H3C S3600V2 SERIES Layer 2-Lan Switching Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. S3600V2 SERIES
  6. Layer 2-lan switching configuration manual
H3C S3600V2 SERIES Layer 2-Lan Switching Configuration Manual

H3C S3600V2 SERIES Layer 2-Lan Switching Configuration Manual

Hide thumbs Also See for S3600V2 SERIES:
Table of Contents

Advertisement

Quick Links

Download this manual
H3C S3600V2 Switch Series
Layer 2
LAN Switching Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 2108
Document version: 6W100-20131130

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S3600V2 SERIES and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S3600V2 SERIES

Summary of Contents for H3C S3600V2 SERIES

  • Page 1 H3C S3600V2 Switch Series Layer 2 LAN Switching Configuration Guide — Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 2108 Document version: 6W100-20131130...
  • Page 2 Copyright © 2013, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
  • Page 3 The H3C S3600V2 documentation set includes 10 configuration guides, which describe the software features for the H3C S3600V2 Switch Series Release 2108, and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 4 Configuration guide Added and modified features address • Enabling MAC address migration log notifying MAC Information New feature: Configuring the maximum number of Selected ports Ethernet link aggregation allowed in an aggregation group Port Isolation Spanning tree BPDU tunneling VLAN Super VLAN Isolate-user-VLAN New features:...
  • Page 5 Asterisk marked braces enclose a set of required syntax choices separated by vertical { x | y | ... } * bars, from which you select at least one. Asterisk marked square brackets enclose optional syntax choices separated by vertical [ x | y | ...

  • Page 6: Obtaining Documentation

    Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents] –...

  • Page 7: Technical Support

    – Provides information about products and technologies, as well as solutions. [Technical Support & Documents > Software Download] – Provides the documentation released with the software version. Technical support service@h3c.com http://www.h3c.com Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 8: Table Of Contents

    Contents Configuring Ethernet interfaces ··································································································································· 1   Ethernet interface naming conventions ··························································································································· 1   Performing general configurations ·································································································································· 1   Configuring a combo interface ······························································································································· 1   Configuring basic settings of an Ethernet interface ······························································································ 2   Shutting down an Ethernet interface ······················································································································ 3  ...
  • Page 9 Disabling MAC entry aging timer refresh based on destination MAC address ····················································· 25   Application example ············································································································································· 26   Configuring the MAC learning limit on ports·············································································································· 26   Enabling MAC address roaming ·································································································································· 27   Enabling MAC address migration log notifying ········································································································· 28  ...
  • Page 10 Port isolation configuration example···························································································································· 60   Configuring spanning tree protocols ························································································································ 61   STP ··················································································································································································· 61   STP protocol packets ············································································································································· 61   Basic concepts in STP ············································································································································ 62   Calculation process of the STP algorithm ··········································································································· 63   RSTP ················································································································································································· 68  ...
  • Page 11 Performing mCheck ························································································································································ 92   Performing mCheck globally ································································································································ 92   Performing mCheck in interface view ················································································································· 92   Configuring Digest Snooping ······································································································································· 93   Configuration restrictions and guidelines ··········································································································· 93   Configuration procedure ······································································································································ 93   Digest Snooping configuration example ············································································································· 94  ...
  • Page 12 Port-based VLAN configuration example ·········································································································· 126   Configuring MAC-based VLANs ································································································································ 128   Introduction to MAC-based VLAN ····················································································································· 128   Configuration restrictions and guidelines ········································································································· 130   Configuration procedure ···································································································································· 131   MAC-based VLAN configuration example ······································································································· 133   Configuring protocol-based VLANs ··························································································································· 135  ...
  • Page 13 Dynamically advertising server-assigned VLANs through LLDP ··············································································· 165   Overview ······························································································································································ 165   Example for using 802.1X to authenticate IP phones ····················································································· 165   Displaying and maintaining voice VLAN ·················································································································· 166   Voice VLAN configuration examples ························································································································· 166   Automatic voice VLAN mode configuration example ····················································································· 166  ...
  • Page 14 Configuration prerequisites ································································································································ 207   Configuring an uplink policy ······························································································································ 207   Configuring a downlink policy ·························································································································· 207   Configuring the customer-side port ···················································································································· 208   Configuring the network-side port ····················································································································· 209   Configuring many-to-one VLAN mapping ················································································································· 209   Configuration prerequisites ································································································································...
  • Page 15 Service loopback group configuration example ······································································································· 245   Network requirements ········································································································································· 245   Configuration procedure ···································································································································· 245   Configuring MVRP ·················································································································································· 247   Overview ······································································································································································· 247   Introduction to MRP ············································································································································· 247   MVRP registration modes ··································································································································· 249   Protocols and standards ····································································································································· 250  ...

  • Page 16: Configuring Ethernet Interfaces

    Configuring Ethernet interfaces Ethernet interface naming conventions The Ethernet interfaces on the S3600V2 switches are named in the format of interface-type A/B/C, where the following definitions apply: A—Represents the ID of the switch in an IRF fabric. If the switch is not assigned to any IRF fabric, A •...

  • Page 17: Configuring Basic Settings Of An Ethernet Interface

    Step Command Remarks Enter system view. system-view Enter the Ethernet interface interface interface-type view. interface-number Optional. Activate the copper combo combo enable { copper | fiber } By default, the copper combo port port or fiber combo port. is active. Configuring basic settings of an Ethernet interface You can set an Ethernet interface to operate in one of the following duplex modes: Full-duplex mode (full)—Interfaces that operate in this mode can send and receive packets...

  • Page 18: Shutting Down An Ethernet Interface

    Step Command Remarks Restore the default settings for the default Optional. interface. NOTE: Make sure that the fiber port speed matches the speed requirement of the inserted transceiver module. For example, after you insert a 1000-Mbps transceiver module into a fiber port, configure the port speed with the speed 1000 or speed auto command.

  • Page 19: Configuring Link State Change Suppression On An Ethernet Interface

    Figure 1 Flow control on ports Configure flow control in TxRx mode on Port B and flow control in Rx mode on Port A: When congestion occurs on Port C, Switch B buffers frames. When the amount of buffered frames •...

  • Page 20: Configuring Loopback Testing On An Ethernet Interface

    the physical link is still down when the timer expires, the interface reports the link-down event to the upper layers. Link-up event suppression enables an interface to suppress link-up events and start a delay timer each time the physical link goes up. During this delay, the interface does not report the link-up event, and the display interface brief or display interface command displays the interface state as DOWN.

  • Page 21: Configuring The Link Mode Of An Ethernet Interface

    During loopback testing, the Ethernet interface operates in full duplex mode. When you disable • loopback testing, the port returns to its duplex setting. Loopback testing is a one-time operation, and is not recorded in the configuration file. • Configuration procedure To enable loopback testing on an Ethernet interface: Step Command...

  • Page 22: Enabling The Auto Power-Down Function On An Ethernet Interface

    If you execute the command in port group view, the configuration takes effect on all ports in the port • group. To configure jumbo frame support in interface view or port group view: Step Command Remarks Enter system view. system-view Enter Ethernet interface interface-type interface view.

  • Page 23: Configuring A Port Group

    Task Remarks Optional Setting speed options for auto negotiation on an Ethernet interface Applicable to Layer 2 Ethernet interfaces Optional Configuring storm suppression Applicable to Layer 2 Ethernet interfaces Optional Setting the statistics polling interval Applicable to Layer 2 Ethernet interfaces Optional Enabling loopback detection on an Ethernet interface Applicable to Layer 2 Ethernet interfaces...

  • Page 24: Setting Speed Options For Auto Negotiation On An Ethernet Interface

    Step Command Remarks By default, the switch allows jumbo frames within 10000 bytes to pass through Ethernet Configure jumbo frame jumboframe enable interfaces. support. [ value ] If you set the value argument multiple times, the latest configuration takes effect. Enable auto power-down.

  • Page 25: Configuring Storm Suppression

    NOTE: This function is available only for Layer 2 copper ports that support speed auto negotiation, and is • unavailable for combo interfaces. The speed and speed auto commands supersede each other, and whichever is configured last takes • effect. Configuring storm suppression In interface or port group view, you can set the maximum size of broadcast, multicast or unknown unicast traffic allowed to pass through an interface or each interface in a port group.

  • Page 26: Enabling Loopback Detection On An Ethernet Interface

    Step Command Remarks Enter system view. system-view interface interface-type Enter Ethernet interface view. interface-number Optional. Set the statistics polling interval on the Ethernet flow-interval interval The default interface statistics interface. polling interval is 300 seconds. To display the interface statistics collected in the last polling interval, use the display interface command. To clear interface statistics, use the reset counters interface command.
  • Page 27 when a loop is detected, for example, to shut down the interface. Depending on whether a protective action is configured, the switch takes the actions in Table 1 to alleviate the impact of the loop condition. Table 1 Actions to take upon detection of a loop condition Actions Port type No protective action is configured...

  • Page 28: Setting The Mdi Mode Of An Ethernet Interface

    Step Command Remarks • Enter Ethernet interface view: Use either command. interface interface-type Enter Ethernet To configure loopback detection on one interface-number interface view or port interface, enter Ethernet interface view. • Enter port group view: group view. To configure loopback detection on a group port-group manual of Ethernet interfaces, enter port group view.

  • Page 29: Enabling Bridging On An Ethernet Interface

    In auto mode, the interface negotiates pin roles with its peer. • To enable the interface to communicate with its peer, make sure that its transmit pins are connected to the remote receive pins. If the interface can detect the connection cable type, set the interface in auto MDI mode.

  • Page 30: Configuring Storm Control On An Ethernet Interface

    You can test the cable connection of an Ethernet interface for a short or open circuit. The switch displays cable test results within five seconds. If any fault is detected, the test results include the length of the faulty cable segment. To test the cable connection of an Ethernet interface: Step Command...

  • Page 31: Setting The Mtu For A Layer 3 Ethernet Interface

    Step Command Remarks Optional. Set the traffic polling interval storm-constrain interval seconds of the storm control module. 10 seconds by default. interface interface-type Enter Ethernet interface view. interface-number Enable storm control, and set storm-constrain { broadcast | the lower and upper multicast | unicast } { pps | kbps | thresholds for broadcast, Disabled by default.
  • Page 32 Task Command Remarks display interface [ interface-type ] brief [ down ] [ | { begin | exclude | include } regular-expression ] Display Ethernet interface Available in information. any view display interface interface-type interface-number [ brief ] [ | { begin | exclude | include } regular-expression ] display counters { inbound | outbound } interface Display traffic statistics for the Available in...

  • Page 33: Configuring Loopback And Null Interfaces

    Configuring loopback and null interfaces Configuring a loopback interface Introduction to the loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits: The physical layer state and link-layer protocols of a loopback interface are always up unless the •...

  • Page 34: Configuring A Null Interface

    Step Command Remarks Optional Shut down the loopback shutdown interface. By default, a loopback interface is up. Restore the default settings for default Optional the loopback interface. NOTE: You can configure settings such as IP addresses and IP routes on loopback interfaces. For more Layer 3—IP Services Configuration Guide Layer 3—IP Routing Configuration Guide information, see...
  • Page 35 Task Command Remarks display interface [ loopback ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about Available in any view loopback interfaces. display interface loopback interface-number [ brief ] [ | { begin | exclude | include } regular-expression ] display interface [ null ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]...

  • Page 36: Bulk Configuring Interfaces

    Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can perform the shutdown command in interface range view to shut down a range of interfaces. Failure of applying a command on one member interface does not affect the application of the command on the other member interfaces.

