HPE FlexNetwork 5130 HI Series Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexNetwork 5130 HI SERIES
  6. Configuration manual

HPE FlexNetwork 5130 HI Series Configuration Manual

Hide thumbs Also See for FlexNetwork 5130 HI Series:
Table of Contents

Advertisement

Quick Links

HPE FlexNetwork 5130 HI Switch Series
Layer 2—LAN Switching

Configuration Guide

Part number: 5998-8409a
Software version: Release 11xx
Document version: 6W101-20161221

Advertisement

Table of Contents
loading

Related Manuals for HPE FlexNetwork 5130 HI Series

Summary of Contents for HPE FlexNetwork 5130 HI Series

  • Page 1: Configuration Guide

    HPE FlexNetwork 5130 HI Switch Series Layer 2—LAN Switching Configuration Guide Part number: 5998-8409a Software version: Release 11xx Document version: 6W101-20161221...
  • Page 2 © Copyright 2015, 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Configuring Ethernet interfaces ······································································ 1   Configuring a management Ethernet interface ·································································································· 1   Ethernet interface naming conventions ·············································································································· 1   Configuring common Ethernet interface settings ······························································································· 1   Configuring basic settings of an Ethernet interface ···················································································· 1   Configuring jumbo frame support ···············································································································...
  • Page 4 Network requirements ······························································································································ 29   Configuration procedure ··························································································································· 29   Verifying the configuration ························································································································ 30   Configuring MAC Information ········································································ 31   Enabling MAC Information ······························································································································· 31   Configuring the MAC Information mode ··········································································································· 31   Configuring the MAC change notification interval ···························································································· 32  ...
  • Page 5 Configuration procedure ··························································································································· 62   Verifying the configuration ························································································································ 62   Configuring spanning tree protocols ····························································· 64   STP ·································································································································································· 64   STP protocol packets ······························································································································· 64   Basic concepts in STP ····························································································································· 64   Calculation process of the STP algorithm ································································································ 65  ...
  • Page 6 Configuration restrictions and guidelines ································································································· 98   Configuration procedure ··························································································································· 98   Configuring protection functions ······················································································································ 98   Enabling BPDU guard ······························································································································ 99   Enabling root guard ·································································································································· 99   Enabling loop guard ······························································································································· 100   Configuring port role restriction ·············································································································· 100  ...
  • Page 7 Configuring super VLANs ··········································································· 140   Super VLAN configuration task list ················································································································ 140   Creating a sub-VLAN ····································································································································· 140   Configuring a super VLAN ····························································································································· 140   Configuring a super VLAN interface ·············································································································· 141   Displaying and maintaining super VLANs ······································································································ 141  ...
  • Page 8 Setting MRP timers ········································································································································ 181   Enabling GVRP compatibility ························································································································· 182   Displaying and maintaining MVRP ················································································································· 182   MVRP configuration example ························································································································ 182   Network requirements ···························································································································· 182   Configuration procedure ························································································································· 183   Verifying the configuration ······················································································································ 186  ...
  • Page 9 Configuring LLDP trapping and LLDP-MED trapping ···················································································· 237   Displaying and maintaining LLDP ·················································································································· 237   LLDP configuration examples ························································································································ 238   Basic LLDP configuration example ········································································································ 238   CDP-compatible LLDP configuration example ······················································································· 242   Configuring service loopback groups ·························································· 245  ...

  • Page 10: Configuring Ethernet Interfaces

    Configuring Ethernet interfaces The switch series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide. This document describes how to configure management Ethernet interfaces and Ethernet interfaces. Configuring a management Ethernet interface A management interface uses an RJ-45 connector.

  • Page 11: Configuring Jumbo Frame Support

    { 10 | 100 | 1000 | 10000 Set the port speed. Reference. | 40000 | auto } Interfaces on an HPE 5130/5510 10GbE SFP+ 2-port Module (JH157A) or HPE 5130/5510 10GBASE-T 2-port Module (JH156A) interface card support only the 10000 keyword.

  • Page 12: Configuring Physical State Change Suppression On An Ethernet Interface

    Configuring physical state change suppression on an Ethernet interface IMPORTANT: Do not configure physical state change suppression on an Ethernet interface that has RRPP, MSTP, or Smart Link enabled. The physical link state of an Ethernet interface is either up or down. Each time the physical link of a port comes up or goes down, the interface immediately reports the change to the CPU.

  • Page 13: Configuring Generic Flow Control On An Ethernet Interface

    Loopback tests include the following types: • Internal loopback test—Tests all on-chip functions related to the Ethernet interface. • External loopback test—Tests the hardware of the Ethernet interface. To perform an external loopback test on the Ethernet interface, connect a loopback plug to the Ethernet interface. The switch sends test packets out of the interface, which are expected to loop over the plug and back to the interface.

  • Page 14: Enabling Energy Saving Features On An Ethernet Interface

    Step Command Remarks Enter Ethernet interface interface interface-type view. interface-number • Enable TxRx mode generic flow control: flow-control Enable generic flow By default, generic flow control is • Enable Rx mode generic control. disabled on an Ethernet interface. flow control: flow-control receive enable...

  • Page 15: Setting The Statistics Polling Interval

    Step Command Remarks Enter Ethernet interface interface interface-type view. interface-number Enable energy default, energy eee enable saving. saving is disabled. Setting the statistics polling interval To set the statistics polling interval in Ethernet interface view: Step Command Remarks Enter system view. system-view Enter Ethernet interface interface...

  • Page 16: Configuring Storm Control On An Ethernet Interface

    storm-constrain, broadcast-suppression, multicast-suppression, unicast-suppression commands can suppress storm on a port. The broadcast-suppression, multicast-suppression, and unicast-suppression commands suppress traffic in hardware. They have less impact on device performance than the storm-constrain command, which performs suppression in software. Configuration guidelines For the same type of traffic, do not configure the storm constrain command together with any of the commands.
  • Page 17 Depending on your configuration, when a particular type of traffic exceeds its upper threshold, the interface does either of the following: • Blocks this type of traffic, while forwarding other types of traffic—Even though the interface does not forward the blocked traffic, it still counts the traffic. When the blocked traffic drops below the lower threshold, the port begins to forward the traffic.

  • Page 18: Forcibly Bringing Up A Fiber Port

    Step Command Remarks from the upper threshold. Forcibly bringing up a fiber port CAUTION: The following operations on a fiber port will cause link updown events before the port finally stays up: • Configure the port up-mode command and the speed or duplex command at the same time. •...

  • Page 19: Setting The Mdix Mode Of An Ethernet Interface

    • The port up-mode command is mutually exclusive with either of the shutdown and commands. • A GE fiber port cannot correctly forward traffic if you configure the port up-mode command on the port and install an electro-optical module, 100/1000-Mbps transceiver module, or 100-Mbps transceiver module into the port.

  • Page 20: Testing The Cable Connection Of An Ethernet Interface

    Step Command Remarks By default, a copper Ethernet Set the MDIX mode of the mdix-mode { automdix | mdi | interface operates in auto mode to Ethernet interface. mdix } negotiate pin roles with its peer. Testing the cable connection of an Ethernet interface IMPORTANT: •...
  • Page 21 Task Command [ interface-type [ interface-number ] ] Display traffic rate statistics of interfaces display counters rate { inbound | outbound } interface in up state over the last sampling interval. [ interface-type [ interface-number ] ] Display the operational and status information of the specified interface or display interface [ interface-type [ interface-number ] ] all interfaces.

  • Page 22: Configuring Loopback, Null, And Inloopback Interfaces

    Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.

  • Page 23: Configuring An Inloopback Interface

    applying an ACL. For example, if you specify a null interface as the next hop of a static route to a network segment, any packets routed to the network segment are dropped. To configure a null interface: Step Command Remarks Enter system view.

  • Page 24: Bulk Configuring Interfaces

    Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces. Configuration restrictions and guidelines When you bulk configure interfaces in interface range view, follow these restrictions and guidelines: •...

  • Page 25: Displaying And Maintaining Bulk Interface Configuration

    Step Command Remarks • interface range interface-type interface-number By using the interface range name interface-type command, you assign a name to an interface-number ] } &<1-24> Enter interface range interface range and can specify this view. • interface range name name name rather than the interface range [ interface { interface-type to enter the interface range view.

  • Page 26: Configuring The Mac Address Table

    Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table. •...

  • Page 27: Mac Address Table Configuration Task List

    • Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.

  • Page 28: Configuring Mac Address Entries

    Configuring MAC address entries Configuration guidelines • You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address. • The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive a reboot if you do not save the configuration.

  • Page 29: Adding Or Modifying A Blackhole Mac Address Entry

    Step Command Remarks interface view: interface bridge-aggregation interface-number By default, no MAC address entry is configured on an interface. Add or modify a static or mac-address { dynamic | static } Make sure you have created the dynamic MAC address entry. mac-address vlan vlan-id VLAN and assigned the interface to the VLAN.

  • Page 30: Disabling Mac Address Learning

    You can configure a multiport unicast MAC address entry globally or on an interface. Configuring a multiport unicast MAC address entry globally Step Command Remarks Enter system view. system-view By default, no multiport unicast MAC address entry is configured mac-address multiport globally.

  • Page 31: Disabling Mac Address Learning On An Interface

    Disabling MAC address learning on an interface When global MAC address learning is enabled, you can disable MAC address learning on a single interface. To disable MAC address learning on an interface: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface...

  • Page 32: Configuring The Mac Learning Limit On An Interface

    An interval that is too short might result in removal of valid entries, which would cause unnecessary floods and possibly affect the device performance. To reduce floods on a stable network, set a long aging timer or disable the timer to prevent dynamic entries from unnecessarily aging out.

  • Page 33: Assigning Mac Learning Priority To An Interface

    Step Command Remarks • Enter Layer Ethernet interface view. interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view. interface bridge-aggregation interface-number Configure device By default, the device can forward forward unknown frames unknown frames received on an mac-address max-mac-count received on the interface...

  • Page 34: Enabling Mac Address Synchronization

    Enabling MAC address synchronization To avoid unnecessary floods and improve forwarding speed, make sure all member devices have the same MAC address table. After you enable MAC address synchronization, each member device advertises learned MAC address entries to other member devices. As shown in Figure •...

