And Guidelines
Associate the secondary VLANs with the primary VLAN. Configure the uplink and downlink ports: Configure the uplink port (for example, the port connecting L2 Device B to L3 Device A in  Figure 28): − When the port allows only one primary VLAN, configure the port as a promiscuous port of the primary VLAN.
Page 96 Step Command Remarks Create a VLAN and enter vlan vlan-id VLAN view. Configure the VLAN as a By default, a VLAN is not a private-vlan primary primary VLAN. primary VLAN. Return to system view. quit Create one or multiple vlan { vlan-id1 [ to vlan-id2 ] | all } secondary VLANs.
Page 97: Displaying And Maintaining The Private Vlan
Step Command Remarks 17. Enter VLAN view of a vlan vlan-id secondary VLAN. 18. (Optional.) Enable Layer 2 By default, ports in the same • undo private-vlan isolated communication for ports in secondary VLAN can • the same secondary communicate with each other at private-vlan community VLAN.
Page 98 • On Device C, VLAN 6 is a primary VLAN that is associated with secondary VLANs 3 and 4. GigabitEthernet 1/0/5 is in VLAN 6. GigabitEthernet 1/0/3 is in VLAN 3. GigabitEthernet 1/0/4 is in VLAN 4. • Device A is aware of only VLAN 5 on Device B and VLAN 6 on Device C. Figure 29 Network diagram Device A Device C...
Page 99 [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-GigabitEthernet1/0/3] port private-vlan host [DeviceB-GigabitEthernet1/0/3] quit Configure Device C: # Configure VLAN 6 as a primary VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC–vlan6] private-vlan primary [DeviceC–vlan6] quit # Create VLANs 3 and 4. [DeviceC] vlan 3 to 4 # Associate secondary VLANs 3 and 4 with primary VLAN 6.
Page 100: Trunk Promiscuous Port Configuration Example
VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: GigabitEthernet1/0/2 GigabitEthernet1/0/5 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports:...
Page 101 Figure 30 Network diagram Device A VLAN 5 GE1/0/1 VLAN 10 GE1/0/1 Device B GE1/0/2 GE1/0/5 GE1/0/3 GE1/0/4 Host C Host D Host B Host A VLAN 6 VLAN 8 VLAN 3 VLAN 2 Configuration procedure Configure Device B: # Configure VLANs 5 and 10 as primary VLANs. <DeviceB>...
Page 102: Vlan Member
# Assign downlink port GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port access vlan 2 [DeviceB-GigabitEthernet1/0/2] port private-vlan host [DeviceB-GigabitEthernet1/0/2] quit # Assign downlink port GigabitEthernet 1/0/3 to VLAN 3, and configure the port as a host port. [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-GigabitEthernet1/0/3] port private-vlan host...
Page 103: Trunk Promiscuous And Trunk Secondary Port Configuration Example
GigabitEthernet1/0/2 GigabitEthernet1/0/3 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003 Name: VLAN 0003 Tagged ports:...
Page 104 Figure 31 Network diagram VLAN 10 VLAN 20 Device C GE1/0/5 GE1/0/5 Device A GE1/0/1 GE1/0/3 GE1/0/2 GE1/0/2 Device B GE1/0/3 GE1/0/4 Host C Host D VLAN 22 VLAN 12 Host A Host B VLAN 21 VLAN 11 Configuration procedure Configure Device A: # Configure VLANs 10 and 20 as primary VLANs.
Page 105 [DeviceA] interface gigabitethernet 1/0/5 [DeviceA-GigabitEthernet1/0/5] port private-vlan 10 20 trunk promiscuous [DeviceA-GigabitEthernet1/0/5] quit # Assign downlink port GigabitEthernet 1/0/1 to VLAN 22 and configure the port as a host port. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port access vlan 22 [DeviceA-GigabitEthernet1/0/1] port private-vlan host [DeviceA-GigabitEthernet1/0/1] quit # Assign downlink port GigabitEthernet 1/0/3 to VLAN 12 and configure the port as a host port.
Page 106 [DeviceC-GigabitEthernet1/0/5] port link-type hybrid [DeviceC-GigabitEthernet1/0/5] port hybrid vlan 10 20 tagged [DeviceC-GigabitEthernet1/0/5] quit Verifying the configuration # Verify the primary VLAN configurations on Device A. The following output uses primary VLAN 10 as an example. [DeviceA] display private-vlan 10 Primary VLAN ID: 10 Secondary VLAN ID: 11-12 VLAN ID: 10 VLAN type: Static...
Page 107: Secondary Vlan Layer 3 Communication Configuration Example
• The host port (GigabitEthernet 1/0/3) is an untagged member of primary VLAN 10 and secondary VLAN 12. Secondary VLAN Layer 3 communication configuration example Network requirements As shown in Figure 32, configure the private VLAN feature to meet the following requirements: •...
Page 108 [DeviceA-GigabitEthernet1/0/2] port access vlan 2 [DeviceA-GigabitEthernet1/0/2] port private-vlan host [DeviceA-GigabitEthernet1/0/2] quit # Assign downlink port GigabitEthernet 1/0/3 to VLAN 3, and configure the port as a host port. [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port access vlan 3 [DeviceA-GigabitEthernet1/0/3] port private-vlan host [DeviceA-GigabitEthernet1/0/3] quit # Enable Layer 3 communication between secondary VLANs 2 and 3 that are associated with primary VLAN 10.
Page 109 GigabitEthernet1/0/1 GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: GigabitEthernet1/0/1 GigabitEthernet1/0/3 The Route interface field in the output is Configured, indicating that secondary VLANs 2 and 3 are interoperable at Layer 3.
Page 110: Configuring Voice Vlans
Configuring voice VLANs Overview A voice VLAN is used for transmitting voice traffic. The device can configure QoS parameters for voice packets to ensure higher transmission priority of the voice packets. Common voice devices include IP phones and integrated access devices (IADs). This chapter uses IP phones as an example.
Page 111: Automatically Identifying Ip Phones Through Lldp
Automatically identifying IP phones through LLDP If IP phones support LLDP, configure LLDP for automatic IP phone discovery on the device. The device can then automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device performs the following operations: Sends an LLDP TLV with the voice VLAN configuration to the peer.
Page 112: Connecting The Ip Phone To The Device
Figure 34 Connecting the host and IP phone in series Voice gateway Host IP phone Device Connecting the IP phone to the device As shown in Figure 35, IP phones are connected to the device without the presence of the host. Use this connection method when IP phones sends out untagged voice packets.
Page 113: Manual Mode
When the IP phone reboots, the port is reassigned to the voice VLAN to ensure the correct operation of the existing voice connections. The reassignment occurs automatically without being triggered by voice traffic as long as the voice VLAN operates correctly. Manual mode Use manual mode when only IP phones access the network through the device, as shown in Figure...
Page 114: Security Mode And Normal Mode Of Voice Vlans
If an IP phone sends out tagged voice traffic, and its access port is configured with 802.1X authentication, guest VLAN, Auth-Fail VLAN, or critical VLAN, VLAN IDs must be different for the following VLANs: • Voice VLAN. • PVID of the access port. •...
Page 115: Voice Vlan Configuration Task List
Voice VLAN configuration task list Tasks at a glance (Required.) Configuring the QoS priority settings for voice traffic (Required.) Use one of the following methods: • Configuring a port to operate in automatic voice VLAN assignment mode • Configuring a port to operate in manual voice VLAN assignment mode (Optional.) Enabling LLDP for automatic IP phone discovery (Optional.) Use one of the following methods:...
Page 116: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode
Configuring a port to operate in automatic voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in automatic voice VLAN assignment mode, follow these restrictions and guidelines: • Do not configure a VLAN as both a voice VLAN and a protocol-based VLAN. A voice VLAN in automatic mode on a hybrid port processes only tagged incoming voice ...
Page 117: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode
Step Command Remarks interface-number • port link-type trunk Configure the link type of • the port. port link-type hybrid Configure the port to By default, the automatic operate in automatic voice voice-vlan mode auto voice VLAN assignment mode VLAN assignment mode. is enabled.
Page 118: Enabling Lldp For Automatic Ip Phone Discovery
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Configure the port to By default, a port operates in operate in manual voice undo voice-vlan mode auto automatic voice VLAN VLAN assignment assignment mode. mode. • For the access port, see "Assigning an access port to a...
Page 119: Configuring Cdp To Advertise A Voice Vlan
To configure LLDP to advertise a voice VLAN: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default, no advertised voice VLAN ID is configured. Configure an advertised lldp tlv-enable med-tlv For more information about voice VLAN ID.
Page 120: Displaying And Maintaining Voice Vlans
Displaying and maintaining voice VLANs Execute display commands in any view. Task Command Display the voice VLAN state. display voice-vlan state display voice-vlan mac-address Display OUI addresses on a device. Voice VLAN configuration examples Automatic voice VLAN assignment mode configuration example Network requirements As shown in...
