Contents Configuring the MAC address table ································································ 1 Overview ···························································································································································· 1 How a MAC address entry is created ········································································································· 1 Types of MAC address entries ··················································································································· 1 MAC address table configuration task list ·········································································································· 2 Configuring MAC address entries ······················································································································ 3 Configuration guidelines ·····························································································································...
Page 4
Configuration restrictions and guidelines ································································································· 28 Configuring a Layer 2 aggregation group ································································································· 29 Configuring a Layer 3 aggregation group ································································································· 30 Configuring an aggregate interface ·················································································································· 32 Configuring the description of an aggregate interface ············································································· 32 Specifying ignored VLANs for a Layer 2 aggregate interface ·································································· 32 Setting the MTU for a Layer 3 aggregate interface ··················································································...
Page 5
IP subnet-based VLAN configuration example ························································································ 75 Protocol-based VLAN configuration example ·························································································· 76 Configuring super VLANs ············································································· 80 Overview ·························································································································································· 80 Super VLAN configuration task list ·················································································································· 80 Creating a sub-VLAN ······································································································································· 80 Configuring a super VLAN ······························································································································· 80 Configuring a super VLAN interface ················································································································ 81 Displaying and maintaining super VLANs ········································································································...
Page 7
Setting the loop protection action on a Layer 2 Ethernet interface or S-channel interface ···················· 166 Setting the loop protection action on a Layer 2 aggregate interface or S-channel aggregate interface 166 Setting the loop detection interval ·················································································································· 167 Displaying and maintaining loop detection ····································································································· 167 Loop detection configuration example ···········································································································...
Page 8
Enabling outputting port state transition information ······················································································ 206 Enabling the spanning tree feature ················································································································ 206 Enabling the spanning tree feature in STP/RSTP/MSTP mode ····························································· 207 Enabling the spanning tree feature in PVST mode ················································································ 207 Performing mCheck ······································································································································· 207 Configuration restrictions and guidelines ······························································································· 208 Performing mCheck globally ··················································································································...
Page 9
Configuring PFC parameters ················································································································· 249 Configuring LLDP trapping and LLDP-MED trapping ···················································································· 249 Setting the source MAC address of LLDP frames to the MAC address of a Layer 3 Ethernet subinterface · 250 Enabling the device to generate ARP or ND entries for received management address LLDP TLVs ··········· 251 Displaying and maintaining LLDP ··················································································································...
Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table. •...
• Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.
Configuring MAC address entries Configuration guidelines • You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address. • The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive a reboot if you do not save the configuration.
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number • Enter S-channel interface view: interface s-channel interface-number.channel-id • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel-id By default, no MAC address entry is configured on the interface. Add or modify a static or mac-address { dynamic | static } Make sure you have created the...
Figure 1 NLB cluster Device NLB cluster You can configure a multiport unicast MAC address entry globally or on an interface. Configuring a multiport unicast MAC address entry globally Step Command Remarks Enter system view. system-view By default, no multiport unicast MAC address entry is configured mac-address multiport globally.
After MAC address learning is disabled, the device immediately deletes existing dynamic MAC address entries. Disabling global MAC address learning After global MAC address learning is disabled, the device stops learning MAC addresses. Global MAC address learning does not take effect on a TRILL network, S-channel, VPLS VSI, EVB VSI, or VXLAN VSI.
Step Command Remarks Enter system view. system-view Enable global MAC address mac-address mac-learning By default, global MAC address learning. enable learning is enabled. Enter VLAN view. vlan vlan-id Disable MAC address undo mac-address By default, MAC address learning learning on the VLAN. mac-learning enable on the VLAN is enabled.
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default, the number of MAC Set the MAC learning limit on mac-address max-mac-count addresses that can be learned on the interface. count an interface is not limited. Configuring the unknown frame forwarding rule after the MAC learning limit is reached You can enable or disable forwarding of unknown frames after the MAC learning limit is reached.
To assign MAC learning priority to an interface: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter interface view. • Enter S-channel interface view: interface s-channel interface-number.channel-id •...
Page 19
Figure 2 MAC address tables of devices when Client A accesses AP C MAC address Port MAC address Port MAC A MAC A Device A Device B Port B1 Port A1 AP C AP D Client A When Client A roams to AP D, Device B learns a MAC address entry for Client A. Device B advertises it to Device A to ensure service continuity for Client A, as shown in Figure Figure 3 MAC address tables of devices when Client A roams to AP D...
Configuring MAC address move notifications and suppression The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist: • Interface B receives a packet with the MAC address as the source MAC address. •...
Enabling ARP fast update for MAC address moves ARP fast update for MAC address moves allows the device to update an ARP entry immediately after the outgoing interface for a MAC address changes. This feature ensures data connection without interruption. As shown in Figure 4, a mobile user laptop accesses the network by connecting to AP 1 or AP 2.
Task Command display mac-address statistics Display MAC address statistics. (In standalone mode.) Display the display mac-address mac-move [ slot slot-number ] MAC address move records. (In IRF mode.) Display the MAC display mac-address mac-move [ chassis chassis-number slot address move records. slot-number ] MAC address table configuration example Network requirements...
Page 24
# Display the blackhole MAC address entries. [Device] display mac-address blackhole MAC Address VLAN ID State Port/NickName Aging 000f-e235-abcd Blackhole # Display the aging time of dynamic MAC address entries. [Device] display mac-address aging-time MAC address aging time: 500s.
Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor user's leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.
Step Command Remarks Enter system view. system-view Configure the MAC mac-address information mode The default setting is trap. Information mode. { syslog | trap } Setting the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value.
Configuration restrictions and guidelines When you edit the file /etc/syslog.conf, follow these restrictions and guidelines: • Comments must be on a separate line and must begin with a pound sign (#). • No redundant spaces are allowed after the file name. •...
Page 28
Enable MAC Information on Device: # Enable MAC Information globally. [Device] mac-address information enable # Configure the MAC Information mode as syslog. [Device] mac-address information mode syslog # Enable MAC Information on GigabitEthernet 1/0/1 to enable the port to record MAC address change information when the interface performs either of the following operations: Learns a new MAC address.
Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
• Individual—An Individual port can forward traffic as a normal physical port. A port is placed in the Individual state when the following conditions exist: Its aggregate interface is configured as an edge aggregate interface. The port has not received Link Aggregation Control Protocol Data Units (LACPDUs) from its ...
• Protocol configurations—Protocol configurations of a member port do not affect the aggregation state of the member port. MAC address learning and spanning tree settings are examples of protocol configurations. NOTE: • The protocol configurations for an aggregate interface take effect only on the current aggregate interface.
Figure 8 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Operational key/attribute configurations same as the reference port? More candidate ports than max.
LACP LACP uses LACPDUs to exchange aggregation information between LACP-enabled devices. Each member port in a dynamic aggregation group can exchange information with its peer. When a member port receives an LACPDU, it compares the received information with information received on the other member ports.
• Long timeout interval—90 seconds. If you use the long timeout interval, the peer sends one LACPDU every 30 seconds. How dynamic link aggregation works Choosing a reference port The system chooses a reference port from the member ports in up state. A Selected port must have the same operational key and attribute configurations as the reference port.
Page 35
Figure 9 Setting the state of a member port in a dynamic aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Operational key/attribute configurations same as the reference port? Operational key/attribute configurations of the peer port same as the peer port of the reference port? More candidate ports than allowed max.
Edge aggregate interface Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device. The device forwards traffic by using only one of the physical ports that are connected to the server. To improve link reliability, configure the aggregate interface as an edge aggregate interface.
Configuring an aggregation group This section explains how to configure an aggregation group. Configuration restrictions and guidelines When you configure an aggregation group, follow these restrictions and guidelines: • The maximum number of aggregation groups and the maximum number of Selected ports allowed in an aggregation group vary by the port location, as shown in the following matrix: Maximum Maximum number...
Interface type Reference Interface whose service instance is bound VPLS in MPLS Configuration Guide to a VSI • Table 5 shows the interfaces that cannot be assigned to a Layer 3 aggregation group. Table 5 Interfaces that cannot be assigned to a Layer 3 aggregation group Interface type Reference Interface bound to a cross connect...
Configuring a Layer 2 dynamic aggregation group Step Command Remarks Enter system view. system-view By default, the system LACP priority is 32768. Changing the system LACP Set the system LACP priority. lacp system-priority priority priority might affect the aggregation states of the ports in a dynamic aggregation group.
Page 40
Step Command Remarks When you create a Layer 3 Create a Layer 3 aggregate aggregate interface, the system interface route-aggregation interface and enter Layer 3 automatically creates a Layer 3 interface-number aggregate interface view. static aggregation group numbered the same. Exit to system view.
Step Command Remarks Set the port priority for the link-aggregation port-priority The default setting is 32768. interface. priority By default, the long LACP timeout interval (90 seconds) is used by the interface. To avoid traffic interruption during Set the short LACP timeout an ISSU, do not set the short interval (3 seconds) for the lacp period short...
Step Command Remarks Enter system view. system-view Enter Layer 2 aggregate interface bridge-aggregation interface view. interface-number By default, a Layer 2 aggregate link-aggregation ignore vlan Specify ignored VLANs. interface does not ignore any vlan-id-list VLANs. Setting the MTU for a Layer 3 aggregate interface The MTU of an interface affects IP packets fragmentation and reassembly on the interface.
