Configuring common Ethernet interface settings ······························································································· 1 Configuring a combo interface (only applicable to HPE 5510 24G SFP 4SFP+ HI 1-slot Switch (JH149A) switches) ···················································································································································· 2 Splitting a 40-GE interface and combining 10-GE breakout interfaces ······················································ 2 ...
Page 4
Assigning MAC learning priority to an interface ······························································································· 27 Enabling MAC address synchronization ·········································································································· 28 Enable MAC address move notifications ········································································································· 29 Enabling ARP fast update for MAC address moves ························································································ 30 Enabling SNMP notifications for the MAC address table ················································································· 31 ...
Page 5
Layer 2 aggregation load sharing configuration example ········································································ 61 Layer 2 edge aggregate interface configuration example ········································································ 64 Layer 3 static aggregation configuration example ···················································································· 65 Layer 3 dynamic aggregation configuration example ··············································································· 66 Layer 3 edge aggregate interface configuration example ········································································ 67 ...
Configuring Ethernet interfaces The switch series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide. This document describes how to configure management Ethernet interfaces and Ethernet interfaces. Configuring a management Ethernet interface A management interface uses an RJ-45 connector.
Configuring a combo interface (only applicable to HPE 5510 24G SFP 4SFP+ HI 1-slot Switch (JH149A) switches) A combo interface is a logical interface that physically contains one fiber combo port and one copper combo port. The two ports share one forwarding channel and one interface view. As a result, they cannot work simultaneously.
Step Command Remarks By default, a 40-GE interface is not split and operates as a single interface. Split the 40-GE interface into The 10-GE breakout interfaces split four 10-GE breakout using tengige from a 40-GE interface support the interfaces. same configuration and attributes as common 10-GE interfaces, except that they are numbered in a different way.
Step Command Remarks Reference. Interfaces on an HPE 5130/5510 10GbE SFP+ 2-port Module (JH157A) or HPE 5130/5510 10GBASE-T 2-port Module (JH156A) interface card support only the 10000 keyword. Configure the expected By default, the expected bandwidth (in bandwidth kbps) is the interface baud rate divided by bandwidth bandwidth-value interface.
Step Command Remarks Enter system view. system-view Enter Ethernet interface interface interface-type view. interface-number By default, the switch allows jumbo Configure jumbo frame jumboframe enable [ value ] frames within 10000 bytes to pass support. through all Ethernet interfaces. Configuring physical state change suppression on an Ethernet interface IMPORTANT: Do not configure physical state change suppression on an Ethernet interface that has RRPP, MSTP,...
Step Command Remarks interface. If you configure this command multiple times on Ethernet interface, most recent configuration takes effect. Performing a loopback test on an Ethernet interface If an Ethernet interface does not work correctly, you can perform a loopback test on it to identify the problem.
it suspends sending packets to the peer. When congestion occurs, the interface cannot send flow control frames to the peer. To handle unidirectional traffic congestion on a link, configure the flow-control receive enable command at one end and the flow-control command at the other end. To enable both ends of a link to handle traffic congestion, configure the flow-control command at both ends.
2—Interfaces GigabitEthernet 1/0/41 through GigabitEthernet 1/0/48 on the front panel are not available, and all interfaces on the interface card are available. For HPE 5510 48G 4SFP+ HI 1-slot Switch and HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch, the operating modes supported by the interface cards are as shown in...
Table 1 Operating modes supported by interface cards Interface card Supported operating modes Remarks The operating modes take 5510 2-port QSFP+ effect only 10-GE 0 and 2. Module (JH155A) breakout interfaces split from a QSFP+ interface. After you configure the interface card operating mode, reboot the switch to make the configuration take effect.
have less impact on device performance than the storm-constrain command, which performs suppression in software. Configuration guidelines For the same type of traffic, do not configure the storm constrain command together with any of the commands. broadcast-suppression, multicast-suppression, unicast-suppression Otherwise, the traffic suppression result is not determined. For more information about the storm-constrain command, see "Configuring storm control on an Ethernet interface."...
Page 20
• Blocks this type of traffic, while forwarding other types of traffic—Even though the interface does not forward the blocked traffic, it still counts the traffic. When the blocked traffic drops below the lower threshold, the port begins to forward the traffic. •...
Forcibly bringing up a fiber port CAUTION: The following operations on a fiber port will cause link updown events before the port finally stays up: • Configure the port up-mode command and the speed or duplex command at the same time. •...
transceiver module into the port. To solve the problem, use the undo port up-mode command on the fiber port. Configuration procedure To forcibly bring up a fiber port: Step Command Remarks Enter system view. system-view Enter Ethernet interface interface interface-type view.
Testing the cable connection of an Ethernet interface IMPORTANT: • If the link of an Ethernet port is up, testing its cable connection will cause the link to go down and then come up. • Fiber ports do not support this feature. This feature tests the cable connection of an Ethernet interface and displays cable test results within 5 seconds.
Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.
applying an ACL. For example, if you specify a null interface as the next hop of a static route to a network segment, any packets routed to the network segment are dropped. To configure a null interface: Step Command Remarks Enter system view.
Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces. Configuration restrictions and guidelines When you bulk configure interfaces in interface range view, follow these restrictions and guidelines: •...
Step Command Remarks • interface range interface-type interface-number By using the interface range name interface-type command, you assign a name to an interface-number ] } &<1-24> Enter interface range interface range and can specify this view. • interface range name name name rather than the interface range [ interface { interface-type to enter the interface range view.
Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table. •...
• Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.
Configuring MAC address entries Configuration guidelines • You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address. • The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive a reboot if you do not save the configuration.
Step Command Remarks interface view: interface bridge-aggregation interface-number By default, no MAC address entry is configured on an interface. Add or modify a static or mac-address { dynamic | static } Make sure you have created the dynamic MAC address entry. mac-address vlan vlan-id VLAN and assigned the interface to the VLAN.
You can configure a multiport unicast MAC address entry globally or on an interface. Configuring a multiport unicast MAC address entry globally Step Command Remarks Enter system view. system-view By default, no multiport unicast MAC address entry is configured mac-address multiport globally.
The global MAC address learning configuration does not take effect in a VPLS VSI. For information about VSIs, see MPLS Configuration Guide. Disabling MAC address learning on an interface When global MAC address learning is enabled, you can disable MAC address learning on a single interface.
An aging interval that is too long might cause the MAC address table to retain outdated entries. As a result, the MAC address table resources might be exhausted, and the MAC address table might fail to update to accommodate the latest network changes. An interval that is too short might result in removal of valid entries, which would cause unnecessary floods and possibly affect the device performance.
Step Command Remarks • Enter Layer Ethernet interface view. interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view. interface bridge-aggregation interface-number Configure device By default, the device can forward forward unknown frames unknown frames received on an mac-address max-mac-count received on the interface...
Enabling MAC address synchronization To avoid unnecessary floods and improve forwarding speed, make sure all member devices have the same MAC address table. After you enable MAC address synchronization, each member device advertises learned MAC address entries to other member devices. As shown in Figure •...
Figure 4 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization: Step Command Remarks Enter system view. system-view Enable address default, address mac-address mac-roaming synchronization. synchronization is disabled. enable Enable MAC address move notifications The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist: •...
Step Command Remarks Enter system view. system-view By default, MAC address move notifications are disabled. If you do not specify a detection interval, the default setting of 1 minute is used. Enable MAC address After execute this move notifications and command, the system sends mac-address notification mac-move only log messages to the...
Figure 5 ARP fast update application scenario To enable ARP fast update for MAC address moves: Step Command Remarks Enter system system-view view. Enable ARP fast By default, ARP fast update for update for MAC mac-address mac-move fast-update MAC address moves is disabled. address moves.