Page 121 # Set the voice VLAN aging timer to 30 minutes. [DeviceA] voice-vlan aging 30 # Enable security mode for voice VLANs. [DeviceA] voice-vlan security enable # Add MAC addresses of IP phones A and B to the device with mask FFFF-FF00-0000. [DeviceA] voice-vlan mac-address 0011-1100-0001 mask ffff-ff00-0000 description IP phone A [DeviceA] voice-vlan mac-address 0011-2200-0001 mask ffff-ff00-0000 description IP...
Page 122: Manual Voice Vlan Assignment Mode Configuration Example
Port VLAN Mode DSCP GE1/0/1 Auto GE1/0/2 Auto Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure 37, IP phone A send untagged voice traffic. To enable GigabitEthernet 1/0/1 to transmit only voice packets, perform the following tasks on Device A: •...
Page 123 [DeviceA-GigabitEthernet1/0/1] voice-vlan 2 enable [DeviceA-GigabitEthernet1/0/1] quit Verifying the configuration # Display the OUI addresses supported on Device A. [DeviceA] display voice-vlan mac-address OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0011-2200-0000 ffff-ff00-0000...
Page 124: Configuring Mvrp
Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
Page 125 Join message An MRP participant sends a Join message to request the peer participant to register attributes in the Join message. When receiving a Join message from the peer participant, an MRP participant performs the following tasks: • Registers the attributes in the Join message. •...
Page 126: Mrp Timers
LeaveAll message Each MRP participant starts its LeaveAll timer when starting up. When the timer expires, the MRP participant sends LeaveAll messages to the peer participant. Upon sending or receiving a LeaveAll message, the local participant starts the Leave timer. The local participant determines whether to send a Join message depending on its attribute status.
Page 127: Mvrp Registration Modes
• Effectively reduces the number of LeaveAll messages in the network. • Prevents the LeaveAll timer of a particular participant from always expiring first. MVRP registration modes VLAN information propagated by MVRP includes dynamic VLAN information from other devices and local static VLAN information.
Page 128: Configuration Prerequisites
receive undesired copies. For more information about port mirroring, see Network Management and Monitoring Configuration Guide. • MVRP takes effect only on trunk ports. For more information about trunk ports, see "Configuring VLANs." • Enabling MVRP on a Layer 2 aggregate interface takes effect on the aggregate interface and all Selected member ports in the link aggregation group.
Page 129: Setting Mrp Timers
Step Command Remarks Optional. Set an MVRP registration mvrp registration { fixed | The default setting is normal mode for the port. forbidden | normal } registration mode. Setting MRP timers To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.
Page 130: Enabling Gvrp Compatibility
Enabling GVRP compatibility Enable GVRP compatibility for MVRP when the peer device supports GVRP. Then, the local end can receive and send both MVRP and GVRP frames. When you enable GVRP compatibility, follow these restrictions and guidelines: • GVRP compatibility enables MVRP to work with STP or RSTP, but not MSTP. •...
Page 131: Configuration Procedure
Figure 39 Network diagram Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 à MSTI 1 VLAN 20 à MSTI 2 Other VLANs à MSTI 0 Device C Device D MSTI 0 MSTI 1...
Page 132 [DeviceA] mvrp global enable # Configure GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port GigabitEthernet 1/0/1. [DeviceA-GigabitEthernet1/0/1] mvrp enable [DeviceA-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit VLAN 40.
Page 133 # Enable MVRP on GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] mvrp enable [DeviceB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on GigabitEthernet 1/0/2.
Page 134: Verifying The Configuration
[DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on GigabitEthernet 1/0/2. [DeviceC-GigabitEthernet1/0/2] mvrp enable [DeviceC-GigabitEthernet1/0/2] quit Configure Device D: # Enter MST region view. <DeviceD> system-view [DeviceD] stp region-configuration # Configure the MST region name, VLAN-to-instance mappings, and revision level. [DeviceD-mst-region] region-name example [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 2 vlan 20...
Page 135 Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default) Declared VLANs : 1(default), 10, 20 Propagated VLANs : 1(default) ----[GigabitEthernet1/0/2]---- Config...
Page 136 # Display local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer...
Page 137 Propagated VLANs : The output shows that the following events have occurred: • GigabitEthernet 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.
Page 138 • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP. # Display local VLAN information on Device D. [DeviceD] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP...
Page 139 [DeviceB-GigabitEthernet1/0/3] quit # Display local MVRP VLAN information on GigabitEthernet 1/0/3. [DeviceB] display mvrp running-status interface gigabitethernet 1/0/3 -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/3]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer...
Page 140: Configuring Qinq
Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.
Page 141: Qinq Implementations
When a tagged Ethernet frame from CE 1 arrives at PE 1, the PE tags the frame with SVLAN 3. The double-tagged Ethernet frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4. Figure 41 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10...
Page 142: Protocols And Standards
Protocols and standards • IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks • IEEE 802.1ad, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks-Amendment 4: Provider Bridges Restrictions and guidelines When you configure QinQ, follow these restrictions and guidelines: •...
Page 143: Configuring The Tpid For Vlan Tags
Configuring the TPID for VLAN tags TPID identifies a frame as an 802.1Q tagged frame. The TPID value varies by vendor. On an HPE device, the TPID in the 802.1Q tag added on a QinQ-enabled port is 0x8100 by default, in compliance with IEEE 802.1Q.
Page 144: Configuring The Tpid For Cvlan Tags
Protocol type Value IS-IS 0x8000 LACP 0x8809 LLDP 0x88cc 802.1X 0x888e 802.1ag 0x8902 Cluster 0x88a7 Reserved 0xfffd/0xfffe/0xffff Configuring the TPID for CVLAN tags Perform this task on the PE device. To configure the TPID value for CVLAN tags: Step Command Remarks Enter system view.
Page 145: Displaying And Maintaining Qinq
Step Command Remarks Enter system view. system-view Create a traffic class and traffic classifier classifier-name [ operator By default, no traffic enter its view. { and | or } ] classes exist. • Match CVLAN IDs: if-match customer-vlan-id vlan-id-list Configure CVLAN match •...
Page 146: Qinq Configuration Examples
QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to Company A's VLANs 10 through 70. • The service provider assigns VLAN 200 to Company B's VLANs 30 through 90. •...
Page 147 # Configure GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200 # Set the TPID value in the SVLAN tags to 0x8200 on GigabitEthernet 1/0/2. [PE1-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200 [PE1-GigabitEthernet1/0/2] quit # Configure GigabitEthernet 1/0/3 as a trunk port, and assign it to VLAN 200.
Page 148: Vlan Transparent Transmission Configuration Example
# Configure all ports on the forwarding path to allow frames from VLANs 100 and 200 to pass through without removing the VLAN tag. (Details not shown.) VLAN transparent transmission configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to a company's VLANs 10 through 50. •...
Page 149 Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 100 and 3000. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 # Set the PVID of GigabitEthernet 1/0/1 to VLAN 100. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on GigabitEthernet 1/0/1.
Page 150: Configuring Vlan Mapping
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. Hewlett Packard Enterprise provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag. •...
Page 151 Figure 44 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 Wiring-closet switch DHCP server VLAN 1 VLAN 1 ->...
Page 152: Vlan Mapping Implementations
Figure 45 Application scenario of one-to-two and two-to-two VLAN mapping One-to-two VLAN One-to-two VLAN Two-to-two VLAN mapping mapping mapping VLAN 10 VLAN 2 Data VLAN 20 VLAN 3 Data PE 1 PE 2 PE 3 PE 4 SP 1 SP 2 VLAN 2 Data VLAN 3...
Page 153 Figure 46 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 47, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
Page 154 Figure 48 Many-to-one VLAN mapping implementation Customer- Network-side side many-to- many-to-one CVLAN 1 Data one VLAN VLAN SVLAN Data mapping mapping CVLAN n Data SVLAN Data User network SP network CVLAN Data SVLAN Data DHCP snooping or ARP snooping table lookup Network-side port Customer-side port Uplink traffic...
Page 155: Vlan Mapping Configuration Task List
