Page 1: Configuration Guide
HPE FlexNetwork 5510 HI Switch Series Layer 2—LAN Switching Configuration Guide Part number: 5200-0075a Software version: Release 11xx Document version: 6W101-20161221...
Page 2 © Copyright 2015, 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Page 3: Table Of Contents
Configuring common Ethernet interface settings ······························································································· 1 Configuring a combo interface (only applicable to HPE 5510 24G SFP 4SFP+ HI 1-slot Switch (JH149A) switches) ···················································································································································· 2 Splitting a 40-GE interface and combining 10-GE breakout interfaces ······················································ 2 ...
Page 4 Assigning MAC learning priority to an interface ······························································································· 27 Enabling MAC address synchronization ·········································································································· 28 Enable MAC address move notifications ········································································································· 29 Enabling ARP fast update for MAC address moves ························································································ 30 Enabling SNMP notifications for the MAC address table ················································································· 31 ...
Page 5 Layer 2 aggregation load sharing configuration example ········································································ 61 Layer 2 edge aggregate interface configuration example ········································································ 64 Layer 3 static aggregation configuration example ···················································································· 65 Layer 3 dynamic aggregation configuration example ··············································································· 66 Layer 3 edge aggregate interface configuration example ········································································ 67 ...
Page 6 Configuration restrictions and guidelines ······························································································· 102 Configuration procedure ························································································································· 102 Configuring Digest Snooping ························································································································· 103 Configuration restrictions and guidelines ······························································································· 103 Configuration procedure ························································································································· 104 Digest Snooping configuration example································································································· 104 Configuring No Agreement Check ················································································································· 105 ...
Page 7 Configuring dynamic MAC-based VLAN assignment ············································································· 137 Configuring server-assigned MAC-based VLAN ···················································································· 137 Configuring IP subnet-based VLANs ············································································································· 138 Configuring protocol-based VLANs ················································································································ 139 Configuring a VLAN group ····························································································································· 140 Displaying and maintaining VLANs ················································································································ 141 ...
Page 8 Configuring MVRP ······················································································ 186 MRP ······························································································································································· 186 MRP implementation ······························································································································ 186 MRP messages ······································································································································ 186 MRP timers ············································································································································ 188 MVRP registration modes ······························································································································ 189 Protocols and standards ································································································································ 189 MVRP configuration task list ·························································································································· 189 ...
Page 9 Performing basic LLDP configurations ··········································································································· 239 Enabling LLDP ······································································································································· 239 Configuring the LLDP bridge mode ········································································································ 240 Setting the LLDP operating mode ·········································································································· 241 Setting the LLDP reinitialization delay ···································································································· 241 Enabling LLDP polling ···························································································································· 241 ...
Page 10: Configuring Ethernet Interfaces
Configuring Ethernet interfaces The switch series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide. This document describes how to configure management Ethernet interfaces and Ethernet interfaces. Configuring a management Ethernet interface A management interface uses an RJ-45 connector.
Page 11: Switches)
Configuring a combo interface (only applicable to HPE 5510 24G SFP 4SFP+ HI 1-slot Switch (JH149A) switches) A combo interface is a logical interface that physically contains one fiber combo port and one copper combo port. The two ports share one forwarding channel and one interface view. As a result, they cannot work simultaneously.
Page 12: Configuring Basic Settings Of An Ethernet Interface
Step Command Remarks By default, a 40-GE interface is not split and operates as a single interface. Split the 40-GE interface into The 10-GE breakout interfaces split four 10-GE breakout using tengige from a 40-GE interface support the interfaces. same configuration and attributes as common 10-GE interfaces, except that they are numbered in a different way.
Page 13: Configuring The Link Mode Of An Ethernet Interface
Step Command Remarks Reference. Interfaces on an HPE 5130/5510 10GbE SFP+ 2-port Module (JH157A) or HPE 5130/5510 10GBASE-T 2-port Module (JH156A) interface card support only the 10000 keyword. Configure the expected By default, the expected bandwidth (in bandwidth kbps) is the interface baud rate divided by bandwidth bandwidth-value interface.
Page 14: Configuring Physical State Change Suppression On An Ethernet Interface
Step Command Remarks Enter system view. system-view Enter Ethernet interface interface interface-type view. interface-number By default, the switch allows jumbo Configure jumbo frame jumboframe enable [ value ] frames within 10000 bytes to pass support. through all Ethernet interfaces. Configuring physical state change suppression on an Ethernet interface IMPORTANT: Do not configure physical state change suppression on an Ethernet interface that has RRPP, MSTP,...
Page 15: Performing A Loopback Test On An Ethernet Interface
Step Command Remarks interface. If you configure this command multiple times on Ethernet interface, most recent configuration takes effect. Performing a loopback test on an Ethernet interface If an Ethernet interface does not work correctly, you can perform a loopback test on it to identify the problem.
Page 16: Enabling Energy Saving Features On An Ethernet Interface
it suspends sending packets to the peer. When congestion occurs, the interface cannot send flow control frames to the peer. To handle unidirectional traffic congestion on a link, configure the flow-control receive enable command at one end and the flow-control command at the other end. To enable both ends of a link to handle traffic congestion, configure the flow-control command at both ends.
Page 17: Setting The Statistics Polling Interval
2—Interfaces GigabitEthernet 1/0/41 through GigabitEthernet 1/0/48 on the front panel are not available, and all interfaces on the interface card are available. For HPE 5510 48G 4SFP+ HI 1-slot Switch and HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch, the operating modes supported by the interface cards are as shown in...
Page 18: Enabling Automatic Negotiation For Speed Downgrading
Table 1 Operating modes supported by interface cards Interface card Supported operating modes Remarks The operating modes take 5510 2-port QSFP+ effect only 10-GE 0 and 2. Module (JH155A) breakout interfaces split from a QSFP+ interface. After you configure the interface card operating mode, reboot the switch to make the configuration take effect.
Page 19: Configuring Storm Control On An Ethernet Interface
have less impact on device performance than the storm-constrain command, which performs suppression in software. Configuration guidelines For the same type of traffic, do not configure the storm constrain command together with any of the commands. broadcast-suppression, multicast-suppression, unicast-suppression Otherwise, the traffic suppression result is not determined. For more information about the storm-constrain command, see "Configuring storm control on an Ethernet interface."...
Page 20 • Blocks this type of traffic, while forwarding other types of traffic—Even though the interface does not forward the blocked traffic, it still counts the traffic. When the blocked traffic drops below the lower threshold, the port begins to forward the traffic. •...
Page 21: Forcibly Bringing Up A Fiber Port
Forcibly bringing up a fiber port CAUTION: The following operations on a fiber port will cause link updown events before the port finally stays up: • Configure the port up-mode command and the speed or duplex command at the same time. •...
Page 22: Setting The Mdix Mode Of An Ethernet Interface
transceiver module into the port. To solve the problem, use the undo port up-mode command on the fiber port. Configuration procedure To forcibly bring up a fiber port: Step Command Remarks Enter system view. system-view Enter Ethernet interface interface interface-type view.
Page 23: Testing The Cable Connection Of An Ethernet Interface
Testing the cable connection of an Ethernet interface IMPORTANT: • If the link of an Ethernet port is up, testing its cable connection will cause the link to go down and then come up. • Fiber ports do not support this feature. This feature tests the cable connection of an Ethernet interface and displays cable test results within 5 seconds.
Page 24: Displaying And Maintaining An Ethernet Interface
Display interface card operating mode information. (Applicable only to HPE 5510 48G 4SFP+ HI 1-slot Switch and display port-configuration-mode status HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch.) Display the Ethernet statistics. display ethernet statistics slot slot-number Clear the interface statistics.
Page 25: Configuring Loopback, Null, And Inloopback Interfaces
Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.
Page 26: Configuring An Inloopback Interface
applying an ACL. For example, if you specify a null interface as the next hop of a static route to a network segment, any packets routed to the network segment are dropped. To configure a null interface: Step Command Remarks Enter system view.