<Device> system-view [Device] mac-address static 000f-e235-dc71 interface gigabitethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1. [Device] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer to 500 seconds for dynamic MAC address entries. [Device] mac-address timer aging 500 Verifying the configuration # Display the static MAC address entries for interface GigabitEthernet 1/0/1.
Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor users leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.
To configure the MAC Information mode: Step Command Remarks Enter system view. system-view Configure mac-address information mode The default setting is trap. Information mode. { syslog | trap } Configuring the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value.
Figure 7 Network diagram Configuration restrictions and guidelines When you edit the file /etc/syslog.conf, follow these restrictions and guidelines: • Comments must be on a separate line and must begin with a pound sign (#). • No redundant spaces are allowed after the file name. •...
Page 46
# Device configuration messages local4.info /var/log/Device/info.log In this configuration, local4 is the name of the logging facility that the log host uses to receive logs, and info is the informational level. The UNIX system records the log information that has a severity level of at least informational to the file /var/log/Device/info.log.
Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
• Selected—A Selected port can forward traffic. • Unselected—An Unselected port cannot forward traffic. • Individual—An Individual port can forward traffic as a normal physical port. A port is placed in the Individual state when the following conditions are met: The corresponding aggregate interface is configured as an edge aggregate interface.
NOTE: The protocol configuration for a member port is effective only when the member port leaves the aggregation group. Link aggregation modes Link aggregation has dynamic and static modes: • Static aggregation mode—Aggregation is stable. The aggregation state of the member ports are not affected by the peer ports.
Figure 9 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Operational key/attribute configurations same as the reference port? More candidate ports than max.
Table 3 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP Basic LACP functions priority, system MAC address, port priority, port number, and operational key. Implemented by extending the LACPDU with new TLV fields. This is how the LACP MAD mechanism of the IRF feature is implemented.
Page 52
The local system (the actor) and the remote system (the partner) negotiate a reference port by using the following workflow: The two systems determine the system with the smaller system ID. A system ID contains the system LACP priority and the system MAC address. a.
Page 53
Figure 10 Setting the state of a member port in a dynamic aggregation group The system with the higher system ID is aware of the aggregation state changes on the remote system. The system sets the aggregation state of local member ports the same as their peer ports. When you aggregate interfaces in dynamic mode, follow these guidelines: •...
For more information about configuring the maximum number of Selected ports in a dynamic aggregation group, see "Setting the minimum and maximum numbers of Selected ports for an aggregation group." Edge aggregate interface Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device.
Tasks at a glance (Optional.) Configuring load balancing for link aggregation group: • Setting load sharing modes for link aggregation groups • Enabling local-first load sharing for link aggregation • Configuring per-flow load sharing algorithm settings for Ethernet link aggregation Enabling link-aggregation traffic redirection Configuring an aggregation group This section explains how to configure an aggregation group.
Step Command Remarks interface and enter Layer 2 aggregate interface, the system interface-number aggregate interface view. automatically creates a Layer 2 static aggregation group numbered the same. Exit to system view. quit a. Enter Layer 2 Ethernet interface view: interface interface-type Repeat these two sub-steps to Assign an interface to the interface-number...
Page 57
Step Command Remarks When you create a Layer 2 Create a Layer 2 aggregate aggregate interface, the system interface bridge-aggregation interface and enter Layer 2 automatically creates a Layer 2 interface-number aggregate interface view. static aggregation group numbered the same. Configure the aggregation By default, an aggregation group group to operate in dynamic...
Step Command Remarks a. Enter Layer 3 Ethernet interface view: interface interface-type Repeat these two sub-steps to interface-number Assign an interface to the assign more Layer 3 Ethernet specified Layer b. Assign the interface to interfaces aggregation aggregation group. the specified Layer 3 group.
Specifying ignored VLANs for a Layer 2 aggregate interface By default, to become Selected ports, the member ports must have the same VLAN permit state and VLAN tagging mode as the corresponding Layer 2 aggregate interface. The system ignores the permit state and tagging mode of an ignored VLAN when choosing Selected ports.
The maximum number of Selected ports allowed in an aggregation group is limited by either manual configuration or hardware limitation, whichever value is smaller. You can implement backup between two ports by performing the following tasks: • Assigning two ports to an aggregation group. •...
• This configuration takes effect only on the aggregate interface corresponding to a dynamic aggregation group. • Link-aggregation traffic redirection does not operate correctly on an edge aggregate interface. For more information about link-aggregation traffic redirection, see "Enabling link-aggregation traffic redirection."...
• As a best practice, do not configure other protocols to collaborate with BFD on a BFD-enabled aggregate interface. Configuration procedure To enable BFD for an aggregation group: Step Command Remarks Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface...
Step Command Enter system view. system-view • Enter Layer aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view. • Enter Layer aggregate interface view: interface route-aggregation interface-number Restore the default settings for the default aggregate interface. Configuring load sharing for link aggregation groups Setting load sharing modes for link aggregation groups You can set the global or group-specific load sharing mode.
Enabling local-first load sharing for link aggregation Use local-first load sharing in a multidevice link aggregation scenario to distribute traffic preferentially across member ports on the ingress card or device. When you aggregate ports on different member devices in an IRF fabric, you can use local-first load sharing to reduce traffic on IRF links, as shown in Figure 11.
• Destination MAC address. • Source and destination IP addresses. • Source and destination MAC addresses. To configure per-flow load sharing algorithm settings for Ethernet link aggregation: Step Command Remarks Enter system view. system-view link-aggregation global Configure the load sharing By default, algorithm 0 is used.
[DeviceA-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to...
Page 69
• Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end. Figure 13 Network diagram VLAN 10 VLAN 10 GE1/0/4 GE1/0/4 GE1/0/1 GE1/0/1 GE1/0/2 GE1/0/2 Link aggregation 1 Device A Device B GE1/0/3 GE1/0/3 BAGG1...
Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,...
Page 71
Figure 14 Network diagram Configuration procedure Configure Device A: # Create VLAN 10, and assign the port GigabitEthernet 1/0/5 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/5 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 1/0/6 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/6 [DeviceA-vlan20] quit...
Page 72
[DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac [DeviceA-Bridge-Aggregation2] quit # Assign ports GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to link aggregation group 2. [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 2 [DeviceA-GigabitEthernet1/0/3] quit [DeviceA] interface gigabitethernet 1/0/4 [DeviceA-GigabitEthernet1/0/4] port link-aggregation group 2 [DeviceA-GigabitEthernet1/0/4] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 2 as a trunk port and assign it to VLAN 20.
source-mac address Bridge-Aggregation2 Load-Sharing Mode: destination-mac address The output shows that: • Link aggregation group 1 load shares packets based on source MAC addresses. • Link aggregation group 2 load shares packets based on destination MAC addresses. Layer 2 edge aggregate interface configuration example Network requirements As shown in Figure...
Aggregate Interface: Bridge-Aggregation1 Aggregation Mode: Dynamic Loadsharing Type: NonS System ID: 0x8000, 000f-e267-6c6a Local: Port Status Priority Oper-Key Flag -------------------------------------------------------------------------------- GE1/0/1 32768 {AG} GE1/0/2 32768 {AG} Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- GE1/0/1 32768 0x8000, 0000-0000-0000 {DEF} GE1/0/2 32768 0x8000, 0000-0000-0000 {DEF} The output shows that GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in Individual state when...
[DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit Configure Device B in the same way Device A is configured. (Details not shown.) Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Flags:...
# Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit Configure Device B in the same way Device A is configured.
Page 77
Configure an edge aggregate interface so that both GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 can forward traffic to improve link reliability. Figure 18 Network diagram Configuration procedure # Create Layer 3 aggregate interface Route-Aggregation 1, and set the link aggregation mode to dynamic.
Page 78
Remote: Actor Partner Priority Oper-Key SystemID Flag -------------------------------------------------------------------------------- GE1/0/1 32768 0x8000, 0000-0000-0000 {DEF} GE1/0/2 32768 0x8000, 0000-0000-0000 {DEF} The output shows that GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in Individual state when they do not receive LACPDUs from the server. Both GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 can forward traffic.
Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group The device supports multiple isolation groups, which can be configured manually.
Port isolation configuration example Network requirements As shown in Figure 19, configure port isolation on the device to meet the following requirements: • The hosts can access the Internet. • The hosts cannot communicate with each other at Layer 2. Figure 19 Network diagram Internet GE1/0/4...
Page 81
GigabitEthernet1/0/2 GigabitEthernet1/0/3 The output shows that interfaces GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to isolation group 2. As a result, Host A, Host B, and Host C are isolated from each other at layer 2.
Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
Upon initialization of a network, each device generates and periodically sends configuration BPDUs, with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs. The other devices only forward the BPDUs. Root port On a non-root bridge, the port nearest to the root bridge is the root port.
Page 84
Calculation process The STP algorithm uses the following calculation process: Initialize the network. Upon initialization of a device, each port generates a BPDU with the following contents: The port as the designated port. The device as the root bridge. 0 as the root path cost. The device ID as the designated bridge ID.
Page 85
b. If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S. The configuration BPDU with the smallest S value has the highest priority. c.
Page 86
Table 7, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID. Table 7 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison Port A1 performs the following tasks: Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}.
Page 87
Configuration BPDU on Device Comparison process ports after comparison 22. Updates its configuration BPDU. Port C2 performs the following tasks: 23. Receives the original configuration BPDU of Port B2 {1, 0, 1, Port B2}. 24. Determines that the received configuration BPDU is superior to the existing configuration BPDU {2, 0, 2, Port C2}.
Page 88
After the comparison processes described in Table 7, a spanning tree with Device A as the root bridge is established, as shown in Figure Figure 22 The final calculated spanning tree The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded according to these guidelines: •...
Because each VLAN runs STP or RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled HPE device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled HPE device supports fast network convergence like RSTP when connected to PVST-enabled HPE devices or third-party devices enabled with Rapid PVST.
MSTP features Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP, RSTP, and PVST. In addition to supporting rapid network convergence, it allows data flows of different VLANs to be forwarded along separate paths. This provides a better load sharing mechanism for redundant links. MSTP provides the following features: •...
Page 91
Figure 24 Network diagram and topology of MST region 3 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: •...
Page 92
The blue lines in Figure 23 represent the CST. An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 23, MSTI 0 is the IST in MST region 3.
MSTP calculation involves the following port roles: • Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. • Designated port—Forwards data to the downstream network segment or device. • Alternate port—Acts as the backup port for a root port or master port.
Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent. CIST calculation During the CIST calculation, the following process takes place: •...
• Determine the spanning tree protocol to be used (STP, RSTP, PVST, or MSTP). • Plan the device roles (the root bridge or leaf node). When you configure spanning tree protocols, follow these restrictions and guidelines: • If both MVRP and a spanning tree protocol are enabled on a device, MVRP packets are forwarded along MSTIs.
RSTP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority • (Optional.) Configuring the network diameter of a switched network •...
Tasks at a glance (Optional.) Configuring TC Snooping (Optional.) Configuring protection functions Setting the spanning tree mode The spanning tree modes include: • STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP. •...
• Use the active region-configuration command. • Enable a spanning tree protocol by using the stp global enable command if the spanning tree protocol is disabled. In STP, RSTP, or PVST mode, MST region configurations do not take effect. To configure an MST region: Step Command Remarks...
Configuring the current device as the root bridge of a specific spanning tree Step Command Remarks Enter system view. system-view • STP/RSTP mode: stp root primary • Configure the current PVST mode: By default, a device does not device root stp vlan vlan-id-list root primary function as the root bridge.
Configuring the maximum hops of an MST region Restrict the region size by setting the maximum hops of an MST region. The hop limit configured on the regional root bridge is used as the hop limit for the MST region. Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value.
Configuring spanning tree timers The following timers are used for spanning tree calculation: • Forward delay—Delay time for port state transition. To prevent temporary loops on a network, the spanning tree feature sets an intermediate port state (the learning state) before it transits from the discarding state to the forwarding state.
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet or interface interface-type aggregate interface view. interface-number Configure BPDU transmission rate The default setting is 10. stp transmit-limit limit ports. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.
Specifying a standard for the device to use when it calculates the default path cost CAUTION: If you change the standard that the device uses to calculate the default path costs, you restore the path costs to the default. You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards: •...
Page 106
Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard containing four Selected ports Single port 200000 Aggregate interface containing two Selected 100000 ports Aggregate interface 100 Mbps containing three Selected 66666 ports Aggregate interface containing four Selected 50000 ports Single port...
Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard containing three Selected ports Aggregate interface containing four Selected ports Single port Aggregate interface containing two Selected ports Aggregate interface 100 Gbps containing three Selected ports Aggregate interface containing four Selected ports Configuring path costs of ports...
[Sysname-GigabitEthernet1/0/3] stp instance 2 cost 200 # In PVST mode, perform the following tasks: • Configure the device to calculate the default path costs of its ports by using IEEE 802.1d-1998. • Set the path cost of GigabitEthernet 1/0/3 to 2000 on VLAN 20 through VLAN 30. <Sysname>...
• The stp point-to-point force-false or stp point-to-point force-true command configured on a port in MSTP or PVST mode takes effect on all MSTIs or VLANs. • If you configure a non-point-to-point link as a point-to-point link, a temporary loop might occur. Configuration procedure To configure the link type of a port: Step...
Enabling outputting port state transition information In a large-scale spanning tree network, you can enable devices to output the port state transition information. Then you can monitor the port states in real time. To enable outputting port state transition information: Step Command Remarks...
Enabling the spanning tree feature in PVST mode Step Command Remarks Enter system view. system-view • If the device starts up with the initial settings, the spanning tree feature is disabled globally by default. • If the device starts up with the factory Enable the spanning tree defaults, the spanning tree feature is stp global enable...
The devices of different vendors in the same MST region cannot communicate with each other. To enable communication between an HPE device and a third-party device in the same MST region, enable Digest Snooping on the HPE device port connecting them.
Configuration procedure You can enable Digest Snooping only on the HPE device that is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping: Step Command Remarks Enter system view. system-view...
[DeviceA-GigabitEthernet1/0/1] quit [DeviceA] stp global config-digest-snooping # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device B and enable global Digest Snooping on Device B. <DeviceB> system-view [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] stp global config-digest-snooping Configuring No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: •...
Figure 28 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implementation might be limited as follows: • The upstream device uses a rapid transition mechanism similar to that of RSTP. •...
No Agreement Check configuration example Network requirements As shown in Figure 29, Device A connects to a third-party device that has a different spanning tree implementation. Both devices are in the same region. The third-party device (Device B) is the regional root bridge, and Device A is the downstream device. Figure 29 Network diagram Configuration procedure # Enable No Agreement Check on GigabitEthernet 1/0/1 of Device A.
To avoid traffic interruption, you can enable TC Snooping on the IRF fabric. After receiving a TC-BPDU through a port, the IRF fabric updates MAC address table and ARP table entries associated with the port's VLAN. In this way, TC Snooping prevents topology change from interrupting traffic forwarding in the network.
normal conditions, these ports should not receive configuration BPDUs. However, if someone uses configuration BPDUs maliciously to attack the devices, the network will become unstable. The spanning tree protocol provides the BPDU guard function to protect the system against such attacks.
Enabling loop guard By continuing to receive BPDUs from the upstream device, a device can maintain the state of the root port and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail to receive BPDUs from the upstream devices. In this case, the device reselects the following port roles: •...
Configuring TC-BPDU transmission restriction CAUTION: Enabling TC-BPDU transmission restriction on a port might cause the previous forwarding address table to fail to be updated when the topology changes. The topology change to the user access network might cause the forwarding address changes to the core network.