  • Page 35: Enable Mac Address Move Notifications

    Figure 4 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization: Step Command Remarks Enter system view. system-view Enable address default, address mac-address mac-roaming synchronization. synchronization is disabled. enable Enable MAC address move notifications The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist: •...

  • Page 36: Enabling Arp Fast Update For Mac Address Moves

    Step Command Remarks Enter system view. system-view By default, MAC address move notifications are disabled. If you do not specify a detection interval, the default setting of 1 minute is used. Enable MAC address After execute this move notifications and command, the system sends mac-address notification mac-move only log messages to the...

  • Page 37: Enabling Snmp Notifications For The Mac Address Table

    Figure 5 ARP fast update application scenario To enable ARP fast update for MAC address moves: Step Command Remarks Enter system system-view view. Enable ARP fast By default, ARP fast update for update for MAC mac-address mac-move fast-update MAC address moves is disabled. address moves.

  • Page 38: Mac Address Table Configuration Example

    Task Command display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | Display address table static ] [ interface interface-type interface-number ] | blackhole | information. multiport ] [ vlan vlan-id ] [ count ] ] Display the aging timer for dynamic display mac-address aging-time MAC address entries.

  • Page 39: Verifying The Configuration

    <Device> system-view [Device] mac-address static 000f-e235-dc71 interface gigabitethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1. [Device] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer to 500 seconds for dynamic MAC address entries. [Device] mac-address timer aging 500 Verifying the configuration # Display the static MAC address entries for interface GigabitEthernet 1/0/1.

  • Page 40: Configuring Mac Information

    Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor users leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.

  • Page 41: Configuring The Mac Change Notification Interval

    To configure the MAC Information mode: Step Command Remarks Enter system view. system-view Configure mac-address information mode The default setting is trap. Information mode. { syslog | trap } Configuring the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value.

  • Page 42: Configuration Restrictions And Guidelines

    Figure 7 Network diagram Configuration restrictions and guidelines When you edit the file /etc/syslog.conf, follow these restrictions and guidelines: • Comments must be on a separate line and must begin with a pound sign (#). • No redundant spaces are allowed after the file name. •...
  • Page 43 # Device configuration messages local4.info /var/log/Device/info.log In this configuration, local4 is the name of the logging facility that the log host uses to receive logs, and info is the informational level. The UNIX system records the log information that has a severity level of at least informational to the file /var/log/Device/info.log.

  • Page 44: Configuring Ethernet Link Aggregation

    Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.

  • Page 45: Operational Key

    The port does not receive LACPDUs from its peer port. Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key.

  • Page 46: Aggregating Links In Static Mode

    • Static aggregation mode—Aggregation is stable. The aggregation state of the member ports are not affected by the peer ports. • Dynamic aggregation mode—The peering system automatically maintains the aggregation state of the member ports, which reduces the administrators' workload. An aggregation group in static mode is called a "static aggregation group"...

  • Page 47: Aggregating Links In Dynamic Mode

    Figure 9 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Operational key/attribute configurations same as the reference port? More candidate ports than max.

  • Page 48: How Dynamic Link Aggregation Works

    Table 2 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP Basic LACP functions priority, system MAC address, port priority, port number, and operational key. Implemented by extending the LACPDU with new TLV fields. This is how the LACP MAD mechanism of the IRF feature is implemented.
  • Page 49 The local system (the actor) and the remote system (the partner) negotiate a reference port by using the following workflow: The two systems determine the system with the smaller system ID. A system ID contains the system LACP priority and the system MAC address. a.
  • Page 50 Figure 10 Setting the state of a member port in a dynamic aggregation group The system with the higher system ID is aware of the aggregation state changes on the remote system. The system sets the aggregation state of local member ports the same as their peer ports. When you aggregate interfaces in dynamic mode, follow these guidelines: •...

  • Page 51: Edge Aggregate Interface

    For more information about configuring the maximum number of Selected ports in a dynamic aggregation group, see "Setting the minimum and maximum numbers of Selected ports for an aggregation group." Edge aggregate interface Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device.

  • Page 52: Configuring An Aggregation Group

    Tasks at a glance (Optional.) Configuring load balancing for link aggregation group: • Setting load sharing modes for link aggregation groups • Enabling local-first load sharing for link aggregation • Configuring per-flow load sharing algorithm settings for Ethernet link aggregation Enabling link-aggregation traffic redirection Configuring an aggregation group This section explains how to configure an aggregation group.

  • Page 53: Configuring A Dynamic Aggregation Group

    Step Command Remarks a. Enter Layer 2 Ethernet interface view: interface interface-type Repeat these two sub-steps to interface-number Assign an interface to the assign more Layer 2 Ethernet specified Layer b. Assign the interface to interfaces aggregation aggregation group. the specified Layer 2 group.

  • Page 54: Configuring An Aggregate Interface

    Step Command Remarks By default, the long LACP timeout Set the short LACP timeout interval (90 seconds) is adopted interval (3 seconds) for the lacp period short by the interface. The peer sends interface. LACPDUs slowly. Configuring an aggregate interface Most configurations that can be made on Layer 2 Ethernet interfaces can also be made on Layer 2 aggregate interfaces.

  • Page 55: Setting The Minimum And Maximum Numbers Of Selected Ports For An Aggregation Group

    Setting the minimum and maximum numbers of Selected ports for an aggregation group IMPORTANT: The minimum and maximum numbers of Selected ports must be the same for the local and peer aggregation groups. The bandwidth of an aggregate link increases as the number of Selected member ports increases. To avoid congestion, you can set the minimum number of Selected ports required for bringing up an aggregate interface.

  • Page 56: Configuring An Edge Aggregate Interface

    Step Command Remarks view. interface-number default, expected Set the expected bandwidth bandwidth kbps) bandwidth bandwidth-value for the interface. interface baud rate divided by 1000. Configuring an edge aggregate interface When you configure an edge aggregate interface, follow these restrictions and guidelines: •...

  • Page 57: Shutting Down An Aggregate Interface

    Configuration restrictions and guidelines When you enable BFD for an aggregation group, follow these restrictions and guidelines: • Make sure the source and destination IP addresses are consistent at the two ends of an aggregate link. For example, if you execute link-aggregation bfd ipv4 source 1.1.1.1 destination 2.2.2.2 on the local end, execute link-aggregation bfd ipv4 source 2.2.2.2 destination 1.1.1.1 on the peer end.

  • Page 58: Configuring Load Sharing For Link Aggregation Groups

    Step Command Enter system view. system-view Enter aggregate interface view. interface bridge-aggregation interface-number Restore the default settings for the default aggregate interface. Configuring load sharing for link aggregation groups Setting load sharing modes for link aggregation groups You can set the global or group-specific load sharing mode. A link aggregation group preferentially uses the group-specific load sharing mode.

  • Page 59: Configuring Per-Flow Load Sharing Algorithm Settings For Ethernet Link Aggregation

    Figure 11 Load sharing for multiswitch link aggregation in an IRF fabric The egress port for a traffic flow is an aggregate interface that has Selected ports on different IRF member switches Local-first load sharing mechanism enabled? Any Selected ports on the ingress switch? Packets are load shared only Packets are load shared across...

  • Page 60: Enabling Link-Aggregation Traffic Redirection

    Step Command Remarks Enter system view. system-view link-aggregation global Configure the load sharing By default, algorithm 0 is used. load-sharing algorithm algorithm. algorithm-number Configure the load sharing By default, algorithm seed 0 is link-aggregation global algorithm seed. used. load-sharing seed seed-number Enabling link-aggregation traffic redirection IMPORTANT: In Release 1111, this feature is supported only in system view.

  • Page 61: Displaying And Maintaining Ethernet Link Aggregation

    Step Command Remarks enable To enable link-aggregation traffic redirection for an aggregation group: Step Command Remarks Enter system view. system-view Enter aggregate interface interface bridge-aggregation view. interface-number Enable link-aggregation By default, link-aggregation traffic link-aggregation lacp traffic redirection for the redirection is disabled for an traffic-redirect-notification aggregation group.
  • Page 62 • Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end. • Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end. Figure 12 Network diagram VLAN 10 VLAN 10...

  • Page 63: Layer 2 Dynamic Aggregation Configuration Example

    Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,...
  • Page 64 Configuration procedure Configure Device A: # Create VLAN 10, and assign the port GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit...

  • Page 65: Layer 2 Aggregation Load Sharing Configuration Example

    Port Status Priority Oper-Key Flag -------------------------------------------------------------------------------- GE1/0/1 32768 {ACDEF} GE1/0/2 32768 {ACDEF} GE1/0/3 32768 {ACDEF} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- GE1/0/1 32768 0x8000, 000f-e267-57ad {ACDEF} GE1/0/2 32768 0x8000, 000f-e267-57ad {ACDEF} GE1/0/3 32768 0x8000, 000f-e267-57ad {ACDEF} The output shows that: •...
  • Page 66 <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/5 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 1/0/6 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/6 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1. [DeviceA] interface bridge-aggregation 1 # Configure Layer 2 aggregation group 1 to load share packets based on source MAC addresses.

  • Page 67: Layer 2 Edge Aggregate Interface Configuration Example

    Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Bridge-Aggregation1...
  • Page 68 Figure 15 Network diagram Configuration procedure # Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic. <Device> system-view [Device] interface bridge-aggregation 1 [Device-Bridge-Aggregation1] link-aggregation mode dynamic # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface. [Device-Bridge-Aggregation1] lacp edge-port [Device-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to link aggregation group 1.
  • Page 69 The output shows that GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in Individual state when they do not receive LACPDUs from the server. Both GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 can forward traffic. When one port fails, its traffic is automatically switched to the other port.

  • Page 70: Configuring Port Isolation

    Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group The device supports multiple isolation groups, which can be configured manually.

  • Page 71: Port Isolation Configuration Example

    Port isolation configuration example Network requirements As shown in Figure 16, configure port isolation on the device to meet the following requirements: • The hosts can access the Internet. • The hosts cannot communicate with each other at Layer 2. Figure 16 Network diagram Internet GE1/0/4...
  • Page 72 GigabitEthernet1/0/2 GigabitEthernet1/0/3 The output shows that interfaces GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to isolation group 2. As a result, Host A, Host B, and Host C are isolated from each other at layer 2.

  • Page 73: Configuring Spanning Tree Protocols

    Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).