Page 27: Bulk Configuring Interfaces
Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces. Configuration restrictions and guidelines When you bulk configure interfaces in interface range view, follow these restrictions and guidelines: •...
Page 28: Displaying And Maintaining Bulk Interface Configuration
Step Command Remarks • interface range interface-type interface-number By using the interface range name interface-type command, you assign a name to an interface-number ] } &<1-24> Enter interface range interface range and can specify this view. • interface range name name name rather than the interface range [ interface { interface-type to enter the interface range view.
Page 29: Configuring The Mac Address Table
Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table. •...
Page 30: Mac Address Table Configuration Task List
• Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.
Page 31: Configuring Mac Address Entries
Configuring MAC address entries Configuration guidelines • You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address. • The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive a reboot if you do not save the configuration.
Page 32: Adding Or Modifying A Blackhole Mac Address Entry
Step Command Remarks interface view: interface bridge-aggregation interface-number By default, no MAC address entry is configured on an interface. Add or modify a static or mac-address { dynamic | static } Make sure you have created the dynamic MAC address entry. mac-address vlan vlan-id VLAN and assigned the interface to the VLAN.
Page 33: Disabling Mac Address Learning
You can configure a multiport unicast MAC address entry globally or on an interface. Configuring a multiport unicast MAC address entry globally Step Command Remarks Enter system view. system-view By default, no multiport unicast MAC address entry is configured mac-address multiport globally.
Page 34: Disabling Mac Address Learning On An Interface
The global MAC address learning configuration does not take effect in a VPLS VSI. For information about VSIs, see MPLS Configuration Guide. Disabling MAC address learning on an interface When global MAC address learning is enabled, you can disable MAC address learning on a single interface.
Page 35: Configuring The Mac Learning Limit On An Interface
An aging interval that is too long might cause the MAC address table to retain outdated entries. As a result, the MAC address table resources might be exhausted, and the MAC address table might fail to update to accommodate the latest network changes. An interval that is too short might result in removal of valid entries, which would cause unnecessary floods and possibly affect the device performance.
Page 36: Assigning Mac Learning Priority To An Interface
Step Command Remarks • Enter Layer Ethernet interface view. interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view. interface bridge-aggregation interface-number Configure device By default, the device can forward forward unknown frames unknown frames received on an mac-address max-mac-count received on the interface...
Page 37: Enabling Mac Address Synchronization
Enabling MAC address synchronization To avoid unnecessary floods and improve forwarding speed, make sure all member devices have the same MAC address table. After you enable MAC address synchronization, each member device advertises learned MAC address entries to other member devices. As shown in Figure •...
Page 38: Enable Mac Address Move Notifications
Figure 4 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization: Step Command Remarks Enter system view. system-view Enable address default, address mac-address mac-roaming synchronization. synchronization is disabled. enable Enable MAC address move notifications The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist: •...
Page 39: Enabling Arp Fast Update For Mac Address Moves
Step Command Remarks Enter system view. system-view By default, MAC address move notifications are disabled. If you do not specify a detection interval, the default setting of 1 minute is used. Enable MAC address After execute this move notifications and command, the system sends mac-address notification mac-move only log messages to the...
Page 40: Enabling Snmp Notifications For The Mac Address Table
Figure 5 ARP fast update application scenario To enable ARP fast update for MAC address moves: Step Command Remarks Enter system system-view view. Enable ARP fast By default, ARP fast update for update for MAC mac-address mac-move fast-update MAC address moves is disabled. address moves.
Page 41: Mac Address Table Configuration Example
Task Command display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | Display address table static ] [ interface interface-type interface-number ] | blackhole | information. multiport ] [ vlan vlan-id ] [ count ] ] Display the aging timer for dynamic display mac-address aging-time MAC address entries.
Page 42: Verifying The Configuration
<Device> system-view [Device] mac-address static 000f-e235-dc71 interface gigabitethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1. [Device] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer to 500 seconds for dynamic MAC address entries. [Device] mac-address timer aging 500 Verifying the configuration # Display the static MAC address entries for interface GigabitEthernet 1/0/1.
Page 43: Configuring Mac Information
Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor users leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.
Page 44: Configuring The Mac Change Notification Interval
To configure the MAC Information mode: Step Command Remarks Enter system view. system-view Configure mac-address information mode The default setting is trap. Information mode. { syslog | trap } Configuring the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value.
Page 45: Configuration Restrictions And Guidelines
Figure 7 Network diagram Configuration restrictions and guidelines When you edit the file /etc/syslog.conf, follow these restrictions and guidelines: • Comments must be on a separate line and must begin with a pound sign (#). • No redundant spaces are allowed after the file name. •...
Page 46 # Device configuration messages local4.info /var/log/Device/info.log In this configuration, local4 is the name of the logging facility that the log host uses to receive logs, and info is the informational level. The UNIX system records the log information that has a severity level of at least informational to the file /var/log/Device/info.log.
Page 47: Configuring Ethernet Link Aggregation
Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
Page 48: Operational Key
• Selected—A Selected port can forward traffic. • Unselected—An Unselected port cannot forward traffic. • Individual—An Individual port can forward traffic as a normal physical port. A port is placed in the Individual state when the following conditions are met: The corresponding aggregate interface is configured as an edge aggregate interface.
Page 49: Link Aggregation Modes
NOTE: The protocol configuration for a member port is effective only when the member port leaves the aggregation group. Link aggregation modes Link aggregation has dynamic and static modes: • Static aggregation mode—Aggregation is stable. The aggregation state of the member ports are not affected by the peer ports.
Page 50: Aggregating Links In Dynamic Mode
Figure 9 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Operational key/attribute configurations same as the reference port? More candidate ports than max.
Page 51: How Dynamic Link Aggregation Works
Table 3 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP Basic LACP functions priority, system MAC address, port priority, port number, and operational key. Implemented by extending the LACPDU with new TLV fields. This is how the LACP MAD mechanism of the IRF feature is implemented.
Page 52 The local system (the actor) and the remote system (the partner) negotiate a reference port by using the following workflow: The two systems determine the system with the smaller system ID. A system ID contains the system LACP priority and the system MAC address. a.
Page 53 Figure 10 Setting the state of a member port in a dynamic aggregation group The system with the higher system ID is aware of the aggregation state changes on the remote system. The system sets the aggregation state of local member ports the same as their peer ports. When you aggregate interfaces in dynamic mode, follow these guidelines: •...
Page 54: Edge Aggregate Interface
For more information about configuring the maximum number of Selected ports in a dynamic aggregation group, see "Setting the minimum and maximum numbers of Selected ports for an aggregation group." Edge aggregate interface Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device.
Page 55: Configuring An Aggregation Group
Tasks at a glance (Optional.) Configuring load balancing for link aggregation group: • Setting load sharing modes for link aggregation groups • Enabling local-first load sharing for link aggregation • Configuring per-flow load sharing algorithm settings for Ethernet link aggregation Enabling link-aggregation traffic redirection Configuring an aggregation group This section explains how to configure an aggregation group.
Page 56: Configuring A Dynamic Aggregation Group
Step Command Remarks interface and enter Layer 2 aggregate interface, the system interface-number aggregate interface view. automatically creates a Layer 2 static aggregation group numbered the same. Exit to system view. quit a. Enter Layer 2 Ethernet interface view: interface interface-type Repeat these two sub-steps to Assign an interface to the interface-number...
Page 57 Step Command Remarks When you create a Layer 2 Create a Layer 2 aggregate aggregate interface, the system interface bridge-aggregation interface and enter Layer 2 automatically creates a Layer 2 interface-number aggregate interface view. static aggregation group numbered the same. Configure the aggregation By default, an aggregation group group to operate in dynamic...
Page 58: Configuring An Aggregate Interface
Step Command Remarks a. Enter Layer 3 Ethernet interface view: interface interface-type Repeat these two sub-steps to interface-number Assign an interface to the assign more Layer 3 Ethernet specified Layer b. Assign the interface to interfaces aggregation aggregation group. the specified Layer 3 group.
Page 59: Specifying Ignored Vlans For A Layer 2 Aggregate Interface
Specifying ignored VLANs for a Layer 2 aggregate interface By default, to become Selected ports, the member ports must have the same VLAN permit state and VLAN tagging mode as the corresponding Layer 2 aggregate interface. The system ignores the permit state and tagging mode of an ignored VLAN when choosing Selected ports.
Page 60: Setting The Expected Bandwidth For An Aggregate Interface
The maximum number of Selected ports allowed in an aggregation group is limited by either manual configuration or hardware limitation, whichever value is smaller. You can implement backup between two ports by performing the following tasks: • Assigning two ports to an aggregation group. •...
Page 61: Enabling Bfd For An Aggregation Group
• This configuration takes effect only on the aggregate interface corresponding to a dynamic aggregation group. • Link-aggregation traffic redirection does not operate correctly on an edge aggregate interface. For more information about link-aggregation traffic redirection, see "Enabling link-aggregation traffic redirection."...
Page 62: Shutting Down An Aggregate Interface
• As a best practice, do not configure other protocols to collaborate with BFD on a BFD-enabled aggregate interface. Configuration procedure To enable BFD for an aggregation group: Step Command Remarks Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface...
Page 63: Configuring Load Sharing For Link Aggregation Groups
Step Command Enter system view. system-view • Enter Layer aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view. • Enter Layer aggregate interface view: interface route-aggregation interface-number Restore the default settings for the default aggregate interface. Configuring load sharing for link aggregation groups Setting load sharing modes for link aggregation groups You can set the global or group-specific load sharing mode.
Page 64: Enabling Local-First Load Sharing For Link Aggregation