  • Page 37: Configuring The Mac Address Table

    Configuring the MAC address table This feature covers only the unicast MAC address table. For information about configuring static multicast MAC address table entries for IGMP snooping and MLD snooping, see IP Multicast Configuration Guide. The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces. The MAC address table configuration tasks are all optional can be performed in any order.

  • Page 38: Types Of Mac Address Table Entries

    Manually configuring MAC address entries With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate frames, which can invite security hazards. For example, when a hacker sends frames with a forged source MAC address to a port different from the one to which the real MAC address is connected, the device creates an entry for the forged MAC address, and forwards frames destined for the legal user to the hacker instead.

  • Page 39: Configuring A Static Or Dynamic Mac Address Table Entry In System View

    Configuring a static or dynamic MAC address table entry in system view Step Command Remarks Enter system view. system-view By default, no MAC address entry is configured. Add or modify a mac-address { dynamic | static } dynamic or static MAC mac-address interface interface-type Make sure that you have created address entry.

  • Page 40: Configuring The Aging Timer For Dynamic Mac Address Entries

    You can disable MAC address learning on a per-VLAN basis. To disable MAC address learning on a VLAN: Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id Disable MAC address mac-address mac-learning disable Enabled by default. learning on the VLAN. Configuring the aging timer for dynamic MAC address entries The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient...

  • Page 41: Application Example

    Step Command Remarks Enter system view. system-view Disable MAC entry aging By default, MAC entry aging timer mac-address destination-hit timer refresh based on refresh based on destination MAC disable destination MAC address. address is enabled. Application example Microsoft Network Load Balancing (NLB) is a load balancing technology for server clustering developed on Windows Server.

  • Page 42: Enabling Mac Address Roaming

    Step Command Remarks • Enter Layer 2 Ethernet interface view: Use either command. interface interface-type Enter interface Settings in Layer 2 Ethernet interface view interface-number view or port group take effect on the interface only. Settings in view. • Enter port group view: port group view take effect on all member port-group manual ports in the port group.

  • Page 43: Enabling Mac Address Migration Log Notifying

    Figure 7 MAC address tables of devices when Client A roams to AP D To enable MAC address roaming: Step Command Remarks Enter system view. system-view Enable MAC address mac-address mac-roaming enable Disabled by default. roaming. Enabling MAC address migration log notifying This feature records and notifies MAC address migration information, including MAC addresses that migrate, IDs of VLANs to which MAC addresses belong, source interfaces from which MAC addresses migrate, and current interfaces with which MAC addresses associate, last migration time, and migration...

  • Page 44: Displaying And Maintaining Mac Address Tables

    Step Command Remarks Enable MAC address mac-flapping notification By default, MAC address migration log migration log notifying. enable notifying is disabled. The MAC address migration logs of the last one minute are displayed once every one minute. Displaying and maintaining MAC address tables Task Command Remarks...

  • Page 45: Configuration Procedure

    Figure 8 Network diagram Configuration procedure # Add a static MAC address entry. <Sysname> system-view [Sysname] mac-address static 000f-e235-dc71 interface ethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry. [Sysname] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer for dynamic MAC address entries to 500 seconds. [Sysname] mac-address timer aging 500 # Display the MAC address entry for port Ethernet 1/0/1.

  • Page 46: Configuring Mac Information

    Configuring MAC Information Overview Introduction to MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users who are joining and leaving a network by monitoring their MAC addresses.

  • Page 47: Configuring Mac Information Mode

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number Enable MAC Information on mac-address information enable Disabled by default. the interface. { added | deleted } Configuring MAC Information mode Step Command Remarks Enter system view.

  • Page 48: Mac Information Configuration Example

    Step Command Remarks Optional Configure the MAC mac-address information Information queue length. queue-length value 50 by default. MAC Information configuration example Network requirements As shown in Figure 9, enable MAC Information on Ethernet 1/0/1 on Device to send MAC address changes in Syslog messages to Host B through Ethernet 1/0/3.

  • Page 49: Configuring Ethernet Link Aggregation

    Configuring Ethernet link aggregation Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an "aggregate link." Link aggregation delivers the following benefits: Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed •...

  • Page 50: Operational Key

    Unselected: An Unselected port cannot forward user traffic. • Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key.
  • Page 51 The IEEE 802.3ad LACP offers basic LACP functions and extended LACP functions, as described Table Table 3 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port aggregation priority, port number, and operational key. Basic LACP Each member port in a LACP-enabled aggregation group exchanges the preceding functions...

  • Page 52: Aggregating Links In Static Mode

    Table 5 A comparison between static and dynamic aggregation modes Aggregation LACP status on Pros Cons mode member ports The member ports do not adjust the Aggregation is stable. Peers do aggregation state according to Static Disabled not affect the aggregation state of that of the peer ports.

  • Page 53: Aggregating Links In Dynamic Mode

    Figure 11 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Port attribute/class 2 configurations same as the reference port? Port number as low as to set More candidate ports than max.

  • Page 54: Load-Sharing Criteria For Link Aggregation Groups

    Figure 12 Setting the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID, which has identified the aggregation state changes on the remote system, sets the aggregation state of local member ports as the same as their peer ports. A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports, and will set one, and only one, half-duplex port as a Selected port when none of the full-duplex ports can be selected or only half-duplex ports exist in the group.

  • Page 55: Configuration Restrictions And Guidelines

    You can choose one of the following criteria or any combination for load sharing: • Source/Destination MAC addresses Source/Destination service port numbers • Ingress ports • • Source/Destination IP addresses Alternatively, you can let the system automatically choose link-aggregation load-sharing criteria based on packet types (Layer 2, IPv4, or IPv6 for example).

  • Page 56: Configuration Guidelines

    Configuration guidelines You cannot assign a port to a Layer 2 aggregation group if any of the features listed in Table 6 • configured on the port. Table 6 Features incompatible with Layer 2 aggregation groups Feature Reference RRPP RRPP in High Availability Configuration Guide MAC authentication MAC authentication in Security Configuration Guide Port security...

  • Page 57: Configuring A Dynamic Aggregation Group

    Step Command Remarks Enter Layer 2 Ethernet interface view: interface interface-type Assign an Ethernet Repeat these two sub-steps to assign interface-number interface to the more Layer 2 Ethernet interfaces to Assign the Ethernet interface aggregation group. the aggregation group. to the aggregation group: port link-aggregation group number Optional.
  • Page 58 Configuring a Layer 2 dynamic aggregation group Step Command Remarks Enter system view. system-view Optional. By default, the system LACP priority is 32768. Set the system lacp system-priority system-priority Changing the system LACP priority LACP priority. might affect the aggregation state of the ports in a dynamic aggregation group.

  • Page 59: Configuring An Aggregate Interface

    Step Command Remarks Optional. By default, the system LACP priority is Set the system LACP 32768. lacp system-priority system-priority priority. Changing the system LACP priority might affect the aggregation state of the ports in the dynamic aggregation group. Create a Layer 3 When you create a Layer 3 aggregate aggregate interface interface route-aggregation...

  • Page 60: Configuring The Mtu Of A Layer 3 Aggregate Interface

    Step Command Remarks Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface Use either command. view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Optional By default, the description of an Configure the description description text interface is in the format of...

  • Page 61: Limiting The Number Of Selected Ports For An Aggregation Group

    Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface Use either command. view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Optional. Enable link state traps for the enable snmp trap updown aggregate interface.

  • Page 62: Shutting Down An Aggregate Interface

    Step Command Remarks Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view. Use either command. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Set the minimum number of Selected link-aggregation selected-port Not specified by default.

  • Page 63: Configuring Load Sharing For Link Aggregation Groups

    Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view. Use either command. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Restore the default settings for the default aggregate interface . Configuring load sharing for link aggregation groups Configuring load-sharing criteria for link aggregation groups...

  • Page 64: Enabling Local-First Load Sharing For Link Aggregation

    Destination IP address • • Source MAC address Destination MAC address • Source IP address and destination IP address • • Source IP address and source port Destination IP address and destination port • Source IP address, source port, destination IP address, and destination port •...

  • Page 65: Enabling Link-Aggregation Traffic Redirection

    Figure 13 Load sharing process for cross-switch link aggregation in an IRF fabric To enable local-first load sharing for link aggregation: Step Command Remarks Enter system view. system-view Optional. Enabled by default. Enable local-first load-sharing link-aggregation load-sharing Local-first load sharing for link for link aggregation.

  • Page 66: Displaying And Maintaining Ethernet Link Aggregation

    Step Command Remarks Enter system view. system-view Optional. Enable link-aggregation traffic link-aggregation lacp redirection. traffic-redirect-notification enable Disabled by default. CAUTION: To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of the • aggregate link. • To prevent packet loss that might occur at a reboot, disable both MSTP and link-aggregation traffic redirection.

  • Page 67: Ethernet Link Aggregation Configuration Examples

    Ethernet link aggregation configuration examples In an aggregation group, only ports that have the same port attributes and class-two configurations (see "Configuration classes") as the reference port (see "Reference port") can operate as Selected ports. Make sure that all member ports have the same port attributes and class-two configurations as the reference port.
  • Page 68 [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] quit # Assign ports Ethernet 1/0/1 through Ethernet 1/0/3 to link aggregation group 1. [DeviceA] interface ethernet 1/0/1 [DeviceA-Ethernet1/0/1] port link-aggregation group 1 [DeviceA-Ethernet1/0/1] quit [DeviceA] interface ethernet 1/0/2 [DeviceA-Ethernet1/0/2] port link-aggregation group 1 [DeviceA-Ethernet1/0/2] quit [DeviceA] interface ethernet 1/0/3 [DeviceA-Ethernet1/0/3] port link-aggregation group 1 [DeviceA-Ethernet1/0/3] quit...

  • Page 69: Layer 2 Dynamic Aggregation Configuration Example

    The output shows that all link aggregation groups created on the device perform load sharing based on source and destination MAC addresses. Layer 2 dynamic aggregation configuration example Network requirements As shown in Figure Device A and Device B are connected through their respective Layer 2 Ethernet interfaces Ethernet •...
  • Page 70 [DeviceA-Ethernet1/0/1] port link-aggregation group 1 [DeviceA-Ethernet1/0/1] quit [DeviceA] interface ethernet 1/0/2 [DeviceA-Ethernet1/0/2] port link-aggregation group 1 [DeviceA-Ethernet1/0/2] quit [DeviceA] interface ethernet 1/0/3 [DeviceA-Ethernet1/0/3] port link-aggregation group 1 [DeviceA-Ethernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.

  • Page 71: Layer 3 Static Aggregation Configuration Example

    Layer 3 static aggregation configuration example Network requirements As shown in Figure Device A and Device B are connected by their Layer 3 Ethernet interfaces Ethernet 1/0/1 through • Ethernet 1/0/3. • Configure a Layer 3 static aggregation group on both Device A and Device B. Configure IP addresses and subnet masks for the corresponding Layer 3 aggregate interfaces.

  • Page 72: Layer 3 Dynamic Aggregation Configuration Example

    Aggregation Mode: S -- Static, D -- Dynamic Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Actor System ID: 0x8000, 000f-e2ff-0001 Partner ID Select Unselect Share Interface Mode Ports Ports Type ------------------------------------------------------------------------------- RAGG1 none Shar The output shows that link aggregation group 1 is a load-sharing-capable Layer 3 static aggregation group that contains three Selected ports.
  • Page 73 [DeviceA-Ethernet1/0/1] port link-aggregation group 1 [DeviceA-Ethernet1/0/1] quit [DeviceA] interface ethernet 1/0/2 [DeviceA-Ethernet1/0/2] port link-aggregation group 1 [DeviceA-Ethernet1/0/2] quit [DeviceA] interface ethernet 1/0/3 [DeviceA-Ethernet1/0/3] port link-aggregation group 1 [DeviceA-Ethernet1/0/3] quit # Configure Device A to use the source and destination IP addresses of packets as the global link-aggregation load-sharing criteria.