• Assigning two ports to an aggregation group. • Setting the maximum number of Selected ports to 1 for the aggregation group. Then, only one Selected port is allowed in the aggregation group, and the Unselected port acts as a backup port.
• This configuration takes effect only on the aggregate interface corresponding to a dynamic aggregation group. • Link-aggregation traffic redirection does not operate correctly on an edge aggregate interface. For more information about link-aggregation traffic redirection, see "Enabling link-aggregation traffic redirection."...
Restoring the default settings for an aggregate interface You can restore all configurations on an aggregate interface to the default settings. To restore the default settings for an aggregate interface: Step Command Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number •...
Figure 10 Load sharing for multidevice link aggregation in an IRF fabric The egress port for a traffic flow is an aggregate interface that has Selected ports on different IRF member devices Local-first load sharing mechanism enabled? Any Selected ports on the ingress device? Packets are load-shared only Packets are load-shared across...
• To prevent packet loss that might occur when a slot reboots, do not enable spanning tree together with link-aggregation traffic redirection. • Link-aggregation traffic redirection does not operate correctly on an edge aggregate interface. • As a best practice, enable link-aggregation traffic redirection on aggregate interfaces. If you enable this feature globally, communication with a third-party peer device might be affected if the peer is not compatible with this feature.
Task Command for link aggregation member ports. Display summary information about all display link-aggregation summary aggregation groups. display link-aggregation verbose Display detailed information about the [ { bridge-aggregation | route-aggregation } specified aggregation groups. [ interface-number ] ] Clear LACP statistics for the specified link reset lacp statistics [ interface interface-list ] aggregation member ports.
Page 50
[DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2...
Layer 2 dynamic aggregation configuration example Network requirements On the network shown in Figure 12, perform the following tasks: • Configure a Layer 2 dynamic aggregation group on both Device A and Device B. • Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.
[DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 [DeviceA-Bridge-Aggregation1] quit Configure Device B in the same way Device A is configured.
Page 53
• Configure link aggregation groups 1 and 2 to load share traffic across aggregation group member ports. Configure link aggregation group 1 to load share packets based on source MAC addresses. Configure link aggregation group 2 to load share packets based on destination MAC ...
Page 54
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 [DeviceA-Bridge-Aggregation1] quit # Create Layer 2 aggregate interface Bridge-Aggregation 2. [DeviceA] interface bridge-aggregation 2 # Configure Layer 2 aggregation group 2 to load share packets based on destination MAC addresses. [DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac [DeviceA-Bridge-Aggregation2] quit # Assign ports GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to link aggregation group 2.
The output shows that: • Link aggregation groups 1 and 2 are both load-shared Layer 2 static aggregation groups. • Each aggregation group contains two Selected ports. # Display all the group-specific load sharing modes on Device A. [DeviceA] display link-aggregation load-sharing mode interface Bridge-Aggregation1 Load-Sharing Mode: source-mac address Bridge-Aggregation2 Load-Sharing Mode:...
Verifying the configuration # Display detailed information about all aggregation groups on the device when the server is not configured with dynamic link aggregation. [Device] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual, * -- Management port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing,...
GE1/0/3 32768 0x8000, 000f-e267-57ad {ACDEF} The output shows that link aggregation group 1 is a Layer 3 dynamic aggregation group that contains three Selected ports. Layer 3 aggregation load sharing configuration example Network requirements On the network shown in Figure 17, perform the following tasks: •...
Page 60
[DeviceA-Route-Aggregation2] quit # Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to aggregation group 2. [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 2 [DeviceA-GigabitEthernet1/0/3] quit [DeviceA] interface gigabitethernet 1/0/4 [DeviceA-GigabitEthernet1/0/4] port link-aggregation group 2 [DeviceA-GigabitEthernet1/0/4] quit Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A.
The output shows that: • Link aggregation group 1 load shares packets based on source IP addresses. • Link aggregation group 2 load shares packets based on destination IP addresses. Layer 3 edge aggregate interface configuration example Network requirements As shown in Figure 18, a Layer 3 dynamic aggregation group is configured on the device.
Page 62
Aggregate Interface: Route-Aggregation1 Aggregation Mode: Dynamic Loadsharing Type: Shar Management VLAN : None System ID: 0x8000, 000f-e267-6c6a Local: Port Status Priority Oper-Key Flag -------------------------------------------------------------------------------- GE1/0/1 32768 {AG} GE1/0/2 32768 {AG} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- GE1/0/1 32768 0x8000, 0000-0000-0000 {DEF} GE1/0/2 32768...
Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group Before you add a PEX port to a Layer 2 aggregate interface that has been assigned to an isolation group, first remove the aggregate interface from the isolation group.
Port isolation configuration example Network requirements As shown in Figure • LAN users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 on the device, respectively. • The device connects to the Internet through GigabitEthernet 1/0/4. Configure the device to provide Internet access for the hosts, and isolate them from one another at Layer 2.
Page 65
[Device] display port-isolate group 2 Port isolation group information: Group ID: 2 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 Community VLAN ID: None The output shows that GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to isolation group 2. As a result, Host A, Host B, and Host C are isolated from one another at layer 2.
Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.
TPID to a different value. For compatibility with a neighbor device, set the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide.
NOTE: • As the system default VLAN, VLAN 1 cannot be created or deleted. • Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN. Configuring VLAN interfaces Hosts of different VLANs use VLAN interfaces to communicate at Layer 3.
Step Command Remarks VLAN interface. Configuring port-based VLANs Introduction Port-based VLANs group VLAN members by port. A port forwards packets from a VLAN only after it is assigned to the VLAN. Port link type You can set the link type of a port to access, trunk, or hybrid. The port link type determines whether the port can be assigned to multiple VLANs.
Actions Access Trunk Hybrid • Receives the frame if its VLAN ID is the same as In the inbound • the PVID. Receives the frame if its VLAN is permitted on the port. direction for a • • Drops the frame if Drops the frame if its VLAN is not permitted on the port.
Step Command Remarks interface-number • Enter S-channel interface view: interface s-channel interface-number.channel-id • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel-id Set the port link type to By default, all ports are port link-type access access. access ports. (Optional.) Assign the By default, all access ports port access vlan vlan-id access port to a VLAN.
• To change the link type of a port from trunk to hybrid, set the link type to access first. • To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.
Page 73
a. The port first performs a fuzzy match as follows: − Searches for the MAC-to-VLAN entries whose masks are not all Fs. − Performs a logical AND operation on the source MAC address and each of these masks. If an AND operation result matches the MAC address in a MAC-to-VLAN entry, the port tags the frame with the VLAN ID specific to this entry.
Page 74
− If the VLAN ID of the frame is the PVID of the port, the port determines whether it allows the PVID. If the PVID is allowed, the port forwards the frame within the PVID. If the PVID is not allowed, the port drops the frame.
When a user passes authentication of the access authentication server, the server assigns the authorization VLAN information for the user to the device. The device then performs the following operations: Generates a MAC-to-VLAN entry by using the source MAC address of the user packet and the authorization VLAN information.
Page 76
• As a best practice to ensure correct operation of 802.1X and MAC authentication, do not use dynamic MAC-based VLAN assignment with 802.1X or MAC authentication. • When dynamic MAC-based VLAN assignment is enabled on a port, the configuration of disabling of MAC address learning does not take effect.
Configuring server-assigned MAC-based VLAN Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number Set the port link type to By default, all ports are port link-type hybrid hybrid. access ports. By default, a hybrid port is an Assign the hybrid port untagged member of the port hybrid vlan vlan-id-list { tagged |...
Task Command Remarks Set the port link type port link-type hybrid By default, all ports are access ports. to hybrid. Assign the hybrid By default, a hybrid port is an port to the specified port hybrid vlan vlan-id-list { tagged | untagged member of the VLAN to IP subnet-based untagged }...
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Set the port link type to By default, all ports are access port link-type hybrid hybrid. ports. By default, a hybrid port is an Assign the hybrid port port hybrid vlan vlan-id-list { tagged | untagged member of the VLAN to the specified...
Displaying and maintaining VLANs Execute display commands in any view and reset commands in user view. Task Command display interface vlan-interface [ interface-number ] [ brief Display VLAN interface information. [ description | down ] ] Display information about IP display ip-subnet-vlan interface { interface-type subnet-based VLANs that are associated interface-number1 [ to interface-type interface-number2 ] | all }...
Page 81
Figure 23 Network diagram GE1/0/3 GE1/0/3 Device A Device B GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/2 Host A Host B Host C Host D VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration procedure Configure Device A: # Create VLAN 100, and assign GigabitEthernet 1/0/1 to VLAN 100. <DeviceA>...
VLAN ID: 200 VLAN type: Static Route interface: Not configured Description: VLAN 0200 Name: VLAN 0200 Tagged ports: GigabitEthernet1/0/3 Untagged ports: GigabitEthernet1/0/2 MAC-based VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
Page 83
[DeviceA-vlan200] quit # Associate the MAC addresses of Laptop 1 and Laptop 2 with VLANs 100 and 200, respectively. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member.