• Configure the customer-side port as a trunk port, assign it to the SVLAN, and set the port PVID to the SVLAN. • Configure the customer-side port as a hybrid port, assign it to the SVLAN as an untagged member, and set the port PVID to the SVLAN. Figure 50 Zero-to-two VLAN mapping implementation Zero-to-two VLAN mapping...
Page 156: Configuring One-To-One Vlan Mapping
Tasks at a glance Remarks Configure one-to-one VLAN mapping on the Configuring one-to-one VLAN mapping wiring-closet switch, as shown in Figure Configuring many-to-one VLAN mapping • Configuring many-to-one VLAN mapping in a Configure many-to-one VLAN mapping on the network with dynamic IP address assignment campus switch, as shown in Figure •...
Page 157: Configuring Many-To-One Vlan Mapping
Configuring many-to-one VLAN mapping Configure many-to-one VLAN mapping on campus switches (see Figure 44) to transmit the same type of traffic from different users in one VLAN. Configuring many-to-one VLAN mapping in a network with dynamic IP address assignment In a network that uses dynamic address assignment, configure many-to-one VLAN mapping with DHCP snooping.
Page 158 Step Command Remarks By default, ARP detection is disabled. For more information about ARP detection Enable ARP detection. arp detection enable configuration commands, see Security Command Reference. Configuring the customer-side port Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet...
Page 159: Configuring Many-To-One Vlan Mapping In A Network With Static Ip Address Assignment
Step Command Remarks • For the hybrid port: port hybrid vlan vlan-id-list tagged By default, all ports that Configure the port as a support DHCP snooping are dhcp snooping trust DHCP snooping trusted port. untrusted ports when DHCP snooping is enabled. Configure the port as an ARP By default, all ports are ARP arp detection trust...
Page 160 Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id By default, ARP snooping is disabled. For more information about ARP Enable ARP snooping. arp snooping enable snooping commands, see Layer 3—IP Services Command Reference. Configuring the customer-side port Step Command Remarks...
Page 161: Configuring One-To-Two Vlan Mapping
Step Command Remarks hybrid: port link-type hybrid • For the trunk port: port trunk permit vlan vlan-id-list Assign the port to the • translated VLANs. For the hybrid port: port hybrid vlan vlan-id-list tagged Configure the port to use the original VLAN tags of the By default, the port does not many-to-one mapping to...
Page 162: Configuring Zero-To-Two Vlan Mapping
Step Command Remarks port trunk permit vlan { vlan-id-list | all } • For the hybrid port: port hybrid vlan vlan-id-list untagged By default, no VLAN mapping is configured on an interface. Only one SVLAN tag can be vlan mapping nest { range added to packets from the Configure a one-to-two VLAN vlan-range-list | single vlan-id-list }...
Page 163: Configuring Two-To-Two Vlan Mapping
Step Command Remarks untagged b. port hybrid pvid vlan vlan-id vlan mapping untagged Configure a zero-to-two By default, no VLAN mapping nested-outer-vlan outer-vlan-id VLAN mapping. is configured on an interface. nested-inner-vlan inner-vlan-id Configuring two-to-two VLAN mapping Configure two-to-two VLAN mapping on the customer-side port of an edge device that connects two SP networks, for example, on PE 3 in Figure 45.
Page 164: Vlan Mapping Configuration Examples
VLAN mapping configuration examples One-to-one and many-to-one VLAN mapping configuration example Network requirements As shown in Figure • Each household subscribes to PC, VoD, and VoIP services, and obtains the IP address through DHCP. • On the home gateways, VLANs 1, 2, and 3 are assigned to PC, VoD, and VoIP traffic, respectively.
Page 165 Figure 52 Network diagram DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 GE1/0/1 GE1/0/3 Wiring-closet Switch A VLAN 1 GE1/0/2 VLAN 1 -> VLAN 102 DHCP server VLAN 2 ->...
Page 166 # Assign GigabitEthernet 1/0/1 to all original VLANs and translated VLANs. [SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3 101 201 301 # Configure one-to-one VLAN mappings on GigabitEthernet 1/0/1 to map VLANs 1, 2, and 3 to VLANs 101, 201, and 301, respectively. [SwitchA-GigabitEthernet1/0/1] vlan mapping 1 translated-vlan 101 [SwitchA-GigabitEthernet1/0/1] vlan mapping 2 translated-vlan 201 [SwitchA-GigabitEthernet1/0/1] vlan mapping 3 translated-vlan 301...
Page 167 [SwitchC-vlan203] vlan 303 [SwitchC-vlan303] arp detection enable [SwitchC-vlan303] vlan 104 [SwitchC-vlan104] arp detection enable [SwitchC-vlan104] vlan 204 [SwitchC-vlan204] arp detection enable [SwitchC-vlan204] vlan 304 [SwitchC-vlan304] arp detection enable [SwitchC-vlan304] vlan 501 [SwitchC-vlan501] arp detection enable [SwitchC-vlan501] vlan 502 [SwitchC-vlan502] arp detection enable [SwitchC-vlan502] vlan 503 [SwitchC-vlan503] arp detection enable [SwitchC-vlan503] quit...
Page 168 [SwitchC-GigabitEthernet1/0/3] port link-type trunk # Assign GigabitEthernet 1/0/3 to the translated VLANs. [SwitchC-GigabitEthernet1/0/3] port trunk permit vlan 501 to 503 # Configure GigabitEthernet 1/0/3 as a DHCP snooping trusted and ARP trusted port. [SwitchC-GigabitEthernet1/0/3] dhcp snooping trust [SwitchC-GigabitEthernet1/0/3] arp detection trust [SwitchC-GigabitEthernet1/0/3] quit Configure Switch D: # Create the translated VLANs.
Page 169: One-To-Two And Two-To-Two Vlan Mapping Configuration Example
One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure • Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • The two sites use different VPN access services from different service providers, SP 1 and SP •...
Page 170 # Configure the network-side port (GigabitEthernet 1/0/2) as a trunk port. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk # Assign GigabitEthernet 1/0/2 to VLAN 100. [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: # Create VLAN 100. <PE2>...
Page 171 # Create VLANs 6 and 200. <PE4> system-view [PE4] vlan 6 [PE4-vlan6] quit [PE4] vlan 200 [PE4-vlan200] quit # Configure the network-side port (GigabitEthernet 1/0/1) as a trunk port. [PE4] interface gigabitethernet 1/0/1 [PE4-GigabitEthernet1/0/1] port link-type trunk # Assign GigabitEthernet 1/0/1 to VLAN 200. [PE4-GigabitEthernet1/0/1] port trunk permit vlan 200 [PE4-GigabitEthernet1/0/1] quit # Configure the customer-side port (GigabitEthernet 1/0/2) as a hybrid port.
Page 172: Configuring Loop Detection
Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmissions can waste network resources and can paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.
Page 173: Loop Detection Interval
The inner frame header for loop detection contains the following fields: • Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header.
Page 174: Loop Detection Configuration Task List
The device automatically shuts down the port. The device automatically sets the port to the forwarding state after the detection timer set by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.
Page 175: Setting The Loop Protection Action
Step Command Remarks S-channel aggregate interface view. Enable loop detection on the loopback-detection enable vlan Disabled by default. port. { vlan-id--list | all } Setting the loop protection action You can set the loop protection action globally or on a per-port basis. The global setting applies to all ports.
Page 176: Setting The Loop Detection Interval
Setting the loop detection interval With loop detection enabled, the device sends loop detection frames at the loopback detection interval. A shorter interval offers more sensitive detection but consumes more resources. Consider the system performance and loop detection speed when you set the loop detection interval. To set the loop detection interval: Step Command...
Page 177: Configuration Procedure
Configuration procedure Configure Device A: # Create VLAN 100, and globally enable loop detection for the VLAN. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] quit [DeviceA] loopback-detection global enable vlan 100 # Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100.
Page 178: Verifying The Configuration
[DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceC-GigabitEthernet1/0/2] quit Verifying the configuration # View the system logs on devices, for example, Device A. [DeviceA] %Feb 15:04:29:663 2013 DeviceA LPDT/4/LPDT LOOPED: Loopback exists GigabitEthernet1/0/1. %Feb 15:04:29:667 2013...
Page 179: Configuring Spanning Tree Protocols
Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
Page 180 • Protocol ID—Fixed at 0x0000, which represents IEEE 802.1d. • Protocol version ID—Spanning tree protocol version ID. The protocol version ID for STP is 0x00. • BPDU type—Type of the BPDU. The value is 0x00 for a configuration BPDU. • Flags—An 8-bit field indicates the purpose of the BPDU.
Page 181: Basic Concepts In Stp
Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called leaf nodes. The root bridge is not permanent, but can change with changes of the network topology.
Page 182: Calculation Process Of The Stp Algorithm
Table 14 STP port states State Receives/sends BPDUs Learns MAC addresses Forwards use data Disabled Listening Learning Forwarding Blocking Receive Path cost Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust.