  • Page 74: Configuring Port Isolation

    Configuring port isolation Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another. To use the feature, assign ports to a port isolation group. Ports in an isolation group are called "isolated ports."...

  • Page 75: Port Isolation Configuration Example

    Port isolation configuration example Network requirements As shown in Figure 18, Host A, Host B, and Host C are connected to Ethernet 1/0/1, Ethernet 1/0/2, and Ethernet 1/0/3 of Device, and Device is connected to the Internet through Ethernet 1/0/4. All these ports are in the same VLAN.

  • Page 76: Configuring Spanning Tree Protocols

    Configuring spanning tree protocols As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, putting them in a standby state, which still also allows for link redundancy. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), Per VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).

  • Page 77: Basic Concepts In Stp

    Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge. The other bridges in the network are called "leaf nodes." The root bridge is not permanent, but can change with changes of the network topology.

  • Page 78: Calculation Process Of The Stp Algorithm

    Calculation process of the STP algorithm The spanning tree calculation process described in the following sections is a simplified process for example only. The STP algorithm uses the following calculation process: Initialize the state. Upon initialization of a device, each port generates a BPDU with the port as the designated port, the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge Select the root bridge.
  • Page 79 Table 10 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device compares the priority of the received configuration BPDU with that of the configuration BPDU generated by the port, and: • If the former priority is lower, the device discards the received configuration BPDU and keeps the configuration BPDU the port generated.
  • Page 80 Device Port name Configuration BPDU on the port Port A2 {0, 0, 0, Port A2} Port B1 {1, 0, 1, Port B1} Device B Port B2 {1, 0, 1, Port B2} Port C1 {2, 0, 2, Port C1} Device C Port C2 {2, 0, 2, Port C2} NOTE:...
  • Page 81 Configuration BPDU on Device Comparison process ports after comparison • Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}, finds that the received configuration BPDU is superior to its • existing configuration BPDU {2, 0, 2, Port C1}, and updates its Port C1: {0, 0, 0, Port configuration BPDU.
  • Page 82 Figure 21 The final calculated spanning tree Root bridge Root port Designated port Blocked port Normal link Blocked link The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded following these guidelines: • Upon network initiation, every device regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.

  • Page 83: Rstp

    The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded. RSTP RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster than STP.

  • Page 84: Mstp Basic Concepts

    MSTP provides the following features: • MSTP divides a switched network into multiple regions, each of which contains multiple spanning trees that are independent of one another. MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance •...
  • Page 85 Figure 23 Network diagram and topology of MST region 3 To MST region 4 MST region 3 Device A Device B MSTI 1 MSTI 2 Regional root MSTI Device C Device D MSTI 0 VLAN 1 MSTI 1 Topology of MSTIs in MST region 3 VLAN 2&3 MSTI 2 Other VLANs...
  • Page 86 An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 22, MSTI 0 is the IST in MST region 3. CIST The common and internal spanning tree (CIST) is a single spanning tree that connects all devices in a switched network.
  • Page 87 MSTP calculation involves the following port roles: • Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. Designated port—Forwards data to the downstream network segment or device. • Alternate port—The backup port for a root port or master port. When the root port or master port •...

  • Page 88: How Mstp Works

    How MSTP works MSTP divides an entire Layer 2 network into multiple MST regions, which are connected by a calculated CST. Inside an MST region, multiple spanning trees are calculated. Each spanning tree is an MSTI. Among these MSTIs, MSTI 0 is the IST. Like STP, MSTP uses configuration BPDUs to calculate spanning trees.

  • Page 89: Spanning Tree Configuration Task List

    Spanning tree configuration task list Before configuring a spanning tree, you must determine the spanning tree protocol to be used (STP, RSTP, PVST, or MSTP) and plan the device roles (the root bridge or leaf node). Configuration restrictions and guidelines If GVRP and a spanning tree protocol are enabled on a device at the same time, GVRP packets are •...

  • Page 90: Rstp Configuration Task List

    Task Remarks Required Setting the spanning tree mode Configure the device to operate in STP mode. Configuring the device priority Optional Configuring the timeout factor Optional Configuring the maximum port rate Optional Configuring the leaf nodes Configuring path costs of ports Optional Configuring the port priority Optional...

  • Page 91: Pvst Configuration Task List

    Task Remarks Configuring the maximum port rate Optional Configuring edge ports Optional Configuring path costs of ports Optional Configuring the port priority Optional Configuring the port link type Optional Configuring the mode a port uses to recognize/send MSTP Optional packets Enabling outputting port state transition information Optional Enabling the spanning tree feature...

  • Page 92: Mstp Configuration Task List

    Task Remarks Configuring edge ports Optional Configuring path costs of ports Optional Configuring the port priority Optional Configuring the port link type Optional Enabling outputting port state transition Optional information Enabling the spanning tree feature Required Performing mCheck Optional Configuring protection functions Optional MSTP configuration task list Task...

  • Page 93: Setting The Spanning Tree Mode

    PVST on devices of different models in a network, to avoid network failures, make sure that the number of VLANs for which PVST maintains instances does not exceed the lowest n. An H3C device running PVST can communicate with third-party devices running PVST or Rapid PVST. When H3C...

  • Page 94: Configuring An Mst Region

    Step Command Remarks Set the spanning tree mode. stp mode { stp | rstp | mstp | pvst } MSTP mode by default. Configuring an MST region Two or more spanning tree devices belong to the same MST region only if they are configured to have the same format selector (0 by default, not configurable), MST region name, MST region revision level, and the same VLAN-to-instance mapping entries in the MST region, and each two devices are connected by a physical link.

  • Page 95: Configuring The Root Bridge Or A Secondary Root Bridge

    Step Command Remarks Display the activated display stp region-configuration Optional. configuration [ | { begin | exclude | include } information of the MST Available in any view regular-expression ] region. Configuring the root bridge or a secondary root bridge You can have MSTP determine the root bridge of a spanning tree through MSTP calculation, or you can specify the current device as the root bridge or as a secondary root bridge using the commands that the system provides.

  • Page 96: Configuring The Current Device As A Secondary Root Bridge Of A Specific Spanning Tree

    Configuring the current device as a secondary root bridge of a specific spanning tree To configure the current device as a secondary root bridge of a specific spanning tree: Step Command Remarks Enter system view. system-view • In STP/RSTP mode: Use one of the stp root secondary commands.

  • Page 97: Configuring The Network Diameter Of A Switched Network

    device that received it. This prevents devices beyond the reach of the maximum hop from participate in spanning tree calculation, so the size of the MST region is limited. Make this configuration on the root bridge only. All other devices in the MST region use the maximum hop value set for the root bridge.

  • Page 98: Configuration Restrictions And Guidelines

    Max age ≥ 2 × (hello time + 1 second) H3C does not recommend you to manually set the spanning tree timers. Instead, you can specify the network diameter and let spanning tree protocols automatically calculate the timers based on the network diameter.

  • Page 99: Configuring The Timeout Factor

    BPDUs and prevent spanning tree protocols from using excessive network resources when the network becomes unstable. H3C recommends you to use the default setting. To configure the maximum rate of a port or a group of ports:...

  • Page 100: Configuring Edge Ports

    Step Command Remarks • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use one of the commands. interface-number group view. • Enter port group view: port-group manual port-group-name Configure the maximum rate stp transmit-limit limit 10 by default.

  • Page 101: Specifying A Standard For The Device To Use When It Calculates The Default Path Cost

    You can have the device automatically calculate the default path cost, or you can configure the path cost for ports. Specifying a standard for the device to use when it calculates the default path cost CAUTION: If you change the standard that the device uses to calculate the default path costs, you restore the path costs to the default.

  • Page 102: Configuring Path Costs Of Ports

    Path cost Link speed Port type IEEE 802.1d-1998 IEEE 802.1t Private standard Single port 2000 Aggregate interface 1000 containing 2 Selected ports 10 Gbps Aggregate interface containing 3 Selected ports Aggregate interface containing 4 Selected ports Configuration restrictions and guidelines When it calculates path cost for an aggregate interface, IEEE 802.1t takes into account the number •...

  • Page 103: Configuration Example

    Step Command Remarks • In STP/RSTP mode: stp cost cost Use one of the commands. Configure the path cost of the • In PVST mode: By default, the system ports. stp vlan vlan-list cost cost automatically calculates the • In MSTP mode: path cost of each port.

  • Page 104: Configuring The Port Link Type

    You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that • operates in full duplex mode. H3C recommends you to use the default setting and let the device to automatically detect the port link type.

  • Page 105: Enabling Outputting Port State Transition Information

    legacy—Compatible format • By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format. You can configure the MSTP packet format on a port. When operating in MSTP mode after the configuration, the port sends and receives only MSTP packets of the format that you have configured to communicate with devices that send packets of the same format.

  • Page 106: Enabling The Spanning Tree Feature

    Enabling the spanning tree feature You must enable the spanning tree feature for the device before any other spanning tree related configurations can take effect. Configuration restrictions and guidelines You can disable the spanning tree feature for certain ports with the undo stp enable command to •...

  • Page 107: Performing Mcheck

    Step Command Remarks Enable the spanning tree By default, the spanning tree stp vlan vlan-list enable feature on specific VLANs. feature is enabled on VLANs. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use either command.

  • Page 108: Configuring Digest Snooping

    To enable communication between an H3C device and a third-party device, enable the Digest Snooping feature on the port that connects the H3C device to the third-party device in the same MST region. Configuration restrictions and guidelines Before you enable Digest Snooping, make sure that associated devices of different vendors are •...

  • Page 109: Digest Snooping Configuration Example

    Step Command Remarks • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use either command. interface-number group view. • Enter port group view: port-group manual port-group-name Enable Digest Snooping on stp config-digest-snooping Disabled by default.

  • Page 110: Configuring No Agreement Check

    [DeviceA] stp config-digest-snooping # Enable Digest Snooping on Ethernet 1/0/1 of Device B and enable global Digest Snooping on Device B. <DeviceB> system-view [DeviceB] interface ethernet 1/0/1 [DeviceB-Ethernet1/0/1] stp config-digest-snooping [DeviceB-Ethernet1/0/1] quit [DeviceB] stp config-digest-snooping Configuring No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: Proposal—Sent by designated ports to request rapid transition.

  • Page 111: Configuration Prerequisites

    Figure 27 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implementation might be limited. For example, when the upstream device uses a rapid transition mechanism similar to that of RSTP, and the downstream device adopts MSTP and does not operate in RSTP mode, the root port on the downstream device receives no agreement packet from the upstream device and sends no agreement packets to the upstream device.

  • Page 112: No Agreement Check Configuration Example

    No Agreement Check configuration example Network requirements As shown in Figure Device A connects to a third-party device that has a different spanning tree implementation. Both • devices are in the same region. • The third-party device (Device B) is the regional root bridge, and Device A is the downstream device.

  • Page 113: Configuration Restrictions And Guidelines

    In the network, the IRF fabric transparently transmits the received BPDUs and does not participate in spanning tree calculations. When a topology change occurs to the IRF fabric or user networks, the IRF fabric may need a long time to learn the correct MAC address table entries and ARP entries, resulting in long network disruption.