Enabling local-first load sharing for link aggregation Use local-first load sharing in a multidevice link aggregation scenario to distribute traffic preferentially across member ports on the ingress card or device. When you aggregate ports on different member devices in an IRF fabric, you can use local-first load sharing to reduce traffic on IRF links, as shown in Figure 11.
Page 65: Enabling Link-Aggregation Traffic Redirection
• Destination MAC address. • Source and destination IP addresses. • Source and destination MAC addresses. To configure per-flow load sharing algorithm settings for Ethernet link aggregation: Step Command Remarks Enter system view. system-view link-aggregation global Configure the load sharing By default, algorithm 0 is used.
Page 66: Configuration Procedure
Configuration procedure To enable link-aggregation traffic redirection globally: Step Command Remarks Enter system view. system-view link-aggregation lacp Enable link-aggregation By default, link-aggregation traffic traffic-redirect-notification traffic redirection globally. redirection is disabled globally. enable To enable link-aggregation traffic redirection for an aggregation group: Step Command Remarks...
Page 67: Ethernet Link Aggregation Configuration Examples
Task Command [ interface-number ] ] Clear LACP statistics for the specified link reset lacp statistics [ interface interface-list ] aggregation member ports. Clear statistics for the specified aggregate reset counters interface [ { bridge-aggregation | interfaces. route-aggregation } [ interface-number ] ] Ethernet link aggregation configuration examples Layer 2 static aggregation configuration example Network requirements...
Page 68: Layer 2 Dynamic Aggregation Configuration Example
[DeviceA-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to...
Page 69 • Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end. Figure 13 Network diagram VLAN 10 VLAN 10 GE1/0/4 GE1/0/4 GE1/0/1 GE1/0/1 GE1/0/2 GE1/0/2 Link aggregation 1 Device A Device B GE1/0/3 GE1/0/3 BAGG1...
Page 70: Layer 2 Aggregation Load Sharing Configuration Example
Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,...
Page 71 Figure 14 Network diagram Configuration procedure Configure Device A: # Create VLAN 10, and assign the port GigabitEthernet 1/0/5 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/5 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 1/0/6 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/6 [DeviceA-vlan20] quit...
Page 72 [DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac [DeviceA-Bridge-Aggregation2] quit # Assign ports GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to link aggregation group 2. [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 2 [DeviceA-GigabitEthernet1/0/3] quit [DeviceA] interface gigabitethernet 1/0/4 [DeviceA-GigabitEthernet1/0/4] port link-aggregation group 2 [DeviceA-GigabitEthernet1/0/4] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 2 as a trunk port and assign it to VLAN 20.
Page 73: Layer 2 Edge Aggregate Interface Configuration Example
source-mac address Bridge-Aggregation2 Load-Sharing Mode: destination-mac address The output shows that: • Link aggregation group 1 load shares packets based on source MAC addresses. • Link aggregation group 2 load shares packets based on destination MAC addresses. Layer 2 edge aggregate interface configuration example Network requirements As shown in Figure...
Page 74: Layer 3 Static Aggregation Configuration Example
Aggregate Interface: Bridge-Aggregation1 Aggregation Mode: Dynamic Loadsharing Type: NonS System ID: 0x8000, 000f-e267-6c6a Local: Port Status Priority Oper-Key Flag -------------------------------------------------------------------------------- GE1/0/1 32768 {AG} GE1/0/2 32768 {AG} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- GE1/0/1 32768 0x8000, 0000-0000-0000 {DEF} GE1/0/2 32768 0x8000, 0000-0000-0000 {DEF} The output shows that GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in Individual state when...
Page 75: Layer 3 Dynamic Aggregation Configuration Example
[DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags:...
Page 76: Layer 3 Edge Aggregate Interface Configuration Example
# Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit Configure Device B in the same way Device A is configured.
Page 77 Configure an edge aggregate interface so that both GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 can forward traffic to improve link reliability. Figure 18 Network diagram Configuration procedure # Create Layer 3 aggregate interface Route-Aggregation 1, and set the link aggregation mode to dynamic.
Page 78 Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- GE1/0/1 32768 0x8000, 0000-0000-0000 {DEF} GE1/0/2 32768 0x8000, 0000-0000-0000 {DEF} The output shows that GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in Individual state when they do not receive LACPDUs from the server. Both GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 can forward traffic.
Page 79: Configuring Port Isolation
Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group The device supports multiple isolation groups, which can be configured manually.
Page 80: Port Isolation Configuration Example
Port isolation configuration example Network requirements As shown in Figure 19, configure port isolation on the device to meet the following requirements: • The hosts can access the Internet. • The hosts cannot communicate with each other at Layer 2. Figure 19 Network diagram Internet GE1/0/4...
Page 81 GigabitEthernet1/0/2 GigabitEthernet1/0/3 The output shows that interfaces GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to isolation group 2. As a result, Host A, Host B, and Host C are isolated from each other at layer 2.
Page 82: Configuring Spanning Tree Protocols
Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
Page 83: Calculation Process Of The Stp Algorithm
Upon initialization of a network, each device generates and periodically sends configuration BPDUs, with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs. The other devices only forward the BPDUs. Root port On a non-root bridge, the port nearest to the root bridge is the root port.
Page 84 Calculation process The STP algorithm uses the following calculation process: Initialize the network. Upon initialization of a device, each port generates a BPDU with the following contents: The port as the designated port. The device as the root bridge. 0 as the root path cost. The device ID as the designated bridge ID.
Page 85 b. If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S. The configuration BPDU with the smallest S value has the highest priority. c.
Page 86 Table 7, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID. Table 7 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison Port A1 performs the following tasks: Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}.
Page 87 Configuration BPDU on Device Comparison process ports after comparison 22. Updates its configuration BPDU. Port C2 performs the following tasks: 23. Receives the original configuration BPDU of Port B2 {1, 0, 1, Port B2}. 24. Determines that the received configuration BPDU is superior to the existing configuration BPDU {2, 0, 2, Port C2}.
Page 88 After the comparison processes described in Table 7, a spanning tree with Device A as the root bridge is established, as shown in Figure Figure 22 The final calculated spanning tree The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded according to these guidelines: •...
Page 89: Rstp
Because each VLAN runs STP or RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled HPE device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled HPE device supports fast network convergence like RSTP when connected to PVST-enabled HPE devices or third-party devices enabled with Rapid PVST.
Page 90: Mstp Features
MSTP features Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP, RSTP, and PVST. In addition to supporting rapid network convergence, it allows data flows of different VLANs to be forwarded along separate paths. This provides a better load sharing mechanism for redundant links. MSTP provides the following features: •...
Page 91 Figure 24 Network diagram and topology of MST region 3 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: •...
Page 92 The blue lines in Figure 23 represent the CST. An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 23, MSTI 0 is the IST in MST region 3.
Page 93: How Mstp Works
MSTP calculation involves the following port roles: • Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. • Designated port—Forwards data to the downstream network segment or device. • Alternate port—Acts as the backup port for a root port or master port.
Page 94: Mstp Implementation On Devices
Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent. CIST calculation During the CIST calculation, the following process takes place: •...
Page 95: Stp Configuration Task List
• Determine the spanning tree protocol to be used (STP, RSTP, PVST, or MSTP). • Plan the device roles (the root bridge or leaf node). When you configure spanning tree protocols, follow these restrictions and guidelines: • If both MVRP and a spanning tree protocol are enabled on a device, MVRP packets are forwarded along MSTIs.
Page 96: Rstp Configuration Task List
RSTP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority • (Optional.) Configuring the network diameter of a switched network •...
Page 97: Mstp Configuration Task List
Tasks at a glance • (Optional.) Configuring the device priority • (Optional.) Configuring the timeout factor • (Optional.) Configuring the BPDU transmission rate • (Optional.) Configuring edge ports • (Optional.) Configuring path costs of ports • (Optional.) Configuring the port priority •...
Page 98: Setting The Spanning Tree Mode
Tasks at a glance (Optional.) Configuring TC Snooping (Optional.) Configuring protection functions Setting the spanning tree mode The spanning tree modes include: • STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP. •...
Page 99: Configuring The Root Bridge Or A Secondary Root Bridge
• Use the active region-configuration command. • Enable a spanning tree protocol by using the stp global enable command if the spanning tree protocol is disabled. In STP, RSTP, or PVST mode, MST region configurations do not take effect. To configure an MST region: Step Command Remarks...
Page 100: Configuring The Current Device As The Root Bridge Of A Specific Spanning Tree
Configuring the current device as the root bridge of a specific spanning tree Step Command Remarks Enter system view. system-view • STP/RSTP mode: stp root primary • Configure the current PVST mode: By default, a device does not device root stp vlan vlan-id-list root primary function as the root bridge.
Page 101: Configuring The Maximum Hops Of An Mst Region
Configuring the maximum hops of an MST region Restrict the region size by setting the maximum hops of an MST region. The hop limit configured on the regional root bridge is used as the hop limit for the MST region. Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value.
Page 102: Configuring Spanning Tree Timers
Configuring spanning tree timers The following timers are used for spanning tree calculation: • Forward delay—Delay time for port state transition. To prevent temporary loops on a network, the spanning tree feature sets an intermediate port state (the learning state) before it transits from the discarding state to the forwarding state.
Page 103: Configuring The Timeout Factor
Step Command Remarks • STP/RSTP/MSTP mode: stp timer forward-delay time Configure the forward • The default setting is 15 seconds. PVST mode: delay timer. vlan vlan-id-list timer forward-delay time • STP/RSTP/MSTP mode: stp timer hello time Configure hello • The default setting is 2 seconds. PVST mode: timer.
Page 104: Configuring Edge Ports
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view. interface-number Configure BPDU transmission rate The default setting is 10. stp transmit-limit limit ports. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.
Page 105: Specifying A Standard For The Device To Use When It Calculates The Default Path Cost
Specifying a standard for the device to use when it calculates the default path cost CAUTION: If you change the standard that the device uses to calculate the default path costs, you restore the path costs to the default. You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards: •...
Page 106 Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard containing four Selected ports Single port 200000 Aggregate interface containing two Selected 100000 ports Aggregate interface 100 Mbps containing three Selected 66666 ports Aggregate interface containing four Selected 50000 ports Single port...