MAC address Mask VLAN ID Priority State 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN address count: 2 IP subnet-based VLAN configuration example Network requirements As shown in Figure 25, the hosts in the office belong to different IP subnets. Configure Device C to transmit packets from 192.168.5.0/24 and 192.168.50.0/24 in VLANs 100 and 200, respectively.
[DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] port link-type hybrid [DeviceC-GigabitEthernet1/0/2] port hybrid vlan 100 tagged [DeviceC-GigabitEthernet1/0/2] quit # Configure GigabitEthernet 1/0/3 as a hybrid port, and assign it to VLAN 200 as a tagged VLAN member. [DeviceC] interface gigabitethernet 1/0/3 [DeviceC-GigabitEthernet1/0/3] port link-type hybrid [DeviceC-GigabitEthernet1/0/3] port hybrid vlan 200 tagged [DeviceC-GigabitEthernet1/0/3] quit # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an...
Page 86
Figure 26 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server GE1/0/3 GE1/0/4 GE1/0/1 GE1/0/2 Device L2 switch A L2 switch B IPv4 host A IPv6 host A IPv4 host B IPv6 host B VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration procedure In this example, L2 Switch A and L2 Switch B use the factory configuration.
Page 87
# Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
Page 88
IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...
Configuring super VLANs The super VLAN feature cannot be used together with the VXLAN IP gateway feature. For more information about VXLAN IP gateways, see VXLAN Configuration Guide. Overview Hosts in a VLAN typically use IP addresses in the same subnet. For Layer 3 interoperability with other VLANs, you can create a VLAN interface for the VLAN and assign an IP address to it.
• Do not configure a VLAN as both a super VLAN and a guest VLAN, Auth-Fail VLAN, or critical VLAN. For more information about guest VLANs, Auth-Fail VLANs, and critical VLANs, see Security Configuration Guide. • Do not configure a VLAN as both a super VLAN and a sub-VLAN. •...
Displaying and maintaining super VLANs Execute display commands in any view. Task Command Display information about super VLANs and their display supervlan [ supervlan-id ] associated sub-VLANs. Super VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in VLAN 2. •...
Configuring the private VLAN VLAN technology provides a method for isolating traffic from customers. At the access layer of a network, customer traffic must be isolated for security or accounting purposes. If VLANs are assigned on a per-user basis, a large number of VLANs will be required. The private VLAN feature saves VLAN resources.
Associate the secondary VLANs with the primary VLAN. Configure the uplink and downlink ports: Configure the uplink port (for example, the port connecting L2 Device B to L3 Device A in Figure 28): − When the port allows only one primary VLAN, configure the port as a promiscuous port of the primary VLAN.
Page 96
Step Command Remarks Create a VLAN and enter vlan vlan-id VLAN view. Configure the VLAN as a By default, a VLAN is not a private-vlan primary primary VLAN. primary VLAN. Return to system view. quit Create one or multiple vlan { vlan-id1 [ to vlan-id2 ] | all } secondary VLANs.
Step Command Remarks 17. Enter VLAN view of a vlan vlan-id secondary VLAN. 18. (Optional.) Enable Layer 2 By default, ports in the same • undo private-vlan isolated communication for ports in secondary VLAN can • the same secondary communicate with each other at private-vlan community VLAN.
Page 98
• On Device C, VLAN 6 is a primary VLAN that is associated with secondary VLANs 3 and 4. GigabitEthernet 1/0/5 is in VLAN 6. GigabitEthernet 1/0/3 is in VLAN 3. GigabitEthernet 1/0/4 is in VLAN 4. • Device A is aware of only VLAN 5 on Device B and VLAN 6 on Device C. Figure 29 Network diagram Device A Device C...
Page 99
[DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-GigabitEthernet1/0/3] port private-vlan host [DeviceB-GigabitEthernet1/0/3] quit Configure Device C: # Configure VLAN 6 as a primary VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC–vlan6] private-vlan primary [DeviceC–vlan6] quit # Create VLANs 3 and 4. [DeviceC] vlan 3 to 4 # Associate secondary VLANs 3 and 4 with primary VLAN 6.
# Assign downlink port GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port access vlan 2 [DeviceB-GigabitEthernet1/0/2] port private-vlan host [DeviceB-GigabitEthernet1/0/2] quit # Assign downlink port GigabitEthernet 1/0/3 to VLAN 3, and configure the port as a host port. [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-GigabitEthernet1/0/3] port private-vlan host...
Page 104
Figure 31 Network diagram VLAN 10 VLAN 20 Device C GE1/0/5 GE1/0/5 Device A GE1/0/1 GE1/0/3 GE1/0/2 GE1/0/2 Device B GE1/0/3 GE1/0/4 Host C Host D VLAN 22 VLAN 12 Host A Host B VLAN 21 VLAN 11 Configuration procedure Configure Device A: # Configure VLANs 10 and 20 as primary VLANs.
Page 105
[DeviceA] interface gigabitethernet 1/0/5 [DeviceA-GigabitEthernet1/0/5] port private-vlan 10 20 trunk promiscuous [DeviceA-GigabitEthernet1/0/5] quit # Assign downlink port GigabitEthernet 1/0/1 to VLAN 22 and configure the port as a host port. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port access vlan 22 [DeviceA-GigabitEthernet1/0/1] port private-vlan host [DeviceA-GigabitEthernet1/0/1] quit # Assign downlink port GigabitEthernet 1/0/3 to VLAN 12 and configure the port as a host port.
Page 106
[DeviceC-GigabitEthernet1/0/5] port link-type hybrid [DeviceC-GigabitEthernet1/0/5] port hybrid vlan 10 20 tagged [DeviceC-GigabitEthernet1/0/5] quit Verifying the configuration # Verify the primary VLAN configurations on Device A. The following output uses primary VLAN 10 as an example. [DeviceA] display private-vlan 10 Primary VLAN ID: 10 Secondary VLAN ID: 11-12 VLAN ID: 10 VLAN type: Static...
• The host port (GigabitEthernet 1/0/3) is an untagged member of primary VLAN 10 and secondary VLAN 12. Secondary VLAN Layer 3 communication configuration example Network requirements As shown in Figure 32, configure the private VLAN feature to meet the following requirements: •...
Page 108
[DeviceA-GigabitEthernet1/0/2] port access vlan 2 [DeviceA-GigabitEthernet1/0/2] port private-vlan host [DeviceA-GigabitEthernet1/0/2] quit # Assign downlink port GigabitEthernet 1/0/3 to VLAN 3, and configure the port as a host port. [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port access vlan 3 [DeviceA-GigabitEthernet1/0/3] port private-vlan host [DeviceA-GigabitEthernet1/0/3] quit # Enable Layer 3 communication between secondary VLANs 2 and 3 that are associated with primary VLAN 10.
Page 109
GigabitEthernet1/0/1 GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: GigabitEthernet1/0/1 GigabitEthernet1/0/3 The Route interface field in the output is Configured, indicating that secondary VLANs 2 and 3 are interoperable at Layer 3.
Configuring voice VLANs Overview A voice VLAN is used for transmitting voice traffic. The device can configure QoS parameters for voice packets to ensure higher transmission priority of the voice packets. Common voice devices include IP phones and integrated access devices (IADs). This chapter uses IP phones as an example.
Automatically identifying IP phones through LLDP If IP phones support LLDP, configure LLDP for automatic IP phone discovery on the device. The device can then automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device performs the following operations: Sends an LLDP TLV with the voice VLAN configuration to the peer.
Figure 34 Connecting the host and IP phone in series Voice gateway Host IP phone Device Connecting the IP phone to the device As shown in Figure 35, IP phones are connected to the device without the presence of the host. Use this connection method when IP phones sends out untagged voice packets.
When the IP phone reboots, the port is reassigned to the voice VLAN to ensure the correct operation of the existing voice connections. The reassignment occurs automatically without being triggered by voice traffic as long as the voice VLAN operates correctly. Manual mode Use manual mode when only IP phones access the network through the device, as shown in Figure...
If an IP phone sends out tagged voice traffic, and its access port is configured with 802.1X authentication, guest VLAN, Auth-Fail VLAN, or critical VLAN, VLAN IDs must be different for the following VLANs: • Voice VLAN. • PVID of the access port. •...
Voice VLAN configuration task list Tasks at a glance (Required.) Configuring the QoS priority settings for voice traffic (Required.) Use one of the following methods: • Configuring a port to operate in automatic voice VLAN assignment mode • Configuring a port to operate in manual voice VLAN assignment mode (Optional.) Enabling LLDP for automatic IP phone discovery (Optional.) Use one of the following methods:...
Configuring a port to operate in automatic voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in automatic voice VLAN assignment mode, follow these restrictions and guidelines: • Do not configure a VLAN as both a voice VLAN and a protocol-based VLAN. A voice VLAN in automatic mode on a hybrid port processes only tagged incoming voice ...
Step Command Remarks interface-number • port link-type trunk Configure the link type of • the port. port link-type hybrid Configure the port to By default, the automatic operate in automatic voice voice-vlan mode auto voice VLAN assignment mode VLAN assignment mode. is enabled.
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Configure the port to By default, a port operates in operate in manual voice undo voice-vlan mode auto automatic voice VLAN VLAN assignment assignment mode. mode. • For the access port, see "Assigning an access port to a...