  • Page 114: Enabling Root Guard

    receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new spanning tree calculation process. This causes a change of network topology. Under normal conditions, these ports should not receive configuration BPDUs. However, if someone forges configuration BPDUs maliciously to attack the devices, the network will become unstable.

  • Page 115: Enabling Loop Guard

    Step Command Remarks • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use either command. interface-number group view. • Enter port group view: port-group manual port-group-name Enable the root guard function stp root-protection Disabled by default.

  • Page 116: Enabling Tc-Bpdu Guard

    6 by default. device can perform every 10 seconds. NOTE: H3C does not recommend you disable this feature. Enabling BPDU drop In a spanning tree network, after receiving BPDUs, the device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious attackers to attack the network by forging BPDUs.

  • Page 117: Displaying And Maintaining The Spanning Tree

    Displaying and maintaining the spanning tree Task Command Remarks Display information about ports blocked display stp abnormal-port [ | { begin | Available in any view by spanning tree protection functions. exclude | include } regular-expression ] display stp bpdu-statistics [ interface interface-type interface-number [ instance Display BPDU statistics on ports.
  • Page 118 Figure 30 Network diagram Configuration procedure Configure VLANs and VLAN member ports (details not shown): Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
  • Page 119 [DeviceB] stp region-configuration [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally.
  • Page 120 [DeviceD] stp enable Verify the configurations: In this example, suppose that Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0. You can use the display stp brief command to display brief spanning tree information on each device after the network is stable.

  • Page 121: Pvst Configuration Example

    Figure 31 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30 MSTI 4 mapped to VLAN 40 Root bridge Normal link Blocked link PVST configuration example Network requirements As shown in Figure...
  • Page 122 Configuration procedure Configure VLANs and VLAN member ports (details not shown): Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.
  • Page 123 # Display brief spanning tree information on Device A. [DeviceA] display stp brief VLAN Port Role STP State Protection Ethernet1/0/1 DESI DISCARDING NONE Ethernet1/0/3 DESI FORWARDING NONE Ethernet1/0/1 DESI FORWARDING NONE Ethernet1/0/2 DESI FORWARDING NONE Ethernet1/0/3 DESI FORWARDING NONE Ethernet1/0/2 DESI FORWARDING NONE...
  • Page 124 Figure 33 Spanning trees mapped to different VLANs...

  • Page 125: Configuring Bpdu Tunneling

    PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to CE 2. H3C devices support BPDU tunneling for the following protocols: •...

  • Page 126: Bpdu Tunneling Implementation

    Ethernet Operation, Administration and Maintenance (EOAM) • • GARP VLAN Registration Protocol (GVRP) HW Group Management Protocol (HGMP) • Link Aggregation Control Protocol (LACP) • • Link Layer Discovery Protocol (LLDP) Port Aggregation Protocol (PAGP) • Per VLAN Spanning Tree (PVST) •...

  • Page 127: Enabling Bpdu Tunneling

    Figure 35 BPDU tunneling implementation The upper section of Figure 35 represents the service provider network (ISP network). The lower section, including User A network 1 and User A network 2, represents the customer networks. Enabling BPDU tunneling on edge devices (PE 1 and PE 2) in the service provider network allows BPDUs of User A network 1 and User A network 2 to be transparently transmitted through the service provider network.

  • Page 128: Configuration Restrictions And Guidelines

    Configuration restrictions and guidelines Settings made in Layer 2 Ethernet interface view or Layer 2 aggregate interface view take effect • only on the current port. Settings made in port group view take effect on all ports in the port group. Before you enable BPDU tunneling for DLDP, EOAM, GVRP, HGMP, LLDP, or STP on a port, disable •...

  • Page 129: Bpdu Tunneling Configuration Examples

    To configure destination multicast MAC address for BPDUs: Step Command Remarks Enter system view. system-view Configure the destination Optional. bpdu-tunnel tunnel-dmac multicast MAC address for mac-address 0x010F-E200-0003 by default. BPDUs. NOTE: For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network.

  • Page 130: Bpdu Tunneling For Pvst Configuration Example

    # Create VLAN 2 and assign Ethernet 1/0/1 to VLAN 2. [PE1] vlan 2 [PE1-vlan2] quit [PE1] interface ethernet 1/0/1 [PE1-Ethernet1/0/1] port access vlan 2 # Disable STP on Ethernet 1/0/1, and then enable BPDU tunneling for STP on it. [PE1-Ethernet1/0/1] undo stp enable [PE1-Ethernet1/0/1] bpdu-tunnel dot1q stp Configure PE 2:...
  • Page 131 Configuration procedure Configure PE 1: # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure Ethernet 1/0/1 as a trunk port and assign it to all VLANs. [PE1] interface ethernet 1/0/1 [PE1-Ethernet1/0/1] port link-type trunk [PE1-Ethernet1/0/1] port trunk permit vlan all # Disable STP on Ethernet 1/0/1, and then enable BPDU tunneling for STP and PVST on it.

  • Page 132: Configuring Vlans

    Configuring VLANs Overview Ethernet is a network technology based on the CSMA/CD mechanism. Because the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, virtual LAN (VLAN) was introduced to break a LAN down into separate VLANs. VLANs are isolated from each other at Layer 2.

  • Page 133: Vlan Types

    The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, Ethernet also supports other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw. The VLAN tag fields are added to frames encapsulated in these formats for VLAN identification. In the header of a traditional Ethernet data frame, the field after the destination MAC address and the source MAC address is the Type field, which indicates the upper layer protocol type, as shown in Figure...

  • Page 134: Protocols And Standards

    IP subnet • • Policy Other criteria • This chapter covers port-based VLAN, MAC-based VLAN, protocol-based VLAN, and IP subnet-based VLAN. The port-based VLAN implementation is the basis of all other VLAN implementations. To use any other VLAN implementations, you must configure port-based VLAN settings. You can configure all these types of VLANs on a port at the same time.

  • Page 135: Configuring Basic Settings Of A Vlan Interface

    Configuring basic settings of a VLAN interface You can use VLAN interfaces to provide Layer 3 communication between hosts of different VLANs. VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface. You can assign the VLAN interface an IP address and specify the IP address as the gateway address for the devices in the VLAN, so that traffic can be routed to other IP subnets.

  • Page 136: Vlan Interface Configuration Example

    Step Command Remarks Optional. By default, a VLAN interface is not manually shut down. The VLAN interface is up if one or more ports in the VLAN is up, and goes Cancel the action of down if all ports in the VLAN go down. manually shutting down the undo shutdown A VLAN interface shut down with the...

  • Page 137: Configuring Port-Based Vlans

    [SwitchA] interface vlan-interface 5 [SwitchA-Vlan-interface5] ip address 192.168.0.10 24 [SwitchA-Vlan-interface5] quit # Create VLAN-interface 10 and configure its IP address as 192.168.1.20/24. [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] ip address 192.168.1.20 24 [SwitchA-Vlan-interface10] return Configure the default gateway of PC A as 192.168.0.10. Configure the default gateway of PC B as 192.168.1.20.

  • Page 138: Assigning An Access Port To A Vlan

    VLAN, see "Configuring a voice VLAN." H3C recommends that you set the same PVID ID for local and remote ports. • • Make sure that a port permits the traffic from its PVID to pass through. Otherwise, when the port receives frames tagged with the PVID or untagged frames, the port drops these frames.

  • Page 139: Assigning A Trunk Port To A Vlan

    Step Command Remarks Assign one or a group of port interface-list By default, all ports belong to VLAN 1. access ports to the VLAN. To assign an access port (in interface view) or multiple access ports (in port group view) to a VLAN: Step Command Remarks...

  • Page 140: Assigning A Hybrid Port To A Vlan

    Step Command Remarks Use any command. • The configuration made in Layer 2 Ethernet • Enter Layer 2 Ethernet interface interface view applies only to the port. view: • The configuration made in port group view interface interface-type applies to all ports in the port group. interface-number •...

  • Page 141: Port-Based Vlan Configuration Example

    Step Command Remarks Use any command. • The configuration made in Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet interface • The configuration made in port group view: view applies to all ports in the port group. interface interface-type interface-number •...
  • Page 142 Figure 42 Network diagram Configuration procedure Configure Device A: # Create VLAN 100, and assign port Ethernet 1/0/1 to VLAN 100. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] port ethernet 1/0/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign port Ethernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port ethernet 1/0/2 [DeviceA-vlan200] quit...

  • Page 143: Configuring Mac-Based Vlans

    [DeviceA-Ethernet1/0/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not configured Description: VLAN 0200 Name: VLAN 0200 Tagged Ports: Ethernet1/0/3 Untagged Ports: Ethernet1/0/2 Configuring MAC-based VLANs Introduction to MAC-based VLAN The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is usually used in conjunction with security technologies such as 802.1X to provide secure, flexible network access for terminal devices.
  • Page 144 multiple MAC address-to-VLAN entries, and enable the MAC-based VLAN feature and dynamic MAC-based VLAN assignment on the port. Dynamic MAC-based VLAN assignment uses the following workflows. When the port receives a frame, the port first determines whether the frame is tagged. If yes, the port reports the source MAC address of the frame.

  • Page 145: Configuration Restrictions And Guidelines

    When a port is assigned to the corresponding VLAN in a MAC address-to-VLAN entry, but has not • been assigned to the VLAN by using the port hybrid vlan command, the port sends packets from the VLAN with VLAN tags removed. •...

  • Page 146: Configuration Procedure

    the port trusts the 802.1p priority of incoming packets and your configuration takes effect. For more information about the qos trust dot1p command, see ACL and QoS Command Reference. Configuration procedure To configure static MAC-based VLAN assignment: Step Command Remarks Enter system view.
  • Page 147 MAC-based VLAN mac-vlan trigger enable single MAC addresses preferentially. assignment. When dynamic MAC-based VLAN assignment is enabled, H3C does not recommend configuring the vlan precedence ip-subnet-vlan command, which will make the system assign VLANs based on IP subnets, because the configuration does not take effect.

  • Page 148: Mac-Based Vlan Configuration Example

    MAC-based VLAN configuration example Network requirements As shown in Figure Ethernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and • Laptop 2 are used for meetings and might be used in either of the two meeting rooms. Different departments own Laptop 1 and Laptop 2.
  • Page 149 [DeviceA-vlan100] quit [DeviceA] vlan 200 [DeviceA-vlan200] quit # Associate the MAC address of Laptop 1 with VLAN 100, and associate the MAC address of Laptop 2 with VLAN 200. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure Laptop 1 and Laptop 2 to access the network through Ethernet 1/0/1.

  • Page 150: Configuring Protocol-Based Vlans

    On Device A and Device C, you can see that VLAN 100 is associated with the MAC address of Laptop 1, and VLAN 200 is associated with the MAC address of Laptop 2. [DeviceA] display mac-vlan all The following MAC VLAN addresses exist: S:Static D:Dynamic MAC ADDR...

  • Page 151: Configuration Procedure

    When you use the mode keyword to configure a user-defined protocol template, do not set etype-id • in ethernetii etype etype-id to 0x0800, 0x8137, 0x809b, or 0x86dd. Otherwise, the encapsulation format of the matching packets will be the same as that of the IPv4, IPX, AppleTalk, and IPv6 packets, respectively.