Page 107: Configuring Path Costs Of Ports
Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard containing three Selected ports Aggregate interface containing four Selected ports Single port Aggregate interface containing two Selected ports Aggregate interface 100 Gbps containing three Selected ports Aggregate interface containing four Selected ports Configuring path costs of ports...
Page 108: Configuring The Port Priority
[Sysname-GigabitEthernet1/0/3] stp instance 2 cost 200 # In PVST mode, perform the following tasks: • Configure the device to calculate the default path costs of its ports by using IEEE 802.1d-1998. • Set the path cost of GigabitEthernet 1/0/3 to 2000 on VLAN 20 through VLAN 30. <Sysname>...
Page 109: Configuration Procedure
• The stp point-to-point force-false or stp point-to-point force-true command configured on a port in MSTP or PVST mode takes effect on all MSTIs or VLANs. • If you configure a non-point-to-point link as a point-to-point link, a temporary loop might occur. Configuration procedure To configure the link type of a port: Step...
Page 110: Enabling Outputting Port State Transition Information
Enabling outputting port state transition information In a large-scale spanning tree network, you can enable devices to output the port state transition information. Then you can monitor the port states in real time. To enable outputting port state transition information: Step Command Remarks...
Page 111: Enabling The Spanning Tree Feature In Pvst Mode
Enabling the spanning tree feature in PVST mode Step Command Remarks Enter system view. system-view • If the device starts up with the initial settings, the spanning tree feature is disabled globally by default. • If the device starts up with the factory Enable the spanning tree defaults, the spanning tree feature is stp global enable...
Page 112: Configuring Digest Snooping
The devices of different vendors in the same MST region cannot communicate with each other. To enable communication between an HPE device and a third-party device in the same MST region, enable Digest Snooping on the HPE device port connecting them.
Page 113: Configuration Procedure
Configuration procedure You can enable Digest Snooping only on the HPE device that is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping: Step Command Remarks Enter system view. system-view...
Page 114: Configuring No Agreement Check
[DeviceA-GigabitEthernet1/0/1] quit [DeviceA] stp global config-digest-snooping # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device B and enable global Digest Snooping on Device B. <DeviceB> system-view [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] stp global config-digest-snooping Configuring No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: •...
Page 115: Configuration Prerequisites
Figure 28 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implementation might be limited as follows: • The upstream device uses a rapid transition mechanism similar to that of RSTP. •...
Page 116: No Agreement Check Configuration Example
No Agreement Check configuration example Network requirements As shown in Figure 29, Device A connects to a third-party device that has a different spanning tree implementation. Both devices are in the same region. The third-party device (Device B) is the regional root bridge, and Device A is the downstream device. Figure 29 Network diagram Configuration procedure # Enable No Agreement Check on GigabitEthernet 1/0/1 of Device A.
Page 117: Configuration Restrictions And Guidelines
To avoid traffic interruption, you can enable TC Snooping on the IRF fabric. After receiving a TC-BPDU through a port, the IRF fabric updates MAC address table and ARP table entries associated with the port's VLAN. In this way, TC Snooping prevents topology change from interrupting traffic forwarding in the network.
Page 118: Enabling Root Guard
normal conditions, these ports should not receive configuration BPDUs. However, if someone uses configuration BPDUs maliciously to attack the devices, the network will become unstable. The spanning tree protocol provides the BPDU guard function to protect the system against such attacks.
Page 119: Enabling Loop Guard
Enabling loop guard By continuing to receive BPDUs from the upstream device, a device can maintain the state of the root port and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail to receive BPDUs from the upstream devices. In this case, the device reselects the following port roles: •...
Page 120: Configuring Tc-Bpdu Transmission Restriction
Configuring TC-BPDU transmission restriction CAUTION: Enabling TC-BPDU transmission restriction on a port might cause the previous forwarding address table to fail to be updated when the topology changes. The topology change to the user access network might cause the forwarding address changes to the core network.
Page 121: Enabling Bpdu Drop
Enabling BPDU drop In a spanning tree network, every BPDU arriving at the device triggers an STP calculation process and is then forwarded to other devices in the network. Malicious attackers might use the vulnerability to attack the network by forging BPDUs. By continuously sending forged BPDUs, they can make all devices in the network continue performing STP calculations.
Page 122: Spanning Tree Configuration Example
Spanning tree configuration example MSTP configuration example Network requirements As shown in Figure 31, all devices on the network are in the same MST region. Device A and Device B work at the distribution layer. Device C and Device D work at the access layer. Configure MSTP so that packets of different VLANs are forwarded along different spanning trees.
Page 123 [DeviceA-mst-region] instance 3 vlan 30 [DeviceA-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceA-mst-region] revision-level 0 # Activate MST region configuration. [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Specify the device as the root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Enable the spanning tree feature globally.
Page 124 Configure Device D: # Enter MST region view, and configure the MST region name as example. <DeviceD> system-view [DeviceD] stp region-configuration [DeviceD-mst-region] region-name example # Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively. [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 3 vlan 30 [DeviceD-mst-region] instance 4 vlan 40...
Page 125: Pvst Configuration Example
GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief MST ID Port Role STP State Protection GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING...
Page 126 • The root bridge of VLAN 40 is Device C. Figure 33 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C.
Page 127 [DeviceC] stp global enable [DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST. <DeviceD> system-view [DeviceD] stp mode pvst # Enable the spanning tree feature globally and in VLAN 20, VLAN 30, and VLAN 40. [DeviceD] stp global enable [DeviceD] stp vlan 20 30 40 enable Verifying the configuration...
Page 128 GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw a topology for each VLAN spanning tree, as shown in Figure Figure 34 VLAN spanning tree topologies...
Page 129: Configuring Loop Detection
Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmission can waste network resources and can sometimes paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.
Page 130: Loop Detection Interval
• Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. • Reserved—This field is reserved. Frames for loop detection are encapsulated as TLV triplets. Table 10 TLVs supported by loop detection Description Remarks...
Page 131: Loop Detection Configuration Task List
The device automatically sets the port to the forwarding state after the detection timer configured by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.
Page 132: Configuring The Loop Protection Action
Configuring the loop protection action You can configure the loop protection action globally or on a per-port basis. The global configuration applies to all ports. The per-port configuration applies to the individual ports. The per-port configuration takes precedence over the global configuration. Configuring the global loop protection action Step Command...
Page 133: Displaying And Maintaining Loop Detection
Step Command Remarks Enter system view. system-view loop detection loopback-detection The default setting is 30 seconds. interval. interval-time interval Displaying and maintaining loop detection Execute display commands in any view. Task Command Display the loop detection configuration and status. display loopback-detection Loop detection configuration example Network requirements As shown in...
Page 134: Verifying The Configuration
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 100 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceA-GigabitEthernet1/0/2] quit # Configure the global loop protection action as shutdown.
Page 135 [DeviceA] %Feb 24 15:04:29:663 2013 DeviceA LPDT/4/LPDT_LOOPED: Loopback exists on GigabitEthernet1/0/1. %Feb 24 15:04:29:667 2013 DeviceA LPDT/4/LPDT_LOOPED: Loopback exists on GigabitEthernet1/0/2. %Feb 24 15:04:44:243 2013 DeviceA LPDT/5/LPDT_RECOVERED: Loopback on GigabitEthernet1/0/1 recovered. %Feb 24 15:04:44:248 2013 DeviceA LPDT/5/LPDT_RECOVERED: Loopback on GigabitEthernet1/0/2 recovered.
Page 136: Configuring Vlans
Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.
Page 137: Protocols And Standards
different values. For compatibility with a neighbor device, configure the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide. •...
Page 138: Configuring Basic Settings Of A Vlan Interface
Configuring basic settings of a VLAN interface Hosts of different VLANs use VLAN interfaces to communicate at Layer 3. VLAN interfaces are virtual interfaces that do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface and assign an IP address to it. The VLAN interface acts as the gateway of the VLAN to forward packets destined for another IP subnet.
Page 139: Configuring Port-Based Vlans
Configuring port-based VLANs Introduction Port-based VLANs group VLAN members by port. A port forwards packets from a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid. The link types use the following VLAN tag handling methods: •...
Page 140: Assigning An Access Port To A Vlan
Actions Access Trunk Hybrid PVID. • Removes the tag and sends the frame if the frame carries the PVID Sends the frame if its VLAN is tag and the port belongs permitted on the port. The to the PVID. Removes the VLAN tag outbound tagging status of the frame •...
Page 141: Assigning A Trunk Port To A Vlan
Step Command Remarks Configure the link type of the By default, all ports are access port link-type access port as access. ports. (Optional.) Assign By default, all access ports belong to port access vlan vlan-id access port to a VLAN. VLAN 1.
Page 142: Configuring Mac-Based Vlans
• To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command. To assign a hybrid port to one or multiple VLANs: Step Command Remarks Enter system view.
Page 143 • For an untagged frame, the port determines its VLAN ID in the following workflow: a. The port first performs a fuzzy match as follows: − Searches for the MAC-to-VLAN entries whose masks are not all-Fs. − Performs a logical AND operation on the source MAC address and each of these masks.
Page 144 − If the VLAN ID of the frame is not the PVID of the port, the port matches the VLAN ID of the frame by using other criteria, such as IP subnet or protocol, and forwards the frame. If no VLAN is available, the port drops the frame. Figure 40 Flowchart for processing a frame in dynamic MAC-based VLAN assignment The port receives a frame...
Page 145: Configuration Restrictions And Guidelines
When the user goes offline, the device automatically deletes the MAC-to-VLAN entry and removes the port from the MAC-based VLAN. For more information about 802.1X and MAC authentication, see Security Configuration Guide. Configuration restrictions and guidelines When you configure MAC-based VLANs, follow these restrictions and guideline: •...
Page 146: Configuring Dynamic Mac-Based Vlan Assignment
Step Command Remarks By default, the system assigns (Optional.) Configure vlan precedence mac-vlan VLANs based on the MAC VLAN matching order. ip-subnet-vlan } address preferentially. Configuring dynamic MAC-based VLAN assignment Step Command Remarks Enter system view. system-view The VLAN assignment for a port is triggered only when the source mac-vlan mac-address...