Enabling BPDU drop In a spanning tree network, every BPDU arriving at the device triggers an STP calculation process and is then forwarded to other devices in the network. Malicious attackers might use the vulnerability to attack the network by forging BPDUs. By continuously sending forged BPDUs, they can make all devices in the network continue performing STP calculations.
Spanning tree configuration example MSTP configuration example Network requirements As shown in Figure 31, all devices on the network are in the same MST region. Device A and Device B work at the distribution layer. Device C and Device D work at the access layer. Configure MSTP so that packets of different VLANs are forwarded along different spanning trees.
Page 123
[DeviceA-mst-region] instance 3 vlan 30 [DeviceA-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceA-mst-region] revision-level 0 # Activate MST region configuration. [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Specify the device as the root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Enable the spanning tree feature globally.
Page 124
Configure Device D: # Enter MST region view, and configure the MST region name as example. <DeviceD> system-view [DeviceD] stp region-configuration [DeviceD-mst-region] region-name example # Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively. [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 3 vlan 30 [DeviceD-mst-region] instance 4 vlan 40...
GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief MST ID Port Role STP State Protection GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING...
Page 126
• The root bridge of VLAN 40 is Device C. Figure 33 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C.
Page 127
[DeviceC] stp global enable [DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST. <DeviceD> system-view [DeviceD] stp mode pvst # Enable the spanning tree feature globally and in VLAN 20, VLAN 30, and VLAN 40. [DeviceD] stp global enable [DeviceD] stp vlan 20 30 40 enable Verifying the configuration...
Page 128
GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw a topology for each VLAN spanning tree, as shown in Figure Figure 34 VLAN spanning tree topologies...
Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmission can waste network resources and can sometimes paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.
• Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. • Reserved—This field is reserved. Frames for loop detection are encapsulated as TLV triplets. Table 10 TLVs supported by loop detection Description Remarks...
The device automatically sets the port to the forwarding state after the detection timer configured by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.
Configuring the loop protection action You can configure the loop protection action globally or on a per-port basis. The global configuration applies to all ports. The per-port configuration applies to the individual ports. The per-port configuration takes precedence over the global configuration. Configuring the global loop protection action Step Command...
Step Command Remarks Enter system view. system-view loop detection loopback-detection The default setting is 30 seconds. interval. interval-time interval Displaying and maintaining loop detection Execute display commands in any view. Task Command Display the loop detection configuration and status. display loopback-detection Loop detection configuration example Network requirements As shown in...
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 100 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceA-GigabitEthernet1/0/2] quit # Configure the global loop protection action as shutdown.
Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.
different values. For compatibility with a neighbor device, configure the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide. •...
Configuring basic settings of a VLAN interface Hosts of different VLANs use VLAN interfaces to communicate at Layer 3. VLAN interfaces are virtual interfaces that do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface and assign an IP address to it. The VLAN interface acts as the gateway of the VLAN to forward packets destined for another IP subnet.
Configuring port-based VLANs Introduction Port-based VLANs group VLAN members by port. A port forwards packets from a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid. The link types use the following VLAN tag handling methods: •...
Actions Access Trunk Hybrid PVID. • Removes the tag and sends the frame if the frame carries the PVID Sends the frame if its VLAN is tag and the port belongs permitted on the port. The to the PVID. Removes the VLAN tag outbound tagging status of the frame •...
Step Command Remarks Configure the link type of the By default, all ports are access port link-type access port as access. ports. (Optional.) Assign By default, all access ports belong to port access vlan vlan-id access port to a VLAN. VLAN 1.
• To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command. To assign a hybrid port to one or multiple VLANs: Step Command Remarks Enter system view.
Page 143
• For an untagged frame, the port determines its VLAN ID in the following workflow: a. The port first performs a fuzzy match as follows: − Searches for the MAC-to-VLAN entries whose masks are not all-Fs. − Performs a logical AND operation on the source MAC address and each of these masks.
Page 144
− If the VLAN ID of the frame is not the PVID of the port, the port matches the VLAN ID of the frame by using other criteria, such as IP subnet or protocol, and forwards the frame. If no VLAN is available, the port drops the frame. Figure 40 Flowchart for processing a frame in dynamic MAC-based VLAN assignment The port receives a frame...
When the user goes offline, the device automatically deletes the MAC-to-VLAN entry and removes the port from the MAC-based VLAN. For more information about 802.1X and MAC authentication, see Security Configuration Guide. Configuration restrictions and guidelines When you configure MAC-based VLANs, follow these restrictions and guideline: •...
Step Command Remarks By default, the system assigns (Optional.) Configure vlan precedence mac-vlan VLANs based on the MAC VLAN matching order. ip-subnet-vlan } address preferentially. Configuring dynamic MAC-based VLAN assignment Step Command Remarks Enter system view. system-view The VLAN assignment for a port is triggered only when the source mac-vlan mac-address...
Step Command Remarks Enter Layer Ethernet interface interface-type interface view. interface-number Configure the link type of the By default, all ports are access port link-type hybrid ports as hybrid. ports. By default, a hybrid port is an Configure the hybrid port to untagged member of the VLAN port hybrid...
Task Command Remarks configurations to the aggregate interface, it stops applying the configurations to the aggregation member ports. If the system fails to apply the configurations to an aggregation member port, it skips the port and moves to the next member port.
Step Command Remarks If the specified VLAN does not exist, this Enter VLAN view. command first creates the VLAN and vlan vlan-id enters VLAN view of this VLAN. protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | Create protocol By default, no protocol template is...
[DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN type: Static Route interface: Not configured Description: VLAN 0200 Name: VLAN 0200 Tagged ports: GigabitEthernet1/0/3 Untagged ports: GigabitEthernet1/0/2 MAC-based VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
Page 153
[DeviceA] vlan 200 [DeviceA-vlan200] quit # Associate the MAC addresses of Laptop 1 and Laptop 2 with VLANs 100 and 200, respectively. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure GigabitEthernet 1/0/1 as a hybrid port to forward packets from VLANs 100 and 200 without VLAN tags.
S:Static D:Dynamic MAC address Mask VLAN ID Dot1q State 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN address count: 2 IP subnet-based VLAN configuration example Network requirements As shown in Figure 43, the hosts in the office belong to different IP subnets. Configure Device C to transmit packets from 192.168.5.0/24 and 192.168.50.0/24 in VLANs 100 and 200, respectively.
# Configure GigabitEthernet 1/0/11 as a hybrid port, and assign it to VLAN 100 as a tagged VLAN member. [DeviceC] interface gigabitethernet 1/0/11 [DeviceC-GigabitEthernet1/0/11] port link-type hybrid [DeviceC-GigabitEthernet1/0/11] port hybrid vlan 100 tagged [DeviceC-GigabitEthernet1/0/11] quit # Configure GigabitEthernet1/0/12 as a hybrid port, and assign it to VLAN 200 as a tagged VLAN member.
Page 156
To isolate IPv4 and IPv6 traffic at Layer 2, configure protocol-based VLANs to associate the IPv4 and ARP protocols with VLAN 100, and associate the IPv6 protocol with VLAN 200. Figure 44 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server GE1/0/11 GE1/0/12...
Page 157
[Device-vlan100] protocol-vlan 2 mode ethernetii etype 0806 [Device-vlan100] quit # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
Page 158
Interface: GigabitEthernet1/0/1 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...
Configuring super VLANs Hosts in a VLAN typically use IP addresses in the same subnet. For Layer 3 interoperability with other VLANs, you can create a VLAN interface for the VLAN and assign an IP address to it. This requires a large number of IP addresses. The super VLAN feature was introduced to save IP addresses.
To configure a super VLAN: Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id Configure the VLAN as a By default, a VLAN is not a super VLAN. supervlan super VLAN. By default, a super VLAN is not associated with any sub-VLANs.