Page 183 Step Description Considers this port as the designated port.  Replaces the configuration BPDU on the port with the calculated configuration  BPDU. Periodically sends the calculated configuration BPDU.  • If the configuration BPDU on the port is superior, the device blocks this port without updating its configuration BPDU.
Page 184 Figure 60 The STP algorithm Device A Priority = 0 Port A1 Port A2 Port B1 Port C1 Port B2 Port C2 Path cost = 4 Device B Device C Priority = 1 Priority = 2 As shown in Figure 60, the priority values of Device A, Device B, and Device C are 0, 1, and 2, respectively.
Page 185 Table 17 Comparison process and result on each device Configuration BPDU Device Comparison process on ports after comparison Port A1 performs the following operations: Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}. Determines that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU.
Page 186 Configuration BPDU Device Comparison process on ports after comparison superior to its existing configuration BPDU {2, 0, 2, Port C1}. Updates its configuration BPDU. Port C2 performs the following operations: Receives the original configuration BPDU of Port B2 {1, 0, 1, Port B2}. Determines that the received configuration BPDU is superior to the existing configuration BPDU {2, 0, 2, Port C2}.
Page 187 Configuration BPDU Device Comparison process on ports after comparison the configuration BPDU unchanged. Port C1 does not forward data until a new event triggers a spanning tree calculation process: for example, the link between Device B and Device C is down. After the comparison processes described in Table 17, a spanning tree with Device A as the root...
Page 188: Rstp
A path failure can cause spanning tree re-calculation to adapt the spanning tree structure to the change. However, the resulting new configuration BPDU cannot propagate throughout the network immediately. If the newly elected root ports and designated ports start to forward data immediately, a temporary loop will likely occur.
Page 189: How Rstp Works
• Alternate port—Acts as the backup port for a root port. When the root port is blocked, the alternate port takes over. • Backup port—Acts as the backup port of a designated port. When the designated port is invalid, the backup port becomes the new designated port. A loop occurs when two ports of the same spanning tree device are connected, so the device blocks one of the ports.
Page 190: Pvst
Because each VLAN runs RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled HPE device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled HPE device supports fast network convergence like RSTP when connected to PVST-enabled HPE devices or third-party devices enabled with Rapid PVST.
Page 191: Basic Concepts In Pvst
A port's link type determines the type of BPDUs the port sends. • An access port sends RSTP BPDUs. • A trunk or hybrid port sends RSTP BPDUs in the default VLAN and sends PVST BPDUs in other VLANs. Basic concepts in PVST PVST uses the same port roles and port states as RSTP for fast convergence.
Page 192: Mstp Protocol Frames
MSTP protocol frames Figure 64 shows the format of an MSTP BPDU. Figure 64 MSTP BPDU format Fields Byte Protocol ID Protocol version ID BPDU type Flags Root ID Root path cost Bridge ID Port ID Message age Max age Hello time Forward delay Version1 length=0...
Page 193: Mstp Basic Concepts
MSTP basic concepts Figure 65 shows a switched network that contains four MST regions, each MST region containing four MSTP devices. Figure 66 shows the networking topology of MST region 3. Figure 65 Basic concepts in MSTP VLAN 1 à MSTI 1 VLAN 1 à...
Page 194 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: • A spanning tree protocol enabled • Same region name •...
Page 195 • The regional root of MSTI 1 is Device B. • The regional root of MSTI 2 is Device C. • The regional root of MSTI 0 (also known as the IST) is Device A. Common root bridge The common root bridge is the root bridge of the CIST. Figure 65, the common root bridge is a device in MST region 1.
Page 196: How Mstp Works
CIST. However, that is not true with master ports. A master port on MSTIs is a root port on the CIST. Port states In MSTP, a port can be in one of the following states: • Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user traffic.
Page 197: Mstp Implementation On Devices
• Within an MST region, the frame is forwarded along the corresponding MSTI. • Between two MST regions, the frame is forwarded along the CST. MSTP implementation on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol frames.
Page 198 Root port rapid transition When a root port is blocked, the bridge will elect the alternate port with the highest priority as the new root port. If the new root port's peer is in the forwarding state, the new root port immediately transits to the forwarding state.
Page 199: Protocols And Standards
Figure 70 P/A transition for RSTP and PVST Root port Designated port Alternate port Edge port Device A Device A RID=0.MAC A RID=0.MAC A Port A1 Port A1 Proposal Agreement Port B2 Port B2 Device B Device B RID=4096.MAC B RID=4096.MAC B Port B3 Port B1...
Page 200: Configuration Restrictions And Guidelines
Configuration restrictions and guidelines When you configure spanning tree protocols, follow these restrictions and guidelines: • An eIRF capable device supports enabling PVST for a maximum of 254 VLANs. An eIRF incapable device supports enabling PVST for a maximum of 510 VLANs. For more information about eIRF, see Virtual Technologies Configuration Guide.
Page 201: Rstp Configuration Task List
Tasks at a glance • (Optional.) Configuring the BPDU transmission rate • (Optional.) Enabling outputting port state transition information • (Required.) Enabling the spanning tree feature Configuring the leaf nodes: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the device priority •...
Page 202: Pvst Configuration Task List
Tasks at a glance (Optional.) Enabling SNMP notifications for new-root election and topology change events PVST configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge •...
Page 203: Setting The Spanning Tree Mode
Tasks at a glance • (Optional.) Setting spanning tree timers • (Optional.) Setting the timeout factor • (Optional.) Configuring the BPDU transmission rate • (Optional.) Configuring edge ports • (Optional.) Configuring the port link type • (Optional.) Configuring the mode a port uses to recognize and send MSTP frames •...
Page 204: Configuring An Mst Region
Compatibility of the PVST mode depends on the link type of a port. • On an access port, the PVST mode is compatible with other spanning tree modes in all VLANs. • On a trunk port or hybrid port, the PVST mode is compatible with other spanning tree modes only in the default VLAN.
Page 205: Configuring The Root Bridge Or A Secondary Root Bridge
Configuring the root bridge or a secondary root bridge You can have the spanning tree protocol determine the root bridge of a spanning tree through calculation. You can also specify a device as the root bridge or as a secondary root bridge. A device has independent roles in different spanning trees.
Page 206: Configuring The Device Priority
Step Command Remarks stp [ instance instance-list ] root secondary Configuring the device priority Device priority is a factor in calculating the spanning tree. The priority of a device determines whether the device can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority.
Page 207: Configuring The Network Diameter Of A Switched Network
Configuring the network diameter of a switched network Any two terminal devices in a switched network can reach each other through a specific path, and there are a series of devices on the path. The switched network diameter is the maximum number of devices on the path for an edge device to reach another one in the switched network through the root bridge.
Page 208: Configuration Restrictions And Guidelines
Configuration restrictions and guidelines • The length of the forward delay is related to the network diameter of the switched network. The larger the network diameter is, the longer the forward delay time should be. As a best practice, use the automatically calculated value because inappropriate forward delay setting might cause temporary redundant paths or increase the network convergence time.
Page 209: Configuring The Bpdu Transmission Rate
the upstream device. In this case, the downstream device fails to receive a BPDU within the timeout period and then starts an undesired spanning tree calculation. • To save network resources on a stable network. To set the timeout factor: Step Command Remarks...
Page 210: Configuration Procedure
Configuration procedure To configure a port as an edge port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. Configure the port as an By default, all ports are stp edged-port edge port.
Page 211 Step Command Remarks Enter system view. system-view Specify a standard for the By default, the device uses device to use when it stp pathcost-standard legacy to calculate the default calculates the default path { dot1d-1998 | dot1t | legacy } path costs of its ports.