  • Page 152: Protocol-Based Vlan Configuration Example

    Protocol-based VLAN configuration example Network requirements In a lab environment, as shown in Figure 45, most hosts run the IPv4 protocol, and the rest of the hosts run the IPv6 protocol for teaching purposes. To avoid interference, isolate IPv4 traffic and IPv6 traffic at Layer 2.
  • Page 153 [Device] vlan 100 [Device-vlan100] protocol-vlan 1 ipv4 [Device-vlan100] quit # Configure port Ethernet 1/0/1 as a hybrid port that forwards packets of VLANs 100 and 200 untagged. [Device] interface ethernet 1/0/1 [Device-Ethernet1/0/1] port link-type hybrid [Device-Ethernet1/0/1] port hybrid vlan 100 200 untagged Please wait...

  • Page 154: Configuring Ip Subnet-Based Vlans

    VLAN ID Protocol Index Protocol Type ====================================================== ipv4 ipv6 Interface: Ethernet 1/0/2 VLAN ID Protocol Index Protocol Type ====================================================== ipv4 ipv6 Configuration guidelines Protocol-based VLAN configuration applies only to hybrid ports. Configuring IP subnet-based VLANs In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet.

  • Page 155: Ip Subnet-Based Vlan Configuration Example

    Step Command Remarks Use any command. • The configuration made in Ethernet interface view applies only to the port. • The configuration made in port group • Enter Layer 2 Ethernet interface view applies to all ports in the port view: group.
  • Page 156 Configuration consideration Create VLANs 100 and 200. • Associate IP subnets with the VLANs. • • Assign ports to the VLANs. Configuration procedure # Associate IP subnet 192.168.5.0/24 with VLAN 100. <DeviceC> system-view [DeviceC] vlan 100 [DeviceC-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0 [DeviceC-vlan100] quit # Associate IP subnet 192.168.50.0/24 with VLAN 200.

  • Page 157: Displaying And Maintaining Vlan

    Please wait... Done. [DeviceC-Ethernet1/0/12] quit # Associate interface Ethernet 1/0/1 with IP subnet-based VLANs 100 and 200. [DeviceC] interface ethernet 1/0/1 [DeviceC-Ethernet1/0/1] port link-type hybrid [DeviceC-Ethernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceC-Ethernet1/0/1] port hybrid ip-subnet-vlan vlan 100 [DeviceC-Ethernet1/0/1] port hybrid ip-subnet-vlan vlan 200 [DeviceC-Ethernet1/0/1] return Verifying the configurations...
  • Page 158 Task Command Remarks display mac-vlan { all | dynamic | mac-address Display MAC address-to-VLAN mac-address [ mask mac-mask ] | static | vlan Available in any entries. vlan-id } [ | { begin | exclude | include } view regular-expression ] Display all interfaces with display mac-vlan interface [ | { begin | exclude | Available in any...

  • Page 159: Configuring A Super Vlan

    Configuring a super VLAN Overview Super VLAN, also called VLAN aggregation, was introduced to save IP address space. A super VLAN is associated with multiple sub-VLANs. You can create a VLAN interface for a super VLAN and assign an IP address for the VLAN interface. However, you cannot create a VLAN interface for a sub-VLAN.
  • Page 160 You can configure DHCP, Layer 3 multicast, and dynamic routing for the VLAN interface of a super • VLAN. However, only DHCP takes effect. H3C does not recommend configuring VRRP for the VLAN interface of a super VLAN, because it • affects network performance. For more information about VRRP, see High Availability Configuration Guide.

  • Page 161: Displaying And Maintaining Super Vlan

    Displaying and maintaining super VLAN Task Command Remarks Display the mapping between a display supervlan [ supervlan-id ] [ | { begin | Available in any view super VLAN and its sub-VLANs. exclude | include } regular-expression ] Super VLAN configuration example Network requirements As shown in Figure...
  • Page 162 [Sysname-vlan3] port ethernet 1/0/3 ethernet 1/0/4 [Sysname-vlan3] quit # Create VLAN 5, and assign Ethernet 1/0/5 and Ethernet 1/0/6 to it. [Sysname] vlan 5 [Sysname-vlan5] port ethernet 1/0/5 ethernet 1/0/6 [Sysname-vlan5] quit # Configure VLAN 10 as the super VLAN, and configure VLAN 2, VLAN 3, and VLAN 5 as its sub-VLANs.
  • Page 163 IPv4 Subnet Mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: Ethernet1/0/3 Ethernet1/0/4 VLAN ID: 5 VLAN Type: static It is a Sub VLAN. Route Interface: configured IPv4 Address: 10.0.0.1 IPv4 Subnet Mask: 255.255.255.0 Description: VLAN 0005 Name: VLAN 0005 Tagged Ports: none...

  • Page 164: Configuring An Isolate-User-Vlan

    Configuring an isolate-user-VLAN Overview An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, the following types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device. The following are the characteristics of the isolate-user-VLAN implementation: • Isolate-user-VLANs are mainly used for upstream data exchange. An isolate-user-VLAN can be associated with multiple secondary VLANs.

  • Page 165: Configuration Restrictions And Guidelines

    Configure the downlink ports, for example, the ports connecting Device B to hosts in Figure to operate in host mode, so that the downlink ports can be added to the isolate-user-VLAN associated with the secondary VLAN automatically. For more information about the promiscuous and host mode commands, see Layer 2—LAN Switching Command Reference.

  • Page 166: Displaying And Maintaining Isolate-User-Vlan

    Step Command Remarks Enter Layer 2 Ethernet or aggregate interface view: interface interface-type interface-number interface By default, a port does not operate Configure the uplink port for bridge-aggregation in promiscuous mode or host mode the isolate-user-VLAN. interface-number in a VLAN. Configure the port to operate in promiscuous mode in a specific VLAN:...

  • Page 167: Isolate-User-Vlan Configuration Example

    Isolate-user-VLAN configuration example Network requirements As shown in Figure Connect Device A to downstream devices Device B and Device C. • • Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port Ethernet 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3. Assign Ethernet 1/0/2 to VLAN 2 and Ethernet 1/0/1 to VLAN 3.

  • Page 168: Verifying The Configuration

    # Assign downlink ports Ethernet 1/0/1 and Ethernet 1/0/2 to VLAN 3 and VLAN 2, respectively, and configure the ports to operate in host mode. [DeviceB] interface ethernet 1/0/1 [DeviceB-Ethernet1/0/1] port access vlan 3 [DeviceB-Ethernet1/0/1] port isolate-user-vlan host [DeviceB-Ethernet1/0/1] quit [DeviceB] interface ethernet 1/0/2 [DeviceB-Ethernet1/0/2] port access vlan 2 [DeviceB-Ethernet1/0/2] port isolate-user-vlan host...
  • Page 169 Name: VLAN 0005 Tagged Ports: none Untagged Ports: Ethernet1/0/1 Ethernet1/0/2 Ethernet1/0/5 VLAN ID: 2 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0002 Name: VLAN 0002 Tagged Ports: none Untagged Ports: Ethernet1/0/2 Ethernet1/0/5 VLAN ID: 3 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured...

  • Page 170: Configuring A Voice Vlan

    Configuring a voice VLAN Overview A voice VLAN is configured for voice traffic. After assigning the ports that connect to voice devices to a voice VLAN, the system automatically configures quality of service (QoS) parameters for voice traffic, to improve the transmission priority of voice traffic and ensure voice quality. Common voice devices include IP phones and integrated access devices (IADs).

  • Page 171: Automatically Identifying Ip Phones Through Lldp

    Automatically identifying IP phones through LLDP When you use OUI addresses to identify IP phones, the number of OUI addresses that can be configured is limited. Additionally, when there are plenty of IP phones in the network, you must configure many OUI addresses.

  • Page 172: Ip Phone Access Methods

    IP phone access methods Connecting the host and the IP phone in series As shown in Figure 51, the host is connected to the IP phone, and the IP phone is connected to the device. When the host and the IP phone are connected in series, the host and the IP phone must be assigned to different VLANs, and the IP phone must be able to send out VLAN-tagged packets, so that the data traffic and the voice traffic can be distinguished.
  • Page 173 receiving port to the voice VLAN, issues ACL rules, and configures the packet precedence. You can configure a voice VLAN aging time on the device. The system will remove a port from the voice VLAN if no packet is received from the port during the aging time. The system automatically assigns ports to, or removes ports from, a voice VLAN.

  • Page 174: Security Mode And Normal Mode Of Voice Vlans

    MAC addresses checking. TIP: H3C does not recommend transmitting both voice traffic and non-voice traffic in a voice VLAN. If you must transmit both voice traffic and non-voice traffic, make sure that the voice VLAN security mode is disabled.

  • Page 175: Configuration Prerequisites

    Table 18 How a voice VLAN-enabled port processes packets in security and normal mode Voice VLAN Packet type Packet processing mode mode Untagged packets If the source MAC address of a packet matches an OUI address configured for the device, it is forwarded in the voice Packets that carry the voice VLAN;...

  • Page 176: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode

    Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view. interface-number Configure the interface to trust the QoS priority settings in Use either command. incoming voice traffic, but not voice vlan qos trust to modify the CoS and DSCP By default, an interface modifies the CoS values marked for incoming value and the DSCP value marked for voice...

  • Page 177: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode

    Step Command Remarks Optional. Enable the voice VLAN voice vlan security enable By default, the voice VLAN security security mode. mode is enabled. Optional. By default, each voice VLAN has Add a recognizable OUI voice vlan mac-address oui mask default OUI addresses configured. address.

  • Page 178: Enabling Lldp To Automatically Discover Ip Phones

    Step Command Remarks Optional. By default, each voice VLAN has Add a recognizable OUI voice vlan mac-address oui mask default OUI addresses configured. address. oui-mask [ description text ] For the default OUI addresses of different vendors, see Table interface interface-type Enter interface view.

  • Page 179: Configuration Procedure

    Configuration procedure To enable LLDP to automatically discover IP phones: Step Command Remarks Enter system view. system-view Enable LLDP to automatically voice vlan track lldp Disabled by default. discover IP phones. IMPORTANT: When the switch is enabled to automatically discover IP phones through LLDP, you can connect at most •...

  • Page 180: Configuration Procedure

    To identify the voice VLAN advertised by LLDP, execute the display lldp local-information command, and examine the MED information fields in the command output. The LLDP packets that the device send to IP phones carry the priority information, but the CDP packets that the device send to IP phones do not carry the priority information.

  • Page 181: Displaying And Maintaining Voice Vlan

    connected to the IP phone is added to the VLAN assigned to the IP phone as an tagged member and added to the VLAN assigned to the host as a untagged member. Also, the LLDP-MED TLVs that the device sends to the IP phone carry information about the VLAN assigned to the IP phone, so that the voice packets sent out of the IP phone can be forwarded in the server-assigned VLAN with tags.
  • Page 182 Figure 55 Network diagram Configuration procedure # Create VLAN 2 and VLAN 3. <DeviceA> system-view [DeviceA] vlan 2 to 3 Please wait... Done. # Set the voice VLAN aging time to 30 minutes. [DeviceA] voice vlan aging 30 # Since Ethernet 1/0/1 might receive both voice traffic and data traffic at the same time, to ensure the quality of voice packets and effective bandwidth use, configure voice VLANs to operate in security mode.