Page 147: Configuring Ip Subnet-Based Vlans
Step Command Remarks Enter Layer Ethernet interface interface-type interface view. interface-number Configure the link type of the By default, all ports are access port link-type hybrid ports as hybrid. ports. By default, a hybrid port is an Configure the hybrid port to untagged member of the VLAN port hybrid...
Page 148: Configuring Protocol-Based Vlans
Task Command Remarks configurations to the aggregate interface, it stops applying the configurations to the aggregation member ports. If the system fails to apply the configurations to an aggregation member port, it skips the port and moves to the next member port.
Page 149: Configuring A Vlan Group
Step Command Remarks If the specified VLAN does not exist, this Enter VLAN view. command first creates the VLAN and vlan vlan-id enters VLAN view of this VLAN. protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | Create protocol By default, no protocol template is...
Page 150: Displaying And Maintaining Vlans
Displaying and maintaining VLANs Execute display commands in any view. Task Command display interface vlan-interface [ interface-number ] Display VLAN interface information. [ brief [ description | down ] ] display mac-vlan { all | dynamic | mac-address Display MAC-to-VLAN entries. mac-address [ mask mac-mask ] | static | vlan vlan-id } Display all ports that are enabled with the display mac-vlan interface...
Page 151 Figure 41 Network diagram Configuration procedure Configure Device A: # Create VLAN 100, and assign GigabitEthernet 1/0/1 to VLAN 100. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] port gigabitethernet 1/0/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign GigabitEthernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port gigabitethernet 1/0/2 [DeviceA-vlan200] quit...
Page 152: Mac-Based Vlan Configuration Example
[DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN type: Static Route interface: Not configured Description: VLAN 0200 Name: VLAN 0200 Tagged ports: GigabitEthernet1/0/3 Untagged ports: GigabitEthernet1/0/2 MAC-based VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
Page 153 [DeviceA] vlan 200 [DeviceA-vlan200] quit # Associate the MAC addresses of Laptop 1 and Laptop 2 with VLANs 100 and 200, respectively. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure GigabitEthernet 1/0/1 as a hybrid port to forward packets from VLANs 100 and 200 without VLAN tags.
Page 154: Ip Subnet-Based Vlan Configuration Example
S:Static D:Dynamic MAC address Mask VLAN ID Dot1q State 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN address count: 2 IP subnet-based VLAN configuration example Network requirements As shown in Figure 43, the hosts in the office belong to different IP subnets. Configure Device C to transmit packets from 192.168.5.0/24 and 192.168.50.0/24 in VLANs 100 and 200, respectively.
Page 155: Protocol-Based Vlan Configuration Example
# Configure GigabitEthernet 1/0/11 as a hybrid port, and assign it to VLAN 100 as a tagged VLAN member. [DeviceC] interface gigabitethernet 1/0/11 [DeviceC-GigabitEthernet1/0/11] port link-type hybrid [DeviceC-GigabitEthernet1/0/11] port hybrid vlan 100 tagged [DeviceC-GigabitEthernet1/0/11] quit # Configure GigabitEthernet1/0/12 as a hybrid port, and assign it to VLAN 200 as a tagged VLAN member.
Page 156 To isolate IPv4 and IPv6 traffic at Layer 2, configure protocol-based VLANs to associate the IPv4 and ARP protocols with VLAN 100, and associate the IPv6 protocol with VLAN 200. Figure 44 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server GE1/0/11 GE1/0/12...
Page 157 [Device-vlan100] protocol-vlan 2 mode ethernetii etype 0806 [Device-vlan100] quit # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
Page 158 Interface: GigabitEthernet1/0/1 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...
Page 159: Configuring Super Vlans
Configuring super VLANs Hosts in a VLAN typically use IP addresses in the same subnet. For Layer 3 interoperability with other VLANs, you can create a VLAN interface for the VLAN and assign an IP address to it. This requires a large number of IP addresses. The super VLAN feature was introduced to save IP addresses.
Page 160: Configuring A Super Vlan Interface
To configure a super VLAN: Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id Configure the VLAN as a By default, a VLAN is not a super VLAN. supervlan super VLAN. By default, a super VLAN is not associated with any sub-VLANs.
Page 161: Super Vlan Configuration Example
Task Command Display information about super VLANs and all display supervlan [ supervlan-id ] sub-VLANs associated with each super VLAN. Super VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in VLAN 2. •...
Page 162: Verifying The Configuration
[DeviceA] vlan 3 [DeviceA-vlan3] port gigabitethernet 1/0/3 gigabitethernet 1/0/4 [DeviceA-vlan3] quit # Create VLAN 5, and assign GigabitEthernet 1/0/5 and GigabitEthernet 1/0/6 to the VLAN. [DeviceA] vlan 5 [DeviceA-vlan5] port gigabitethernet 1/0/5 gigabitethernet 1/0/6 [DeviceA-vlan5] quit # Configure VLAN 10 as a super VLAN, and associate sub-VLANs 2, 3, and 5 with the super VLAN. [DeviceA] vlan 10 [DeviceA-vlan10] supervlan [DeviceA-vlan10] subvlan 2 3 5...
Page 163 Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: none Untagged ports: GigabitEthernet1/0/3 GigabitEthernet1/0/4 VLAN ID: 5 VLAN type: Static It is a sub VLAN. Route interface: Configured Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0005 Name: VLAN 0005 Tagged...
Page 164: Configuring The Private Vlan
Configuring the private VLAN The private VLAN feature uses a two-tier VLAN structure, including a primary VLAN and secondary VLANs. This feature simplifies the network configuration and saves VLAN resources. A primary VLAN is used for upstream data exchange. A primary VLAN can be associated with multiple secondary VLANs.
Page 165: Configuration Restrictions And Guidelines
For more information about promiscuous, trunk promiscuous, host, and trunk secondary ports, see Layer 2—LAN Switching Command Reference. Associate the secondary VLANs with the primary VLAN. (Optional.) Configure Layer 3 communication between the specified secondary VLANs that are associated with the primary VLAN. Configuration restrictions and guidelines When you configure the private VLAN feature, follow these restrictions and guidelines: •...
Page 166 Step Command Remarks Enter Layer Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. • Configure the uplink port as a promiscuous port specified VLAN: Configure the uplink port as a port private-vlan vlan-id By default, a port is not a promiscuous trunk promiscuous...
Page 167: Displaying And Maintaining The Private Vlan
Step Command Remarks a. Enter VLAN interface view of the primary VLAN interface: interface vlan-interface vlan-id b. Enable Layer communication between secondary VLANs that are associated with the Use substeps a, b, c, and e for primary VLAN: devices that run IPv4 protocols. private-vlan secondary vlan-id-list Use substeps a, b, d, and f for...
Page 168 • On Device C, VLAN 6 is a primary VLAN that is associated with secondary VLANs 3 and 4. GigabitEthernet 1/0/5 is in VLAN 6. GigabitEthernet 1/0/3 is in VLAN 3. GigabitEthernet 1/0/4 is in VLAN 4. • Device A is aware of only VLAN 5 on Device B and VLAN 6 on Device C. Figure 47 Network diagram Configuration procedure This example describes the configurations on Device B and Device C.
Page 169 [DeviceB-vlan5] quit Configure Device C: # Configure VLAN 6 as a primary VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC–vlan6] private-vlan primary [DeviceC–vlan6] quit # Create VLANs 3 and 4. [DeviceC] vlan 3 to 4 # Configure the uplink port GigabitEthernet 1/0/5 as a promiscuous port of VLAN 6. [DeviceC] interface gigabitethernet 1/0/5 [DeviceC-GigabitEthernet1/0/5] port private-vlan 6 promiscuous [DeviceC-GigabitEthernet1/0/5] quit...
Page 170: Trunk Promiscuous Port Configuration Example
Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: GigabitEthernet1/0/2 GigabitEthernet1/0/5 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: None Untagged Ports:...
Page 171 Figure 48 Network diagram Configuration procedure Configure Device B: # Configure VLANs 5 and 10 as primary VLANs. <DeviceB> system-view [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan primary [DeviceB-vlan5] quit [DeviceB] vlan 10 [DeviceB-vlan10] private-vlan primary [DeviceB-vlan10] quit # Create VLANs 2, 3, 6, and 8. [DeviceB] vlan 2 to 3 [DeviceB] vlan 6 [DeviceB-vlan6] quit...
Page 172: Vlan Member
[DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-GigabitEthernet1/0/3] port private-vlan host [DeviceB-GigabitEthernet1/0/3] quit # Associate the secondary VLANs 2 and 3 with the primary VLAN 5. [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan secondary 2 to 3 [DeviceB-vlan5] quit # Assign the downlink port GigabitEthernet 1/0/6 to VLAN 6, and configure the port as a host port.
Page 173: Trunk Promiscuous And Trunk Secondary Port Configuration Example
Name: VLAN 0005 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/2 GigabitEthernet1/0/3 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: GigabitEthernet1/0/1 Untagged ports: GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003...
Page 174 • Secondary VLANs 11 and 12 are associated with primary VLAN 10. • Secondary VLANs 21 and 22 are associated with primary VLAN 20. Figure 49 Network diagram Configuration procedure Configure Device A: # Configure VLANs 10 and 20 as primary VLANs. <DeviceA>...
Page 175 [DeviceA-GigabitEthernet1/0/5] quit # Assign the downlink port GigabitEthernet 1/0/1 to VLAN 22 and configure the port as a host port. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port access vlan 22 [DeviceA-GigabitEthernet1/0/1] port private-vlan host [DeviceA-GigabitEthernet1/0/1] quit # Assign the downlink port GigabitEthernet 1/0/3 to VLAN 12 and configure the port as a host port.
Page 176 [DeviceC] interface gigabitethernet 1/0/5 [DeviceC-GigabitEthernet1/0/5] port link-type hybrid [DeviceC-GigabitEthernet1/0/5] port hybrid vlan 10 20 tagged [DeviceC-GigabitEthernet1/0/5] quit Verifying the configuration # Display the configuration of primary VLAN 10 on Device A. [DeviceA] display private-vlan 10 Primary VLAN ID: 10 Secondary VLAN ID: 11-12 VLAN ID: 10 VLAN type: Static Private-vlan type: Primary...
Page 177 # Display the configuration of primary VLAN 20 on Device A. [DeviceA] display private-vlan 20 Primary VLAN ID: 20 Secondary VLAN ID: 21-22 VLAN ID: 20 VLAN type: Static Private-vlan type: Primary Route interface: Not configured Description: VLAN 0020 Name: VLAN 0020 Tagged ports: GigabitEthernet1/0/2...
Page 178: Secondary Vlan Layer 3 Communication Configuration Example
Secondary VLAN Layer 3 communication configuration example Network requirements As shown in Figure 50, configure the private VLAN feature to meet the following requirements: • Primary VLAN 10 on Device B is associated with secondary VLANs 2 and 3. • The uplink port GigabitEthernet 1/0/1 is in VLAN 10.
Page 179 [DeviceB-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-GigabitEthernet1/0/3] port private-vlan host [DeviceB-GigabitEthernet1/0/3] quit # Enable Layer 3 communication between secondary VLANs 2 and 3 that are associated with primary VLAN 10. [DeviceB] interface vlan-interface 10 [DeviceB-Vlan-interface10] private-vlan secondary 2 3 # Assign the IP address 192.168.1.1/24 to VLAN-interface 10. [DeviceB-Vlan-interface10] ip address 192.168.1.1 255.255.255.0 # Enable local proxy ARP on VLAN-interface 10.
Page 180 IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: GigabitEthernet1/0/1 GigabitEthernet1/0/3 The Route interface field in the output is Configured, indicating that secondary VLANs 2 and 3 are interoperable at Layer 3.
Page 181: Configuring Voice Vlans
Configuring voice VLANs Overview A voice VLAN is used for transmitting voice traffic. When ports that connect to voice devices are assigned to a voice VLAN, the system can configure QoS parameters for voice packets to ensure higher transmission priority and sound voice quality. Common voice devices include IP phones and integrated access devices (IADs).
Page 182: Automatically Identifying Ip Phones Through Lldp