Page 212: Configuring Path Costs Of Ports
Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard Aggregate interface containing four Selected ports Single port 1000 Aggregate interface containing two Selected ports Aggregate interface 20 Gbps containing three Selected ports Aggregate interface containing four Selected ports Single port Aggregate interface...
Page 213: Configuration Example
Step Command Remarks • In STP/RSTP mode: stp cost cost-value • In PVST mode: By default, the system Configure the path cost of stp vlan vlan-id-list cost cost-value automatically calculates the ports. • the path cost of each port. In MSTP mode: stp [ instance instance-list ] cost cost-value Configuration example...
Page 214: Configuring The Port Link Type
Step Command Remarks Enter Layer 2 Ethernet interface or Layer 2 interface interface-type interface-number aggregate interface view. • In STP/RSTP mode: stp port priority priority • In PVST mode: stp vlan vlan-id-list port priority The default setting is 128 Configure the port priority. priority for all ports.
Page 215: Enabling Outputting Port State Transition Information
By default, the frame format recognition mode of a port is auto. The port automatically distinguishes the two MSTP frame formats, and determines the format of frames that it will send based on the recognized format. You can configure the MSTP frame format on a port. Then, the port sends only MSTP frames of the configured format to communicate with devices that send frames of the same format.
Page 216: Enabling The Spanning Tree Feature In Stp/Rstp/Mstp Mode
Enabling the spanning tree feature in STP/RSTP/MSTP mode Step Command Remarks Enter system view. system-view Enable the spanning tree By default, the spanning tree stp global enable feature. feature is globally enabled. Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view.
Page 217: Configuration Restrictions And Guidelines
Configuration restrictions and guidelines When you configure mCheck, follow these restrictions and guidelines: • The mCheck operation takes effect on devices operating in MSTP, PVST, or RSTP mode. • When you enable or disable TRILL on a port, the port might send TCN BPDUs to the peer port, which causes the peer port to transit to STP mode.
Page 218: Configuring Digest Snooping
Digest Snooping when the network is already working well. Configuration procedure Use this feature on when your HPE device is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping:...
Page 219: Digest Snooping Configuration Example
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. Enable Digest Snooping on By default, Digest Snooping is stp config-digest-snooping the interface. disabled on ports. Return to system view. quit Enable Digest Snooping stp global...
Page 220: Configuring No Agreement Check
[DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] stp global config-digest-snooping Configuring No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: • Proposal—Sent by designated ports to request rapid transition •...
Page 221: Configuration Prerequisites
• The upstream device uses a rapid transition mechanism similar to that of RSTP. • The downstream device runs MSTP and does not operate in RSTP mode. In this case, the following occurs: The root port on the downstream device receives no agreement from the upstream device. It sends no agreement to the upstream device.
Page 222: Configuring Tc Snooping
Configuration procedure # Enable No Agreement Check on GigabitEthernet 1/0/1 of Device A. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] stp no-agreement-check Configuring TC Snooping As shown in Figure 76, an IRF fabric connects to two user networks through double links. •...
Page 223: Configuration Procedure
Configuration procedure To enable TC Snooping: Step Command Remarks Enter system view. system-view Globally disable the spanning By default, the spanning tree undo stp global enable tree feature. feature is globally enabled. By default, TC Snooping is Enable TC Snooping. stp tc-snooping disabled.
Page 224: Enabling Root Guard
Step Command Remarks Enter system view. system-view By default, BPDU guard is globally Enable BPDU guard globally. stp bpdu-protection disabled. Configuring BPDU guard on an interface An edge port preferentially uses the port-specific BPDU guard setting. If the port-specific BPDU guard setting is not available, the edge port uses the global BPDU guard setting.
Page 225: Enabling Loop Guard
Step Command Remarks disabled. Enabling loop guard By continuing to receive BPDUs from the upstream device, a device can maintain the state of the root port and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail to receive BPDUs from the upstream devices. In this situation, the device reselects the following port roles: •...
Page 226: Configuring Tc-Bpdu Transmission Restriction
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. By default, port role restriction is Enable port role restriction. stp role-restriction disabled. Configuring TC-BPDU transmission restriction CAUTION: Enabling TC-BPDU transmission restriction on a port might cause the previous forwarding address table to fail to be updated when the topology changes.
Page 227: Enabling Bpdu Drop
Step Command Remarks disable this feature. (Optional.) Configure the maximum number of forwarding address entry stp tc-protection threshold The default setting is 6. flushes that the device can perform number every 10 seconds. Enabling BPDU drop In a spanning tree network, every BPDU arriving at the device triggers an STP calculation process and is then forwarded to other devices in the network.
Page 228: Enabling Snmp Notifications For New-Root Election And Topology Change Events
Step Command Remarks Enter system view. system-view Enable the device to log By default, the device does not events of receiving or stp log enable tc generate logs when it detects or detecting TC BPDUs. receives TC BPDUs. Enabling SNMP notifications for new-root election and topology change events This task enables the device to generate logs and report new-root election events or spanning tree topology changes to SNMP.
Page 229: Spanning Tree Configuration Example
Task Command interface-type interface-number [ instance instance-list ] ] Display information about ports shut down by spanning display stp down-port tree protection features. (In standalone mode.) Display the port role calculation display stp [ instance instance-list | vlan history for the specified MSTI or all MSTIs. vlan-id-list ] history [ slot slot-number ] display stp [ instance instance-list | vlan (In IRF mode.) Display the port role calculation history...
Page 230 Figure 77 Network diagram MST region Device A Device B Permit: all VLAN GE1/0/3 GE1/0/3 Permit: VLANs 10 and Permit: VLANs 20 and GE1/0/3 GE1/0/3 Permit: VLANs 20 and 40 Device C Device D Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.
Page 231 [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Configure Device B as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally.
Page 232 Verifying the configuration In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0. When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device.
Page 233: Pvst Configuration Example
Figure 78 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30 MSTI 4 mapped to VLAN 40 Root bridge Normal link Blocked link PVST configuration example Network requirements As shown in Figure...
Page 234 Figure 79 Network diagram Device A Device B Permit: all VLAN GE1/0/3 GE1/0/3 Permit: VLANs 10 and Permit: VLANs 20 and GE1/0/3 GE1/0/3 Permit: VLANs 20 and 40 Device C Device D Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.
Page 235 [DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST. <DeviceD> system-view [DeviceD] stp mode pvst # Enable the spanning tree feature globally and in VLAN 20, VLAN 30, and VLAN 40. [DeviceD] stp global enable [DeviceD] stp vlan 20 30 40 enable Verifying the configuration...
Page 236 GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw a topology for each VLAN spanning tree, as shown in Figure Figure 80 VLAN spanning tree topologies Spanning tree for VLAN 10 Spanning tree for VLAN 20 Spanning tree for VLAN 30 Spanning tree for VLAN 40 Root bridge...
Page 237: Configuring Lldp
Configuring LLDP Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 238 LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or Subnetwork Access Protocol (SNAP) frames. • LLDP frame encapsulated in Ethernet II Figure 82 Ethernet II-encapsulated LLDP frame Destination MAC address Source MAC address Type Data = LLDPDU (1500 bytes)
Page 239 Figure 83 SNAP-encapsulated LLDP frame Destination MAC address Source MAC address Type Data = LLDPDU (n bytes) Table 22 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as Destination MAC address that for Ethernet II-encapsulated LLDP frames.
Page 240 Table 23 Basic management TLVs Type Description Remarks Chassis ID Specifies the bridge MAC address of the sending device. Specifies the ID of the sending port: • If the LLDPDU carries LLDP-MED TLVs, the port ID Port ID Mandatory. TLV carries the MAC address of the sending port. •...