  • Page 183: Manual Voice Vlan Assignment Mode Configuration Example

    [DeviceA-Ethernet1/0/2] voice vlan mode auto [DeviceA-Ethernet1/0/2] voice vlan 3 enable Verifying the configurations # Display the OUI addresses, OUI address masks, and description strings. <DeviceA> display voice vlan oui Oui Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone...
  • Page 184 Figure 56 Network diagram Configuration procedure # Configure the voice VLAN to operate in security mode. A voice VLAN operates in security mode by default. (Optional) <DeviceA> system-view [DeviceA] voice vlan security enable # Add a recognizable OUI address 001 1-2200-0000. [DeviceA] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test # Create VLAN 2.
  • Page 185 # Display the states of voice VLANs. <DeviceA> display voice vlan state Maximum of Voice VLANs: 128 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE DSCP...

  • Page 186: Configuring Gvrp

    Configuring GVRP The Generic Attribute Registration Protocol (GARP) provides a generic framework for devices in a switched LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes. GVRP uses the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for GVRP devices on the network.
  • Page 187 LeaveAll messages from other participants. If any participants want to maintain the registration for a particular attribute value, they must send a Join message. GARP timers H3C's implementation of GARP uses the following timers to control GARP message transmission: • Hold timer The Hold timer sets the delay that a GARP participant waits before sending a Join or Leave message.
  • Page 188 On a GARP-enabled network, each port maintains its own Hold, Join, and Leave timers, but only • one LeaveAll timer is maintained on each device. This LeaveAll timer applies to all ports on the device. • The value ranges for the Hold, Join, Leave, and LeaveAll timers are dependent on one another. Table 20 for their dependencies.

  • Page 189: Gvrp

    Field Description Value • 0x00—LeaveAll event • 0x01—JoinEmpty event • 0x02—JoinIn event Attribute event Event that the attribute describes • 0x03—LeaveEmpty event • 0x04—LeaveIn event • 0x05—Empty event VLAN ID for GVRP If the value of the attribute event field is Attribute value Attribute value 0x00 (LeaveAll event), the attribute value...

  • Page 190: Configuring Gvrp Functions

    GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes • effect on the current interface only; GVRP configuration made in port group view takes effect on all the member ports in the group. • GVRP configuration made on a member port in an aggregation group takes effect only after the port is removed from the aggregation group.

  • Page 191: Configuring The Garp Timers

    Step Command Remarks Access by default. For more information about the Configure the link type of port link-type trunk port link-type trunk command, the ports as trunk. see Layer 2—LAN Switching Command Reference. By default, a trunk port is assigned to VLAN 1 only. Assign the trunk ports to For more information about the port trunk permit vlan all...

  • Page 192: Displaying And Maintaining Gvrp

    If you want to restore the default settings of the timers, restore the Hold timer first, followed by the • Join, Leave, and LeaveAll timers. Table 20 Dependencies of the GARP timers Timer Lower limit Upper limit Hold 10 centiseconds No greater than half of the Join timer Join No less than twice the Hold timer...
  • Page 193 Device A and Device B are connected through their ports Ethernet 1/0/1. • • Enable GVRP and configure the normal registration mode on ports to enable the registration and deregistration of dynamic and static VLAN information between the two devices. Figure 59 Network diagram Configuration procedure Configure Device A:...

  • Page 194: Gvrp Fixed Registration Mode Configuration Example

    According to the output, information about VLAN 1, static VLAN information of VLAN 2 on the local device, and dynamic VLAN information of VLAN 3 on Device B are all registered through GVRP. # Display the local VLAN information that GVRP maintains on port Ethernet 1/0/1 of Device B. [DeviceB] display gvrp local-vlan interface ethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default),2-3...

  • Page 195: Gvrp Forbidden Registration Mode Configuration Example

    [DeviceB] interface ethernet 1/0/1 [DeviceB-Ethernet1/0/1] port link-type trunk [DeviceB-Ethernet1/0/1] port trunk permit vlan all # Enable GVRP on Ethernet 1/0/1, and set the GVRP registration mode to fixed on the port. [DeviceB-Ethernet1/0/1] gvrp [DeviceB-Ethernet1/0/1] gvrp registration fixed [DeviceB-Ethernet1/0/1] quit # Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration:...
  • Page 196 # Configure port Ethernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface ethernet 1/0/1 [DeviceA-Ethernet1/0/1] port link-type trunk [DeviceA-Ethernet1/0/1] port trunk permit vlan all # Enable GVRP on Ethernet 1/0/1, and set the GVRP registration mode to forbidden on the port. [DeviceA-Ethernet1/0/1] gvrp [DeviceA-Ethernet1/0/1] gvrp registration forbidden [DeviceA-Ethernet1/0/1] quit...

  • Page 197: Configuring Qinq

    Configuring QinQ Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network. Service provider network VLANs (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.

  • Page 198: Qinq Frame Structure

    Figure 62 Typical QinQ application scenario As shown in Figure 62, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20. The service provider assigns SVLAN 3 for customer network A, and assigns SVLAN 4 for customer network B.

  • Page 199: Implementations Of Qinq

    The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. H3C recommends that you increase the MTU of each interface on the service provider network to at least 1504 bytes. For more information about interface MTU configuration, see "Configuring Ethernet...

  • Page 200: Configuring Basic Qinq

    Do not configure QinQ on a reflector port. For more information about reflector ports, see Network • Management and Monitoring Configuration Guide. On a port with basic QinQ enabled, you must configure the port to allow packets from its PVID to •...

  • Page 201: Configuring Selective Qinq

    For VLANs whose packets are to be transparently transmitted through a port, do not configure • VLAN mapping for them on the port. For more information about VLAN mapping, see "Configuring VLAN mapping." Configuration procedure To configure VLAN transparent transmission: Step Command Remarks...

  • Page 202: Configuring An Inner-Outer Vlan 802.1P Priority Mapping

    Step Command Remarks Create a class and enter class traffic classifier classifier-name [ operator By default, the operator view. { and | or } ] of a class is AND. Specify the inner VLAN IDs of if-match customer-vlan-id vlan-id-list matching frames. Return to system view.

  • Page 203: Configuring Inner Vlan Id Substitution

    Step Command Remarks Enter system view. system-view Create a class and enter class traffic classifier classifier-name [ operator By default, the operator of a view. { and | or } ] class is AND. • Match the specified inner VLAN IDs: if-match customer-vlan-id vlan-id-list Configure a match criterion.

  • Page 204: Configuring The Tpid Value In Vlan Tags

    To configure inner VLAN ID substitution: Step Command Remarks Enter system view. system-view By default, the traffic classifier classifier-name [ operator Create a class and enter class view. operator of a class is and ] AND. Configure a match criterion to match if-match customer-vlan-id vlan-id-list the specified inner VLAN IDs.

  • Page 205: Configuring The Cvlan Tpid

    0x8200 and 0x9100 as the CVLAN TPID and SVLAN TPID, respectively. Otherwise, the devices cannot correctly identify tagged frames between them. Configuring the CVLAN TPID Step Command Remarks Enter system view. system-view Configure the TPID value for qinq ethernet-type customer-tag The default setting is 0x8100 for CVLAN tags.
  • Page 206 Figure 64 Network diagram Configuration procedure IMPORTANT: Make sure that you have configured the switches in the service provider network to allow QinQ packets to pass through. Configure PE 1: Configure Ethernet 1/0/1: # Configure Ethernet 1/0/1 as a trunk port and assign it to VLAN 100. <PE1>...
  • Page 207 Configure Ethernet 1/0/3: # Configure Ethernet 1/0/3 as a trunk port and assign it to VLAN 200. [PE1] interface ethernet 1/0/3 [PE1-Ethernet1/0/3] port link-type trunk [PE1-Ethernet1/0/3] port trunk permit vlan 200 # Configure VLAN 200 as the PVID for the port. [PE1-Ethernet1/0/3] port trunk pvid vlan 200 # Enable basic QinQ on the port.

  • Page 208: Vlan Transparent Transmission Configuration Example

    VLAN transparent transmission configuration example Network requirements As shown in Figure The two branches of a company, Site 1 and Site 2, are connected through the service provider • network and uses VLANs 10 through 50. • PE 1 and PE 2 are edge devices on the service provider network and are connected through third-party devices with a TPID value of 0x8200.

  • Page 209: Simple Selective Qinq Configuration Example

    [PE1] interface ethernet 1/0/2 [PE1-Ethernet1/0/2] port link-type trunk [PE1-Ethernet1/0/2] port trunk permit vlan 10 to 50 # Set the TPID value in the outer VLAN tag to 0x8200 on the port. [PE1-Ethernet1/0/2] qinq ethernet-type service-tag 8200 [PE1-Ethernet1/0/2] quit Configure PE 2: Configure Ethernet 1/0/1: # Configure Ethernet 1/0/1 as a trunk port and assign it to VLANs 10 through 50.
  • Page 210 Figure 66 Network diagram Configuration procedure IMPORTANT: Make sure that you have configured the switches in the service provider network to allow QinQ packets to pass through. Configure PE 1: Configure Ethernet 1/0/1: # Configure Ethernet 1/0/1 as a hybrid port to permit frames of VLAN 100 and VLAN 200 to pass through untagged.
  • Page 211 [PE1-behavior-P200] nest top-most vlan-id 200 [PE1-behavior-P200] quit # Create a QoS policy named qinq, associate traffic class A10 with traffic behavior P100, and associate traffic class A20 with traffic behavior P200. [PE1] qos policy qinq [PE1-qospolicy-qinq] classifier A10 behavior P100 [PE1-qospolicy-qinq] classifier A20 behavior P200 [PE1-qospolicy-qinq] quit # Enable basic QinQ on the port.

  • Page 212: Comprehensive Selective Qinq Configuration Example

    # Create a QoS policy named qinq, associate traffic class A10 with traffic behavior P100, and associate traffic class A20 with traffic behavior P200. [PE2] qos policy qinq [PE2-qospolicy-qinq] classifier A10 behavior P100 [PE2-qospolicy-qinq] classifier A20 behavior P200 [PE2-qospolicy-qinq] quit # Enable basic QinQ on the port.
  • Page 213 Figure 67 Network diagram Configuration procedure IMPORTANT: Be sure that you have configured the switches in the service provider network to allow QinQ packets to pass through. Configure PE 1: Configure Ethernet 1/0/1: # Configure Ethernet 1/0/1 as a hybrid port to permit frames of VLAN 100 and VLAN 200 to pass through untagged.
  • Page 214 [PE1-behavior-P200] nest top-most vlan-id 200 [PE1-behavior-P200] quit # Create a QoS policy named qinq, associate traffic class A10 with traffic behavior P100, and associate traffic class A20 with traffic behavior P200. [PE1] qos policy qinq [PE1-qospolicy-qinq] classifier A10 behavior P100 [PE1-qospolicy-qinq] classifier A20 behavior P200 [PE1-qospolicy-qinq] quit # Enable basic QinQ on the port.
  • Page 215 # Set the TPID value in the outer tag to 0x8200. [PE1-Ethernet1/0/2] qinq ethernet-type service-tag 8200 [PE1-Ethernet1/0/2] quit Configure PE 2: Configure Ethernet 1/0/1: # Configure Ethernet 1/0/1 as a hybrid port to permit frames of VLAN 100 and VLAN 200 to pass through untagged.
  • Page 216 [PE2-classifier-A100] if-match customer-vlan-id 30 [PE2-classifier-A100] if-match service-vlan-id 100 [PE2-classifier-A100] quit # Configure traffic behavior T100 to mark matching packets with CVLAN 10. [PE2] traffic behavior T100 [PE2-behavior-T100] remark customer-vlan-id 10 [PE2-behavior-T100] quit # Create class A200 and configure the class to match frames with CVLAN 40 and SVLAN 200.