Automatically identifying IP phones through LLDP When you use OUI addresses to identify IP phones, the number of OUI addresses that can be configured is limited. Additionally, when there are plenty of IP phones in the network, you must configure many OUI addresses. If IP phones support LLDP, configure LLDP on the device for automatic IP phone discovery.
Page 183: Ip Phone Access Methods
IP phone access methods Connecting the host and the IP phone in series As shown in Figure 52, the host is connected to the IP phone, and the IP phone is connected to the device. In this scenario, the following requirements must be met: •...
Page 184 When an IP phone is powered on, it sends out protocol packets. After receiving these protocol packets, the device uses the source MAC address of the protocol packets to match its OUI addresses. If the match succeeds, the system performs the following operations: •...
Page 185: Security Mode And Normal Mode Of Voice Vlans
Table 13 Configuration requirements for access/trunk/hybrid ports to support untagged voice traffic Port Voice VLAN Support link assignment untagged voice Configuration requirements type mode traffic Automatic Access Configure the voice VLAN as the PVID of the Manual port. Automatic Configure the voice VLAN as the PVID of the Trunk Manual port.
Page 186: Configuration Prerequisites
Table 14 Packet processing on a voice VLAN-enabled port in normal and security mode Voice VLAN Packet type Packet processing mode Untagged packets The port does not examine the source MAC addresses of packets with the voice incoming packets. Both voice traffic and non-voice traffic can VLAN tags be transmitted in the voice VLAN.
Page 187: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode
Configuring a port to operate in automatic voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in automatic voice VLAN assignment mode, follow these restrictions and guidelines: • Do not configure a VLAN as both a voice VLAN and a protocol-based VLAN. A voice VLAN in automatic mode on a hybrid port processes only tagged incoming voice traffic.
Page 188: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode
Configuring a port to operate in manual voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in manual voice VLAN assignment mode, follow these restrictions and guidelines: • You can configure different voice VLANs on different ports on the same device. Make sure the following requirements are met: One port can be configured with only one voice VLAN.
Page 189: Enabling Lldp For Automatic Ip Phone Discovery
Enabling LLDP for automatic IP phone discovery The device can automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device sends an LLDP TLV with the voice VLAN configuration to the peer.
Page 190: Dynamically Advertising An Authorization Vlan Through Lldp Or Cdp
By default, if a voice VLAN is configured on the port connected to the IP phone, the device advertises this voice VLAN to the IP phone. The device learns the MAC address of the IP phone and increases the priority for voice packets. The address learning is implemented in software. In an IRF fabric, MAC address learning and synchronization of the learned MAC address entry to all member devices in software results in an undesirable delay.
Page 191: Displaying And Maintaining Voice Vlans
Configure the authorization VLAN for the IP phone on the authentication server. For more information about authorization VLANs, see Security Configuration Guide. Displaying and maintaining voice VLANs Execute display commands in any view. Task Command Display the voice VLAN state. display voice-vlan state Display the OUI addresses that the system supports.
Page 192 # Set the voice VLAN aging timer to 30 minutes. [DeviceA] voice-vlan aging 30 # Configure voice VLANs to operate in security mode to transmit only voice packets. [DeviceA] voice-vlan security enable # Add MAC addresses of IP phones A and B to the device with the mask FFFF-FF00-0000. [DeviceA] voice-vlan mac-address 0011-1100-0001 mask ffff-ff00-0000 description IP phone A [DeviceA] voice-vlan mac-address 0011-2200-0001 mask ffff-ff00-0000 description IP...
Page 193: Manual Voice Vlan Assignment Mode Configuration Example
GigabitEthernet1/0/2 AUTO Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure • Device A transmits only voice traffic. • IP phone A send untagged voice traffic. For correct voice traffic transmission, perform the following tasks on Device A: •...
Page 194 [DeviceA-GigabitEthernet1/0/1] quit Verifying the configuration # Display the OUI addresses and their masks and descriptions. [DeviceA] display voice-vlan mac-address OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone...
Page 195: Configuring Mvrp
Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
Page 196 Join message An MRP participant sends a Join message to request the peer participant to register attributes in the Join message. When receiving a Join message from the peer participant, an MRP participant performs the following tasks: • Registers the attributes in the Join message. •...
Page 197: Mrp Timers
LeaveAll message Each MRP participant starts its LeaveAll timer when starting up. When the timer expires, the MRP participant sends LeaveAll messages to the peer participant. Upon sending or receiving a LeaveAll message, the local participant starts the Leave timer. The local participant determines whether to send a Join message depending on its the attribute status.
Page 198: Mvrp Registration Modes
Upon receiving the LeaveAll message, other participants restart their LeaveAll timer. The value of the LeaveAll timer is randomly selected between the LeaveAll timer and 1.5 times the LeaveAll timer. This mechanism provides the following benefits: • Effectively reduces the number of LeaveAll messages in the network. •...
Page 199: Configuration Prerequisites
For more information about RRPP and Smart Link, see High Availability Configuration Guide. • Do not configure both MVRP and remote port mirroring on a port. Otherwise, MVRP might register the remote probe VLAN with incorrect ports, which would cause the monitor port to receive undesired copies.
Page 200: Setting An Mvrp Registration Mode
Setting an MVRP registration mode Step Command Remarks Enter system view. system-view Enter Layer Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. Optional. Set an MVRP registration registration { fixed | mvrp The default setting is normal mode.
Page 201: Enabling Gvrp Compatibility
Table 15 Dependencies of the Join, Leave, and LeaveAll timers Timer Lower limit Upper limit Join 20 centiseconds Half the Leave timer Leave Twice the Join timer LeaveAll timer LeaveAll Leave timer on each port 32760 centiseconds Enabling GVRP compatibility Enable GVRP compatibility for MVRP when the peer device supports GVRP.
Page 202: Configuration Procedure
• The devices can register and deregister dynamic VLANs. • The devices can keep identical VLAN configuration for each MSTI. Figure 57 Network diagram Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 MSTI 1...
Page 203 # Globally enable the spanning tree feature. [DeviceA] stp global enable # Globally enable MVRP. [DeviceA] mvrp global enable # Configure GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port GigabitEthernet 1/0/1.
Page 204 [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 20 40 # Enable MVRP on GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] mvrp enable [DeviceB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan all...
Page 205: Verifying The Configuration
[DeviceC-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on GigabitEthernet 1/0/2. [DeviceC-GigabitEthernet1/0/2] mvrp enable [DeviceC-GigabitEthernet1/0/2] quit Configure Device D: # Enter MST region view.
Page 206 ----[GigabitEthernet1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default) Declared VLANs : 1(default), 10, 20 Propagated VLANs : 1(default)
Page 207 • GigabitEthernet 1/0/2 has declared VLAN 1, and registered and propagated no VLANs. • GigabitEthernet 1/0/3 has registered VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 20 through MVRP. # Display the local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status...
Page 208 1(default), 10 Declared VLANs : Propagated VLANs : The output shows that the following events have occurred: • GigabitEthernet 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.
Page 209 • GigabitEthernet 1/0/1 has registered VLAN 1, VLAN 10, and VLAN 20, declared VLAN 1, and propagated VLAN 1 and VLAN 10 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP.
Page 210 [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] mvrp registration fixed [DeviceB-GigabitEthernet1/0/3] quit # Display the local MVRP VLAN information on GigabitEthernet 1/0/3 of Device B. [DeviceB] display mvrp running-status interface gigabitethernet 1/0/3 -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/3]---- Config Status...
Page 211 The output shows that the dynamic VLAN information on GigabitEthernet 1/0/3 is not changed after you set its MVRP registration mode to fixed.
Page 212: Configuring Qinq
Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.
Page 213: Qinq Implementations
When a tagged frame from CE 1 arrives, PE 1 tags the frame with SVLAN 3. The double-tagged frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4. Figure 59 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10...
Page 214: Restrictions And Guidelines
Restrictions and guidelines When you configure QinQ, follow these restrictions and guidelines: • Before you configure QinQ on a port, you must remove all VLAN mappings on the port. After you enable QinQ on the port, you can configure any VLAN mapping types except two-to-two VLAN mapping on it.
Page 215: Configuring The Tpid In Vlan Tags
Step Command Remarks { vlan-id-list | all } untagged. Enable QinQ on the port. By default, QinQ is disabled. qinq enable default, transparent transmission Specify transparent VLANs. qinq transparent-vlan vlan-list configured for any VLANs on a port. Configuring the TPID in VLAN tags TPID identifies a frame as an 802.1Q tagged frame.
Page 216: Configuring The Cvlan Tpid
Protocol type Value Reserved 0xFFFD/0xFFFE/0xFFFF Configuring the CVLAN TPID Step Command Remarks Enter system view. system-view Configure the TPID value for The default setting is 0x8100 for qinq ethernet-type CVLAN tags. CVLAN tags. customer-tag hex-value Configuring the SVLAN TPID When you configure the SVLAN ID, follow these restrictions and guidelines: •...
Page 217: Displaying And Maintaining Qinq
Step Command Remarks • Match CVLAN IDs: if-match customer-vlan-id vlan-id-list Configure CVLAN match • Match 802.1p priority: criteria. if-match customer-dot1p dot1p-value&<1-8> Return to system view. quit Create a traffic behavior and enter traffic behavior traffic behavior behavior-name view. • Replace the priority in the SVLAN tags of matching frames with the configured priority: Configure...
Page 218: Qinq Configuration Examples
Task Command display qinq interface interface-type Display QinQ-enabled ports. interface-number ] QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to Company A's VLANs 10 through 70. • The service provider assigns VLAN 200 to Company B's VLANs 30 through 90. •...
Page 219 # Configure VLAN 100 as the PVID for GigabitEthernet 1/0/1. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on GigabitEthernet 1/0/1. [PE1-GigabitEthernet1/0/1] qinq enable [PE1-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200...
Page 220: Vlan Transparent Transmission Configuration Example
[PE2-GigabitEthernet1/0/3] quit Configure the devices between PE 1 and PE 2: # Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. (Details not shown.) # Configure all the ports on the forwarding path to allow frames from VLANs 100 and 200 to pass through without removing the VLAN tag.
Page 221 [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 3000 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 100 and 3000. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 # Configure VLAN 100 as the PVID of GigabitEthernet 1/0/1.
Page 222: Configuring Vlan Mapping
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. Hewlett Packard Enterprise provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag. •...
Page 223 Figure 62 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 Wiring-closet switch VLAN 1 VLAN 1 ->...
Page 224: Application Scenario Of One-To-Two And Two-To-Two Vlan Mapping
Application scenario of one-to-two and two-to-two VLAN mapping Figure 63 shows a typical application scenario of one-to-two and two-to-two VLAN mapping. In this scenario, the remote sites of the same VPN must communicate across two SP networks. Figure 63 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively.