  • Page 74: Calculation Process Of The Stp Algorithm

    Upon initialization of a network, each device generates and periodically sends configuration BPDUs, with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs. The other devices only forward the BPDUs. Root port On a non-root bridge, the port nearest to the root bridge is the root port.
  • Page 75 Calculation process The STP algorithm uses the following calculation process: Initialize the network. Upon initialization of a device, each port generates a BPDU with the following contents: The port as the designated port. The device as the root bridge. 0 as the root path cost. The device ID as the designated bridge ID.
  • Page 76 b. If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S. The configuration BPDU with the smallest S value has the highest priority. c.
  • Page 77 Table 6, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID. Table 6 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison Port A1 performs the following tasks: Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}.
  • Page 78 Configuration BPDU on Device Comparison process ports after comparison 22. Updates its configuration BPDU. Port C2 performs the following tasks: 23. Receives the original configuration BPDU of Port B2 {1, 0, 1, Port B2}. 24. Determines that the received configuration BPDU is superior to the existing configuration BPDU {2, 0, 2, Port C2}.
  • Page 79 After the comparison processes described in Table 6, a spanning tree with Device A as the root bridge is established, as shown in Figure Figure 19 The final calculated spanning tree The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded according to these guidelines: •...

  • Page 80: Rstp

    Because each VLAN runs STP or RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled HPE device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled HPE device supports fast network convergence like RSTP when connected to PVST-enabled HPE devices or third-party devices enabled with Rapid PVST.

  • Page 81: Mstp Features

    MSTP features Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP, RSTP, and PVST. In addition to supporting rapid network convergence, it allows data flows of different VLANs to be forwarded along separate paths. This provides a better load sharing mechanism for redundant links. MSTP provides the following features: •...
  • Page 82 Figure 21 Network diagram and topology of MST region 3 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: •...
  • Page 83 The blue lines in Figure 6 represent the CST. An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 6, MSTI 0 is the IST in MST region 3.

  • Page 84: How Mstp Works

    MSTP calculation involves the following port roles: • Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. • Designated port—Forwards data to the downstream network segment or device. • Alternate port—Acts as the backup port for a root port or master port.

  • Page 85: Mstp Implementation On Devices

    Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent. CIST calculation During the CIST calculation, the following process takes place: •...

  • Page 86: Stp Configuration Task List

    • Determine the spanning tree protocol to be used (STP, RSTP, PVST, or MSTP). • Plan the device roles (the root bridge or leaf node). When you configure spanning tree protocols, follow these restrictions and guidelines: • If both MVRP and a spanning tree protocol are enabled on a device, MVRP packets are forwarded along MSTIs.

  • Page 87: Rstp Configuration Task List

    RSTP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority • (Optional.) Configuring the network diameter of a switched network •...

  • Page 88: Mstp Configuration Task List

    Tasks at a glance • (Optional.) Configuring the device priority • (Optional.) Configuring the timeout factor • (Optional.) Configuring the BPDU transmission rate • (Optional.) Configuring edge ports • (Optional.) Configuring path costs of ports • (Optional.) Configuring the port priority •...

  • Page 89: Setting The Spanning Tree Mode

    Tasks at a glance (Optional.) Configuring TC Snooping (Optional.) Configuring protection functions Setting the spanning tree mode The spanning tree modes include: • STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP. •...

  • Page 90: Configuring The Root Bridge Or A Secondary Root Bridge

    • Use the active region-configuration command. • Enable a spanning tree protocol by using the stp global enable command if the spanning tree protocol is disabled. In STP, RSTP, or PVST mode, MST region configurations do not take effect. To configure an MST region: Step Command Remarks...

  • Page 91: Configuring The Current Device As The Root Bridge Of A Specific Spanning Tree

    Configuring the current device as the root bridge of a specific spanning tree Step Command Remarks Enter system view. system-view • STP/RSTP mode: stp root primary • Configure the current PVST mode: By default, a device does not device root stp vlan vlan-id-list root primary function as the root bridge.

  • Page 92: Configuring The Maximum Hops Of An Mst Region

    Configuring the maximum hops of an MST region Restrict the region size by setting the maximum hops of an MST region. The hop limit configured on the regional root bridge is used as the hop limit for the MST region. Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value.

  • Page 93: Configuring Spanning Tree Timers

    Configuring spanning tree timers The following timers are used for spanning tree calculation: • Forward delay—Delay time for port state transition. To prevent temporary loops on a network, the spanning tree feature sets an intermediate port state (the learning state) before it transits from the discarding state to the forwarding state.

  • Page 94: Configuring The Timeout Factor

    Step Command Remarks • STP/RSTP/MSTP mode: stp timer forward-delay time Configure the forward • The default setting is 15 seconds. PVST mode: delay timer. vlan vlan-id-list timer forward-delay time • STP/RSTP/MSTP mode: stp timer hello time Configure hello • The default setting is 2 seconds. PVST mode: timer.

  • Page 95: Configuring Edge Ports

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view. interface-number Configure BPDU transmission rate The default setting is 10. stp transmit-limit limit ports. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.

  • Page 96: Specifying A Standard For The Device To Use When It Calculates The Default Path Cost

    Specifying a standard for the device to use when it calculates the default path cost CAUTION: If you change the standard that the device uses to calculate the default path costs, you restore the path costs to the default. You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards: •...

  • Page 97: Configuring Path Costs Of Ports

    Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard containing four Selected ports Single port 200000 Aggregate interface containing two Selected 100000 ports Aggregate interface 100 Mbps containing three Selected 66666 ports Aggregate interface containing four Selected 50000 ports Single port...

  • Page 98: Configuration Example

    To configure the path cost of a port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view. interface-number • STP/RSTP mode: stp cost cost • PVST mode: By default, the system Configure the path cost of automatically calculates stp vlan vlan-id-list cost cost...

  • Page 99: Configuring The Port Link Type

    To configure the priority of a port: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type interface-number aggregate interface view. • STP/RSTP mode: stp port priority priority • PVST mode: The default setting is 128 stp vlan vlan-id-list port priority Configure the port priority.

  • Page 100: Enabling Outputting Port State Transition Information

    • legacy—Compatible format By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format. You can configure the MSTP packet format on a port. Then, the port sends only MSTP packets of the configured format to communicate with devices that send packets of the same format.

  • Page 101: Enabling The Spanning Tree Feature In Stp/Rstp/Mstp Mode

    Enabling the spanning tree feature in STP/RSTP/MSTP mode Step Command Remarks Enter system view. system-view • If the device starts up with the initial settings, the spanning tree feature is disabled globally by default. • If the device starts up with the factory Enable the spanning tree defaults, the spanning tree feature is stp global enable...

  • Page 102: Configuration Restrictions And Guidelines

    • The port cannot detect the change. To forcibly transit the port to operate in the original mode, you can perform an mCheck operation. For example, Device A, Device B, and Device C are connected in sequence. Device A runs STP, Device B does not run any spanning tree protocol, and Device C runs RSTP, PVST, or MSTP.

  • Page 103: Configuration Restrictions And Guidelines

    Digest Snooping when the network is already working well. Configuration procedure You can enable Digest Snooping only on the HPE device that is connected to a third-party device that uses its private key to calculate the configuration digest.

  • Page 104: Configuring No Agreement Check

    Figure 23 Network diagram Configuration procedure # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device A and enable global Digest Snooping on Device A. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] stp global config-digest-snooping # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device B and enable global Digest Snooping on Device B.

  • Page 105: Configuration Prerequisites

    Figure 24 Rapid state transition of an MSTP designated port Figure 25 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implementation might be limited as follows: • The upstream device uses a rapid transition mechanism similar to that of RSTP. •...

  • Page 106: Configuration Procedure

    Configuration procedure Enable the No Agreement Check feature on the root port. To configure No Agreement Check: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type interface-number aggregate interface view. Enable Agreement By default, No Agreement stp no-agreement-check Check.

  • Page 107: Configuration Restrictions And Guidelines

    Figure 27 TC Snooping application scenario To avoid traffic interruption, you can enable TC Snooping on the IRF fabric. After receiving a TC-BPDU through a port, the IRF fabric updates MAC address table and ARP table entries associated with the port's VLAN. In this way, TC Snooping prevents topology change from interrupting traffic forwarding in the network.

  • Page 108: Enabling Bpdu Guard

    • BPDU guard • Root guard • Loop guard • Port role restriction • TC-BPDU transmission restriction • TC-BPDU guard • BPDU drop Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers.

  • Page 109: Enabling Loop Guard

    This is equivalent to disconnecting the link connected with this port in the MSTI. If the port receives no BPDUs with a higher priority within twice the forwarding delay, it reverts to its original state. On a port, the loop guard function and the root guard function are mutually exclusive. Configure root guard on a designated port.

  • Page 110: Configuring Tc-Bpdu Transmission Restriction

    The change to the bridge ID of a device in the user access network might cause a change to the spanning tree topology in the core network. To avoid this problem, you can enable port role restriction on a port. With this feature enabled, when the port receives a superior BPDU, it becomes an alternate port rather than a root port.

  • Page 111: Enabling Bpdu Drop

    Step Command Remarks Enter system view. system-view By default, TC-BPDU guard is enabled. Enable the TC-BPDU guard function. stp tc-protection As a best practice, do not disable this feature. (Optional.) Configure the maximum number of forwarding address entry stp tc-protection threshold The default setting is 6.

  • Page 112: Spanning Tree Configuration Example

    Task Command slot-number ] [ brief ] Display the MST region configuration information that display stp region-configuration has taken effect. Display the root bridge information of all MSTIs. display stp root Clear the spanning tree statistics. reset stp [ interface interface-list ] Spanning tree configuration example MSTP configuration example Network requirements...
  • Page 113 Configure the ports on these devices as trunk ports and assign them to related VLANs. Configure Device A: # Enter MST region view, and configure the MST region name as example. <DeviceA> system-view [DeviceA] stp region-configuration [DeviceA-mst-region] region-name example # Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively. [DeviceA-mst-region] instance 1 vlan 10 [DeviceA-mst-region] instance 3 vlan 30 [DeviceA-mst-region] instance 4 vlan 40...
  • Page 114 [DeviceC-mst-region] revision-level 0 # Activate MST region configuration. [DeviceC-mst-region] active region-configuration [DeviceC-mst-region] quit # Specify the device as the root bridge of MSTI 4. [DeviceC] stp instance 4 root primary # Enable the spanning tree feature globally. [DeviceC] stp global enable Configure Device D: # Enter MST region view, and configure the MST region name as example.
  • Page 115 GigabitEthernet1/0/3 ROOT FORWARDING NONE GigabitEthernet1/0/1 DESI FORWARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device C. [DeviceC] display stp brief MST ID Port Role STP State Protection GigabitEthernet1/0/1 DESI FORWARDING NONE GigabitEthernet1/0/2 ROOT FORWARDING NONE GigabitEthernet1/0/3 DESI FORWARDING...