  • Page 217: Configuring Vlan Mapping

    Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. H3C provides the following types of VLAN mapping: One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN • mapping to sub-classify traffic from a particular VLAN for granular QoS control.

  • Page 218: Application Scenario Of Two-To-Two Vlan Mapping

    Figure 68 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 - > VLAN 101 VLAN 2 - > VLAN 201 VLAN 3 VoIP VLAN 3 - > VLAN 301 Wiring - closet switch VLAN 1 VLAN 1 - >...

  • Page 219: Concepts And Terms

    Figure 69 Application scenario of two-to-two VLAN mapping QinQ or selective QinQ or selective Two-to-two VLAN QinQ QinQ mapping VLAN 10 VLAN 2 Data VLAN 20 VLAN 3 Data PE 1 PE 2 PE 3 PE 4 SP 1 SP 2 VLAN 2 Data VLAN 3...

  • Page 220: Vlan Mapping Implementations

    Downlink traffic—Traffic transmitted from the service provider network to the customer network. • • Network-side port—A port connected to or closer to the service provider network. Customer-side port—A port connected to or closer to the customer network. • Uplink policy—A QoS policy that defines VLAN mapping rules for uplink traffic. •...

  • Page 221: Vlan Mapping Configuration Tasks

    Figure 72 Many-to-one VLAN mapping implementation Each DHCP snooping entry contains information about one DHCP client, including its IP address, MAC address, and CVLAN. For more information about DHCP snooping, see Layer 3—IP Services Configuration Guide. Two-to-two VLAN mapping Implement two-to-two VLAN mapping through the following configurations, as shown in Figure For uplink traffic, apply an inbound policy on the customer-side port to replace the SVLAN with a •...

  • Page 222: Configuring One-To-One Vlan Mapping

    Configuring one-to-one VLAN mapping Perform one-to-one VLAN mapping on wiring-closet switches (see Figure 68) to isolate traffic by both user and traffic type. Perform these tasks to configure one-to-one VLAN mapping: Task Description Configuring an uplink policy Creates CVLAN-to-SVLAN mappings (required). Configuring a downlink policy Creates SVLAN-to-CVLAN mappings (required).

  • Page 223: Configuring The Customer-Side Port

    Step Command Remarks Enter system view. system-view Create a class and enter class traffic classifier tcl-name [ operator view. { and | or } ] Repeat these steps to configure Configure an SVLAN as the if-match service-vlan-id vlan-id one class for each SVLAN. match criterion.

  • Page 224: Configuring The Network-Side Port

    Configuring the network-side port Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter port group view: Enter interface view or port port-group manual group view. port-group-name • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number...

  • Page 225: Configuration Prerequisites

    Task Description Configures VLAN and other settings required for many-to-one Configuring the network-side port VLAN mapping (required). Configuration prerequisites Before configuring many-to-one VLAN mapping: • Make sure that all home users obtain IP addresses through DHCP. For how to assign IP addresses through DHCP, see Layer 3—IP Services Configuration Guide.

  • Page 226: Configuring The Customer-Side Port

    Step Command Remarks Return to system view. quit Create a traffic behavior and traffic behavior behavior-name enter traffic behavior view. Repeat these steps to configure one Configure an SVLAN remark service-vlan-id vlan-id behavior for each SVLAN. marking action. Return to system view. quit Create a QoS policy and qos policy policy-name...

  • Page 227: Configuring The Network-Side Port

    Configuring the network-side port Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number • Configure the port as a trunk port: Use one of the commands.

  • Page 228: Configuring An Uplink Policy For The Customer-Side Port

    Task Description Configuring an uplink policy for the Replaces foreign CVLANs with local CVLANs for uplink traffic network-side port (required). Configuring a downlink policy for the Replaces local SVLANs and CVLANs with foreign SVLANs and customer-side port CVLANs (required). Configures VLAN and other settings required for two-to-two VLAN Configuring the customer-side port mapping (required).

  • Page 229: Configuring A Downlink Policy For The Customer-Side Port

    Step Command Remarks Create a class and enter class traffic classifier tcl-name view. [ operator and ] Specify a foreign CVLAN as a Repeat these steps to create one if-match customer-vlan-id vlan-id match criterion. class for each local SVLAN and foreign CVLAN pair.

  • Page 230: Configuring The Customer-Side Port

    Step Command Remarks Associate the class with the classifier tcl-name behavior Repeat this step to create other behavior. behavior-name class-behavior associations. Configuring the customer-side port Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter interface view or port interface-number group view.

  • Page 231: Vlan Mapping Configuration Examples

    Step Command Remarks • Configure the port as a trunk port: Use one of the commands. port link-type trunk Configure the link type of the The default link type of an Ethernet port. • Configure the port as a hybrid port is access.
  • Page 232 Figure 74 Network diagram Configuration procedure Configure Switch A: # Create the CVLANs and the SVLANs. <SwitchA> system-view [SwitchA] vlan 2 to 3 [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure uplink policies p1 and p2 to enable one SVLAN to transmit one service for one customer.
  • Page 233 [SwitchA-classifier-c1] traffic classifier c2 [SwitchA-classifier-c2] if-match customer-vlan-id 2 [SwitchA-classifier-c2] traffic classifier c3 [SwitchA-classifier-c3] if-match customer-vlan-id 3 [SwitchA-classifier-c3] quit [SwitchA] traffic behavior b1 [SwitchA-behavior-b1] remark service-vlan-id 101 [SwitchA-behavior-b1] traffic behavior b2 [SwitchA-behavior-b2] remark service-vlan-id 201 [SwitchA-behavior-b2] traffic behavior b3 [SwitchA-behavior-b3] remark service-vlan-id 301 [SwitchA-behavior-b3] traffic behavior b4 [SwitchA-behavior-b4] remark service-vlan-id 102 [SwitchA-behavior-b4] traffic behavior b5...
  • Page 234 [SwitchA-behavior-b33] quit [SwitchA] qos policy p11 [SwitchA-policy-p11] classifier c11 behavior b11 [SwitchA-policy-p11] classifier c22 behavior b22 [SwitchA-policy-p11] classifier c33 behavior b33 [SwitchA-policy-p11] quit [SwitchA] qos policy p22 [SwitchA-policy-p22] classifier c44 behavior b11 [SwitchA-policy-p22] classifier c55 behavior b22 [SwitchA-policy-p22] classifier c66 behavior b33 [SwitchA-policy-p22] quit # Assign customer-side port Ethernet 1/0/1 to CVLANs 1 to 3, and SVLANs 101, 201, and 301, and enable basic QinQ, and apply uplink policy p1 to the incoming traffic and downlink policy...
  • Page 235 [SwitchC-vlan301] vlan 102 [SwitchC-vlan102] arp detection enable [SwitchC-vlan102] vlan 202 [SwitchC-vlan202] arp detection enable [SwitchC-vlan202] vlan 302 [SwitchC-vlan302] arp detection enable [SwitchC-vlan302] vlan 103 [SwitchC-vlan103] arp detection enable [SwitchC-vlan103] vlan 203 [SwitchC-vlan203] arp detection enable [SwitchC-vlan203] vlan 303 [SwitchC-vlan303] arp detection enable [SwitchC-vlan303] vlan 104 [SwitchC-vlan104] arp detection enable [SwitchC-vlan104] vlan 204...
  • Page 236 [SwitchC-policy-p1] classifier c1 behavior b1 mode dot1q-tag-manipulation [SwitchC-policy-p1] classifier c2 behavior b2 mode dot1q-tag-manipulation [SwitchC-policy-p1] classifier c3 behavior b3 mode dot1q-tag-manipulation [SwitchC-policy-p1] quit [SwitchC] qos policy p2 [SwitchC-policy-p2] classifier c4 behavior b1 mode dot1q-tag-manipulation [SwitchC-policy-p2] classifier c5 behavior b2 mode dot1q-tag-manipulation [SwitchC-policy-p2] classifier c6 behavior b3 mode dot1q-tag-manipulation [SwitchC-policy-p2] quit # Assign customer-side port Ethernet 1/0/1 to CVLANs 101, 201, 301, 102, 202, 302, and...

  • Page 237: Two-To-Two Vlan Mapping Configuration Example

    Two-to-two VLAN mapping configuration example Network requirements As shown in Figure 75, two VPN A branches, Site 1 and Site 2, are in VLAN 10 and VLAN 30, respectively. The two site use different VPN access services of different service providers, SP 1 and SP 2. SP 1 assigns VLAN 100 for Site 1, and SP 2 assigns VLAN 200 for Site 2.
  • Page 238 Configure PE 3: # Configure an uplink policy down_uplink for customer-side port Ethernet 1/0/1 to substitute SVLAN ID 200 for the SVLAN ID in the incoming traffic tagged with CVLAN 10 and SVLAN 100. <PE3> system-view [PE3] traffic classifier down_uplink [PE3-classifier-down_uplink] if-match customer-vlan-id 10 [PE3-classifier-down_uplink] if-match service-vlan-id 100 [PE3-classifier-down_uplink] quit...
  • Page 239 # Set network-side port Ethernet 1/0/2 as a trunk port, assign it to VLAN 200, and apply uplink policy up_uplink to the outgoing traffic on the port. [PE3] interface ethernet 1/0/2 [PE3-Ethernet1/0/2] port link-type trunk [PE3-Ethernet1/0/2] port trunk permit vlan 200 [PE3-Ethernet1/0/2] qos apply policy up_uplink outbound [PE3-Ethernet1/0/2] quit Configure PE 4:...

  • Page 240: Configuring Lldp

    Configuring LLDP Overview Background In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The IETF drafted the Link Layer Discovery Protocol (LLDP) in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
  • Page 241 Field Description MAC address of the sending port. If the port does not have a MAC address, Source MAC address the MAC address of the sending bridge is used. Type Ethernet type for the upper layer protocol. It is 0x88CC for LLDP. Data LLDPDU.
  • Page 242 TLVs TLVs are type, length, and value sequences that carry information elements. The type field identifies the type of information, the length field measures the length of the information field in octets, and the value field contains the information itself. LLDPDU TLVs fall into the following categories: Basic management TLVs •...
  • Page 243 NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. H3C devices send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.

  • Page 244: How Lldp Works

    Type Description Allows a network device or terminal device to advertise power supply Extended Power-via-MDI capability. This TLV is an extension of the Power Via MDI TLV. Hardware Revision Allows a terminal device to advertise its hardware version. Firmware Revision Allows a terminal device to advertise its firmware version.

  • Page 245: Protocols And Standards

    This is the fast sending mechanism of LLDP. With this mechanism, a specific number of LLDPDUs are sent successively at 1-second intervals, to help LLDP neighbors discover the local device as soon as possible. Then, the normal LLDPDU transmit interval resumes. Receiving LLDPDUs An LLDP-enabled port that is operating in TxRx mode or Rx mode checks the validity of TLVs carried in every received LLDPDU.

  • Page 246: Setting The Lldp Operating Mode

    Step Command Remarks Enter system view. system-view By default, LLDP is globally Enable LLDP globally. lldp enable enabled. • Enter Layer 2/Layer 3 Ethernet interface view: Enter Ethernet interface interface interface-type interface-number Use either command. view or port group view. •...

  • Page 247: Enabling Lldp Polling

    Enabling LLDP polling With LLDP polling enabled, a device periodically searches for local configuration changes. On detecting a configuration change, the device sends LLDPDUs to inform neighboring devices of the change. To enable LLDP polling: Step Command Remarks Enter system view. system-view •...