Page 225 Figure 64 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 65, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
Page 226 Figure 66 Many-to-one VLAN mapping implementation One-to-two VLAN mapping As shown in Figure 67, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic. For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission.
Page 227: General Configuration Restrictions And Guidelines
Figure 68 Two-to-two VLAN mapping implementation Two-to-two VLAN mapping SVLAN CVLAN Data SVLAN’ CVLAN’ Data Customer SP network network SVLAN CVLAN Data SVLAN’ CVLAN’ Data Uplink traffic Downlink traffic Network-side port Customer-side port General configuration restrictions and guidelines When you configure VLAN mapping, follow these restrictions and guidelines: •...
Page 228: Configuring One-To-One Vlan Mapping
Tasks at a glance Remarks Configure one-to-two VLAN mapping on PE 1 and PE 4, as shown in Figure 63, through which traffic • Configuring one-to-two VLAN mapping from customer networks enter the service provider networks. Configure two-to-two VLAN mapping on PE 3, as Configuring two-to-two VLAN mapping shown in Figure...
Page 229: Configuring Many-To-One Vlan Mapping In A Network With Dynamic Ip Address Assignment
Configuring many-to-one VLAN mapping in a network with dynamic IP address assignment In a network that uses dynamic address assignment, configure many-to-one VLAN mapping with DHCP snooping. The switch replaces the SVLAN tag of the downlink traffic with the associated CVLAN tag based on the DHCP snooping entry lookup.
Page 230 Step Command Remarks Security Command Reference. Configuring the customer-side port Step Command Remarks Enter system view. system-view Enter Layer Ethernet interface interface-type interface view. interface-number • Configure the port as a trunk port: port link-type trunk By default, the link type of a Set the link type of the port.
Page 231: Configuring Many-To-One Vlan Mapping In A Network With Static Ip Address Assignment
Step Command Remarks trusted port. untrusted ports. Configure the port to use the original VLAN tags of the By default, the port does not many-to-one mapping replace the VLAN tags of the vlan mapping nni replace the VLAN tags of the packets destined for the user packets destined for the user network.
Page 232 Step Command Remarks Enter VLAN view. vlan vlan-id By default, ARP snooping is disabled. For more information about ARP Enable ARP snooping. arp snooping enable snooping commands, see Layer 3—IP Services Command Reference. Configuring the customer-side port Step Command Remarks Enter system view.
Page 233: Configuring One-To-Two Vlan Mapping
Step Command Remarks replace the VLAN tags of the packets destined for the user packets destined for the user network. network. Configuring one-to-two VLAN mapping Configure one-to-two VLAN mapping on customer-side ports of the edge devices from which customer traffic enters SP networks, for example, on PE 1 and PE 4 in Figure 63.
Page 234: Displaying And Maintaining Vlan Mapping
To configure two-to-two VLAN mapping: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer Ethernet interface-number interface view or Layer 2 • Enter Layer aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number •...
Page 235 To save VLAN resources, configure many-to-one VLAN mappings on the campus switch (Switch C). This feature transmits the same type of traffic from different households in one VLAN. Use VLANs 501, 502, and 503 for PC, VoD, and VoIP traffic, respectively. Table 17 VLAN mapping for each service VLANs on home VLANs on wiring-closet switches...
Page 236 # Create the original VLANs. <SwitchA> system-view [SwitchA] vlan 2 to 3 # Create the translated VLANs. [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure the customer-side port GigabitEthernet 1/0/1 as a trunk port, and assign the port to all original VLANs and translated VLANs.
Page 237 [SwitchC-vlan301] vlan 102 [SwitchC-vlan102] arp detection enable [SwitchC-vlan102] vlan 202 [SwitchC-vlan202] arp detection enable [SwitchC-vlan202] vlan 302 [SwitchC-vlan302] arp detection enable [SwitchC-vlan302] vlan 103 [SwitchC-vlan103] arp detection enable [SwitchC-vlan103] vlan 203 [SwitchC-vlan203] arp detection enable [SwitchC-vlan203] vlan 303 [SwitchC-vlan303] arp detection enable [SwitchC-vlan303] vlan 104 [SwitchC-vlan104] arp detection enable [SwitchC-vlan104] vlan 204...
Page 238 [SwitchC-GigabitEthernet1/0/2] vlan mapping uni range 303 to 304 translated-vlan 503 # Enable DHCP snooping entry recording on GigabitEthernet 1/0/2. [SwitchC-GigabitEthernet1/0/2] dhcp snooping binding record [SwitchC-GigabitEthernet1/0/2] quit # Configure the network-side port GigabitEthernet 1/0/3 to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destined for the user network.
Page 239: One-To-Two And Two-To-Two Vlan Mapping Configuration Example
103-104 203-204 303-304 One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure • Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • The two sites use different VPN access services from different service providers, SP 1 and SP •...
Page 240 [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 100. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 [PE2-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 100.
Page 241 Verifying the configuration # Verify VLAN mapping information on PE 1. [PE1] display vlan mapping Interface GigabitEthernet1/0/1: Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN # Verify VLAN mapping information on PE 3. [PE3] display vlan mapping Interface GigabitEthernet1/0/1: Outer VLAN Inner VLAN Translated Outer VLAN...
Page 242: Configuring Lldp
Configuring LLDP You can set an Ethernet interface to work in Layer 3 mode by using the port link-mode route command (see "Configuring Ethernet interfaces"). Overview In a heterogeneous network, a standard configuration exchange platform makes sure different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB.
Page 243 LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or SNAP frames. • LLDP frame encapsulated in Ethernet II Figure 72 Ethernet II-encapsulated LLDP frame Table 18 Fields in an Ethernet II-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised.
Page 244 Figure 73 SNAP-encapsulated LLDP frame Table 19 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as that Destination MAC address for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.
Page 245 Table 20 Basic management TLVs Type Description Remarks Chassis ID Specifies the bridge MAC address of the sending device. Specifies the ID of the sending port: • If the LLDPDU carries LLDP-MED TLVs, the port ID TLV Port ID carries the MAC address of the sending port. Mandatory.
Page 246 NOTE: • HPE devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs Table 22 IEEE 802.3 organizationally specific TLVs Type Description...
Page 247: Working Mechanism
Type Description Hardware Revision Allows a terminal device to advertise its hardware version. Firmware Revision Allows a terminal device to advertise its firmware version. Software Revision Allows a terminal device to advertise its software version. Serial Number Allows a terminal device to advertise its serial number. Manufacturer Name Allows a terminal device to advertise its vendor name.
Page 248: Protocols And Standards
• The LLDP operating mode of the LLDP agent changes from Disable or Rx to TxRx or Tx. With this mechanism, the specified number of LLDP frames are sent successively at a configurable fast transmission interval to help LLDP neighbors discover the local device as soon as possible. Then, the normal LLDP frame transmission interval resumes.
Page 249: Configuring The Lldp Bridge Mode
To enable LLDP: Step Command Remarks Enter system view. system-view By default: • If the switch starts up with empty configuration, LLDP is disabled globally (initial setting). • If the switch starts up with default Enable LLDP globally. configuration file, lldp global enable LLDP enabled...
Page 250: Setting The Lldp Operating Mode
Setting the LLDP operating mode Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface-number interface view, or Layer 2/Layer aggregate interface view. By default: • The nearest bridge agent operates in txrx mode.
Page 251: Configuring The Advertisable Tlvs
Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface-number interface view, or Layer 2/Layer aggregate interface view. • In Layer 2/Layer 3 Ethernet interface view management Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr Enable LLDP polling and By default, LLDP polling is...
Page 252 Step Command Remarks • lldp agent nearest-customer tlv-enable basic-tlv port-description | system-capability | system-description | system-name management-address-tlv [ ip-address ] } | dot1-tlv { all | congestion-notification port-vlan-id | link-aggregation } } By default: • • lldp tlv-enable { basic-tlv { all | Nearest bridge port-description | system-capability...
Page 253: Configuring The Management Address And Its Encoding Format
Step Command Remarks Nearest bridge agents are not supported on Layer aggregate interfaces. A PoE-capable device of the series can act as a PSE. It supports autonegotiating the supplied power with the PD through LLDP. To use the function, you must perform the following tasks: •...
Page 254: Setting Other Lldp Parameters
Step Command Remarks lldp agent nearest-customer nearest-nontpmr management-address-for mat string • Layer 2/Layer aggregate interface view: lldp agent nearest-customer nearest-nontpmr management-address-for mat string Setting other LLDP parameters The Time to Live TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device.
Page 255: Configuring Cdp Compatibility
To set the encapsulation format for LLDP frames to SNAP: Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface-number interface view, or Layer 2/Layer aggregate interface view. • In Layer 2/Layer 3 Ethernet interface view management Ethernet...
Page 256: Configuration Prerequisites
For more information about voice VLANs, see "Configuring voice VLANs." When the device is connected to a Cisco IP phone that has a host attached to its data port, the host must access the network through the Cisco IP phone. If the data port goes down, the IP phone will send a CDP packet to the device so the device can log out the user.
Page 257: Displaying And Maintaining Lldp
Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface-number interface view, or Layer 2/Layer aggregate interface view. • In Layer 2/Layer 3 Ethernet interface view management Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] notification By default, LLDP trapping Enable LLDP trapping.
Page 258: Lldp Configuration Examples
LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure 75, the NMS and Switch A are located in the same Ethernet network. A MED device and Switch B are connected to GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A. Enable LLDP globally on Switch A and Switch B to perform the following tasks: •...
Page 259: Verify The Configuration
# Set the LLDP operating mode to Tx. [SwitchB-GigabitEthernet1/0/1] lldp admin-status tx [SwitchB-GigabitEthernet1/0/1] quit Verify the configuration: # Verify that: • GigabitEthernet 1/0/1 of Switch A connects to a MED device. • GigabitEthernet 1/0/2 of Switch A connects to a non-MED device. •...
Page 260 LLDP status information of port 2 [GigabitEthernet1/0/2]: LLDP agent nearest-bridge: Port status of LLDP : Enable Admin status : RX_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 21...
Page 261 Trap interval : 30s Fast start times LLDP status information of port 1 [GigabitEthernet1/0/1]: LLDP agent nearest-bridge: Port status of LLDP : Enable Admin status : RX_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors...
Page 262: Cdp-Compatible Lldp Configuration Example
Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s...
Page 263 [SwitchA-GigabitEthernet1/0/2] quit Configure CDP-compatible LLDP on Switch A: # Enable LLDP globally, and enable CDP compatibility globally. [SwitchA] lldp global enable [SwitchA] lldp compliance cdp # Enable LLDP on GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable # Configure LLDP to operate in TxRx mode on GigabitEthernet 1/0/1.
Page 264: Configuring Service Loopback Groups
Configuring service loopback groups A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: •...
Page 265: Service Loopback Group Configuration Example