Task Command Display information about super VLANs and all display supervlan [ supervlan-id ] sub-VLANs associated with each super VLAN. Super VLAN configuration example Network requirements As shown in Figure • GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in VLAN 2. •...
[DeviceA] vlan 3 [DeviceA-vlan3] port gigabitethernet 1/0/3 gigabitethernet 1/0/4 [DeviceA-vlan3] quit # Create VLAN 5, and assign GigabitEthernet 1/0/5 and GigabitEthernet 1/0/6 to the VLAN. [DeviceA] vlan 5 [DeviceA-vlan5] port gigabitethernet 1/0/5 gigabitethernet 1/0/6 [DeviceA-vlan5] quit # Configure VLAN 10 as a super VLAN, and associate sub-VLANs 2, 3, and 5 with the super VLAN. [DeviceA] vlan 10 [DeviceA-vlan10] supervlan [DeviceA-vlan10] subvlan 2 3 5...
Configuring the private VLAN The private VLAN feature uses a two-tier VLAN structure, including a primary VLAN and secondary VLANs. This feature simplifies the network configuration and saves VLAN resources. A primary VLAN is used for upstream data exchange. A primary VLAN can be associated with multiple secondary VLANs.
For more information about promiscuous, trunk promiscuous, host, and trunk secondary ports, see Layer 2—LAN Switching Command Reference. Associate the secondary VLANs with the primary VLAN. (Optional.) Configure Layer 3 communication between the specified secondary VLANs that are associated with the primary VLAN. Configuration restrictions and guidelines When you configure the private VLAN feature, follow these restrictions and guidelines: •...
Page 166
Step Command Remarks Enter Layer Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. • Configure the uplink port as a promiscuous port specified VLAN: Configure the uplink port as a port private-vlan vlan-id By default, a port is not a promiscuous trunk promiscuous...
Step Command Remarks a. Enter VLAN interface view of the primary VLAN interface: interface vlan-interface vlan-id b. Enable Layer communication between secondary VLANs that are associated with the Use substeps a, b, c, and e for primary VLAN: devices that run IPv4 protocols. private-vlan secondary vlan-id-list Use substeps a, b, d, and f for...
Page 168
• On Device C, VLAN 6 is a primary VLAN that is associated with secondary VLANs 3 and 4. GigabitEthernet 1/0/5 is in VLAN 6. GigabitEthernet 1/0/3 is in VLAN 3. GigabitEthernet 1/0/4 is in VLAN 4. • Device A is aware of only VLAN 5 on Device B and VLAN 6 on Device C. Figure 47 Network diagram Configuration procedure This example describes the configurations on Device B and Device C.
Page 169
[DeviceB-vlan5] quit Configure Device C: # Configure VLAN 6 as a primary VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC–vlan6] private-vlan primary [DeviceC–vlan6] quit # Create VLANs 3 and 4. [DeviceC] vlan 3 to 4 # Configure the uplink port GigabitEthernet 1/0/5 as a promiscuous port of VLAN 6. [DeviceC] interface gigabitethernet 1/0/5 [DeviceC-GigabitEthernet1/0/5] port private-vlan 6 promiscuous [DeviceC-GigabitEthernet1/0/5] quit...
[DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-GigabitEthernet1/0/3] port private-vlan host [DeviceB-GigabitEthernet1/0/3] quit # Associate the secondary VLANs 2 and 3 with the primary VLAN 5. [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan secondary 2 to 3 [DeviceB-vlan5] quit # Assign the downlink port GigabitEthernet 1/0/6 to VLAN 6, and configure the port as a host port.
Page 174
• Secondary VLANs 11 and 12 are associated with primary VLAN 10. • Secondary VLANs 21 and 22 are associated with primary VLAN 20. Figure 49 Network diagram Configuration procedure Configure Device A: # Configure VLANs 10 and 20 as primary VLANs. <DeviceA>...
Page 175
[DeviceA-GigabitEthernet1/0/5] quit # Assign the downlink port GigabitEthernet 1/0/1 to VLAN 22 and configure the port as a host port. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port access vlan 22 [DeviceA-GigabitEthernet1/0/1] port private-vlan host [DeviceA-GigabitEthernet1/0/1] quit # Assign the downlink port GigabitEthernet 1/0/3 to VLAN 12 and configure the port as a host port.
Page 176
[DeviceC] interface gigabitethernet 1/0/5 [DeviceC-GigabitEthernet1/0/5] port link-type hybrid [DeviceC-GigabitEthernet1/0/5] port hybrid vlan 10 20 tagged [DeviceC-GigabitEthernet1/0/5] quit Verifying the configuration # Display the configuration of primary VLAN 10 on Device A. [DeviceA] display private-vlan 10 Primary VLAN ID: 10 Secondary VLAN ID: 11-12 VLAN ID: 10 VLAN type: Static Private-vlan type: Primary...
Page 177
# Display the configuration of primary VLAN 20 on Device A. [DeviceA] display private-vlan 20 Primary VLAN ID: 20 Secondary VLAN ID: 21-22 VLAN ID: 20 VLAN type: Static Private-vlan type: Primary Route interface: Not configured Description: VLAN 0020 Name: VLAN 0020 Tagged ports: GigabitEthernet1/0/2...
Secondary VLAN Layer 3 communication configuration example Network requirements As shown in Figure 50, configure the private VLAN feature to meet the following requirements: • Primary VLAN 10 on Device B is associated with secondary VLANs 2 and 3. • The uplink port GigabitEthernet 1/0/1 is in VLAN 10.
Page 179
[DeviceB-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-GigabitEthernet1/0/3] port private-vlan host [DeviceB-GigabitEthernet1/0/3] quit # Enable Layer 3 communication between secondary VLANs 2 and 3 that are associated with primary VLAN 10. [DeviceB] interface vlan-interface 10 [DeviceB-Vlan-interface10] private-vlan secondary 2 3 # Assign the IP address 192.168.1.1/24 to VLAN-interface 10. [DeviceB-Vlan-interface10] ip address 192.168.1.1 255.255.255.0 # Enable local proxy ARP on VLAN-interface 10.
Page 180
IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: GigabitEthernet1/0/1 GigabitEthernet1/0/3 The Route interface field in the output is Configured, indicating that secondary VLANs 2 and 3 are interoperable at Layer 3.
Configuring voice VLANs Overview A voice VLAN is used for transmitting voice traffic. When ports that connect to voice devices are assigned to a voice VLAN, the system can configure QoS parameters for voice packets to ensure higher transmission priority and sound voice quality. Common voice devices include IP phones and integrated access devices (IADs).
Automatically identifying IP phones through LLDP When you use OUI addresses to identify IP phones, the number of OUI addresses that can be configured is limited. Additionally, when there are plenty of IP phones in the network, you must configure many OUI addresses. If IP phones support LLDP, configure LLDP on the device for automatic IP phone discovery.
IP phone access methods Connecting the host and the IP phone in series As shown in Figure 52, the host is connected to the IP phone, and the IP phone is connected to the device. In this scenario, the following requirements must be met: •...
Page 184
When an IP phone is powered on, it sends out protocol packets. After receiving these protocol packets, the device uses the source MAC address of the protocol packets to match its OUI addresses. If the match succeeds, the system performs the following operations: •...
Table 13 Configuration requirements for access/trunk/hybrid ports to support untagged voice traffic Port Voice VLAN Support link assignment untagged voice Configuration requirements type mode traffic Automatic Access Configure the voice VLAN as the PVID of the Manual port. Automatic Configure the voice VLAN as the PVID of the Trunk Manual port.
Table 14 Packet processing on a voice VLAN-enabled port in normal and security mode Voice VLAN Packet type Packet processing mode Untagged packets The port does not examine the source MAC addresses of packets with the voice incoming packets. Both voice traffic and non-voice traffic can VLAN tags be transmitted in the voice VLAN.