To configure LLDP to advertise a voice VLAN: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default, no advertised voice VLAN ID is configured. Configure an advertised lldp tlv-enable med-tlv For more information about voice VLAN ID.
Displaying and maintaining voice VLANs Execute display commands in any view. Task Command Display the voice VLAN state. display voice-vlan state display voice-vlan mac-address Display OUI addresses on a device. Voice VLAN configuration examples Automatic voice VLAN assignment mode configuration example Network requirements As shown in...
Page 121
# Set the voice VLAN aging timer to 30 minutes. [DeviceA] voice-vlan aging 30 # Enable security mode for voice VLANs. [DeviceA] voice-vlan security enable # Add MAC addresses of IP phones A and B to the device with mask FFFF-FF00-0000. [DeviceA] voice-vlan mac-address 0011-1100-0001 mask ffff-ff00-0000 description IP phone A [DeviceA] voice-vlan mac-address 0011-2200-0001 mask ffff-ff00-0000 description IP...
Port VLAN Mode DSCP GE1/0/1 Auto GE1/0/2 Auto Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure 37, IP phone A send untagged voice traffic. To enable GigabitEthernet 1/0/1 to transmit only voice packets, perform the following tasks on Device A: •...
Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
Page 125
Join message An MRP participant sends a Join message to request the peer participant to register attributes in the Join message. When receiving a Join message from the peer participant, an MRP participant performs the following tasks: • Registers the attributes in the Join message. •...
LeaveAll message Each MRP participant starts its LeaveAll timer when starting up. When the timer expires, the MRP participant sends LeaveAll messages to the peer participant. Upon sending or receiving a LeaveAll message, the local participant starts the Leave timer. The local participant determines whether to send a Join message depending on its attribute status.
• Effectively reduces the number of LeaveAll messages in the network. • Prevents the LeaveAll timer of a particular participant from always expiring first. MVRP registration modes VLAN information propagated by MVRP includes dynamic VLAN information from other devices and local static VLAN information.
receive undesired copies. For more information about port mirroring, see Network Management and Monitoring Configuration Guide. • MVRP takes effect only on trunk ports. For more information about trunk ports, see "Configuring VLANs." • Enabling MVRP on a Layer 2 aggregate interface takes effect on the aggregate interface and all Selected member ports in the link aggregation group.
Step Command Remarks Optional. Set an MVRP registration mvrp registration { fixed | The default setting is normal mode for the port. forbidden | normal } registration mode. Setting MRP timers To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.
Enabling GVRP compatibility Enable GVRP compatibility for MVRP when the peer device supports GVRP. Then, the local end can receive and send both MVRP and GVRP frames. When you enable GVRP compatibility, follow these restrictions and guidelines: • GVRP compatibility enables MVRP to work with STP or RSTP, but not MSTP. •...
Figure 39 Network diagram Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 à MSTI 1 VLAN 20 à MSTI 2 Other VLANs à MSTI 0 Device C Device D MSTI 0 MSTI 1...
Page 132
[DeviceA] mvrp global enable # Configure GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port GigabitEthernet 1/0/1. [DeviceA-GigabitEthernet1/0/1] mvrp enable [DeviceA-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit VLAN 40.
Page 133
# Enable MVRP on GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] mvrp enable [DeviceB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on GigabitEthernet 1/0/2.
Page 136
# Display local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer...
Page 137
Propagated VLANs : The output shows that the following events have occurred: • GigabitEthernet 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.
Page 138
• GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP. # Display local VLAN information on Device D. [DeviceD] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP...
Page 139
[DeviceB-GigabitEthernet1/0/3] quit # Display local MVRP VLAN information on GigabitEthernet 1/0/3. [DeviceB] display mvrp running-status interface gigabitethernet 1/0/3 -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/3]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer...
Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.
When a tagged Ethernet frame from CE 1 arrives at PE 1, the PE tags the frame with SVLAN 3. The double-tagged Ethernet frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4. Figure 41 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10...
Protocols and standards • IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks • IEEE 802.1ad, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks-Amendment 4: Provider Bridges Restrictions and guidelines When you configure QinQ, follow these restrictions and guidelines: •...
Configuring the TPID for VLAN tags TPID identifies a frame as an 802.1Q tagged frame. The TPID value varies by vendor. On an HPE device, the TPID in the 802.1Q tag added on a QinQ-enabled port is 0x8100 by default, in compliance with IEEE 802.1Q.
Protocol type Value IS-IS 0x8000 LACP 0x8809 LLDP 0x88cc 802.1X 0x888e 802.1ag 0x8902 Cluster 0x88a7 Reserved 0xfffd/0xfffe/0xffff Configuring the TPID for CVLAN tags Perform this task on the PE device. To configure the TPID value for CVLAN tags: Step Command Remarks Enter system view.
Step Command Remarks Enter system view. system-view Create a traffic class and traffic classifier classifier-name [ operator By default, no traffic enter its view. { and | or } ] classes exist. • Match CVLAN IDs: if-match customer-vlan-id vlan-id-list Configure CVLAN match •...
QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to Company A's VLANs 10 through 70. • The service provider assigns VLAN 200 to Company B's VLANs 30 through 90. •...
Page 147
# Configure GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200 # Set the TPID value in the SVLAN tags to 0x8200 on GigabitEthernet 1/0/2. [PE1-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200 [PE1-GigabitEthernet1/0/2] quit # Configure GigabitEthernet 1/0/3 as a trunk port, and assign it to VLAN 200.
# Configure all ports on the forwarding path to allow frames from VLANs 100 and 200 to pass through without removing the VLAN tag. (Details not shown.) VLAN transparent transmission configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to a company's VLANs 10 through 50. •...
Page 149
Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 100 and 3000. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 # Set the PVID of GigabitEthernet 1/0/1 to VLAN 100. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on GigabitEthernet 1/0/1.
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. Hewlett Packard Enterprise provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag. •...
Page 151
Figure 44 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 Wiring-closet switch DHCP server VLAN 1 VLAN 1 ->...
Figure 45 Application scenario of one-to-two and two-to-two VLAN mapping One-to-two VLAN One-to-two VLAN Two-to-two VLAN mapping mapping mapping VLAN 10 VLAN 2 Data VLAN 20 VLAN 3 Data PE 1 PE 2 PE 3 PE 4 SP 1 SP 2 VLAN 2 Data VLAN 3...
Page 153
Figure 46 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 47, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
Page 154
Figure 48 Many-to-one VLAN mapping implementation Customer- Network-side side many-to- many-to-one CVLAN 1 Data one VLAN VLAN SVLAN Data mapping mapping CVLAN n Data SVLAN Data User network SP network CVLAN Data SVLAN Data DHCP snooping or ARP snooping table lookup Network-side port Customer-side port Uplink traffic...
• Configure the customer-side port as a trunk port, assign it to the SVLAN, and set the port PVID to the SVLAN. • Configure the customer-side port as a hybrid port, assign it to the SVLAN as an untagged member, and set the port PVID to the SVLAN. Figure 50 Zero-to-two VLAN mapping implementation Zero-to-two VLAN mapping...
Tasks at a glance Remarks Configure one-to-one VLAN mapping on the Configuring one-to-one VLAN mapping wiring-closet switch, as shown in Figure Configuring many-to-one VLAN mapping • Configuring many-to-one VLAN mapping in a Configure many-to-one VLAN mapping on the network with dynamic IP address assignment campus switch, as shown in Figure •...
Configuring many-to-one VLAN mapping Configure many-to-one VLAN mapping on campus switches (see Figure 44) to transmit the same type of traffic from different users in one VLAN. Configuring many-to-one VLAN mapping in a network with dynamic IP address assignment In a network that uses dynamic address assignment, configure many-to-one VLAN mapping with DHCP snooping.
Page 158
Step Command Remarks By default, ARP detection is disabled. For more information about ARP detection Enable ARP detection. arp detection enable configuration commands, see Security Command Reference. Configuring the customer-side port Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet...
Step Command Remarks • For the hybrid port: port hybrid vlan vlan-id-list tagged By default, all ports that Configure the port as a support DHCP snooping are dhcp snooping trust DHCP snooping trusted port. untrusted ports when DHCP snooping is enabled. Configure the port as an ARP By default, all ports are ARP arp detection trust...
Page 160
Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id By default, ARP snooping is disabled. For more information about ARP Enable ARP snooping. arp snooping enable snooping commands, see Layer 3—IP Services Command Reference. Configuring the customer-side port Step Command Remarks...
Step Command Remarks hybrid: port link-type hybrid • For the trunk port: port trunk permit vlan vlan-id-list Assign the port to the • translated VLANs. For the hybrid port: port hybrid vlan vlan-id-list tagged Configure the port to use the original VLAN tags of the By default, the port does not many-to-one mapping to...
Step Command Remarks port trunk permit vlan { vlan-id-list | all } • For the hybrid port: port hybrid vlan vlan-id-list untagged By default, no VLAN mapping is configured on an interface. Only one SVLAN tag can be vlan mapping nest { range added to packets from the Configure a one-to-two VLAN vlan-range-list | single vlan-id-list }...