  • Page 116: Pvst Configuration Example

    PVST configuration example Network requirements As shown in Figure 16, Device A and Device B work at the distribution layer, and Device C and Device D work at the access layer. Configure PVST to meet the following requirements: • Packets of a VLAN are forwarded along the spanning trees of the VLAN. •...
  • Page 117 # Configure the device as the root bridge of VLAN 30. [DeviceB] stp vlan 30 root primary # Enable the spanning tree feature globally and in VLAN 10, VLAN 20, and VLAN 30. [DeviceB] stp global enable [DeviceB] stp vlan 10 20 30 enable Configure Device C: # Set the spanning tree mode to PVST.
  • Page 118 VLAN ID Port Role STP State Protection GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief VLAN ID Port...

  • Page 119: Configuring Loop Detection

    Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmission can waste network resources and can sometimes paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.

  • Page 120: Loop Detection Interval

    • Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. • Reserved—This field is reserved. Frames for loop detection are encapsulated as TLV triplets. Table 9 TLVs supported by loop detection Description Remarks...

  • Page 121: Loop Detection Configuration Task List

    The device automatically sets the port to the forwarding state after the detection timer configured by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.

  • Page 122: Configuring The Loop Protection Action

    Configuring the loop protection action You can configure the loop protection action globally or on a per-port basis. The global configuration applies to all ports. The per-port configuration applies to the individual ports. The per-port configuration takes precedence over the global configuration. Configuring the global loop protection action Step Command...

  • Page 123: Displaying And Maintaining Loop Detection

    Step Command Remarks Enter system view. system-view loop detection loopback-detection The default setting is 30 seconds. interval. interval-time interval Displaying and maintaining loop detection Execute display commands in any view. Task Command Display the loop detection configuration and status. display loopback-detection Loop detection configuration example Network requirements As shown in...

  • Page 124: Verifying The Configuration

    # Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 100 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceA-GigabitEthernet1/0/2] quit # Configure the global loop protection action as shutdown.
  • Page 125 [DeviceA] %Feb 24 15:04:29:663 2013 DeviceA LPDT/4/LPDT_LOOPED: Loopback exists on GigabitEthernet1/0/1. %Feb 24 15:04:29:667 2013 DeviceA LPDT/4/LPDT_LOOPED: Loopback exists on GigabitEthernet1/0/2. %Feb 24 15:04:44:243 2013 DeviceA LPDT/5/LPDT_RECOVERED: Loopback on GigabitEthernet1/0/1 recovered. %Feb 24 15:04:44:248 2013 DeviceA LPDT/5/LPDT_RECOVERED: Loopback on GigabitEthernet1/0/2 recovered.

  • Page 126: Configuring Vlans

    Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.

  • Page 127: Protocols And Standards

    different values. For compatibility with a neighbor device, configure the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide. •...

  • Page 128: Configuring Basic Settings Of A Vlan Interface

    Configuring basic settings of a VLAN interface Hosts of different VLANs use VLAN interfaces to communicate at Layer 3. VLAN interfaces are virtual interfaces that do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface and assign an IP address to it. The VLAN interface acts as the gateway of the VLAN to forward packets destined for another IP subnet.

  • Page 129: Configuring Port-Based Vlans

    Configuring port-based VLANs Introduction Port-based VLANs group VLAN members by port. A port forwards packets from a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid. The link types use the following VLAN tag handling methods: •...

  • Page 130: Assigning An Access Port To A Vlan

    Actions Access Trunk Hybrid PVID. • Removes the tag and sends the frame if the frame carries the PVID Sends the frame if its VLAN is tag and the port belongs permitted on the port. The to the PVID. Removes the VLAN tag outbound tagging status of the frame •...

  • Page 131: Assigning A Trunk Port To A Vlan

    Step Command Remarks Configure the link type of the By default, all ports are access port link-type access port as access. ports. (Optional.) Assign By default, all access ports belong to port access vlan vlan-id access port to a VLAN. VLAN 1.

  • Page 132: Configuring Mac-Based Vlans

    • To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command. To assign a hybrid port to one or multiple VLANs: Step Command Remarks Enter system view.
  • Page 133 • For an untagged frame, the port determines its VLAN ID in the following workflow: a. The port first performs a fuzzy match as follows: − Searches for the MAC-to-VLAN entries whose masks are not all-Fs. − Performs a logical AND operation on the source MAC address and each of these masks.
  • Page 134 − If the VLAN ID of the frame is not the PVID of the port, the port matches the VLAN ID of the frame by using other criteria, such as IP subnet or protocol, and forwards the frame. If no VLAN is available, the port drops the frame. Figure 37 Flowchart for processing a frame in dynamic MAC-based VLAN assignment The port receives a frame...

  • Page 135: Configuration Restrictions And Guidelines

    When the user goes offline, the device automatically deletes the MAC-to-VLAN entry and removes the port from the MAC-based VLAN. For more information about 802.1X and MAC authentication, see Security Configuration Guide. Configuration restrictions and guidelines When you configure MAC-based VLANs, follow these restrictions and guideline: •...

  • Page 136: Configuring Dynamic Mac-Based Vlan Assignment

    Step Command Remarks By default, the system assigns (Optional.) Configure vlan precedence mac-vlan VLANs based on the MAC VLAN matching order. ip-subnet-vlan } address preferentially. Configuring dynamic MAC-based VLAN assignment Step Command Remarks Enter system view. system-view The VLAN assignment for a port is triggered only when the source mac-vlan mac-address...

  • Page 137: Configuring Ip Subnet-Based Vlans

    Step Command Remarks Enter Layer Ethernet interface interface-type interface view. interface-number Configure the link type of the By default, all ports are access port link-type hybrid ports as hybrid. ports. By default, a hybrid port is an Configure the hybrid port to untagged member of the VLAN port hybrid...

  • Page 138: Configuring Protocol-Based Vlans

    Task Command Remarks configurations to the aggregate interface, it stops applying the configurations to the aggregation member ports. If the system fails to apply the configurations to an aggregation member port, it skips the port and moves to the next member port.

  • Page 139: Configuring A Vlan Group

    Step Command Remarks If the specified VLAN does not exist, this Enter VLAN view. command first creates the VLAN and vlan vlan-id enters VLAN view of this VLAN. protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | Create protocol By default, no protocol template is...

  • Page 140: Displaying And Maintaining Vlans

    Displaying and maintaining VLANs Execute display commands in any view. Task Command display interface vlan-interface [ interface-number ] Display VLAN interface information. [ brief [ description | down ] ] display mac-vlan { all | dynamic | mac-address Display MAC-to-VLAN entries. mac-address [ mask mac-mask ] | static | vlan vlan-id } Display all ports that are enabled with the display mac-vlan interface...
  • Page 141 Figure 38 Network diagram Configuration procedure Configure Device A: # Create VLAN 100, and assign GigabitEthernet 1/0/1 to VLAN 100. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] port gigabitethernet 1/0/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign GigabitEthernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port gigabitethernet 1/0/2 [DeviceA-vlan200] quit...

  • Page 142: Mac-Based Vlan Configuration Example

    [DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN type: Static Route interface: Not configured Description: VLAN 0200 Name: VLAN 0200 Tagged ports: GigabitEthernet1/0/3 Untagged ports: GigabitEthernet1/0/2 MAC-based VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
  • Page 143 [DeviceA] vlan 200 [DeviceA-vlan200] quit # Associate the MAC addresses of Laptop 1 and Laptop 2 with VLANs 100 and 200, respectively. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure GigabitEthernet 1/0/1 as a hybrid port to forward packets from VLANs 100 and 200 without VLAN tags.

  • Page 144: Ip Subnet-Based Vlan Configuration Example

    S:Static D:Dynamic MAC address Mask VLAN ID Dot1q State 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN address count: 2 IP subnet-based VLAN configuration example Network requirements As shown in Figure 40, the hosts in the office belong to different IP subnets. Configure Device C to transmit packets from 192.168.5.0/24 and 192.168.50.0/24 in VLANs 100 and 200, respectively.

  • Page 145: Protocol-Based Vlan Configuration Example

    # Configure GigabitEthernet 1/0/11 as a hybrid port, and assign it to VLAN 100 as a tagged VLAN member. [DeviceC] interface gigabitethernet 1/0/11 [DeviceC-GigabitEthernet1/0/11] port link-type hybrid [DeviceC-GigabitEthernet1/0/11] port hybrid vlan 100 tagged [DeviceC-GigabitEthernet1/0/11] quit # Configure GigabitEthernet1/0/12 as a hybrid port, and assign it to VLAN 200 as a tagged VLAN member.
  • Page 146 To isolate IPv4 and IPv6 traffic at Layer 2, configure protocol-based VLANs to associate the IPv4 and ARP protocols with VLAN 100, and associate the IPv6 protocol with VLAN 200. Figure 41 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server GE1/0/11 GE1/0/12...
  • Page 147 [Device-vlan100] protocol-vlan 2 mode ethernetii etype 0806 [Device-vlan100] quit # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
  • Page 148 Interface: GigabitEthernet1/0/1 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...

  • Page 149: Configuring Super Vlans

    Configuring super VLANs Hosts in a VLAN typically use IP addresses in the same subnet. For Layer 3 interoperability with other VLANs, you can create a VLAN interface for the VLAN and assign an IP address to it. This requires a large number of IP addresses. The super VLAN feature was introduced to save IP addresses.

  • Page 150: Configuring A Super Vlan Interface

    To configure a super VLAN: Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id Configure the VLAN as a By default, a VLAN is not a super VLAN. supervlan super VLAN. By default, a super VLAN is not associated with any sub-VLANs.