Page 241 NOTE: • HPE devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs Table 25 IEEE 802.3 organizationally specific TLVs Type Description...
Page 242: Working Mechanism
Type Description Allows a network device or terminal device to advertise power Extended Power-via-MDI supply capability. This TLV is an extension of the Power Via MDI TLV. Hardware Revision Allows a terminal device to advertise its hardware version. Firmware Revision Allows a terminal device to advertise its firmware version.
Page 243: Protocols And Standards
the token bucket mechanism to rate limit LLDP frames. For more information about the token bucket mechanism, see ACL and QoS Configuration Guide. LLDP automatically enables the fast LLDP frame transmission mechanism in either of the following cases: • A new LLDP frame is received and carries device information new to the local device. •...
Page 244: Performing Basic Lldp Configurations
Tasks at a glance (Optional.) Enabling the device to generate ARP or ND entries for received management address LLDP TLVs Performing basic LLDP configurations Enabling LLDP To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports. To use LLDP together with OpenFlow, you must enable LLDP globally on OpenFlow switches.
Page 245: Setting The Lldp Operating Mode
Step Command Remarks to service bridge. customer bridge mode. Setting the LLDP operating mode Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface view, Layer interface-number 2/Layer 3 aggregate interface view, or IRF physical interface view.
Page 246: Enabling Lldp Polling
Enabling LLDP polling With LLDP polling enabled, a device periodically searches for local configuration changes. When the device detects a configuration change, it sends LLDP frames to inform neighboring devices of the change. To enable LLDP polling: Step Command Remarks Enter system view.
Page 247 Step Command Remarks { civic-address device-type advertise only EVB country-code { ca-type TLVs. ca-value }&<1-10> | elin-address Nearest customer bridge tel-number } } } agents can advertise all • lldp agent nearest-nontpmr basic TLVs as well as tlv-enable { basic-tlv { all | port VLAN ID and link port-description | system-capability aggregation 802.1...
Page 248: Configuring The Management Address And Its Encoding Format
Step Command Remarks [ ip-address ] } | dot1-tlv { all | TLVs and IEEE link-aggregation } } 802.1 organizationally specific TLVs (only the link aggregation TLV is supported). • By default: lldp agent nearest-nontpmr • tlv-enable { basic-tlv { all | Nearest non-TPMR management-address-tlv [ ipv6 ] bridge agents can...
Page 249: Setting Other Lldp Parameters
Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface view, or Layer interface-number 2/Layer 3 aggregate interface view. • In Layer 2 Ethernet interface view or management Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] tlv-enable...
Page 250: Setting An Encapsulation Format For Lldp Frames
To set LLDP parameters: Step Command Remarks Enter system view. system-view Set the TTL multiplier. lldp hold-multiplier value The default setting is 4. Set the LLDP frame The default setting is 30 lldp timer tx-interval interval transmission interval. seconds. Set the token bucket size for lldp max-credit credit-value The default setting is 5.
Page 251: Disabling Lldp Pvid Inconsistency Check
Disabling LLDP PVID inconsistency check By default, when the system receives an LLDP packet, it compares the PVID value contained in packet with the PVID configured on the receiving interface. If the two PVIDs do not match, a log message will be printed to notify the user. You can disable PVID inconsistency check if different PVIDs are required on a link.
Page 252: Configuration Prerequisites
Configuration prerequisites Before you configure CDP compatibility, complete the following tasks: • Globally enable LLDP. • Enable LLDP on the port connecting to a CDP device. • Configure LLDP to operate in TxRx mode on the port. Configuration procedure CDP-compatible LLDP operates in one of the following modes: •...
Page 253: Dcbx Configuration Task List
PFC.  APP.  HPE devices can send these types of DCBX information to a server or storage adapter supporting FCoE. However, HPE devices cannot accept these types of DCBX information. DCBX configuration task list Tasks at a glance (Required.) Enabling LLDP and DCBX TLV advertising (Required.)
Page 254: Enabling Lldp And Dcbx Tlv Advertising
Tasks at a glance • Configuring the 802.1p-to-local priority mapping • Configuring group-based WRR queuing (Required.) Configuring PFC parameters Enabling LLDP and DCBX TLV advertising To enable the device to advertise APP, ETS, and PFC data through an interface, perform the following tasks: •...
Page 255: Configuring App Parameters
Configuring APP parameters The device negotiates with the server adapter by using the APP parameters to achieve the following purposes: • Control the 802.1p priority values of the protocol packets that the server adapter sends. • Identify traffic based on the 802.1p priority values. For example, the device can use the APP parameters to negotiate with the server adapter to set 802.1p priority 3 for all FCoE and FIP frames.
Page 256: Configuring Ets Parameters
Step Command Remarks Create a class, specify the traffic classifier classifier-name operator of the class as OR, operator or and enter class view. Use the specified ACL as the if-match acl acl-number match criterion of the class. Return to system view. quit Create a traffic behavior and traffic behavior behavior-name...
Page 257 Configuring the 802.1p-to-local priority mapping You can configure the 802.1p-to-local priority mapping either in the MQC method or in the priority mapping table method. If you configure the 802.1p-to-local priority mapping in both methods, the configuration made in the MQC method applies. To configure the 802.1p-to-local priority mapping in the MQC method: Step Command...
Page 258: Configuring Pfc Parameters
To configure group-based WRR queuing: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default, a Layer 2 Ethernet Enable WRR queuing. qos wrr byte-count interface uses the SP queue scheduling mechanism. •...
Page 259: Setting The Source Mac Address Of Lldp Frames To The Mac Address Of A Layer 3 Ethernet Subinterface
To prevent excessive LLDP traps from being sent when the topology is unstable, set a trap transmission interval for LLDP. To configure LLDP trapping and LLDP-MED trapping: Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface view, Layer interface interface-type interface-number...
Page 260: Enabling The Device To Generate Arp Or Nd Entries For Received Management Address Lldp Tlvs
Step Command Remarks subinterface number interface-number.subnumber. Enabling the device to generate ARP or ND entries for received management address LLDP TLVs This feature enables the device to generate an ARP or ND entry for a received LLDP frame that carries a management address TLV. The ARP or ND entry contains the management address and the source MAC address of the frame.
Page 261: Lldp Configuration Examples
Task Command [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ] ] Display LLDP status of a display lldp status [ interface interface-type interface-number ] [ agent port. { nearest-bridge | nearest-customer | nearest-nontpmr } ] Display types of display lldp tlv-config [ interface interface-type interface-number ] [ agent advertisable optional LLDP { nearest-bridge | nearest-customer | nearest-nontpmr } ]...
Page 262 Configure Switch B: # Enable LLDP globally. <SwitchB> system-view [SwitchB] lldp global enable # Enable LLDP on GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] lldp enable # Set the LLDP operating mode to Tx on GigabitEthernet 1/0/1. [SwitchB-GigabitEthernet1/0/1] lldp admin-status tx [SwitchB-GigabitEthernet1/0/1] quit Verifying the configuration...
Page 263 MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 16 Number of received unknown TLV : 0 LLDP status information of port 2 [GigabitEthernet1/0/2]: LLDP agent nearest-bridge: Port status of LLDP : Enable...
Page 264 The current number of LLDP neighbors: 1 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days, 0 hours, 5 minutes, 20 seconds Transmit interval : 30s Fast transmit interval : 1s Transmit credit max Hold multiplier Reinit delay : 2s...
Page 265: Cdp-Compatible Lldp Configuration Example
LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP...
Page 266 # Set the link type of GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to trunk, and enable voice VLAN on them. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type trunk [SwitchA-GigabitEthernet1/0/1] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-type trunk [SwitchA-GigabitEthernet1/0/2] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/2] quit Configure CDP-compatible LLDP on Switch A:...
Page 267: Dcbx Configuration Example
Port ID : Port 1 Software version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full DCBX configuration example Network requirements As shown in Figure 88, GigabitEthernet 1/0/1 of the access switch (Switch A) connects to the FCoE adapter of the data center server (DC server).