Step Command Remarks untagged b. port hybrid pvid vlan vlan-id vlan mapping untagged Configure a zero-to-two By default, no VLAN mapping nested-outer-vlan outer-vlan-id VLAN mapping. is configured on an interface. nested-inner-vlan inner-vlan-id Configuring two-to-two VLAN mapping Configure two-to-two VLAN mapping on the customer-side port of an edge device that connects two SP networks, for example, on PE 3 in Figure 45.
VLAN mapping configuration examples One-to-one and many-to-one VLAN mapping configuration example Network requirements As shown in Figure • Each household subscribes to PC, VoD, and VoIP services, and obtains the IP address through DHCP. • On the home gateways, VLANs 1, 2, and 3 are assigned to PC, VoD, and VoIP traffic, respectively.
One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure • Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • The two sites use different VPN access services from different service providers, SP 1 and SP •...
Page 170
# Configure the network-side port (GigabitEthernet 1/0/2) as a trunk port. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk # Assign GigabitEthernet 1/0/2 to VLAN 100. [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: # Create VLAN 100. <PE2>...
Page 171
# Create VLANs 6 and 200. <PE4> system-view [PE4] vlan 6 [PE4-vlan6] quit [PE4] vlan 200 [PE4-vlan200] quit # Configure the network-side port (GigabitEthernet 1/0/1) as a trunk port. [PE4] interface gigabitethernet 1/0/1 [PE4-GigabitEthernet1/0/1] port link-type trunk # Assign GigabitEthernet 1/0/1 to VLAN 200. [PE4-GigabitEthernet1/0/1] port trunk permit vlan 200 [PE4-GigabitEthernet1/0/1] quit # Configure the customer-side port (GigabitEthernet 1/0/2) as a hybrid port.
Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmissions can waste network resources and can paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.
The inner frame header for loop detection contains the following fields: • Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header.
The device automatically shuts down the port. The device automatically sets the port to the forwarding state after the detection timer set by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.
Step Command Remarks S-channel aggregate interface view. Enable loop detection on the loopback-detection enable vlan Disabled by default. port. { vlan-id--list | all } Setting the loop protection action You can set the loop protection action globally or on a per-port basis. The global setting applies to all ports.
Setting the loop detection interval With loop detection enabled, the device sends loop detection frames at the loopback detection interval. A shorter interval offers more sensitive detection but consumes more resources. Consider the system performance and loop detection speed when you set the loop detection interval. To set the loop detection interval: Step Command...
[DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceC-GigabitEthernet1/0/2] quit Verifying the configuration # View the system logs on devices, for example, Device A. [DeviceA] %Feb 15:04:29:663 2013 DeviceA LPDT/4/LPDT LOOPED: Loopback exists GigabitEthernet1/0/1. %Feb 15:04:29:667 2013...
Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
Page 180
• Protocol ID—Fixed at 0x0000, which represents IEEE 802.1d. • Protocol version ID—Spanning tree protocol version ID. The protocol version ID for STP is 0x00. • BPDU type—Type of the BPDU. The value is 0x00 for a configuration BPDU. • Flags—An 8-bit field indicates the purpose of the BPDU.
Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called leaf nodes. The root bridge is not permanent, but can change with changes of the network topology.
Table 14 STP port states State Receives/sends BPDUs Learns MAC addresses Forwards use data Disabled Listening Learning Forwarding Blocking Receive Path cost Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust.
Page 183
Step Description Considers this port as the designated port. Replaces the configuration BPDU on the port with the calculated configuration BPDU. Periodically sends the calculated configuration BPDU. • If the configuration BPDU on the port is superior, the device blocks this port without updating its configuration BPDU.
Page 184
Figure 60 The STP algorithm Device A Priority = 0 Port A1 Port A2 Port B1 Port C1 Port B2 Port C2 Path cost = 4 Device B Device C Priority = 1 Priority = 2 As shown in Figure 60, the priority values of Device A, Device B, and Device C are 0, 1, and 2, respectively.
Page 185
Table 17 Comparison process and result on each device Configuration BPDU Device Comparison process on ports after comparison Port A1 performs the following operations: Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}. Determines that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU.
Page 186
Configuration BPDU Device Comparison process on ports after comparison superior to its existing configuration BPDU {2, 0, 2, Port C1}. Updates its configuration BPDU. Port C2 performs the following operations: Receives the original configuration BPDU of Port B2 {1, 0, 1, Port B2}. Determines that the received configuration BPDU is superior to the existing configuration BPDU {2, 0, 2, Port C2}.
Page 187
Configuration BPDU Device Comparison process on ports after comparison the configuration BPDU unchanged. Port C1 does not forward data until a new event triggers a spanning tree calculation process: for example, the link between Device B and Device C is down. After the comparison processes described in Table 17, a spanning tree with Device A as the root...
A path failure can cause spanning tree re-calculation to adapt the spanning tree structure to the change. However, the resulting new configuration BPDU cannot propagate throughout the network immediately. If the newly elected root ports and designated ports start to forward data immediately, a temporary loop will likely occur.
• Alternate port—Acts as the backup port for a root port. When the root port is blocked, the alternate port takes over. • Backup port—Acts as the backup port of a designated port. When the designated port is invalid, the backup port becomes the new designated port. A loop occurs when two ports of the same spanning tree device are connected, so the device blocks one of the ports.
Because each VLAN runs RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled HPE device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled HPE device supports fast network convergence like RSTP when connected to PVST-enabled HPE devices or third-party devices enabled with Rapid PVST.
A port's link type determines the type of BPDUs the port sends. • An access port sends RSTP BPDUs. • A trunk or hybrid port sends RSTP BPDUs in the default VLAN and sends PVST BPDUs in other VLANs. Basic concepts in PVST PVST uses the same port roles and port states as RSTP for fast convergence.
MSTP protocol frames Figure 64 shows the format of an MSTP BPDU. Figure 64 MSTP BPDU format Fields Byte Protocol ID Protocol version ID BPDU type Flags Root ID Root path cost Bridge ID Port ID Message age Max age Hello time Forward delay Version1 length=0...
MSTP basic concepts Figure 65 shows a switched network that contains four MST regions, each MST region containing four MSTP devices. Figure 66 shows the networking topology of MST region 3. Figure 65 Basic concepts in MSTP VLAN 1 à MSTI 1 VLAN 1 à...
Page 194
MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: • A spanning tree protocol enabled • Same region name •...
Page 195
• The regional root of MSTI 1 is Device B. • The regional root of MSTI 2 is Device C. • The regional root of MSTI 0 (also known as the IST) is Device A. Common root bridge The common root bridge is the root bridge of the CIST. Figure 65, the common root bridge is a device in MST region 1.
CIST. However, that is not true with master ports. A master port on MSTIs is a root port on the CIST. Port states In MSTP, a port can be in one of the following states: • Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user traffic.
• Within an MST region, the frame is forwarded along the corresponding MSTI. • Between two MST regions, the frame is forwarded along the CST. MSTP implementation on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol frames.
Page 198
Root port rapid transition When a root port is blocked, the bridge will elect the alternate port with the highest priority as the new root port. If the new root port's peer is in the forwarding state, the new root port immediately transits to the forwarding state.
Figure 70 P/A transition for RSTP and PVST Root port Designated port Alternate port Edge port Device A Device A RID=0.MAC A RID=0.MAC A Port A1 Port A1 Proposal Agreement Port B2 Port B2 Device B Device B RID=4096.MAC B RID=4096.MAC B Port B3 Port B1...
Configuration restrictions and guidelines When you configure spanning tree protocols, follow these restrictions and guidelines: • An eIRF capable device supports enabling PVST for a maximum of 254 VLANs. An eIRF incapable device supports enabling PVST for a maximum of 510 VLANs. For more information about eIRF, see Virtual Technologies Configuration Guide.
Tasks at a glance • (Optional.) Configuring the BPDU transmission rate • (Optional.) Enabling outputting port state transition information • (Required.) Enabling the spanning tree feature Configuring the leaf nodes: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the device priority •...
Tasks at a glance (Optional.) Enabling SNMP notifications for new-root election and topology change events PVST configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge •...
Tasks at a glance • (Optional.) Setting spanning tree timers • (Optional.) Setting the timeout factor • (Optional.) Configuring the BPDU transmission rate • (Optional.) Configuring edge ports • (Optional.) Configuring the port link type • (Optional.) Configuring the mode a port uses to recognize and send MSTP frames •...
Compatibility of the PVST mode depends on the link type of a port. • On an access port, the PVST mode is compatible with other spanning tree modes in all VLANs. • On a trunk port or hybrid port, the PVST mode is compatible with other spanning tree modes only in the default VLAN.
Configuring the root bridge or a secondary root bridge You can have the spanning tree protocol determine the root bridge of a spanning tree through calculation. You can also specify a device as the root bridge or as a secondary root bridge. A device has independent roles in different spanning trees.
Step Command Remarks stp [ instance instance-list ] root secondary Configuring the device priority Device priority is a factor in calculating the spanning tree. The priority of a device determines whether the device can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority.
Configuring the network diameter of a switched network Any two terminal devices in a switched network can reach each other through a specific path, and there are a series of devices on the path. The switched network diameter is the maximum number of devices on the path for an edge device to reach another one in the switched network through the root bridge.