  • Page 151: Super Vlan Configuration Example

    Super VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in VLAN 2. • GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 are in VLAN 3. • GigabitEthernet 1/0/5 and GigabitEthernet 1/0/6 are in VLAN 5. To save IP addresses and enable sub-VLANs to be isolated at Layer 2 but interoperable at Layer 3, perform the following tasks: •...

  • Page 152: Verifying The Configuration

    [DeviceA-vlan5] port gigabitethernet 1/0/5 gigabitethernet 1/0/6 [DeviceA-vlan5] quit # Configure VLAN 10 as a super VLAN, and associate sub-VLANs 2, 3, and 5 with the super VLAN. [DeviceA] vlan 10 [DeviceA-vlan10] supervlan [DeviceA-vlan10] subvlan 2 3 5 [DeviceA-vlan10] quit [DeviceA] quit Verifying the configuration # Display information about super VLAN 10 and its associated sub-VLANs.
  • Page 153 Untagged ports: GigabitEthernet1/0/3 GigabitEthernet1/0/4 VLAN ID: 5 VLAN type: Static It is a sub VLAN. Route interface: Configured Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0005 Name: VLAN 0005 Tagged ports: none Untagged ports: GigabitEthernet1/0/5 GigabitEthernet1/0/6...

  • Page 154: Configuring The Private Vlan

    Configuring the private VLAN The private VLAN feature uses a two-tier VLAN structure, including a primary VLAN and secondary VLANs. This feature simplifies the network configuration and saves VLAN resources. A primary VLAN is used for upstream data exchange. A primary VLAN can be associated with multiple secondary VLANs.

  • Page 155: Configuration Restrictions And Guidelines

    For more information about promiscuous, trunk promiscuous, host, and trunk secondary ports, see Layer 2—LAN Switching Command Reference. Associate the secondary VLANs with the primary VLAN. (Optional.) Configure Layer 3 communication between the specified secondary VLANs that are associated with the primary VLAN. Configuration restrictions and guidelines When you configure the private VLAN feature, follow these restrictions and guidelines: •...
  • Page 156 Step Command Remarks Enter Layer Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. • Configure the uplink port as a promiscuous port specified VLAN: Configure the uplink port as a port private-vlan vlan-id By default, a port is not a promiscuous trunk promiscuous...

  • Page 157: Displaying And Maintaining The Private Vlan

    Step Command Remarks a. Enter VLAN interface view of the primary VLAN interface: interface vlan-interface vlan-id b. Enable Layer communication between secondary VLANs that are associated with the Use substeps a, b, c, and e for primary VLAN: devices that run IPv4 protocols. private-vlan secondary vlan-id-list Use substeps a, b, d, and f for...
  • Page 158 • On Device C, VLAN 6 is a primary VLAN that is associated with secondary VLANs 3 and 4. GigabitEthernet 1/0/5 is in VLAN 6. GigabitEthernet 1/0/3 is in VLAN 3. GigabitEthernet 1/0/4 is in VLAN 4. • Device A is aware of only VLAN 5 on Device B and VLAN 6 on Device C. Figure 44 Network diagram Configuration procedure This example describes the configurations on Device B and Device C.
  • Page 159 [DeviceB-vlan5] quit Configure Device C: # Configure VLAN 6 as a primary VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC–vlan6] private-vlan primary [DeviceC–vlan6] quit # Create VLANs 3 and 4. [DeviceC] vlan 3 to 4 # Configure the uplink port GigabitEthernet 1/0/5 as a promiscuous port of VLAN 6. [DeviceC] interface gigabitethernet 1/0/5 [DeviceC-GigabitEthernet1/0/5] port private-vlan 6 promiscuous [DeviceC-GigabitEthernet1/0/5] quit...

  • Page 160: Trunk Promiscuous Port Configuration Example

    Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: GigabitEthernet1/0/2 GigabitEthernet1/0/5 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: None Untagged Ports:...
  • Page 161 Figure 45 Network diagram Configuration procedure Configure Device B: # Configure VLANs 5 and 10 as primary VLANs. <DeviceB> system-view [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan primary [DeviceB-vlan5] quit [DeviceB] vlan 10 [DeviceB-vlan10] private-vlan primary [DeviceB-vlan10] quit # Create VLANs 2, 3, 6, and 8. [DeviceB] vlan 2 to 3 [DeviceB] vlan 6 [DeviceB-vlan6] quit...

  • Page 162: Vlan Member

    [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-GigabitEthernet1/0/3] port private-vlan host [DeviceB-GigabitEthernet1/0/3] quit # Associate the secondary VLANs 2 and 3 with the primary VLAN 5. [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan secondary 2 to 3 [DeviceB-vlan5] quit # Assign the downlink port GigabitEthernet 1/0/6 to VLAN 6, and configure the port as a host port.

  • Page 163: Trunk Promiscuous And Trunk Secondary Port Configuration Example

    Name: VLAN 0005 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/2 GigabitEthernet1/0/3 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003...
  • Page 164 • Secondary VLANs 11 and 12 are associated with primary VLAN 10. • Secondary VLANs 21 and 22 are associated with primary VLAN 20. Figure 46 Network diagram Configuration procedure Configure Device A: # Configure VLANs 10 and 20 as primary VLANs. <DeviceA>...
  • Page 165 [DeviceA-GigabitEthernet1/0/5] quit # Assign the downlink port GigabitEthernet 1/0/1 to VLAN 22 and configure the port as a host port. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port access vlan 22 [DeviceA-GigabitEthernet1/0/1] port private-vlan host [DeviceA-GigabitEthernet1/0/1] quit # Assign the downlink port GigabitEthernet 1/0/3 to VLAN 12 and configure the port as a host port.
  • Page 166 [DeviceC] interface gigabitethernet 1/0/5 [DeviceC-GigabitEthernet1/0/5] port link-type hybrid [DeviceC-GigabitEthernet1/0/5] port hybrid vlan 10 20 tagged [DeviceC-GigabitEthernet1/0/5] quit Verifying the configuration # Display the configuration of primary VLAN 10 on Device A. [DeviceA] display private-vlan 10 Primary VLAN ID: 10 Secondary VLAN ID: 11-12 VLAN ID: 10 VLAN type: Static Private-vlan type: Primary...
  • Page 167 # Display the configuration of primary VLAN 20 on Device A. [DeviceA] display private-vlan 20 Primary VLAN ID: 20 Secondary VLAN ID: 21-22 VLAN ID: 20 VLAN type: Static Private-vlan type: Primary Route interface: Not configured Description: VLAN 0020 Name: VLAN 0020 Tagged ports: GigabitEthernet1/0/2...

  • Page 168: Secondary Vlan Layer 3 Communication Configuration Example

    Secondary VLAN Layer 3 communication configuration example Network requirements As shown in Figure 33, configure the private VLAN feature to meet the following requirements: • Primary VLAN 10 on Device B is associated with secondary VLANs 2 and 3. • The uplink port GigabitEthernet 1/0/1 is in VLAN 10.
  • Page 169 [DeviceB-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-GigabitEthernet1/0/3] port private-vlan host [DeviceB-GigabitEthernet1/0/3] quit # Enable Layer 3 communication between secondary VLANs 2 and 3 that are associated with primary VLAN 10. [DeviceB] interface vlan-interface 10 [DeviceB-Vlan-interface10] private-vlan secondary 2 3 # Assign the IP address 192.168.1.1/24 to VLAN-interface 10. [DeviceB-Vlan-interface10] ip address 192.168.1.1 255.255.255.0 # Enable local proxy ARP on VLAN-interface 10.
  • Page 170 IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: GigabitEthernet1/0/1 GigabitEthernet1/0/3 The Route interface field in the output is Configured, indicating that secondary VLANs 2 and 3 are interoperable at Layer 3.

  • Page 171: Configuring Voice Vlans

    Configuring voice VLANs Overview A voice VLAN is used for transmitting voice traffic. When ports that connect to voice devices are assigned to a voice VLAN, the system can configure QoS parameters for voice packets to ensure higher transmission priority and sound voice quality. Common voice devices include IP phones and integrated access devices (IADs).

  • Page 172: Automatically Identifying Ip Phones Through Lldp

    Automatically identifying IP phones through LLDP When you use OUI addresses to identify IP phones, the number of OUI addresses that can be configured is limited. Additionally, when there are plenty of IP phones in the network, you must configure many OUI addresses. If IP phones support LLDP, configure LLDP on the device for automatic IP phone discovery.

  • Page 173: Ip Phone Access Methods

    IP phone access methods Connecting the host and the IP phone in series As shown in Figure 49, the host is connected to the IP phone, and the IP phone is connected to the device. In this scenario, the following requirements must be met: •...
  • Page 174 When an IP phone is powered on, it sends out protocol packets. After receiving these protocol packets, the device uses the source MAC address of the protocol packets to match its OUI addresses. If the match succeeds, the system performs the following operations: •...

  • Page 175: Security Mode And Normal Mode Of Voice Vlans

    Table 12 Configuration requirements for access/trunk/hybrid ports to support untagged voice traffic Port Voice VLAN Support link assignment untagged voice Configuration requirements type mode traffic Automatic Access Configure the voice VLAN as the PVID of the Manual port. Automatic Configure the voice VLAN as the PVID of the Trunk Manual port.

  • Page 176: Configuration Prerequisites

    Table 13 Packet processing on a voice VLAN-enabled port in normal and security mode Voice VLAN Packet type Packet processing mode Untagged packets The port does not examine the source MAC addresses of packets with the voice incoming packets. Both voice traffic and non-voice traffic can VLAN tags be transmitted in the voice VLAN.

  • Page 177: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode

    Configuring a port to operate in automatic voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in automatic voice VLAN assignment mode, follow these restrictions and guidelines: • Do not configure a VLAN as both a voice VLAN and a protocol-based VLAN. A voice VLAN in automatic mode on a hybrid port processes only tagged incoming voice traffic.

  • Page 178: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode

    Configuring a port to operate in manual voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in manual voice VLAN assignment mode, follow these restrictions and guidelines: • You can configure different voice VLANs on different ports on the same device. Make sure the following requirements are met: One port can be configured with only one voice VLAN.

  • Page 179: Enabling Lldp For Automatic Ip Phone Discovery

    Enabling LLDP for automatic IP phone discovery The device can automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device sends an LLDP TLV with the voice VLAN configuration to the peer.