Page 268 [SwitchA-classifier-app_c] quit # Create a traffic behavior named app_b, and configure the traffic behavior to mark packets with 802.1p priority value 3. [SwitchA] traffic behavior app_b [SwitchA-behavior-app_b] remark dot1p 3 [SwitchA-behavior-app_b] quit # Create a QoS policy named plcy, associate class app_c with traffic behavior app_b in the QoS policy, and apply the association to DCBX.
Page 269 Pad Byte Present: Yes DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 2 Priority Group ID of Priority 3: 15 Priority Group ID of Priority 2: 1 Priority Group ID of Priority 5: 5 Priority Group ID of Priority 4: 4 Priority Group ID of Priority 7: 7...
Page 270 Priority Group 1 Percentage: 4 Priority Group 2 Percentage: 6 Priority Group 3 Percentage: 0 Priority Group 4 Percentage: 10 Priority Group 5 Percentage: 18 Priority Group 6 Percentage: 27 Priority Group 7 Percentage: 31 Number of Traffic Classes Supported: 8 DCBX Parameter Information Parameter Type: Local Pad Byte Present: Yes...
Page 271 Reserved: 0 DCBX Parameter Data PFC Enabled on Priority 0: No PFC Enabled on Priority 1: No PFC Enabled on Priority 2: No PFC Enabled on Priority 3: Yes PFC Enabled on Priority 4: No PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No PFC Enabled on Priority 7: No Number of Traffic Classes Supported: 6...
Page 272 Number of Traffic Classes Supported: 1 The output shows that the DC server will use PFC for 802.1p priority 3.
Page 273: Configuring L2Pt
Layer 2 protocol calculation, which is transparent to the service provider network. • Isolates Layer 2 protocol packets from different customer networks through different VLANs. HPE devices support L2PT for the following protocols: • CDP. •...
Page 274: L2Pt Operating Mechanism
• PVST. • STP (including STP, RSTP, and MSTP). • UDLD. • VTP. L2PT operating mechanism As shown in Figure 90, L2PT operates as follows: • When a port of PE 1 receives a Layer 2 protocol packet from the customer network in a VLAN, it performs the following operations: Multicasts the packet out of all customer-facing ports in the VLAN except the receiving port.
Page 275: L2Pt Restrictions And Guidelines
Figure 91 L2PT network diagram PE 1 PE 2 ISP network Tunnel CE 1 CE 2 Customer A Customer A network 1 network 2 L2PT restrictions and guidelines When you configure L2PT, follow these restrictions and guidelines: • Interfaces of a PEX do not support L2PT. •...
Page 276: Enabling L2Pt For A Protocol
• LACP and EOAM require point-to-point transmission. If you enable L2PT for LACP or EOAM, L2PT multicasts LACP or EOAM packets out of customer-facing ports. As a result, the transmission between two CEs is not point-to-point. To ensure point-to-point transmission for the LACP or EOAM packets, you must configure other features (for example, VLAN).
Page 277: L2Pt Configuration Examples
Task Command display l2protocol statistics [ interface interface-type Display L2PT statistics. interface-number ] reset l2protocol statistics [ interface interface-type Clear L2PT statistics. interface-number ] L2PT configuration examples Configuring L2PT for STP Network requirements As shown in Figure 92, the MAC addresses of CE 1 and CE 2 are 00e0-fc02-5800 and 00e0-fc02-5802, respectively.
Page 278: Configuring L2Pt For Lacp
[PE1-GigabitEthernet1/0/1] undo stp enable [PE1-GigabitEthernet1/0/1] l2protocol stp tunnel dot1q [PE1-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 connected to the service provider network as a trunk port, and assign the port to all VLANs. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan all [PE1-GigabitEthernet1/0/2] quit Configure PE 2 in the same way PE 1 is configured.
Page 279: Configuration Procedures
• For Ethernet link aggregation to operate correctly, configure VLANs on the PEs to ensure point-to-point transmission between CE 1 and CE 2 in an aggregation group. Set the PVIDs to VLAN 2 and VLAN 3 for GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 ...
Page 280 [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-mode bridge [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 3 [PE1-GigabitEthernet1/0/2] port trunk pvid vlan 3 # Enable QinQ on GigabitEthernet 1/0/2. [PE1-GigabitEthernet1/0/2] qinq enable # Enable L2PT for LACP on GigabitEthernet 1/0/2. [PE1-GigabitEthernet1/0/2] l2protocol lacp tunnel dot1q [PE1-GigabitEthernet1/0/2] quit Configure PE 2 in the same way PE 1 is configured.
Page 281 Received LACP Packets: 10 packet(s) Illegal: 0 packet(s) Sent LACP Packets: 13 packet(s) [CE2] display link-aggregation member-port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired GigabitEthernet1/0/1: Aggregate Interface: Bridge-Aggregation1 Local:...
Page 282: Configuring Service Loopback Groups
Configuring service loopback groups Overview A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: •...
Page 283: Configuring A Service Loopback Group
The ports support the service type of the service loopback group and are not members of  any other service loopback group. • You can configure only one service loopback group for a service type. However, you can use one service loopback group with multiple features. •...
Page 284: Configuration Procedure
Configuration procedure # Create service loopback group 1, and specify its service type as tunnel. <DeviceA> system-view [DeviceA] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to service loopback group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port service-loopback group 1 All configurations on the interface will be lost.
Page 285: Document Conventions And Icons
Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.
Page 286: Network Topology Icons
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 287: Support And Other Resources
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...
Page 288: Websites
For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
Page 289 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Page 290: Index
Index Numerics MAC address table entry (on interface), MAC address table multiport unicast entry, address 2 VLAN mappingapplication scenario, MAC address learning disable, 2 VLAN mappingconfiguration, MAC address move suppression, 2 VLAN mappingimplementation, 143, MAC address table address synchronization, MAC address table learning limit, 1 VLAN mappingapplication scenario, 141, MAC address table learning priority, MAC address table move notification,...
Page 291 port-based VLAN hybrid port, MST common root bridge, port-based VLAN trunk port, MST regional root, voice VLAN assignment mode (automatic), spanning tree loop guard, spanning tree root bridge, voice VLAN assignment mode (manual), spanning tree root bridge (device), attribute spanning tree root guard, Ethernet link aggregation attribute spanning tree secondary root bridge (device), configuration,...
Page 292 Ethernet link aggregate interface (Layer 2 M\1 VLAN mapping (dynamic IP address edge), assignment), Ethernet link aggregation, 20, 27, M\1 VLAN mapping (static IP address assignment), Ethernet link aggregation (Layer 2 dynamic), M\1 VLAN mapping customer-side port (dynamic IP address assignment), Ethernet link aggregation (Layer 2 static), M\1 VLAN mapping customer-side port (static IP Ethernet link aggregation (Layer 3 dynamic),...
Page 293 spanning tree edge port, creating spanning tree No Agreement Check, 211, super VLAN sub-VLAN, spanning tree port link type, spanning tree port mode, MST region connection, spanning tree port path cost, 201, customer spanning tree port priority, LLDP customer bridge mode, spanning tree port role restriction, CVLAN spanning tree protection,...
Page 294 spanning tree loop guard, voice VLAN traffic QoS priority settings, spanning tree No Agreement Check, 211, dynamic spanning tree port role restriction, Ethernet link aggregation (dynamic mode), spanning tree priority, Ethernet link aggregation (Layer 2), spanning tree protection, Ethernet link aggregation (Layer 3), spanning tree root guard, Ethernet link aggregation edge aggregate interface,...
Page 295 PVST BPDU guard, private VLAN configuration, 85, 86, QinQ, private VLAN promiscuous port configuration, spanning tree BPDU drop, private VLAN trunk promiscuous port configuration, spanning tree BPDU guard, private VLAN trunk promiscuous+secondary port spanning tree feature, configuration, spanning tree loop guard, QinQ CVLAN frame header tag, spanning tree port state transition information QinQ SVLAN frame header tag,...
Page 296 Layer 2 group (dynamic), loop detection interval, Layer 2 group (static), MAC address learning, Layer 3 aggregate interface (Layer 3 edge), MAC address table blackhole entry, MAC address table configuration, 1, 2, Layer 3 aggregate interface configuration MAC address table entry configuration, (MTU), MAC address table frame forwarding rule, Layer 3 aggregation configuration (dynamic),...