Configuration restrictions and guidelines • The length of the forward delay is related to the network diameter of the switched network. The larger the network diameter is, the longer the forward delay time should be. As a best practice, use the automatically calculated value because inappropriate forward delay setting might cause temporary redundant paths or increase the network convergence time.
the upstream device. In this case, the downstream device fails to receive a BPDU within the timeout period and then starts an undesired spanning tree calculation. • To save network resources on a stable network. To set the timeout factor: Step Command Remarks...
Configuration procedure To configure a port as an edge port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. Configure the port as an By default, all ports are stp edged-port edge port.
Page 211
Step Command Remarks Enter system view. system-view Specify a standard for the By default, the device uses device to use when it stp pathcost-standard legacy to calculate the default calculates the default path { dot1d-1998 | dot1t | legacy } path costs of its ports.
Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard Aggregate interface containing four Selected ports Single port 1000 Aggregate interface containing two Selected ports Aggregate interface 20 Gbps containing three Selected ports Aggregate interface containing four Selected ports Single port Aggregate interface...
Step Command Remarks • In STP/RSTP mode: stp cost cost-value • In PVST mode: By default, the system Configure the path cost of stp vlan vlan-id-list cost cost-value automatically calculates the ports. • the path cost of each port. In MSTP mode: stp [ instance instance-list ] cost cost-value Configuration example...
Step Command Remarks Enter Layer 2 Ethernet interface or Layer 2 interface interface-type interface-number aggregate interface view. • In STP/RSTP mode: stp port priority priority • In PVST mode: stp vlan vlan-id-list port priority The default setting is 128 Configure the port priority. priority for all ports.
By default, the frame format recognition mode of a port is auto. The port automatically distinguishes the two MSTP frame formats, and determines the format of frames that it will send based on the recognized format. You can configure the MSTP frame format on a port. Then, the port sends only MSTP frames of the configured format to communicate with devices that send frames of the same format.
Enabling the spanning tree feature in STP/RSTP/MSTP mode Step Command Remarks Enter system view. system-view Enable the spanning tree By default, the spanning tree stp global enable feature. feature is globally enabled. Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view.
Configuration restrictions and guidelines When you configure mCheck, follow these restrictions and guidelines: • The mCheck operation takes effect on devices operating in MSTP, PVST, or RSTP mode. • When you enable or disable TRILL on a port, the port might send TCN BPDUs to the peer port, which causes the peer port to transit to STP mode.
Digest Snooping when the network is already working well. Configuration procedure Use this feature on when your HPE device is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping:...
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. Enable Digest Snooping on By default, Digest Snooping is stp config-digest-snooping the interface. disabled on ports. Return to system view. quit Enable Digest Snooping stp global...
[DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] stp global config-digest-snooping Configuring No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: • Proposal—Sent by designated ports to request rapid transition •...
• The upstream device uses a rapid transition mechanism similar to that of RSTP. • The downstream device runs MSTP and does not operate in RSTP mode. In this case, the following occurs: The root port on the downstream device receives no agreement from the upstream device. It sends no agreement to the upstream device.
Configuration procedure # Enable No Agreement Check on GigabitEthernet 1/0/1 of Device A. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] stp no-agreement-check Configuring TC Snooping As shown in Figure 76, an IRF fabric connects to two user networks through double links. •...
Configuration procedure To enable TC Snooping: Step Command Remarks Enter system view. system-view Globally disable the spanning By default, the spanning tree undo stp global enable tree feature. feature is globally enabled. By default, TC Snooping is Enable TC Snooping. stp tc-snooping disabled.
Step Command Remarks Enter system view. system-view By default, BPDU guard is globally Enable BPDU guard globally. stp bpdu-protection disabled. Configuring BPDU guard on an interface An edge port preferentially uses the port-specific BPDU guard setting. If the port-specific BPDU guard setting is not available, the edge port uses the global BPDU guard setting.
Step Command Remarks disabled. Enabling loop guard By continuing to receive BPDUs from the upstream device, a device can maintain the state of the root port and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail to receive BPDUs from the upstream devices. In this situation, the device reselects the following port roles: •...
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. By default, port role restriction is Enable port role restriction. stp role-restriction disabled. Configuring TC-BPDU transmission restriction CAUTION: Enabling TC-BPDU transmission restriction on a port might cause the previous forwarding address table to fail to be updated when the topology changes.
Step Command Remarks disable this feature. (Optional.) Configure the maximum number of forwarding address entry stp tc-protection threshold The default setting is 6. flushes that the device can perform number every 10 seconds. Enabling BPDU drop In a spanning tree network, every BPDU arriving at the device triggers an STP calculation process and is then forwarded to other devices in the network.
Step Command Remarks Enter system view. system-view Enable the device to log By default, the device does not events of receiving or stp log enable tc generate logs when it detects or detecting TC BPDUs. receives TC BPDUs. Enabling SNMP notifications for new-root election and topology change events This task enables the device to generate logs and report new-root election events or spanning tree topology changes to SNMP.
Task Command interface-type interface-number [ instance instance-list ] ] Display information about ports shut down by spanning display stp down-port tree protection features. (In standalone mode.) Display the port role calculation display stp [ instance instance-list | vlan history for the specified MSTI or all MSTIs. vlan-id-list ] history [ slot slot-number ] display stp [ instance instance-list | vlan (In IRF mode.) Display the port role calculation history...
Page 230
Figure 77 Network diagram MST region Device A Device B Permit: all VLAN GE1/0/3 GE1/0/3 Permit: VLANs 10 and Permit: VLANs 20 and GE1/0/3 GE1/0/3 Permit: VLANs 20 and 40 Device C Device D Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.
Page 231
[DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Configure Device B as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally.
Page 232
Verifying the configuration In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0. When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device.
Figure 78 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30 MSTI 4 mapped to VLAN 40 Root bridge Normal link Blocked link PVST configuration example Network requirements As shown in Figure...
Page 234
Figure 79 Network diagram Device A Device B Permit: all VLAN GE1/0/3 GE1/0/3 Permit: VLANs 10 and Permit: VLANs 20 and GE1/0/3 GE1/0/3 Permit: VLANs 20 and 40 Device C Device D Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.
Page 235
[DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST. <DeviceD> system-view [DeviceD] stp mode pvst # Enable the spanning tree feature globally and in VLAN 20, VLAN 30, and VLAN 40. [DeviceD] stp global enable [DeviceD] stp vlan 20 30 40 enable Verifying the configuration...
Page 236
GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw a topology for each VLAN spanning tree, as shown in Figure Figure 80 VLAN spanning tree topologies Spanning tree for VLAN 10 Spanning tree for VLAN 20 Spanning tree for VLAN 30 Spanning tree for VLAN 40 Root bridge...
Configuring LLDP Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 238
LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or Subnetwork Access Protocol (SNAP) frames. • LLDP frame encapsulated in Ethernet II Figure 82 Ethernet II-encapsulated LLDP frame Destination MAC address Source MAC address Type Data = LLDPDU (1500 bytes)
Page 239
Figure 83 SNAP-encapsulated LLDP frame Destination MAC address Source MAC address Type Data = LLDPDU (n bytes) Table 22 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as Destination MAC address that for Ethernet II-encapsulated LLDP frames.
Page 240
Table 23 Basic management TLVs Type Description Remarks Chassis ID Specifies the bridge MAC address of the sending device. Specifies the ID of the sending port: • If the LLDPDU carries LLDP-MED TLVs, the port ID Port ID Mandatory. TLV carries the MAC address of the sending port. •...
Page 241
NOTE: • HPE devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs Table 25 IEEE 802.3 organizationally specific TLVs Type Description...
Type Description Allows a network device or terminal device to advertise power Extended Power-via-MDI supply capability. This TLV is an extension of the Power Via MDI TLV. Hardware Revision Allows a terminal device to advertise its hardware version. Firmware Revision Allows a terminal device to advertise its firmware version.
the token bucket mechanism to rate limit LLDP frames. For more information about the token bucket mechanism, see ACL and QoS Configuration Guide. LLDP automatically enables the fast LLDP frame transmission mechanism in either of the following cases: • A new LLDP frame is received and carries device information new to the local device. •...
Tasks at a glance (Optional.) Enabling the device to generate ARP or ND entries for received management address LLDP TLVs Performing basic LLDP configurations Enabling LLDP To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports. To use LLDP together with OpenFlow, you must enable LLDP globally on OpenFlow switches.
Enabling LLDP polling With LLDP polling enabled, a device periodically searches for local configuration changes. When the device detects a configuration change, it sends LLDP frames to inform neighboring devices of the change. To enable LLDP polling: Step Command Remarks Enter system view.
Page 247
Step Command Remarks { civic-address device-type advertise only EVB country-code { ca-type TLVs. ca-value }&<1-10> | elin-address Nearest customer bridge tel-number } } } agents can advertise all • lldp agent nearest-nontpmr basic TLVs as well as tlv-enable { basic-tlv { all | port VLAN ID and link port-description | system-capability aggregation 802.1...
To set LLDP parameters: Step Command Remarks Enter system view. system-view Set the TTL multiplier. lldp hold-multiplier value The default setting is 4. Set the LLDP frame The default setting is 30 lldp timer tx-interval interval transmission interval. seconds. Set the token bucket size for lldp max-credit credit-value The default setting is 5.