Configuring a port to operate in automatic voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in automatic voice VLAN assignment mode, follow these restrictions and guidelines: • Do not configure a VLAN as both a voice VLAN and a protocol-based VLAN. A voice VLAN in automatic mode on a hybrid port processes only tagged incoming voice traffic.
Configuring a port to operate in manual voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in manual voice VLAN assignment mode, follow these restrictions and guidelines: • You can configure different voice VLANs on different ports on the same device. Make sure the following requirements are met: One port can be configured with only one voice VLAN.
Enabling LLDP for automatic IP phone discovery The device can automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device sends an LLDP TLV with the voice VLAN configuration to the peer.
By default, if a voice VLAN is configured on the port connected to the IP phone, the device advertises this voice VLAN to the IP phone. The device learns the MAC address of the IP phone and increases the priority for voice packets. The address learning is implemented in software. In an IRF fabric, MAC address learning and synchronization of the learned MAC address entry to all member devices in software results in an undesirable delay.
Configure the authorization VLAN for the IP phone on the authentication server. For more information about authorization VLANs, see Security Configuration Guide. Displaying and maintaining voice VLANs Execute display commands in any view. Task Command Display the voice VLAN state. display voice-vlan state Display the OUI addresses that the system supports.
Page 192
# Set the voice VLAN aging timer to 30 minutes. [DeviceA] voice-vlan aging 30 # Configure voice VLANs to operate in security mode to transmit only voice packets. [DeviceA] voice-vlan security enable # Add MAC addresses of IP phones A and B to the device with the mask FFFF-FF00-0000. [DeviceA] voice-vlan mac-address 0011-1100-0001 mask ffff-ff00-0000 description IP phone A [DeviceA] voice-vlan mac-address 0011-2200-0001 mask ffff-ff00-0000 description IP...
GigabitEthernet1/0/2 AUTO Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure • Device A transmits only voice traffic. • IP phone A send untagged voice traffic. For correct voice traffic transmission, perform the following tasks on Device A: •...
Page 194
[DeviceA-GigabitEthernet1/0/1] quit Verifying the configuration # Display the OUI addresses and their masks and descriptions. [DeviceA] display voice-vlan mac-address OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone...
Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
Page 196
Join message An MRP participant sends a Join message to request the peer participant to register attributes in the Join message. When receiving a Join message from the peer participant, an MRP participant performs the following tasks: • Registers the attributes in the Join message. •...
LeaveAll message Each MRP participant starts its LeaveAll timer when starting up. When the timer expires, the MRP participant sends LeaveAll messages to the peer participant. Upon sending or receiving a LeaveAll message, the local participant starts the Leave timer. The local participant determines whether to send a Join message depending on its the attribute status.
Upon receiving the LeaveAll message, other participants restart their LeaveAll timer. The value of the LeaveAll timer is randomly selected between the LeaveAll timer and 1.5 times the LeaveAll timer. This mechanism provides the following benefits: • Effectively reduces the number of LeaveAll messages in the network. •...
For more information about RRPP and Smart Link, see High Availability Configuration Guide. • Do not configure both MVRP and remote port mirroring on a port. Otherwise, MVRP might register the remote probe VLAN with incorrect ports, which would cause the monitor port to receive undesired copies.
Setting an MVRP registration mode Step Command Remarks Enter system view. system-view Enter Layer Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. Optional. Set an MVRP registration registration { fixed | mvrp The default setting is normal mode.
Table 15 Dependencies of the Join, Leave, and LeaveAll timers Timer Lower limit Upper limit Join 20 centiseconds Half the Leave timer Leave Twice the Join timer LeaveAll timer LeaveAll Leave timer on each port 32760 centiseconds Enabling GVRP compatibility Enable GVRP compatibility for MVRP when the peer device supports GVRP.
• The devices can register and deregister dynamic VLANs. • The devices can keep identical VLAN configuration for each MSTI. Figure 57 Network diagram Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 MSTI 1...
Page 203
# Globally enable the spanning tree feature. [DeviceA] stp global enable # Globally enable MVRP. [DeviceA] mvrp global enable # Configure GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port GigabitEthernet 1/0/1.
Page 204
[DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 20 40 # Enable MVRP on GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] mvrp enable [DeviceB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan all...
[DeviceC-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on GigabitEthernet 1/0/2. [DeviceC-GigabitEthernet1/0/2] mvrp enable [DeviceC-GigabitEthernet1/0/2] quit Configure Device D: # Enter MST region view.
Page 207
• GigabitEthernet 1/0/2 has declared VLAN 1, and registered and propagated no VLANs. • GigabitEthernet 1/0/3 has registered VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 20 through MVRP. # Display the local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status...
Page 208
1(default), 10 Declared VLANs : Propagated VLANs : The output shows that the following events have occurred: • GigabitEthernet 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.
Page 209
• GigabitEthernet 1/0/1 has registered VLAN 1, VLAN 10, and VLAN 20, declared VLAN 1, and propagated VLAN 1 and VLAN 10 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP.
Page 210
[DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] mvrp registration fixed [DeviceB-GigabitEthernet1/0/3] quit # Display the local MVRP VLAN information on GigabitEthernet 1/0/3 of Device B. [DeviceB] display mvrp running-status interface gigabitethernet 1/0/3 -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/3]---- Config Status...
Page 211
The output shows that the dynamic VLAN information on GigabitEthernet 1/0/3 is not changed after you set its MVRP registration mode to fixed.
Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.
When a tagged frame from CE 1 arrives, PE 1 tags the frame with SVLAN 3. The double-tagged frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4. Figure 59 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10...
Restrictions and guidelines When you configure QinQ, follow these restrictions and guidelines: • Before you configure QinQ on a port, you must remove all VLAN mappings on the port. After you enable QinQ on the port, you can configure any VLAN mapping types except two-to-two VLAN mapping on it.
Step Command Remarks { vlan-id-list | all } untagged. Enable QinQ on the port. By default, QinQ is disabled. qinq enable default, transparent transmission Specify transparent VLANs. qinq transparent-vlan vlan-list configured for any VLANs on a port. Configuring the TPID in VLAN tags TPID identifies a frame as an 802.1Q tagged frame.
Protocol type Value Reserved 0xFFFD/0xFFFE/0xFFFF Configuring the CVLAN TPID Step Command Remarks Enter system view. system-view Configure the TPID value for The default setting is 0x8100 for qinq ethernet-type CVLAN tags. CVLAN tags. customer-tag hex-value Configuring the SVLAN TPID When you configure the SVLAN ID, follow these restrictions and guidelines: •...
Step Command Remarks • Match CVLAN IDs: if-match customer-vlan-id vlan-id-list Configure CVLAN match • Match 802.1p priority: criteria. if-match customer-dot1p dot1p-value&<1-8> Return to system view. quit Create a traffic behavior and enter traffic behavior traffic behavior behavior-name view. • Replace the priority in the SVLAN tags of matching frames with the configured priority: Configure...
Task Command display qinq interface interface-type Display QinQ-enabled ports. interface-number ] QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to Company A's VLANs 10 through 70. • The service provider assigns VLAN 200 to Company B's VLANs 30 through 90. •...
Page 219
# Configure VLAN 100 as the PVID for GigabitEthernet 1/0/1. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on GigabitEthernet 1/0/1. [PE1-GigabitEthernet1/0/1] qinq enable [PE1-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200...
[PE2-GigabitEthernet1/0/3] quit Configure the devices between PE 1 and PE 2: # Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. (Details not shown.) # Configure all the ports on the forwarding path to allow frames from VLANs 100 and 200 to pass through without removing the VLAN tag.
Page 221
[PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 3000 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 100 and 3000. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 # Configure VLAN 100 as the PVID of GigabitEthernet 1/0/1.