  • Page 180: Dynamically Advertising An Authorization Vlan Through Lldp Or Cdp

    By default, if a voice VLAN is configured on the port connected to the IP phone, the device advertises this voice VLAN to the IP phone. The device learns the MAC address of the IP phone and increases the priority for voice packets. The address learning is implemented in software. In an IRF fabric, MAC address learning and synchronization of the learned MAC address entry to all member devices in software results in an undesirable delay.

  • Page 181: Displaying And Maintaining Voice Vlans

    Configure the authorization VLAN for the IP phone on the authentication server. For more information about authorization VLANs, see Security Configuration Guide. Displaying and maintaining voice VLANs Execute display commands in any view. Task Command Display the voice VLAN state. display voice-vlan state Display the OUI addresses that the system supports.
  • Page 182 # Set the voice VLAN aging timer to 30 minutes. [DeviceA] voice-vlan aging 30 # Configure voice VLANs to operate in security mode to transmit only voice packets. [DeviceA] voice-vlan security enable # Add MAC addresses of IP phones A and B to the device with the mask FFFF-FF00-0000. [DeviceA] voice-vlan mac-address 0011-1100-0001 mask ffff-ff00-0000 description IP phone A [DeviceA] voice-vlan mac-address 0011-2200-0001 mask ffff-ff00-0000 description IP...

  • Page 183: Manual Voice Vlan Assignment Mode Configuration Example

    GigabitEthernet1/0/2 AUTO Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure • Device A transmits only voice traffic. • IP phone A send untagged voice traffic. For correct voice traffic transmission, perform the following tasks on Device A: •...
  • Page 184 [DeviceA-GigabitEthernet1/0/1] quit Verifying the configuration # Display the OUI addresses and their masks and descriptions. [DeviceA] display voice-vlan mac-address OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone...

  • Page 185: Configuring Mvrp

    Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
  • Page 186 Join message An MRP participant sends a Join message to request the peer participant to register attributes in the Join message. When receiving a Join message from the peer participant, an MRP participant performs the following tasks: • Registers the attributes in the Join message. •...

  • Page 187: Mrp Timers

    LeaveAll message Each MRP participant starts its LeaveAll timer when starting up. When the timer expires, the MRP participant sends LeaveAll messages to the peer participant. Upon sending or receiving a LeaveAll message, the local participant starts the Leave timer. The local participant determines whether to send a Join message depending on its the attribute status.

  • Page 188: Mvrp Registration Modes

    Upon receiving the LeaveAll message, other participants restart their LeaveAll timer. The value of the LeaveAll timer is randomly selected between the LeaveAll timer and 1.5 times the LeaveAll timer. This mechanism provides the following benefits: • Effectively reduces the number of LeaveAll messages in the network. •...

  • Page 189: Configuration Prerequisites

    For more information about RRPP and Smart Link, see High Availability Configuration Guide. • Do not configure both MVRP and remote port mirroring on a port. Otherwise, MVRP might register the remote probe VLAN with incorrect ports, which would cause the monitor port to receive undesired copies.

  • Page 190: Setting An Mvrp Registration Mode

    Setting an MVRP registration mode Step Command Remarks Enter system view. system-view Enter Layer Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. Optional. Set an MVRP registration registration { fixed | mvrp The default setting is normal mode.

  • Page 191: Enabling Gvrp Compatibility

    Table 14 Dependencies of the Join, Leave, and LeaveAll timers Timer Lower limit Upper limit Join 20 centiseconds Half the Leave timer Leave Twice the Join timer LeaveAll timer LeaveAll Leave timer on each port 32760 centiseconds Enabling GVRP compatibility Enable GVRP compatibility for MVRP when the peer device supports GVRP.

  • Page 192: Configuration Procedure

    • The devices can register and deregister dynamic VLANs. • The devices can keep identical VLAN configuration for each MSTI. Figure 54 Network diagram Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 MSTI 1...
  • Page 193 # Globally enable the spanning tree feature. [DeviceA] stp global enable # Globally enable MVRP. [DeviceA] mvrp global enable # Configure GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port GigabitEthernet 1/0/1.
  • Page 194 [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 20 40 # Enable MVRP on GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] mvrp enable [DeviceB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan all...

  • Page 195: Verifying The Configuration

    [DeviceC-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on GigabitEthernet 1/0/2. [DeviceC-GigabitEthernet1/0/2] mvrp enable [DeviceC-GigabitEthernet1/0/2] quit Configure Device D: # Enter MST region view.
  • Page 196 ----[GigabitEthernet1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default) Declared VLANs : 1(default), 10, 20 Propagated VLANs : 1(default)
  • Page 197 • GigabitEthernet 1/0/2 has declared VLAN 1, and registered and propagated no VLANs. • GigabitEthernet 1/0/3 has registered VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 20 through MVRP. # Display the local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status...
  • Page 198 1(default), 10 Declared VLANs : Propagated VLANs : The output shows that the following events have occurred: • GigabitEthernet 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.
  • Page 199 • GigabitEthernet 1/0/1 has registered VLAN 1, VLAN 10, and VLAN 20, declared VLAN 1, and propagated VLAN 1 and VLAN 10 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP.
  • Page 200 [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] mvrp registration fixed [DeviceB-GigabitEthernet1/0/3] quit # Display the local MVRP VLAN information on GigabitEthernet 1/0/3 of Device B. [DeviceB] display mvrp running-status interface gigabitethernet 1/0/3 -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/3]---- Config Status...
  • Page 201 The output shows that the dynamic VLAN information on GigabitEthernet 1/0/3 is not changed after you set its MVRP registration mode to fixed.

  • Page 202: Configuring Qinq

    Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.

  • Page 203: Qinq Implementations

    When a tagged frame from CE 1 arrives, PE 1 tags the frame with SVLAN 3. The double-tagged frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4. Figure 56 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10...

  • Page 204: Restrictions And Guidelines

    Restrictions and guidelines When you configure QinQ, follow these restrictions and guidelines: • Before you configure QinQ on a port, you must remove all VLAN mappings on the port. After you enable QinQ on the port, you can configure any VLAN mapping types except two-to-two VLAN mapping on it.

  • Page 205: Configuring The Tpid In Vlan Tags

    Step Command Remarks { vlan-id-list | all } untagged. Enable QinQ on the port. By default, QinQ is disabled. qinq enable default, transparent transmission Specify transparent VLANs. qinq transparent-vlan vlan-list configured for any VLANs on a port. Configuring the TPID in VLAN tags TPID identifies a frame as an 802.1Q tagged frame.

  • Page 206: Configuring The Cvlan Tpid

    Protocol type Value Reserved 0xFFFD/0xFFFE/0xFFFF Configuring the CVLAN TPID Step Command Remarks Enter system view. system-view Configure the TPID value for The default setting is 0x8100 for qinq ethernet-type CVLAN tags. CVLAN tags. customer-tag hex-value Configuring the SVLAN TPID When you configure the SVLAN ID, follow these restrictions and guidelines: •...

  • Page 207: Displaying And Maintaining Qinq

    Step Command Remarks • Match CVLAN IDs: if-match customer-vlan-id vlan-id-list Configure CVLAN match • Match 802.1p priority: criteria. if-match customer-dot1p dot1p-value&<1-8> Return to system view. quit Create a traffic behavior and enter traffic behavior traffic behavior behavior-name view. • Replace the priority in the SVLAN tags of matching frames with the configured priority: Configure...

  • Page 208: Qinq Configuration Examples

    Task Command display qinq interface interface-type Display QinQ-enabled ports. interface-number ] QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to Company A's VLANs 10 through 70. • The service provider assigns VLAN 200 to Company B's VLANs 30 through 90. •...
  • Page 209 # Configure VLAN 100 as the PVID for GigabitEthernet 1/0/1. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on GigabitEthernet 1/0/1. [PE1-GigabitEthernet1/0/1] qinq enable [PE1-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200...

  • Page 210: Vlan Transparent Transmission Configuration Example

    [PE2-GigabitEthernet1/0/3] quit Configure the devices between PE 1 and PE 2: # Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. (Details not shown.) # Configure all the ports on the forwarding path to allow frames from VLANs 100 and 200 to pass through without removing the VLAN tag.
  • Page 211 [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 3000 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 100 and 3000. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 # Configure VLAN 100 as the PVID of GigabitEthernet 1/0/1.

  • Page 212: Configuring Vlan Mapping

    Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. Hewlett Packard Enterprise provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag. •...
  • Page 213 Figure 59 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 Wiring-closet switch VLAN 1 VLAN 1 ->...

  • Page 214: Application Scenario Of One-To-Two And Two-To-Two Vlan Mapping

    Application scenario of one-to-two and two-to-two VLAN mapping Figure 46 shows a typical application scenario of one-to-two and two-to-two VLAN mapping. In this scenario, the remote sites of the same VPN must communicate across two SP networks. Figure 60 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively.
  • Page 215 Figure 61 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 62, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
  • Page 216 Figure 63 Many-to-one VLAN mapping implementation One-to-two VLAN mapping As shown in Figure 64, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic. For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission.

  • Page 217: General Configuration Restrictions And Guidelines

    Figure 65 Two-to-two VLAN mapping implementation Two-to-two VLAN mapping SVLAN CVLAN Data SVLAN’ CVLAN’ Data Customer SP network network SVLAN CVLAN Data SVLAN’ CVLAN’ Data Uplink traffic Downlink traffic Network-side port Customer-side port General configuration restrictions and guidelines When you configure VLAN mapping, follow these restrictions and guidelines: •...

  • Page 218: Configuring One-To-One Vlan Mapping

    Tasks at a glance Remarks Configure one-to-two VLAN mapping on PE 1 and PE 4, as shown in Figure 46, through which traffic • Configuring one-to-two VLAN mapping from customer networks enter the service provider networks. Configure two-to-two VLAN mapping on PE 3, as Configuring two-to-two VLAN mapping shown in Figure...

  • Page 219: Configuring Many-To-One Vlan Mapping In A Network With Dynamic Ip Address Assignment

    Configuring many-to-one VLAN mapping in a network with dynamic IP address assignment In a network that uses dynamic address assignment, configure many-to-one VLAN mapping with DHCP snooping. The switch replaces the SVLAN tag of the downlink traffic with the associated CVLAN tag based on the DHCP snooping entry lookup.
  • Page 220 Step Command Remarks Security Command Reference. Configuring the customer-side port Step Command Remarks Enter system view. system-view Enter Layer Ethernet interface interface-type interface view. interface-number • Configure the port as a trunk port: port link-type trunk By default, the link type of a Set the link type of the port.