Disabling LLDP PVID inconsistency check By default, when the system receives an LLDP packet, it compares the PVID value contained in packet with the PVID configured on the receiving interface. If the two PVIDs do not match, a log message will be printed to notify the user. You can disable PVID inconsistency check if different PVIDs are required on a link.
Configuration prerequisites Before you configure CDP compatibility, complete the following tasks: • Globally enable LLDP. • Enable LLDP on the port connecting to a CDP device. • Configure LLDP to operate in TxRx mode on the port. Configuration procedure CDP-compatible LLDP operates in one of the following modes: •...
PFC. APP. HPE devices can send these types of DCBX information to a server or storage adapter supporting FCoE. However, HPE devices cannot accept these types of DCBX information. DCBX configuration task list Tasks at a glance (Required.) Enabling LLDP and DCBX TLV advertising (Required.)
Tasks at a glance • Configuring the 802.1p-to-local priority mapping • Configuring group-based WRR queuing (Required.) Configuring PFC parameters Enabling LLDP and DCBX TLV advertising To enable the device to advertise APP, ETS, and PFC data through an interface, perform the following tasks: •...
Configuring APP parameters The device negotiates with the server adapter by using the APP parameters to achieve the following purposes: • Control the 802.1p priority values of the protocol packets that the server adapter sends. • Identify traffic based on the 802.1p priority values. For example, the device can use the APP parameters to negotiate with the server adapter to set 802.1p priority 3 for all FCoE and FIP frames.
Step Command Remarks Create a class, specify the traffic classifier classifier-name operator of the class as OR, operator or and enter class view. Use the specified ACL as the if-match acl acl-number match criterion of the class. Return to system view. quit Create a traffic behavior and traffic behavior behavior-name...
Page 257
Configuring the 802.1p-to-local priority mapping You can configure the 802.1p-to-local priority mapping either in the MQC method or in the priority mapping table method. If you configure the 802.1p-to-local priority mapping in both methods, the configuration made in the MQC method applies. To configure the 802.1p-to-local priority mapping in the MQC method: Step Command...
To prevent excessive LLDP traps from being sent when the topology is unstable, set a trap transmission interval for LLDP. To configure LLDP trapping and LLDP-MED trapping: Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface view, Layer interface interface-type interface-number...
Step Command Remarks subinterface number interface-number.subnumber. Enabling the device to generate ARP or ND entries for received management address LLDP TLVs This feature enables the device to generate an ARP or ND entry for a received LLDP frame that carries a management address TLV. The ARP or ND entry contains the management address and the source MAC address of the frame.
Page 262
Configure Switch B: # Enable LLDP globally. <SwitchB> system-view [SwitchB] lldp global enable # Enable LLDP on GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] lldp enable # Set the LLDP operating mode to Tx on GigabitEthernet 1/0/1. [SwitchB-GigabitEthernet1/0/1] lldp admin-status tx [SwitchB-GigabitEthernet1/0/1] quit Verifying the configuration...
Page 263
MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 16 Number of received unknown TLV : 0 LLDP status information of port 2 [GigabitEthernet1/0/2]: LLDP agent nearest-bridge: Port status of LLDP : Enable...
Page 264
The current number of LLDP neighbors: 1 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days, 0 hours, 5 minutes, 20 seconds Transmit interval : 30s Fast transmit interval : 1s Transmit credit max Hold multiplier Reinit delay : 2s...
LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP...
Page 266
# Set the link type of GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to trunk, and enable voice VLAN on them. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type trunk [SwitchA-GigabitEthernet1/0/1] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-type trunk [SwitchA-GigabitEthernet1/0/2] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/2] quit Configure CDP-compatible LLDP on Switch A:...
Port ID : Port 1 Software version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full DCBX configuration example Network requirements As shown in Figure 88, GigabitEthernet 1/0/1 of the access switch (Switch A) connects to the FCoE adapter of the data center server (DC server).
Page 268
[SwitchA-classifier-app_c] quit # Create a traffic behavior named app_b, and configure the traffic behavior to mark packets with 802.1p priority value 3. [SwitchA] traffic behavior app_b [SwitchA-behavior-app_b] remark dot1p 3 [SwitchA-behavior-app_b] quit # Create a QoS policy named plcy, associate class app_c with traffic behavior app_b in the QoS policy, and apply the association to DCBX.
Page 269
Pad Byte Present: Yes DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 2 Priority Group ID of Priority 3: 15 Priority Group ID of Priority 2: 1 Priority Group ID of Priority 5: 5 Priority Group ID of Priority 4: 4 Priority Group ID of Priority 7: 7...
Page 270
Priority Group 1 Percentage: 4 Priority Group 2 Percentage: 6 Priority Group 3 Percentage: 0 Priority Group 4 Percentage: 10 Priority Group 5 Percentage: 18 Priority Group 6 Percentage: 27 Priority Group 7 Percentage: 31 Number of Traffic Classes Supported: 8 DCBX Parameter Information Parameter Type: Local Pad Byte Present: Yes...
Page 271
Reserved: 0 DCBX Parameter Data PFC Enabled on Priority 0: No PFC Enabled on Priority 1: No PFC Enabled on Priority 2: No PFC Enabled on Priority 3: Yes PFC Enabled on Priority 4: No PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No PFC Enabled on Priority 7: No Number of Traffic Classes Supported: 6...
Page 272
Number of Traffic Classes Supported: 1 The output shows that the DC server will use PFC for 802.1p priority 3.
Layer 2 protocol calculation, which is transparent to the service provider network. • Isolates Layer 2 protocol packets from different customer networks through different VLANs. HPE devices support L2PT for the following protocols: • CDP. •...
• PVST. • STP (including STP, RSTP, and MSTP). • UDLD. • VTP. L2PT operating mechanism As shown in Figure 90, L2PT operates as follows: • When a port of PE 1 receives a Layer 2 protocol packet from the customer network in a VLAN, it performs the following operations: Multicasts the packet out of all customer-facing ports in the VLAN except the receiving port.
Figure 91 L2PT network diagram PE 1 PE 2 ISP network Tunnel CE 1 CE 2 Customer A Customer A network 1 network 2 L2PT restrictions and guidelines When you configure L2PT, follow these restrictions and guidelines: • Interfaces of a PEX do not support L2PT. •...
• LACP and EOAM require point-to-point transmission. If you enable L2PT for LACP or EOAM, L2PT multicasts LACP or EOAM packets out of customer-facing ports. As a result, the transmission between two CEs is not point-to-point. To ensure point-to-point transmission for the LACP or EOAM packets, you must configure other features (for example, VLAN).
Task Command display l2protocol statistics [ interface interface-type Display L2PT statistics. interface-number ] reset l2protocol statistics [ interface interface-type Clear L2PT statistics. interface-number ] L2PT configuration examples Configuring L2PT for STP Network requirements As shown in Figure 92, the MAC addresses of CE 1 and CE 2 are 00e0-fc02-5800 and 00e0-fc02-5802, respectively.
[PE1-GigabitEthernet1/0/1] undo stp enable [PE1-GigabitEthernet1/0/1] l2protocol stp tunnel dot1q [PE1-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 connected to the service provider network as a trunk port, and assign the port to all VLANs. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan all [PE1-GigabitEthernet1/0/2] quit Configure PE 2 in the same way PE 1 is configured.
• For Ethernet link aggregation to operate correctly, configure VLANs on the PEs to ensure point-to-point transmission between CE 1 and CE 2 in an aggregation group. Set the PVIDs to VLAN 2 and VLAN 3 for GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 ...
Page 280
[PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-mode bridge [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 3 [PE1-GigabitEthernet1/0/2] port trunk pvid vlan 3 # Enable QinQ on GigabitEthernet 1/0/2. [PE1-GigabitEthernet1/0/2] qinq enable # Enable L2PT for LACP on GigabitEthernet 1/0/2. [PE1-GigabitEthernet1/0/2] l2protocol lacp tunnel dot1q [PE1-GigabitEthernet1/0/2] quit Configure PE 2 in the same way PE 1 is configured.
Page 281
Received LACP Packets: 10 packet(s) Illegal: 0 packet(s) Sent LACP Packets: 13 packet(s) [CE2] display link-aggregation member-port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired GigabitEthernet1/0/1: Aggregate Interface: Bridge-Aggregation1 Local:...
Configuring service loopback groups Overview A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: •...
The ports support the service type of the service loopback group and are not members of any other service loopback group. • You can configure only one service loopback group for a service type. However, you can use one service loopback group with multiple features. •...
Configuration procedure # Create service loopback group 1, and specify its service type as tunnel. <DeviceA> system-view [DeviceA] service-loopback group 1 type tunnel # Assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to service loopback group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port service-loopback group 1 All configurations on the interface will be lost.
Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...
For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
Page 289
part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Index Numerics MAC address table entry (on interface), MAC address table multiport unicast entry, address 2 VLAN mappingapplication scenario, MAC address learning disable, 2 VLAN mappingconfiguration, MAC address move suppression, 2 VLAN mappingimplementation, 143, MAC address table address synchronization, MAC address table learning limit, 1 VLAN mappingapplication scenario, 141, MAC address table learning priority, MAC address table move notification,...