Task Command Display information about service loopback groups. display service-loopback group [ number ] Service loopback group configuration example Network requirements All Ethernet ports on Device A support the tunnel service. Assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to a service loopback group to loop GRE packets sent out by the device back to the device.
Page 266: Document Conventions And Icons
Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values.
Page 267: Network Topology Icons
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 268: Support And Other Resources
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...
Page 269: Websites
For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
Page 270 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Page 271: Index
Index voice VLAN information advertisement to IP Numerics phones, aggregating 1 VLAN mappingapplication scenario, link. See link aggregation 1 VLAN mappingconfiguration, 219, 225 aging 1 VLAN mappingimplementation, 215, 216 MAC address table timer, 2 VLAN mappingapplication scenario, spanning tree max age timer, 2 VLAN mappingconfiguration, 224, 230 algorithm...
Page 272 backing up spanning tree port path cost calculation standard, MST backup port, spanning tree timeout factor, bandwidth STP algorithm, Ethernet link aggregate interface (expected bandwidth), basic management LLDPDU TLV types, LLDP CDP compatibility, LLDP CDP-compatible configuration, Ethernet link aggregation group BFD, voice VLAN advertisement, blackhole voice VLAN information advertisement to IP...
Page 273: Interface-Card
Ethernet link aggregation group (Layer 2 M\1 VLAN mapping customer-side port (dynamic static), IP address assignment), Ethernet link aggregation group (Layer 3 M\1 VLAN mapping customer-side port (static IP dynamic), address assignment), Ethernet link aggregation group (Layer 3 M\1 VLAN mapping network-side port (dynamic static), IP address assignment), Ethernet link aggregation group (static),...
Page 274 spanning tree port mode, MST region connection, spanning tree port path cost, 95, 98 CVLAN spanning tree port priority, QinQ basic configuration, spanning tree port role restriction, QinQ configuration, 203, 209 spanning tree protection functions, QinQ VLAN transparent transmission configuration, spanning tree root bridge, VLAN mapping configuration, 213, 218, 225...
Page 275 MAC address learning (on interface), Ethernet aggregate interface (Layer 3 edge), MAC address learning (on VLAN), Ethernet link aggregate interface (Layer 2 edge), discarding edge port MST discarding port state, MST, displaying spanning tree, bulk interface configuration, EEE energy saving, Ethernet link aggregation, enabling interface,...
Page 276 interface. See Ethernet interface 10-GE > 40-GE combine;010-GE > 40-GE combine, interface auto power-down enable, 40-GE split;040-GE split, interface dampening restrictions, automatic negotiation enable, interface display, basic settings configuration, interface EEE enable, bridging enable (Layer 2), interface energy-saving features, cable connection (Layer 2), interface generic flow control, combo interface active port, interface loopback testing,...
Page 277 interface configuration (expected LLDP frame encapsulation format, bandwidth), LLDP management address encoding LACP, format, Layer 2 aggregate interface (ignored forwarding VLAN), 50, 50 MAC address table frame forwarding rule, Layer 2 aggregate interface (Layer 2 MST forwarding port state, edge), spanning tree forward delay timer, Layer 2 aggregation configuration STP BPDU forwarding,...
Page 278 Ethernet link aggregation group (Layer 3 Ethernet link aggregate interface default static), settings, Ethernet link aggregation group (static), Ethernet link aggregate interface shutdown, Ethernet link aggregation group load Ethernet link aggregation edge aggregate sharing, interface, 45, 51 Ethernet link aggregation LACP, Layer 2 Ethernet aggregate interface (ignored VLAN), Ethernet link aggregation load sharing...
Page 279 1\2 VLAN mapping configuration, 224, 230 Ethernet link aggregation group restrictions, 2\2 VLAN mapping configuration, 224, 230 Ethernet link aggregation LACP, authorization VLAN advertisement (CDP), Ethernet link aggregation load sharing (Layer authorization VLAN advertisement (LLDP), Ethernet link aggregation load sharing mode, Ethernet aggregate interface, Ethernet link aggregation local-first load sharing,...
Page 280 port-based VLAN configuration, voice VLAN port operation configuration (manual assignment), private VLAN configuration, 156, 158 voice VLAN port operation configuration private VLAN configuration restrictions, restrictions (automatic assignment), private VLAN display, voice VLAN port operation configuration private VLAN promiscuous port restrictions (manual assignment), configuration, Layer 2 private VLAN trunk promiscuous port...
Page 281 Ethernet link aggregate interface MST learning port state, shutdown, legacy Ethernet link aggregation (Layer 3 spanning tree port mode, dynamic), spanning tree port path cost calculation, Ethernet link aggregation (Layer 3 static), link Ethernet link aggregation aggregation. See link aggregation configuration, 38, 45, 58 interface link mode (Ethernet),...
Page 282 voice VLAN information advertisement to IP enable, phones, enable (global), voice VLAN IP phone identification, enable (port-specific), voice VLAN IP phone identification interval, method, interval setting, voice VLAN LLDP automatic IP phone mechanisms, discovery enable, port status auto recovery, LLDPDU protection action configuration, LLDP basic configuration, 239, 249...
Page 283 configuration, 20, 21, 32 VLAN, display, management address dynamic aging timer, LLDP encoding format, entry configuration, manual entry configuration (global), voice VLAN assignment mode, entry configuration (on interface), voice VLAN assignment mode configuration, entry creation, voice VLAN port operation configuration, entry types, mapping frame forwarding rule,...
Page 284 MVRP registration forbidden, spanning tree port mode configuration, MVRP registration normal, VLAN-to-instance mapping table, spanning tree mCheck, spanning tree MSTP, Layer 3 Ethernet aggregate interface, spanning tree PVST, multiple spanning tree RSTP, Registration Protocol. Use spanning tree STP, VLAN Registration Protocol. Use MVRP voice VLAN assignment automatic, Multiple Spanning Tree Protocol.
Page 285 Ethernet link aggregation reference port, M\1 VLAN mapping customer-side port (static IP address assignment), Ethernet link aggregation reference port choice, M\1 VLAN mapping network-side port (dynamic IP address assignment), interface auto power-down (Ethernet), M\1 VLAN mapping network-side port (static IP interface automatic negotiation (Ethernet), address assignment), interface basic settings (Ethernet),...
Page 286 spanning tree BPDU drop, voice VLAN host+IP phone connection (in series), spanning tree BPDU guard, voice VLAN information advertisement to IP spanning tree BPDU transmission rate, phones, spanning tree Digest Snooping, 103, 104 voice VLAN IP phone access method, spanning tree edge port, voice VLAN IP phone identification (LLDP), spanning tree loop guard, voice VLAN IP phone identification (OUI...
Page 287 MAC Information change notification port interval, Ethernet aggregate interface, null interface Ethernet aggregate interface (description), configuration, 16, 16 Ethernet aggregate interface (Layer 3 edge), display, Ethernet link aggregate group Selected ports maintain, min/max, Ethernet link aggregate interface (expected bandwidth), operational key (Ethernet link aggregation), Ethernet link aggregate interface (Layer 2 organization-specific LLDPDU TLV types, edge),...
Page 288 isolation. See port isolation spanning tree forward delay timer, Layer 2 aggregate interface (ignored spanning tree loop guard, VLAN), spanning tree path cost calculation standard, Layer 3 aggregate interface configuration spanning tree path cost configuration, 95, 98 (MTU), spanning tree port link type configuration, LLDP basic configuration, 239, 249 spanning tree port mode configuration,...
Page 289 secondary VLAN Layer 3 communication configuring Ethernet link aggregation group configuration, (dynamic), trunk promiscuous port configuration, configuring Ethernet link aggregation group (Layer 2 dynamic), trunk promiscuous+secondary port configuration, configuring Ethernet link aggregation group (Layer 2 static), procedure configuring Ethernet link aggregation group adding MAC address table blackhole entry, (Layer 3 dynamic), adding MAC address table entry (global),...
Page 290 configuring LAN switching spanning tree configuring MST region max hops, Digest Snooping, configuring MSTP, 88, 113 configuring LLDP, configuring MVRP, 189, 192 configuring LLDP (CDP-compatible), configuring port-based VLAN, 130, 141 configuring LLDP advertisable TLVs, configuring private VLAN, configuring LLDP basics, 239, 249 configuring private VLAN promiscuous port, configuring LLDP CDP compatibility,...
Page 291 configuring VLAN basic settings, enabling interface loopback testing (Ethernet), configuring VLAN group, enabling LLDP, configuring VLAN interface, enabling LLDP polling, configuring VLAN mapping, enabling loop detection (global), configuring voice VLAN, enabling loop detection (port-specific), configuring voice VLAN advertisement enabling M\1 VLAN mapping ARP detection (CDP), (dynamic IP address assignment), configuring voice VLAN advertisement...
Page 292 setting Ethernet link aggregation load sharing STP protocol packets, mode (group-specific), VLAN, setting interface MDIX mode (Layer 2 PVID (port-based VLAN), Ethernet), PVST, See also setting interface MTU (Layer 3 Ethernet), configuration, 87, 116 setting interface statistics polling interval feature enable, (Ethernet), mode set, setting Layer 3 aggregate interface (MTU),...
Page 293 MVRP registration fixed mode, spanning tree secondary root bridge (device), MVRP registration forbidden mode, STP algorithm calculation, MVRP registration mode, STP root bridge, MVRP registration normal mode, STP root port, reinitialization delay (LLDP), routing restoring IP subnet-based VLAN configuration, 138, 145 Ethernet link aggregate interface default MAC-based VLAN assignment (dynamic), settings,...
Page 294 Ethernet link aggregation member port port path cost calculation standard, state, 40, 43 port path cost configuration, 95, 98 interface MDIX mode (Layer 2 Ethernet), port priority configuration, interface statistics polling interval (Ethernet), port role restriction, Layer 3 aggregate interface (MTU), port state transition output, LLDP frame encapsulation format, protection functions,...
Page 295 basic concepts, spanning tree switched network diameter, BPDU forwarding, synchronizing configuration, MAC addresses, designated bridge, syslog designated port, MAC Information configuration, 34, 35 Digest Snooping configuration MAC Information mode configuration, restrictions, system edge port configuration restrictions, interface bulk configuration, 18, 18 feature enable, loop detection, table...
Page 296 MRP Periodic, virtual MVRP set, Virtual Local Area Network. Use VLAN spanning tree forward delay, VLAN spanning tree hello, authorization VLAN advertisement (CDP), spanning tree max age, authorization VLAN advertisement (LLDP), STP forward delay, basic configuration, STP hello, configuration, 127, 141 STP max age, display, frame encapsulation,...
Page 297 QinQ SVLAN tag TPID value, LLDP configuration (CDP-compatible), QinQ transparent transmission, voice VLAN QinQ VLAN tag TPID value, advertisement configuration (CDP), QinQ VLAN transparent transmission advertisement configuration (LLDP), configuration, assignment mode, super VLAN configuration, 150, 150, 152 assignment mode (automatic), super VLAN interface configuration, assignment mode (manual), voice VLAN advertisement (CDP),...

HPE FlexNetwork 5510 HI Series Configuration Manual

Configuring Ethernet Interfaces

Configuring Loopback, Null, and Inloopback Interfaces

Bulk Configuring Interfaces

Configuring the MAC Address Table

Configuring MAC Information

Configuring Ethernet Link Aggregation

Configuring Port Isolation

Configuring Spanning Tree Protocols

Configuring Loop Detection

Configuring Vlans

Configuring Super Vlans

Configuring the Private VLAN

Configuring Voice Vlans

Configuring MVRP

Quick Links

Configuration Guide

Related Manuals for HPE FlexNetwork 5510 HI Series

Summary of Contents for HPE FlexNetwork 5510 HI Series