  • Page 221: Configuring Many-To-One Vlan Mapping In A Network With Static Ip Address Assignment

    Step Command Remarks trusted port. untrusted ports. Configure the port to use the original VLAN tags of the By default, the port does not many-to-one mapping replace the VLAN tags of the vlan mapping nni replace the VLAN tags of the packets destined for the user packets destined for the user network.
  • Page 222 Step Command Remarks Enter VLAN view. vlan vlan-id By default, ARP snooping is disabled. For more information about ARP Enable ARP snooping. arp snooping enable snooping commands, see Layer 3—IP Services Command Reference. Configuring the customer-side port Step Command Remarks Enter system view.

  • Page 223: Configuring One-To-Two Vlan Mapping

    Step Command Remarks replace the VLAN tags of the packets destined for the user packets destined for the user network. network. Configuring one-to-two VLAN mapping Configure one-to-two VLAN mapping on customer-side ports of the edge devices from which customer traffic enters SP networks, for example, on PE 1 and PE 4 in Figure 46.

  • Page 224: Displaying And Maintaining Vlan Mapping

    To configure two-to-two VLAN mapping: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer Ethernet interface-number interface view or Layer 2 • Enter Layer aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number •...
  • Page 225 To save VLAN resources, configure many-to-one VLAN mappings on the campus switch (Switch C). This feature transmits the same type of traffic from different households in one VLAN. Use VLANs 501, 502, and 503 for PC, VoD, and VoIP traffic, respectively. Table 16 VLAN mapping for each service VLANs on home VLANs on wiring-closet switches...
  • Page 226 # Create the original VLANs. <SwitchA> system-view [SwitchA] vlan 2 to 3 # Create the translated VLANs. [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure the customer-side port GigabitEthernet 1/0/1 as a trunk port, and assign the port to all original VLANs and translated VLANs.
  • Page 227 [SwitchC-vlan301] vlan 102 [SwitchC-vlan102] arp detection enable [SwitchC-vlan102] vlan 202 [SwitchC-vlan202] arp detection enable [SwitchC-vlan202] vlan 302 [SwitchC-vlan302] arp detection enable [SwitchC-vlan302] vlan 103 [SwitchC-vlan103] arp detection enable [SwitchC-vlan103] vlan 203 [SwitchC-vlan203] arp detection enable [SwitchC-vlan203] vlan 303 [SwitchC-vlan303] arp detection enable [SwitchC-vlan303] vlan 104 [SwitchC-vlan104] arp detection enable [SwitchC-vlan104] vlan 204...
  • Page 228 [SwitchC-GigabitEthernet1/0/2] vlan mapping uni range 303 to 304 translated-vlan 503 # Enable DHCP snooping entry recording on GigabitEthernet 1/0/2. [SwitchC-GigabitEthernet1/0/2] dhcp snooping binding record [SwitchC-GigabitEthernet1/0/2] quit # Configure the network-side port GigabitEthernet 1/0/3 to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destined for the user network.

  • Page 229: One-To-Two And Two-To-Two Vlan Mapping Configuration Example

    103-104 203-204 303-304 One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure • Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • The two sites use different VPN access services from different service providers, SP 1 and SP •...
  • Page 230 [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 100. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 [PE2-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 100.
  • Page 231 Verifying the configuration # Verify VLAN mapping information on PE 1. [PE1] display vlan mapping Interface GigabitEthernet1/0/1: Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN # Verify VLAN mapping information on PE 3. [PE3] display vlan mapping Interface GigabitEthernet1/0/1: Outer VLAN Inner VLAN Translated Outer VLAN...

  • Page 232: Configuring Lldp

    Configuring LLDP Overview In a heterogeneous network, a standard configuration exchange platform makes sure different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
  • Page 233 Figure 69 Ethernet II-encapsulated LLDP frame Table 17 Fields in an Ethernet II-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. LLDP specifies different multicast MAC addresses as destination MAC addresses for LLDP frames destined for agents of different types. This helps distinguish between LLDP frames sent and received by different agent types on the same interface.
  • Page 234 Table 18 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as that Destination MAC address for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port. SNAP type for the upper-layer protocol.
  • Page 235 Enhanced Transmission Selection configuration. ETS Recommendation ETS recommendation. Priority-based Flow Control. Application protocol. NOTE: HPE devices support only receiving protocol identity TLVs and VID usage digest TLVs. • IEEE 802.3 organizationally specific TLVs Table 21 IEEE 802.3 organizationally specific TLVs Type Description...
  • Page 236 PSE/PD power. NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0 and is not supported in later versions. HPE devices send this type of TLVs only after receiving them. • LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.

  • Page 237: Working Mechanism

    Type Description location-based applications. NOTE: • If the MAC/PHY configuration/status TLV is not advertisable, none of the LLDP-MED TLVs will be advertised even if they are advertisable. • If the LLDP-MED capabilities TLV is not advertisable, the other LLDP-MED TLVs will not be advertised even if they are advertisable.

  • Page 238: Protocols And Standards

    Protocols and standards • IEEE 802.1AB-2005, Station and Media Access Control Connectivity Discovery • IEEE 802.1AB-2009, Station and Media Access Control Connectivity Discovery • ANSI/TIA-1057, Link Layer Discovery Protocol for Media Endpoint Devices • DCB Capability Exchange Protocol Specification Rev 1.00 •...

  • Page 239: Configuring The Lldp Bridge Mode

    Step Command Remarks • If the switch starts up with default configuration file, LLDP enabled globally (factory default). For more information about empty configuration and the default configuration file, Fundamentals Configuration Guide. Enter Layer 2 Ethernet interface view, management Ethernet interface interface-type interface-number interface view, or Layer 2 aggregate interface view.

  • Page 240: Setting The Lldp Reinitialization Delay

    Step Command Remarks lldp [ agent { nearest-customer | agent operates in txrx nearest-nontpmr } ] admin-status mode. { disable | rx | tx | txrx } • The nearest customer • In Layer 2 aggregate interface view: bridge agent lldp agent { nearest-customer | nearest non-TPMR...

  • Page 241: Configuring The Advertisable Tlvs

    Step Command Remarks • In Layer 2 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr check-change-interval interval Configuring the advertisable TLVs Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface view, management Ethernet interface interface-type interface-number interface view, or Layer 2 aggregate interface view.

  • Page 242: Configuring The Management Address And Its Encoding Format

    Step Command Remarks inventory | power-over-ethernet | specific TLVs) except network location-id civic-address device-type country-code { ca-type policy TLVs. ca-value }&<1-10> | elin-address • Nearest non-TPMR tel-number } } } bridge agents • { nearest-nontpmr | advertise no TLVs. lldp agent nearest-customer tlv-enable...

  • Page 243: Setting Other Lldp Parameters

    Step Command Remarks Enter system view. system-view Enter Layer Ethernet interface view, management interface interface-type Ethernet interface view, or interface-number Layer 2 aggregate interface view. • In Layer 2 Ethernet interface view management Ethernet interface view: lldp agent By default: nearest-customer •...

  • Page 244: Setting An Encapsulation Format For Lldp Frames

    Step Command Remarks Set the TTL multiplier. The default setting is 4. lldp hold-multiplier value LLDP frame default setting lldp timer tx-interval interval transmission interval. seconds. Set the token bucket size for The default setting is 5. lldp max-credit credit-value sending LLDP frames.

  • Page 245: Configuration Prerequisites

    • Device ID. • ID of the port connecting to the neighboring device. • port IP address. • PVID. • TTL. The port IP address is the primary IP address of the VLAN interface in up state. The VLAN ID of the VLAN interface must be the lowest among the VLANs permitted on the port.

  • Page 246: Configuring Lldp Trapping And Lldp-Med Trapping

    Step Command Remarks Enter system view. system-view Enable CDP compatibility By default, CDP compatibility is lldp compliance cdp globally. disabled globally. Enter Layer Ethernet interface view interface interface-type management Ethernet interface-number interface view. Configure CDP-compatible By default, CDP-compatible LLDP lldp compliance admin-status LLDP to operate in TxRx operates in disable mode.

  • Page 247: Lldp Configuration Examples

    Task Command display lldp local-information [ global | interface interface-type Display local LLDP information. interface-number ] display lldp neighbor-information [ [ [ interface interface-type Display the information contained interface-number ] [ agent { nearest-bridge | nearest-customer | in the LLDP TLVs sent from nearest-nontpmr } ] [ verbose ] ] | list [ system-name neighboring devices.

  • Page 248: Verify The Configuration

    [SwitchA-GigabitEthernet1/0/1] lldp admin-status rx [SwitchA-GigabitEthernet1/0/1] quit # Enable LLDP on GigabitEthernet 1/0/2. By default, LLDP is enabled on ports. [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] lldp enable # Set the LLDP operating mode to Rx. [SwitchA-GigabitEthernet1/0/2] lldp admin-status rx [SwitchA-GigabitEthernet1/0/2] quit Configure Switch B: # Enable LLDP globally.
  • Page 249 Number of CDP neighbors Number of sent optional TLV : 21 Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors...
  • Page 250 Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 16 Number of received unknown TLV : 0 # Remove the link between Switch A and Switch B. # Verify that GigabitEthernet 1/0/2 of Switch A does not connect to any neighboring devices. [SwitchA] display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 1...

  • Page 251: Cdp-Compatible Lldp Configuration Example

    Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0 LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status...
  • Page 252 Configuration procedure Configure a voice VLAN on Switch A: # Create VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] quit # Set the link type of GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to trunk, and enable voice VLAN on them. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type trunk [SwitchA-GigabitEthernet1/0/1] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/1] quit...
  • Page 253 Software version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full CDP neighbor-information of port 2[GigabitEthernet1/0/2]: CDP neighbor index Chassis ID : SEP00141CBCDBFF Port ID : Port 1 Software version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full...

  • Page 254: Configuring Service Loopback Groups

    Configuring service loopback groups A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: •...

  • Page 255: Service Loopback Group Configuration Example

    Task Command Display information about service loopback groups. display service-loopback group [ number ] Service loopback group configuration example Network requirements All Ethernet ports on Device A support the tunnel service. Assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to a service loopback group to loop GRE packets sent out by the device back to the device.