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. Hewlett Packard Enterprise provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag. •...
Application scenario of one-to-two and two-to-two VLAN mapping Figure 63 shows a typical application scenario of one-to-two and two-to-two VLAN mapping. In this scenario, the remote sites of the same VPN must communicate across two SP networks. Figure 63 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively.
Page 225
Figure 64 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 65, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
Page 226
Figure 66 Many-to-one VLAN mapping implementation One-to-two VLAN mapping As shown in Figure 67, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic. For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission.
Figure 68 Two-to-two VLAN mapping implementation Two-to-two VLAN mapping SVLAN CVLAN Data SVLAN’ CVLAN’ Data Customer SP network network SVLAN CVLAN Data SVLAN’ CVLAN’ Data Uplink traffic Downlink traffic Network-side port Customer-side port General configuration restrictions and guidelines When you configure VLAN mapping, follow these restrictions and guidelines: •...
Tasks at a glance Remarks Configure one-to-two VLAN mapping on PE 1 and PE 4, as shown in Figure 63, through which traffic • Configuring one-to-two VLAN mapping from customer networks enter the service provider networks. Configure two-to-two VLAN mapping on PE 3, as Configuring two-to-two VLAN mapping shown in Figure...
Configuring many-to-one VLAN mapping in a network with dynamic IP address assignment In a network that uses dynamic address assignment, configure many-to-one VLAN mapping with DHCP snooping. The switch replaces the SVLAN tag of the downlink traffic with the associated CVLAN tag based on the DHCP snooping entry lookup.
Page 230
Step Command Remarks Security Command Reference. Configuring the customer-side port Step Command Remarks Enter system view. system-view Enter Layer Ethernet interface interface-type interface view. interface-number • Configure the port as a trunk port: port link-type trunk By default, the link type of a Set the link type of the port.
Step Command Remarks trusted port. untrusted ports. Configure the port to use the original VLAN tags of the By default, the port does not many-to-one mapping replace the VLAN tags of the vlan mapping nni replace the VLAN tags of the packets destined for the user packets destined for the user network.
Page 232
Step Command Remarks Enter VLAN view. vlan vlan-id By default, ARP snooping is disabled. For more information about ARP Enable ARP snooping. arp snooping enable snooping commands, see Layer 3—IP Services Command Reference. Configuring the customer-side port Step Command Remarks Enter system view.
Step Command Remarks replace the VLAN tags of the packets destined for the user packets destined for the user network. network. Configuring one-to-two VLAN mapping Configure one-to-two VLAN mapping on customer-side ports of the edge devices from which customer traffic enters SP networks, for example, on PE 1 and PE 4 in Figure 63.
To configure two-to-two VLAN mapping: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer Ethernet interface-number interface view or Layer 2 • Enter Layer aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number •...
Page 235
To save VLAN resources, configure many-to-one VLAN mappings on the campus switch (Switch C). This feature transmits the same type of traffic from different households in one VLAN. Use VLANs 501, 502, and 503 for PC, VoD, and VoIP traffic, respectively. Table 17 VLAN mapping for each service VLANs on home VLANs on wiring-closet switches...
Page 236
# Create the original VLANs. <SwitchA> system-view [SwitchA] vlan 2 to 3 # Create the translated VLANs. [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure the customer-side port GigabitEthernet 1/0/1 as a trunk port, and assign the port to all original VLANs and translated VLANs.
Page 238
[SwitchC-GigabitEthernet1/0/2] vlan mapping uni range 303 to 304 translated-vlan 503 # Enable DHCP snooping entry recording on GigabitEthernet 1/0/2. [SwitchC-GigabitEthernet1/0/2] dhcp snooping binding record [SwitchC-GigabitEthernet1/0/2] quit # Configure the network-side port GigabitEthernet 1/0/3 to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destined for the user network.
103-104 203-204 303-304 One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure • Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • The two sites use different VPN access services from different service providers, SP 1 and SP •...
Page 240
[PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 100. <PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 [PE2-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 100.
Page 241
Verifying the configuration # Verify VLAN mapping information on PE 1. [PE1] display vlan mapping Interface GigabitEthernet1/0/1: Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN # Verify VLAN mapping information on PE 3. [PE3] display vlan mapping Interface GigabitEthernet1/0/1: Outer VLAN Inner VLAN Translated Outer VLAN...
Configuring LLDP You can set an Ethernet interface to work in Layer 3 mode by using the port link-mode route command (see "Configuring Ethernet interfaces"). Overview In a heterogeneous network, a standard configuration exchange platform makes sure different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB.
Page 243
LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or SNAP frames. • LLDP frame encapsulated in Ethernet II Figure 72 Ethernet II-encapsulated LLDP frame Table 18 Fields in an Ethernet II-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised.
Page 244
Figure 73 SNAP-encapsulated LLDP frame Table 19 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as that Destination MAC address for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.
Page 245
Table 20 Basic management TLVs Type Description Remarks Chassis ID Specifies the bridge MAC address of the sending device. Specifies the ID of the sending port: • If the LLDPDU carries LLDP-MED TLVs, the port ID TLV Port ID carries the MAC address of the sending port. Mandatory.
Page 246
NOTE: • HPE devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs Table 22 IEEE 802.3 organizationally specific TLVs Type Description...
Type Description Hardware Revision Allows a terminal device to advertise its hardware version. Firmware Revision Allows a terminal device to advertise its firmware version. Software Revision Allows a terminal device to advertise its software version. Serial Number Allows a terminal device to advertise its serial number. Manufacturer Name Allows a terminal device to advertise its vendor name.
• The LLDP operating mode of the LLDP agent changes from Disable or Rx to TxRx or Tx. With this mechanism, the specified number of LLDP frames are sent successively at a configurable fast transmission interval to help LLDP neighbors discover the local device as soon as possible. Then, the normal LLDP frame transmission interval resumes.
To enable LLDP: Step Command Remarks Enter system view. system-view By default: • If the switch starts up with empty configuration, LLDP is disabled globally (initial setting). • If the switch starts up with default Enable LLDP globally. configuration file, lldp global enable LLDP enabled...
Step Command Remarks Nearest bridge agents are not supported on Layer aggregate interfaces. A PoE-capable device of the series can act as a PSE. It supports autonegotiating the supplied power with the PD through LLDP. To use the function, you must perform the following tasks: •...
Step Command Remarks lldp agent nearest-customer nearest-nontpmr management-address-for mat string • Layer 2/Layer aggregate interface view: lldp agent nearest-customer nearest-nontpmr management-address-for mat string Setting other LLDP parameters The Time to Live TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device.
To set the encapsulation format for LLDP frames to SNAP: Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface-number interface view, or Layer 2/Layer aggregate interface view. • In Layer 2/Layer 3 Ethernet interface view management Ethernet...
For more information about voice VLANs, see "Configuring voice VLANs." When the device is connected to a Cisco IP phone that has a host attached to its data port, the host must access the network through the Cisco IP phone. If the data port goes down, the IP phone will send a CDP packet to the device so the device can log out the user.
LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure 75, the NMS and Switch A are located in the same Ethernet network. A MED device and Switch B are connected to GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A. Enable LLDP globally on Switch A and Switch B to perform the following tasks: •...
# Set the LLDP operating mode to Tx. [SwitchB-GigabitEthernet1/0/1] lldp admin-status tx [SwitchB-GigabitEthernet1/0/1] quit Verify the configuration: # Verify that: • GigabitEthernet 1/0/1 of Switch A connects to a MED device. • GigabitEthernet 1/0/2 of Switch A connects to a non-MED device. •...
Page 260
LLDP status information of port 2 [GigabitEthernet1/0/2]: LLDP agent nearest-bridge: Port status of LLDP : Enable Admin status : RX_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 21...