Page 291
port-based VLAN hybrid port, MST common root bridge, port-based VLAN trunk port, MST regional root, voice VLAN assignment mode (automatic), spanning tree loop guard, spanning tree root bridge, voice VLAN assignment mode (manual), spanning tree root bridge (device), attribute spanning tree root guard, Ethernet link aggregation attribute spanning tree secondary root bridge (device), configuration,...
Page 292
Ethernet link aggregate interface (Layer 2 M\1 VLAN mapping (dynamic IP address edge), assignment), Ethernet link aggregation, 20, 27, M\1 VLAN mapping (static IP address assignment), Ethernet link aggregation (Layer 2 dynamic), M\1 VLAN mapping customer-side port (dynamic IP address assignment), Ethernet link aggregation (Layer 2 static), M\1 VLAN mapping customer-side port (static IP Ethernet link aggregation (Layer 3 dynamic),...
Page 293
spanning tree edge port, creating spanning tree No Agreement Check, 211, super VLAN sub-VLAN, spanning tree port link type, spanning tree port mode, MST region connection, spanning tree port path cost, 201, customer spanning tree port priority, LLDP customer bridge mode, spanning tree port role restriction, CVLAN spanning tree protection,...
Page 294
spanning tree loop guard, voice VLAN traffic QoS priority settings, spanning tree No Agreement Check, 211, dynamic spanning tree port role restriction, Ethernet link aggregation (dynamic mode), spanning tree priority, Ethernet link aggregation (Layer 2), spanning tree protection, Ethernet link aggregation (Layer 3), spanning tree root guard, Ethernet link aggregation edge aggregate interface,...
Page 295
PVST BPDU guard, private VLAN configuration, 85, 86, QinQ, private VLAN promiscuous port configuration, spanning tree BPDU drop, private VLAN trunk promiscuous port configuration, spanning tree BPDU guard, private VLAN trunk promiscuous+secondary port spanning tree feature, configuration, spanning tree loop guard, QinQ CVLAN frame header tag, spanning tree port state transition information QinQ SVLAN frame header tag,...
Page 296
Layer 2 group (dynamic), loop detection interval, Layer 2 group (static), MAC address learning, Layer 3 aggregate interface (Layer 3 edge), MAC address table blackhole entry, MAC address table configuration, 1, 2, Layer 3 aggregate interface configuration MAC address table entry configuration, (MTU), MAC address table frame forwarding rule, Layer 3 aggregation configuration (dynamic),...
Page 297
MVRP compatibility, super VLAN configuration, 80, 80, super VLAN interface configuration, voice VLAN configuration, 101, 106, hello IP phone spanning tree timer, voice VLAN assignment mode+IP phone STP timer, cooperation, host voice VLAN host+IP phone connection (in series), voice VLAN host+IP phone connection (in series), voice VLAN identification (LLDP), voice VLAN IP phone+device connection,...
Page 298
Ethernet link aggregate interface (expected L2PT display, bandwidth), L2PT for LACP configuration, Ethernet link aggregate interface (Layer 2 L2PT for STP configuration, edge), L2PT maintain, Ethernet link aggregate interface default LLDP basic concepts, settings, LLDP basic configuration, 235, Ethernet link aggregate interface shutdown, LLDP CDP compatibility, LLDP configuration, 228, 234, Ethernet link aggregation (dynamic mode),...
Page 299
private VLAN trunk promiscuous port voice VLAN port operation configuration (manual configuration, assignment), private VLAN trunk promiscuous+secondary voice VLAN port operation configuration port configuration, restrictions (automatic assignment), protocol-based VLAN configuration, 69, voice VLAN port operation configuration restrictions (manual assignment), PVST configuration, Layer 2 QinQ basic configuration, Ethernet link aggregate interface (Layer 2 edge),...
Page 300
Ethernet link aggregation edge aggregate spanning tree configuration, 170, 191, interface, 27, spanning tree hello time, Ethernet link aggregation group, 28, spanning tree port link type configuration, Ethernet link aggregation group load sharing, link aggregation Ethernet link aggregation. See Ethernet link Ethernet link aggregation group load sharing aggregation mode,...
Page 301
reinitialization delay, spanning tree loop guard, source MAC address, loop detection trapping configuration, configuration, 163, 165, voice VLAN advertisement, displaying, voice VLAN information advertisement to IP enable, phones, interval, voice VLAN IP phone identification, interval setting, voice VLAN IP phone identification method, mechanisms, port status auto recovery, voice VLAN LLDP automatic IP phone...
Page 303
spanning tree MSTP, regional root, spanning tree PVST, relationships, spanning tree RSTP, spanning tree max age timer, spanning tree STP, spanning tree port mode configuration, voice VLAN assignment automatic, VLAN-to-instance mapping table, voice VLAN assignment manual, voice VLAN port normal, Layer 3 Ethernet aggregate interface, voice VLAN port security, multicast...
Page 304
Ethernet link aggregation member port state, MAC-based VLAN assignment (static), MAC-based VLAN configuration, 63, Ethernet link aggregation modes, MAC-based VLAN configuration Ethernet link aggregation operational key, (server-assigned), Ethernet link aggregation reference port, MRP timers, Ethernet link aggregation reference port MST region configuration, choice, MSTP basic concepts, IP subnet-based VLAN configuration, 68,...
Page 305
spanning tree port role restriction, voice VLAN port operation configuration (automatic assignment), spanning tree port state transition, voice VLAN port operation configuration (manual spanning tree priority, assignment), spanning tree protection, voice VLAN traffic QoS priority settings, spanning tree root bridge, network management spanning tree root bridge (device), Ethernet link aggregation basic concepts,...
Page 306
Ethernet link aggregation packet type-based Ethernet link aggregate interface shutdown, load sharing, Ethernet link aggregation (dynamic mode), L2PT configuration, 264, 266, Ethernet link aggregation (Layer 2 dynamic), L2PT for LACP configuration, Ethernet link aggregation (Layer 2 static), L2PT for STP configuration, Ethernet link aggregation (Layer 3 dynamic), L2PT tunneled packet destination multicast Ethernet link aggregation (Layer 3 static),...
Page 308
adding MAC address table multiport unicast configuring L2PT for LACP, entry, configuring L2PT for STP, assigning MAC address table learning priority configuring LAN switching QinQ VLAN tag TPID to interface, value, assigning port isolation group (multiple ports), configuring LAN switching spanning tree Digest Snooping, assigning port-based VLAN access port, configuring LLDP,...
Page 309
configuring MAC-based VLAN configuring spanning tree secondary root bridge (server-assigned), (device), configuring MAC-based VLAN assignment configuring spanning tree switched network (dynamic), diameter, configuring MAC-based VLAN assignment configuring spanning tree TC Snooping, (static), configuring spanning tree TC-BPDU transmission configuring MST region, restriction, configuring MST region max hops, configuring spanning tree timeout factor,...
Page 310
displaying super VLAN, enabling voice VLAN LLDP automatic IP phone discovery, displaying VLAN, maintaining Ethernet link aggregation, displaying VLAN mapping, maintaining L2PT, displaying voice VLAN, maintaining MVRP, enabling ARP fast update for MAC address move, maintaining spanning tree, enabling BPDU guard on an interface, maintaining VLAN, enabling Ethernet link aggregation local-first modifying MAC address table blackhole entry,...
Page 311
setting MVRP timer, basic configuration, setting QinQ SVLAN tag 802.1p priority, configuration, 131, setting spanning tree mode, configuration restrictions, shutting down Ethernet link aggregate CVLAN tag, interface, display, specifying Layer 2 aggregate interface enable, (ignored VLAN), how it works, specifying spanning tree port path cost implementation, calculation standard, loop detection configuration, 163, 165,...
Page 312
Ethernet link aggregate interface default MAC-based VLAN configuration settings, (server-assigned), restriction protocol-based VLAN configuration, 69, configuring service loopback group, voice VLAN configuration, 101, 106, restrictions voice VLAN IP phone access method, Ethernet link aggregation group, RSTP, 170, See also Ethernet link aggregation traffic redirection, basic concepts, LLDP APP parameter configuration, BPDU processing,...
Page 313
Ethernet link aggregation load sharing mode device priority configuration, (group-specific), Digest Snooping, 209, Ethernet link aggregation member port state, displaying, edge port configuration, L2PT tunneled packet destination multicast feature enable, MAC address, inconsistent PVID protection disable, Layer 3 aggregate interface (MTU), logging events of detecting or receiving TC LLDP bridge mode, BPDUs (in PVST mode),...
Page 314
MAC address table entry, QinQ basic configuration, MAC address table entry configuration QinQ configuration, 131, (global), QinQ SVLAN tag 802.1p priority, MAC address table entry configuration (on QinQ VLAN transparent transmission interface), configuration, MAC address table static source check, VLAN mapping application scenario, MAC-based VLAN assignment, 63, VLAN mapping configuration, 141, 146, VLAN mapping implementation,...
Page 315
LLDP reinitialization delay, tunneling MAC address table dynamic aging timer, L2PT configuration, 264, 266, MRP Join, L2PT enable, MRP Leave, L2PT for LACP configuration, MRP LeaveAll, L2PT for STP configuration, MRP Periodic, L2PT tunneled packet destination multicast MAC address, MVRP set, spanning tree forward delay, spanning tree hello, unicast...