  • Page 256: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values.

  • Page 257: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 258: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 259: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 260 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 261: Index

    Index aging Numerics MAC address table timer, spanning tree max age timer, 1 VLAN mappingapplication scenario, algorithm 1 VLAN mappingconfiguration, 209, 215 STP calculation, 1 VLAN mappingimplementation, 205, 206 alternate port (MST), 2 VLAN mappingapplication scenario, 2 VLAN mappingconfiguration, 214, 220 MAC address table ARP fast update, 2 VLAN mappingimplementation, 205, 207...
  • Page 262 Ethernet link aggregate interface (expected bandwidth), LLDP CDP compatibility, basic management LLDPDU TLV types, LLDP CDP-compatible configuration, voice VLAN advertisement, Ethernet link aggregation group BFD, voice VLAN information advertisement to IP blackhole phones, MAC address table entry, 17, 20 checking block action (loop detection), spanning tree No Agreement Check, 95, 97...
  • Page 263 interface common settings (Ethernet), management interface, interface generic flow control (Ethernet), MST region, interface jumbo frame support (Ethernet), MST region max hops, interface physical state change suppression MSTP, 79, 103 (Ethernet), MVRP, 179, 182 interface storm control (Layer 2 Ethernet), port isolation, 61, 62 interface storm suppression (Ethernet),...
  • Page 264 VLAN interface, LLDP CDP compatibility, VLAN mapping, 203, 208, 215 LLDP configuration, 223, 229, 238 voice VLAN, 162, 164, 172 LLDP configuration (CDP-compatible), voice VLAN advertisement (CDP), LLDP parameters, voice VLAN advertisement (LLDP), loop protection actions, voice VLAN assignment mode MSTP implementation, (automatic), MVRP configuration,...
  • Page 265 voice VLAN, MAC address synchronization, dot1d-1998 (STP port path cost calculation), MAC address table ARP fast update, dot1s (STP port mode), MAC address table SNMP notification, dot1t (STP port path cost calculation), MAC Information, downgrading MVRP, interface automatic negotiation (Ethernet), MVRP GVRP compatibility, DSCP QinQ,...
  • Page 266 private VLAN trunk promiscuous port display, configuration, dynamic mode, private VLAN trunk promiscuous+secondary edge aggregate interface, 42, 47 port configuration, group configuration, QinQ CVLAN frame header tag, group configuration (dynamic), QinQ SVLAN frame header tag, group configuration (static), secondary VLAN Layer 3 communication group load sharing configuration, configuration, group load sharing mode,...
  • Page 267 LLDP management address encoding Ethernet link aggregation load sharing format, mode, 42, 49 forwarding Ethernet link aggregation member port state, MAC address table frame forwarding rule, VLAN group configuration, MST forwarding port state, GVRP spanning tree forward delay timer, MVRP compatibility, STP BPDU forwarding, STP forward delay timer, hello...
  • Page 268 interval Ethernet link aggregate group Selected ports min/max, Ethernet link aggregation LACP long timeout, Ethernet link aggregate interface (expected bandwidth), Ethernet link aggregation LACP short timeout, Ethernet link aggregate interface (Layer 2 edge), loop detection, 111, 113 Ethernet link aggregate interface default MAC change notification interval, settings, IP addressing...
  • Page 269 M\1 VLAN mapping restrictions (dynamic IP QinQ VLAN transparent transmission address assignment), configuration, M\1 VLAN mapping restrictions (static IP secondary VLAN Layer 3 communication address assignment), configuration, MAC address table configuration, 17, 18, 29 service loopback group configuration, 245, 246 MAC address table display, service loopback group display, MAC Information configuration,...
  • Page 270 LLDP configuration, legacy LLDP trapping, spanning tree port mode, LLDP-MED trapping, spanning tree port path cost calculation, loop detection protection action (Layer 2 link aggregate interface), aggregation. See link aggregation loop detection protection action (Layer 2 Link Layer Discovery Protocol. Use LLDP Ethernet interface), MSTP configuration,...
  • Page 271 voice VLAN IP phone identification interval, method, interval setting, voice VLAN LLDP automatic IP phone mechanisms, discovery enable, port status auto recovery, LLDPDU protection action configuration, LLDP basic configuration, 229, 238 protection action configuration (global), LLDP configuration, 223, 229, 238 protection action configuration (Layer 2 aggregate LLDP parameters, interface),...
  • Page 272 entry configuration, manual entry configuration (global), voice VLAN assignment mode, entry configuration (on interface), voice VLAN assignment mode configuration, entry creation, voice VLAN port operation configuration, entry types, mapping frame forwarding rule, 1\1 VLAN mapping, learning limit set, 1\2 VLAN mapping, learning priority assignment, 2\2 VLAN mapping, MAC address learning disable,...
  • Page 273 spanning tree PVST, VLAN Registration Protocol. Use MVRP spanning tree RSTP, Multiple Spanning Tree Protocol. Use MSTP spanning tree STP, multiport unicast entry (MAC address table), 17, 20 voice VLAN assignment automatic, MVRP voice VLAN assignment manual, configuration, 176, 179, 182 voice VLAN port normal, configuration restrictions, voice VLAN port security,...
  • Page 274 interface configuration (Layer 2 Ethernet), MAC-based VLAN assignment (server-assigned), interface configuration (loopback), MAC-based VLAN assignment (static), interface configuration (null), MAC-based VLAN configuration, 123, 133 interface EEE (Ethernet), MAC-based VLAN configuration interface energy-saving features (Ethernet), (server-assigned), interface fiber port (Layer 2 Ethernet), management interface configuration, interface generic flow control (Ethernet), MRP timers,...
  • Page 275 spanning tree root guard, Ethernet link aggregation basic concepts, spanning tree secondary root bridge Ethernet link aggregation configuration, 35, 42, 52 (device), interface bulk configuration, 15, 15 spanning tree switched network diameter, interface configuration (Ethernet), spanning tree TC Snooping, interface configuration (inloopback), spanning tree TC-BPDU guard, interface configuration (loopback), spanning tree TC-BPDU transmission...
  • Page 276 1\1 VLAN mapping configuration, 209, 215 Ethernet link aggregation configuration types, 1\2 VLAN mapping configuration, 214, 220 Ethernet link aggregation edge aggregate interface, 42, 47 2\2 VLAN mapping configuration, 214, 220 Ethernet link aggregation group, Ethernet link aggregation group BFD, Ethernet link aggregation group (dynamic), Ethernet link aggregation packet type-based load sharing,...
  • Page 277 M\1 VLAN mapping network-side port assignment (access port), (dynamic IP address assignment), assignment (hybrid port), M\1 VLAN mapping network-side port (static assignment (trunk port), IP address assignment), configuration, 120, 131 M\1VLAN mapping customer-side port port frame handling, (dynamic IP address assignment), port link type, MAC address learning, PVID,...
  • Page 278 configuring Ethernet aggregate interface, configuring LAN switching QinQ CVLAN tag TPID value, configuring Ethernet aggregate interface (description), configuring LAN switching QinQ SVLAN tag TPID value, configuring Ethernet link aggregate interface (Layer 2 edge), configuring LAN switching QinQ VLAN tag TPID value, configuring Ethernet link aggregation, configuring LAN switching spanning tree Digest...
  • Page 279 configuring MAC-based VLAN assignment configuring spanning tree switched network (dynamic), diameter, configuring MAC-based VLAN assignment configuring spanning tree TC Snooping, (static), configuring spanning tree TC-BPDU transmission configuring management interface, restriction, configuring MST region, configuring spanning tree timeout factor, configuring MST region max hops, configuring spanning tree timer, configuring MSTP, 79, 103...
  • Page 280 enabling Ethernet link aggregation local-first modifying MAC address table multiport unicast load sharing, entry, enabling Ethernet link aggregation traffic performing spanning tree mCheck, redirection, restoring Ethernet link aggregate interface default enabling interface automatic negotiation settings, (Ethernet), setting Ethernet link aggregate group Selected enabling interface loopback testing ports min/max, (Ethernet),...
  • Page 281 Ethernet link aggregation protocol reference port (Ethernet link aggregation), 37, 39 configuration, region LLDP, MST, MSTP, MST region configuration, MVRP, MST region max hops, QinQ, MST regional root, STP protocol packets, registering VLAN, MVRP registration fixed mode, PVID (port-based VLAN), MVRP registration forbidden mode, PVST, See also...
  • Page 282 spanning tree root bridge, Ethernet link aggregation load sharing mode (global), spanning tree root bridge (device), Ethernet link aggregation load sharing mode spanning tree root guard, (group-specific), spanning tree secondary root bridge Ethernet link aggregation member port (device), state, 37, 40 STP algorithm calculation, interface MDIX mode (Layer 2 Ethernet), STP root bridge,...
  • Page 283 port mode configuration, basic concepts, port path cost calculation standard, BPDU forwarding, port path cost configuration, 86, 88 configuration, port priority configuration, designated bridge, port role restriction, designated port, port state transition output, Digest Snooping configuration restrictions, protection functions, edge port configuration restrictions, PVST, PVST feature enable,...
  • Page 284 MAC addresses, MVRP set, syslog spanning tree forward delay, MAC Information configuration, 31, 32 spanning tree hello, MAC Information mode configuration, spanning tree max age, system STP forward delay, interface bulk configuration, 15, 15 STP hello, STP max age, table LLDP advertisable TLV configuration, MAC address, 17, 18, 29...
  • Page 285 authorization VLAN advertisement QinQ SVLAN tag 802.1p priority, (LLDP), QinQ SVLAN tag TPID value, basic configuration, QinQ transparent transmission, configuration, 117, 131 QinQ VLAN tag TPID value, display, QinQ VLAN transparent transmission frame encapsulation, configuration, group configuration, super VLAN configuration, 140, 140, 142 interface configuration, super VLAN interface configuration,...
  • Page 286 LLDP CDP compatibility, LLDP configuration (CDP-compatible), voice VLAN advertisement configuration (CDP), advertisement configuration (LLDP), assignment mode, assignment mode (automatic), assignment mode (manual), assignment mode configuration (automatic), assignment mode configuration (manual), assignment mode+IP phone cooperation, configuration, 162, 164, 172 display, host+IP phone connection (in series), information advertisement to IP phone, IP phone access method, IP phone identification (LLDP),...

Table of Contents