  • Page 248: Configuring The Management Address And Its Encoding Format

    Configuring the management address and its encoding format LLDP encodes management addresses in numeric or character string format in management address TLVs. By default, management addresses are encoded in numeric format. If a neighbor encoded its management address in character string format, you must configure the encoding format of the management address as string on the connecting port to guarantee normal communication with the neighbor.

  • Page 249: Setting An Encapsulation Format For Lldpdus

    As the expression shows, the TTL can be up to 65535 seconds. TTLs greater than 65535 will be rounded down to 65535 seconds. Configuration restrictions and guidelines • To make sure that LLDP neighbors can receive LLDPDUs to update information about the current device before it ages out, configure both the LLDPDU transmit interval and delay to be less than the TTL.

  • Page 250: Configuring Cdp Compatibility

    Step Command Remarks • Enter Layer 2/Layer 3 Ethernet interface view: Enter Ethernet interface interface interface-type interface-number Use either command. view or port group view. • Enter port group view: port-group manual port-group-name Set the encapsulation Ethernet II encapsulation format for LLDPDUs to lldp encapsulation snap format applies by default.

  • Page 251: Configuration Prerequisites

    information a bout the display lldp neighbor-information command, see Layer 2—LAN Switching Command Reference. To make your device work with Cisco IP phones, you must enable CDP compatibility. If your LLDP-enabled device cannot recognize CDP packets, it does not respond to the requests of Cisco IP phones for the voice VLAN ID configured on the device.

  • Page 252: Configuring Lldp Trapping

    Step Command Remarks Configure CDP-compatible LLDP to operate in TxRx lldp compliance admin-status cdp txrx Disable mode by default. mode. Configuring LLDP trapping LLDP trapping notifies the network management system (NMS) of events such as newly-detected neighboring devices and link malfunctions. LLDP traps are sent periodically, and the interval is configurable.

  • Page 253: Lldp Configuration Examples

    Task Command Remarks display lldp tlv-config [ interface interface-type Display types of advertisable Available in any interface-number ] [ | { begin | exclude | include } optional LLDP TLVs. view regular-expression ] LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure...

  • Page 254: Verify The Configuration

    # Enable LLDP on Ethernet1/0/1. (You can skip this step because LLDP is enabled on ports by default.) Set the LLDP operating mode to Tx. [SwitchB] interface ethernet 1/0/1 [SwitchB-Ethernet1/0/1] lldp enable [SwitchB-Ethernet1/0/1] lldp admin-status tx [SwitchB-Ethernet1/0/1] quit Verify the configuration: # Display the global LLDP status and port LLDP status on Switch A.

  • Page 255: Cdp-Compatible Lldp Configuration Example

    [SwitchA] display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 1 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days,0 hours,5 minutes,20 seconds Transmit interval : 30s Hold multiplier Reinit delay : 2s Transmit delay...
  • Page 256 Figure 80 Network diagram Configuration procedure Configure a voice VLAN on Switch A: # Create VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] quit # Set the link type of Ethernet 1/0/1 and Ethernet 1/0/2 to trunk and enable voice VLAN on them.
  • Page 257 Platform : Cisco IP Phone 7960 Duplex : Full CDP neighbor-information of port 2[Ethernet1/0/2]: CDP neighbor index : 2 Chassis ID : SEP00141CBCDBFF Port ID : Port 1 Sofrware version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full As the sample output shows, Switch A has discovered the IP phones connected to Ethernet 1/0/1 and Ethernet 1/0/2, and has obtained their LLDP device information.

  • Page 258: Configuring A Service Loopback Group

    Configuring a service loopback group Overview To increase traffic redirecting throughput, you can bundle multiple Ethernet ports of a device together to increase bandwidth and implement load sharing. These ports that act as a logical link form a service loopback group. A service loopback group must contain at least one Ethernet port as its member port, called a service loopback port.

  • Page 259: Configuration Restrictions And Guidelines

    Figure 81 Setting the state of each member port in a service loopback group NOTE: Every time a new port is assigned to a service loopback group, the system resets the state of the member ports in the service loopback group according to the process described previously. Configuration restrictions and guidelines •...

  • Page 260: Displaying And Maintaining Service Loopback Groups

    Step Command Remarks By default, a port does not belong to any Assign the Ethernet service loopback group. interface to the port service-loopback group You can configure this command on specified service number different ports to assign multiple ports to a loopback group.
  • Page 261 [DeviceA-Ethernet1/0/3] undo ndp enable [DeviceA-Ethernet1/0/3] port service-loopback group 1 [DeviceA-Ethernet1/0/3] quit # Create logical interface Tunnel 1 and reference service loopback group 1 on Tunnel 1. [DeviceA] interface tunnel 1 [DeviceA-Tunnel1] service-loopback-group 1...

  • Page 262: Configuring Mvrp

    Configuring MVRP Overview Multiple Registration Protocol (MRP) is an attribute registration protocol and transmits attribute messages. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. MVRP propagates and learns VLAN configuration among devices. MVRP enables a device to propagate the local VLAN configuration to the other devices, receive VLAN configuration from other devices, and dynamically update the local VLAN configuration (including the active VLANs and the ports through which a VLAN can be reached).
  • Page 263 MVRP registers and deregisters VLAN attributes as follows: • When a port receives the declaration of a VLAN attribute, the port registers the VLAN and joins the VLAN. When a port receives the withdrawal of a VLAN attribute, the port deregisters the VLAN and leaves •...

  • Page 264: Mvrp Registration Modes

    MRP timers The implementation of MRP uses the following timers to control MRP message transmission. • Periodic timer On startup, an MRP participant starts its own Periodic timer to control MRP message transmission. The MRP participant collects the MRP messages to be sent before the Periodic timer expires, and sends the MRP messages in as few packets as possible when the Periodic timer expires and meanwhile restarts the Periodic timer.

  • Page 265: Protocols And Standards

    Fixed • An MVRP participant in fixed registration mode disables deregistering dynamic VLANs, sends declarations for dynamic VLANs and static VLANs, and drops received MVRP protocol packets. As a result, an MVRP participant port in fixed registration mode does not deregister or register dynamic VLANs.

  • Page 266: Configuration Procedure

    duplicates. For more information about port mirroring, see Network Management and Monitoring Configuration Guide. Enabling MVRP on a Layer 2 aggregate interface enables both the aggregate interface and all • Selected member ports in the link aggregation group to participate in dynamic VLAN registration and deregistration.

  • Page 267: Configuring Mrp Timers

    Step Command Remarks Optional. Configure the MVRP mvrp registration { fixed | The default setting is normal registration mode. forbidden | normal } registration mode. Configuring MRP timers CAUTION: The MRP timers apply to all MRP applications, for example, MVRP, on a port. To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.

  • Page 268: Enabling Gvrp Compatibility

    MSTP. When MVRP with GVRP compatibility enabled works with MSTP, the network might operate improperly. When GVRP compatibility is enabled for MVRP, H3C recommends disabling the Period timer. • Otherwise, the VLAN status might frequently change when the system is busy.

  • Page 269: Configuration Example For Mvrp In Normal Registration Mode

    Task Command Remarks display mvrp statistics [ interface Display the MVRP statistics. interface-list ] [ | { begin | exclude | Available in any view include } regular-expression ] Display the dynamic VLAN display mvrp vlan-operation interface operation information of interface-type interface-number [ | { begin Available in any view the specified port.

  • Page 270: Configuration Procedure

    Figure 83 Network diagram Configuration procedure Configuring Device A # Enter MST region view. <DeviceA> system-view [DeviceA] stp region-configuration # Configure the MST region name, VLAN-to-instance mappings, and revision level. [DeviceA-mst-region] region-name example [DeviceA-mst-region] instance 1 vlan 10 [DeviceA-mst-region] instance 2 vlan 20 [DeviceA-mst-region] revision-level 0 # Manually activate the MST region configuration.
  • Page 271 # Globally enable MVRP. [DeviceA] mvrp global enable # Configure port Ethernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface ethernet 1/0/1 [DeviceA-Ethernet1/0/1] port link-type trunk [DeviceA-Ethernet1/0/1] port trunk permit vlan all # Enable MVRP on port Ethernet 1/0/1. [DeviceA-Ethernet1/0/1] mvrp enable [DeviceA-Ethernet1/0/1] quit # Configure port Ethernet1/0/2 as a trunk port, and configure it to permit VLAN 40.
  • Page 272 [DeviceB] mvrp global enable # Configure port Ethernet 1/0/1 as a trunk port, and configure it to permit VLANs 20 and 40. [DeviceB] interface ethernet 1/0/1 [DeviceB-Ethernet1/0/1] port link-type trunk [DeviceB-Ethernet1/0/1] port trunk permit vlan 20 40 # Enable MVRP on port Ethernet 1/0/1. [DeviceB-Ethernet1/0/1] mvrp enable [DeviceB-Ethernet1/0/1] quit # Configure port Ethernet1/0/2 as a trunk port, and configure it to permit all VLANs.
  • Page 273 # Configure port Ethernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceC] interface ethernet 1/0/1 [DeviceC-Ethernet1/0/1] port link-type trunk [DeviceC-Ethernet1/0/1] port trunk permit vlan all # Enable MVRP on port Ethernet 1/0/1. [DeviceC-Ethernet1/0/1] mvrp enable [DeviceC-Ethernet1/0/1] quit # Configure port Ethernet1/0/2 as a trunk port, and configure it to permit all VLANs.
  • Page 274 [DeviceD-Ethernet1/0/2] quit Verifying the configuration Verify the normal registration mode configuration: Use the display mvrp running-status command to display the local MVRP VLAN information to verify whether the configuration takes effect. # Check the local VLAN information on Device A. [DeviceA] display mvrp running-status -------[MVRP Global Info]------- Global Status...
  • Page 275 # Check the local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[Ethernet1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer...
  • Page 276 ----[Ethernet1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Local VLANs : 1(default), 10, 20, ----[Ethernet1/0/2]---- Config Status : Enabled...
  • Page 277 Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Local VLANs : 1(default), The output shows that: Port Ethernet 1/0/1 has learned VLAN 1 and dynamic VLAN 20 created on Device B through MVRP. Port Ethernet1/0/2 has learned only VLAN 1 through MVRP. Change the registration mode and verify the configuration: Set the MVRP registration mode to fixed on Ethernet 1/0/3 of Device B, so that the dynamic VLANs that Device B learns in VLAN 1 are not de-registered.
  • Page 278 Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Fixed Local VLANs : 1(default), 10, The output shows that the dynamic VLAN information on Ethernet 1/0/3 is not changed after you set the MVRP registration mode to fixed on Ethernet 1/0/3.

  • Page 279: Index

    Index A B C D E G I L M O P Q R S V Configuring No Agreement Check,95 Configuring one-to-one VLAN mapping,207 Assigning a port to the isolation group,59 Configuring path costs of ports,85 Configuring port-based VLANs,122 Configuring protection functions,98 BPDU tunneling configuration examples,1 14...
  • Page 280 Displaying and maintaining Ethernet link aggregation,51 MAC address table configuration example,29 Displaying and maintaining GVRP,177 MAC Information configuration example,33 Displaying and maintaining isolate-user-VLAN,151 Methods of identifying IP phones,155 Displaying and maintaining LLDP,237 MSTP,68 Displaying and maintaining loopback and null MVRP configuration task list,250 interfaces,19 Displaying and maintaining MAC address...
  • Page 281 VLAN mapping configuration examples,216 Voice VLAN configuration examples,166 VLAN mapping configuration tasks,206...

Table of Contents