Page 261
Trap interval : 30s Fast start times LLDP status information of port 1 [GigabitEthernet1/0/1]: LLDP agent nearest-bridge: Port status of LLDP : Enable Admin status : RX_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors...
Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s...
Page 263
[SwitchA-GigabitEthernet1/0/2] quit Configure CDP-compatible LLDP on Switch A: # Enable LLDP globally, and enable CDP compatibility globally. [SwitchA] lldp global enable [SwitchA] lldp compliance cdp # Enable LLDP on GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable # Configure LLDP to operate in TxRx mode on GigabitEthernet 1/0/1.
Configuring service loopback groups A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: •...
Task Command Display information about service loopback groups. display service-loopback group [ number ] Service loopback group configuration example Network requirements All Ethernet ports on Device A support the tunnel service. Assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to a service loopback group to loop GRE packets sent out by the device back to the device.
Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values.
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...
For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
Page 270
part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Index voice VLAN information advertisement to IP Numerics phones, aggregating 1 VLAN mappingapplication scenario, link. See link aggregation 1 VLAN mappingconfiguration, 219, 225 aging 1 VLAN mappingimplementation, 215, 216 MAC address table timer, 2 VLAN mappingapplication scenario, spanning tree max age timer, 2 VLAN mappingconfiguration, 224, 230 algorithm...
Page 272
backing up spanning tree port path cost calculation standard, MST backup port, spanning tree timeout factor, bandwidth STP algorithm, Ethernet link aggregate interface (expected bandwidth), basic management LLDPDU TLV types, LLDP CDP compatibility, LLDP CDP-compatible configuration, Ethernet link aggregation group BFD, voice VLAN advertisement, blackhole voice VLAN information advertisement to IP...
Ethernet link aggregation group (Layer 2 M\1 VLAN mapping customer-side port (dynamic static), IP address assignment), Ethernet link aggregation group (Layer 3 M\1 VLAN mapping customer-side port (static IP dynamic), address assignment), Ethernet link aggregation group (Layer 3 M\1 VLAN mapping network-side port (dynamic static), IP address assignment), Ethernet link aggregation group (static),...
Page 274
spanning tree port mode, MST region connection, spanning tree port path cost, 95, 98 CVLAN spanning tree port priority, QinQ basic configuration, spanning tree port role restriction, QinQ configuration, 203, 209 spanning tree protection functions, QinQ VLAN transparent transmission configuration, spanning tree root bridge, VLAN mapping configuration, 213, 218, 225...
Page 275
MAC address learning (on interface), Ethernet aggregate interface (Layer 3 edge), MAC address learning (on VLAN), Ethernet link aggregate interface (Layer 2 edge), discarding edge port MST discarding port state, MST, displaying spanning tree, bulk interface configuration, EEE energy saving, Ethernet link aggregation, enabling interface,...
Page 278
Ethernet link aggregation group (Layer 3 Ethernet link aggregate interface default static), settings, Ethernet link aggregation group (static), Ethernet link aggregate interface shutdown, Ethernet link aggregation group load Ethernet link aggregation edge aggregate sharing, interface, 45, 51 Ethernet link aggregation LACP, Layer 2 Ethernet aggregate interface (ignored VLAN), Ethernet link aggregation load sharing...
Page 279
1\2 VLAN mapping configuration, 224, 230 Ethernet link aggregation group restrictions, 2\2 VLAN mapping configuration, 224, 230 Ethernet link aggregation LACP, authorization VLAN advertisement (CDP), Ethernet link aggregation load sharing (Layer authorization VLAN advertisement (LLDP), Ethernet link aggregation load sharing mode, Ethernet aggregate interface, Ethernet link aggregation local-first load sharing,...
Page 281
Ethernet link aggregate interface MST learning port state, shutdown, legacy Ethernet link aggregation (Layer 3 spanning tree port mode, dynamic), spanning tree port path cost calculation, Ethernet link aggregation (Layer 3 static), link Ethernet link aggregation aggregation. See link aggregation configuration, 38, 45, 58 interface link mode (Ethernet),...
Page 282
voice VLAN information advertisement to IP enable, phones, enable (global), voice VLAN IP phone identification, enable (port-specific), voice VLAN IP phone identification interval, method, interval setting, voice VLAN LLDP automatic IP phone mechanisms, discovery enable, port status auto recovery, LLDPDU protection action configuration, LLDP basic configuration, 239, 249...
Page 284
MVRP registration forbidden, spanning tree port mode configuration, MVRP registration normal, VLAN-to-instance mapping table, spanning tree mCheck, spanning tree MSTP, Layer 3 Ethernet aggregate interface, spanning tree PVST, multiple spanning tree RSTP, Registration Protocol. Use spanning tree STP, VLAN Registration Protocol. Use MVRP voice VLAN assignment automatic, Multiple Spanning Tree Protocol.
Page 285
Ethernet link aggregation reference port, M\1 VLAN mapping customer-side port (static IP address assignment), Ethernet link aggregation reference port choice, M\1 VLAN mapping network-side port (dynamic IP address assignment), interface auto power-down (Ethernet), M\1 VLAN mapping network-side port (static IP interface automatic negotiation (Ethernet), address assignment), interface basic settings (Ethernet),...
Page 286
spanning tree BPDU drop, voice VLAN host+IP phone connection (in series), spanning tree BPDU guard, voice VLAN information advertisement to IP spanning tree BPDU transmission rate, phones, spanning tree Digest Snooping, 103, 104 voice VLAN IP phone access method, spanning tree edge port, voice VLAN IP phone identification (LLDP), spanning tree loop guard, voice VLAN IP phone identification (OUI...
Page 287
MAC Information change notification port interval, Ethernet aggregate interface, null interface Ethernet aggregate interface (description), configuration, 16, 16 Ethernet aggregate interface (Layer 3 edge), display, Ethernet link aggregate group Selected ports maintain, min/max, Ethernet link aggregate interface (expected bandwidth), operational key (Ethernet link aggregation), Ethernet link aggregate interface (Layer 2 organization-specific LLDPDU TLV types, edge),...
Page 288
isolation. See port isolation spanning tree forward delay timer, Layer 2 aggregate interface (ignored spanning tree loop guard, VLAN), spanning tree path cost calculation standard, Layer 3 aggregate interface configuration spanning tree path cost configuration, 95, 98 (MTU), spanning tree port link type configuration, LLDP basic configuration, 239, 249 spanning tree port mode configuration,...
Page 289
secondary VLAN Layer 3 communication configuring Ethernet link aggregation group configuration, (dynamic), trunk promiscuous port configuration, configuring Ethernet link aggregation group (Layer 2 dynamic), trunk promiscuous+secondary port configuration, configuring Ethernet link aggregation group (Layer 2 static), procedure configuring Ethernet link aggregation group adding MAC address table blackhole entry, (Layer 3 dynamic), adding MAC address table entry (global),...
Page 294
Ethernet link aggregation member port port path cost calculation standard, state, 40, 43 port path cost configuration, 95, 98 interface MDIX mode (Layer 2 Ethernet), port priority configuration, interface statistics polling interval (Ethernet), port role restriction, Layer 3 aggregate interface (MTU), port state transition output, LLDP frame encapsulation format, protection functions,...
Page 295
basic concepts, spanning tree switched network diameter, BPDU forwarding, synchronizing configuration, MAC addresses, designated bridge, syslog designated port, MAC Information configuration, 34, 35 Digest Snooping configuration MAC Information mode configuration, restrictions, system edge port configuration restrictions, interface bulk configuration, 18, 18 feature enable, loop detection, table...
Page 296
MRP Periodic, virtual MVRP set, Virtual Local Area Network. Use VLAN spanning tree forward delay, VLAN spanning tree hello, authorization VLAN advertisement (CDP), spanning tree max age, authorization VLAN advertisement (LLDP), STP forward delay, basic configuration, STP hello, configuration, 127, 141 STP max age, display, frame encapsulation,...