Page 297 MVRP compatibility, super VLAN configuration, 80, 80, super VLAN interface configuration, voice VLAN configuration, 101, 106, hello IP phone spanning tree timer, voice VLAN assignment mode+IP phone STP timer, cooperation, host voice VLAN host+IP phone connection (in series), voice VLAN host+IP phone connection (in series), voice VLAN identification (LLDP), voice VLAN IP phone+device connection,...
Page 298 Ethernet link aggregate interface (expected L2PT display, bandwidth), L2PT for LACP configuration, Ethernet link aggregate interface (Layer 2 L2PT for STP configuration, edge), L2PT maintain, Ethernet link aggregate interface default LLDP basic concepts, settings, LLDP basic configuration, 235, Ethernet link aggregate interface shutdown, LLDP CDP compatibility, LLDP configuration, 228, 234, Ethernet link aggregation (dynamic mode),...
Page 299 private VLAN trunk promiscuous port voice VLAN port operation configuration (manual configuration, assignment), private VLAN trunk promiscuous+secondary voice VLAN port operation configuration port configuration, restrictions (automatic assignment), protocol-based VLAN configuration, 69, voice VLAN port operation configuration restrictions (manual assignment), PVST configuration, Layer 2 QinQ basic configuration, Ethernet link aggregate interface (Layer 2 edge),...
Page 300 Ethernet link aggregation edge aggregate spanning tree configuration, 170, 191, interface, 27, spanning tree hello time, Ethernet link aggregation group, 28, spanning tree port link type configuration, Ethernet link aggregation group load sharing, link aggregation Ethernet link aggregation. See Ethernet link Ethernet link aggregation group load sharing aggregation mode,...
Page 301 reinitialization delay, spanning tree loop guard, source MAC address, loop detection trapping configuration, configuration, 163, 165, voice VLAN advertisement, displaying, voice VLAN information advertisement to IP enable, phones, interval, voice VLAN IP phone identification, interval setting, voice VLAN IP phone identification method, mechanisms, port status auto recovery, voice VLAN LLDP automatic IP phone...
Page 302 entry configuration (global), LLDP encoding format, entry configuration (on interface), manual entry creation, voice VLAN assignment mode, entry types, voice VLAN assignment mode configuration, frame forwarding rule, voice VLAN port operation configuration, learning limit setting, mapping learning priority assignment, 0\2 VLAN mapping, MAC address learning disable, 1\1 VLAN mapping, MAC address move suppression,...
Page 303 spanning tree MSTP, regional root, spanning tree PVST, relationships, spanning tree RSTP, spanning tree max age timer, spanning tree STP, spanning tree port mode configuration, voice VLAN assignment automatic, VLAN-to-instance mapping table, voice VLAN assignment manual, voice VLAN port normal, Layer 3 Ethernet aggregate interface, voice VLAN port security, multicast...
Page 304 Ethernet link aggregation member port state, MAC-based VLAN assignment (static), MAC-based VLAN configuration, 63, Ethernet link aggregation modes, MAC-based VLAN configuration Ethernet link aggregation operational key, (server-assigned), Ethernet link aggregation reference port, MRP timers, Ethernet link aggregation reference port MST region configuration, choice, MSTP basic concepts, IP subnet-based VLAN configuration, 68,...
Page 305 spanning tree port role restriction, voice VLAN port operation configuration (automatic assignment), spanning tree port state transition, voice VLAN port operation configuration (manual spanning tree priority, assignment), spanning tree protection, voice VLAN traffic QoS priority settings, spanning tree root bridge, network management spanning tree root bridge (device), Ethernet link aggregation basic concepts,...
Page 306 Ethernet link aggregation packet type-based Ethernet link aggregate interface shutdown, load sharing, Ethernet link aggregation (dynamic mode), L2PT configuration, 264, 266, Ethernet link aggregation (Layer 2 dynamic), L2PT for LACP configuration, Ethernet link aggregation (Layer 2 static), L2PT for STP configuration, Ethernet link aggregation (Layer 3 dynamic), L2PT tunneled packet destination multicast Ethernet link aggregation (Layer 3 static),...
Page 307 LLDP polling, spanning tree TC-BPDU transmission restriction, LLDP reinitialization delay, STP designated port, LLDP Rx operating mode, STP edge port rapid transition, LLDP Tx operating mode, STP port state, LLDP TxRx operating mode, STP rapid transition, loop detection configuration, 163, 165, STP root port, loop detection interval, 164, STP root port rapid transition,...
Page 308 adding MAC address table multiport unicast configuring L2PT for LACP, entry, configuring L2PT for STP, assigning MAC address table learning priority configuring LAN switching QinQ VLAN tag TPID to interface, value, assigning port isolation group (multiple ports), configuring LAN switching spanning tree Digest Snooping, assigning port-based VLAN access port, configuring LLDP,...
Page 309 configuring MAC-based VLAN configuring spanning tree secondary root bridge (server-assigned), (device), configuring MAC-based VLAN assignment configuring spanning tree switched network (dynamic), diameter, configuring MAC-based VLAN assignment configuring spanning tree TC Snooping, (static), configuring spanning tree TC-BPDU transmission configuring MST region, restriction, configuring MST region max hops, configuring spanning tree timeout factor,...
Page 310 displaying super VLAN, enabling voice VLAN LLDP automatic IP phone discovery, displaying VLAN, maintaining Ethernet link aggregation, displaying VLAN mapping, maintaining L2PT, displaying voice VLAN, maintaining MVRP, enabling ARP fast update for MAC address move, maintaining spanning tree, enabling BPDU guard on an interface, maintaining VLAN, enabling Ethernet link aggregation local-first modifying MAC address table blackhole entry,...
Page 311 setting MVRP timer, basic configuration, setting QinQ SVLAN tag 802.1p priority, configuration, 131, setting spanning tree mode, configuration restrictions, shutting down Ethernet link aggregate CVLAN tag, interface, display, specifying Layer 2 aggregate interface enable, (ignored VLAN), how it works, specifying spanning tree port path cost implementation, calculation standard, loop detection configuration, 163, 165,...
Page 312 Ethernet link aggregate interface default MAC-based VLAN configuration settings, (server-assigned), restriction protocol-based VLAN configuration, 69, configuring service loopback group, voice VLAN configuration, 101, 106, restrictions voice VLAN IP phone access method, Ethernet link aggregation group, RSTP, 170, See also Ethernet link aggregation traffic redirection, basic concepts, LLDP APP parameter configuration, BPDU processing,...
Page 313 Ethernet link aggregation load sharing mode device priority configuration, (group-specific), Digest Snooping, 209, Ethernet link aggregation member port state, displaying, edge port configuration, L2PT tunneled packet destination multicast feature enable, MAC address, inconsistent PVID protection disable, Layer 3 aggregate interface (MTU), logging events of detecting or receiving TC LLDP bridge mode, BPDUs (in PVST mode),...
Page 314 MAC address table entry, QinQ basic configuration, MAC address table entry configuration QinQ configuration, 131, (global), QinQ SVLAN tag 802.1p priority, MAC address table entry configuration (on QinQ VLAN transparent transmission interface), configuration, MAC address table static source check, VLAN mapping application scenario, MAC-based VLAN assignment, 63, VLAN mapping configuration, 141, 146, VLAN mapping implementation,...
Page 315 LLDP reinitialization delay, tunneling MAC address table dynamic aging timer, L2PT configuration, 264, 266, MRP Join, L2PT enable, MRP Leave, L2PT for LACP configuration, MRP LeaveAll, L2PT for STP configuration, MRP Periodic, L2PT tunneled packet destination multicast MAC address, MVRP set, spanning tree forward delay, spanning tree hello, unicast...
Page 316 port-based VLAN frame handling, 1\2 application scenario, 141, private VLAN configuration, 85, 1\2 configuration, 152, private VLAN configuration restrictions, 1\2 implementation, 143, protocol-based VLAN configuration, 69, 2\2 application scenario, 141, protocols and standards, 2\2 configuration, 154, PVID, 2\2 implementation, 143, PVST, 2\3 implementation, QinQ basic configuration,...
Page 317 voice VLAN information advertisement to IP phones, voice VLAN IP phone access method, voice VLAN IP phone identification (LLDP), voice VLAN IP phone identification (OUI address), QinQ basic configuration, QinQ configuration, 131, QinQ VLAN transparent transmission configuration, WRR queuing LLDP group-based WRR queuing,...

HPE FlexNetwork 10500 Series Configuration Manual

Configuring the MAC Address Table

Configuring MAC Information

Configuring Ethernet Link Aggregation

Configuring Port Isolation

Configuring Vlans

Configuring Super Vlans

Configuring the Private VLAN

Configuring Voice Vlans

Configuring MVRP

Configuring Qinq

Configuring VLAN Mapping

Configuring Loop Detection

Configuring Spanning Tree Protocols

Quick Links

Related Manuals for HPE FlexNetwork 10500 Series

Summary of Contents for HPE FlexNetwork 10500 Series