HP 3600 v2 Switch Series
Layer 2 - LAN Switching
Part number: 5998-2350
Software version: Release 2101
Document version: 6W101-20130930

Advertising

   Summary of Contents for HP 3600 v2 series

  • Page 1: Configuration Guide

    HP 3600 v2 Switch Series Layer 2 - LAN Switching Configuration Guide Part number: 5998-2350 Software version: Release 2101 Document version: 6W101-20130930...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Ethernet interface configuration ·································································································································· 1   Ethernet interface naming conventions ··························································································································· 1   General configuration ······················································································································································ 1   Configuring a combo interface ······························································································································· 1   Configuring basic settings of an Ethernet interface ······························································································ 2   Shutting down an Ethernet interface ······················································································································· 3  ...

  • Page 4: Table Of Contents

    MAC Information configuration ································································································································ 28   Overview ········································································································································································· 28   Introduction to MAC Information ························································································································· 28   How MAC Information works ······························································································································ 28   Configuring MAC Information ······································································································································ 28   Enabling MAC Information globally ··················································································································· 28   Enabling MAC Information on an interface ······································································································· 28  ...

  • Page 5: Table Of Contents

    MSTP features ························································································································································ 66   MSTP basic concepts ············································································································································ 66   How MSTP works ·················································································································································· 70   Implementation of MSTP on devices ···················································································································· 71   Protocols and standards ················································································································································ 71   Spanning tree configuration task list ···························································································································· 71   Configuring the spanning tree ······································································································································ 76  ...

  • Page 6: Table Of Contents

    VLAN interface configuration example ············································································································· 118   Port-based VLAN configuration ·································································································································· 119   Introduction to port-based VLAN ······················································································································· 119   Assigning an access port to a VLAN ················································································································ 120   Assigning a trunk port to a VLAN······················································································································ 121   Assigning a hybrid port to a VLAN ··················································································································· 122  ...

  • Page 7: Table Of Contents

    Displaying and maintaining GVRP ····························································································································· 169   GVRP configuration examples ···································································································································· 169   GVRP normal registration mode configuration example ················································································· 169   GVRP fixed registration mode configuration example ···················································································· 171   GVRP forbidden registration mode configuration example ············································································ 172   QinQ configuration·················································································································································...

  • Page 8: Table Of Contents

    Displaying and maintaining service loopback groups ····························································································· 234   Service loopback group configuration example ······································································································· 234   Support and other resources ·································································································································· 236   Contacting HP ······························································································································································ 236   Subscription service ············································································································································ 236   Related information ······················································································································································ 236   Documents ···························································································································································· 236  ...

  • Page 9: Ethernet Interface Configuration, General Configuration, Configuring A Combo Interface

    Ethernet interface configuration Ethernet interface naming conventions The GE and 10-GE interfaces on the 3600 v2 switches are named in the format of interface-type A/B/C, where the following definitions apply: • A represents the ID of the switch in an IRF fabric. If the switch is not assigned to any IRF fabric, A uses 1.

  • Page 10: Configuring Basic Settings Of An Ethernet Interface

    Changing the active port of a combo interface Follow these steps to change the active port of a combo interface: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter the Ethernet interface view — interface-number Optional Activate the copper combo port or combo enable { copper | fiber }...

  • Page 11: Configuring Flow Control On An Ethernet Interface

    To do… Use the command… Remarks Restore the default default Optional settings for the interface NOTE: Make sure that the fiber port speed matches the speed requirement of the inserted transceiver module. For example, after you insert a 1000-Mbps transceiver module into a fiber port, configure the port speed with the speed 1000 or speed auto command.

  • Page 12: Configuring Link Change Suppression On An Ethernet Interface

    To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Required • Enable TxRx flow control: flow-control Use either command. Enable flow control • Enable Rx flow control: By default, Rx flow control is disabled flow-control receive enable on an Ethernet interface.

  • Page 13: Configuring Loopback Testing On An Ethernet Interface

    To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Required Set a link-up event link-delay delay-time mode up Link-up event suppression is disabled by suppression interval default. NOTE: The link-delay mode up command and the link-delay command supersedes each other, and whichever is configured last takes effect.

  • Page 14: Configuring Jumbo Frame Support

    To do… Use the command… Remarks Enter system view system-view — • In system view: port link-mode { bridge | route } interface-list Change the link Required • In Ethernet interface view: mode of Ethernet Use either approach. interfaces interface interface-type interface-number port link-mode { bridge | route } CAUTION: After you change the link mode of an Ethernet interface, all the settings of the Ethernet interface are...

  • Page 15: Configuring A Layer 2 Ethernet Interface

    the specifications of the chip, and is not configurable). When a packet arrives later, the interface enters its normal state. Follow these steps to enable auto power-down on an Ethernet interface: To do… Use the command… Remarks Enter system view system-view —...

  • Page 16: Configuring A Port Group

    Configuring a port group Some interfaces on your switch might use the same set of settings. To configure these interfaces in bulk rather than one by one, you can assign them to a port group. You create port groups manually. All settings made for a port group apply to all the member ports of the group.

  • Page 17: Configuring Storm Suppression

    Figure 1 Speed auto negotiation application scenario IP network Eth1/0/4 Switch A Server 1 Server 2 Server 3 As shown in Figure 1, all ports on Switch A are operating in speed auto negotiation mode, with the highest speed of 1000 Mbps. If the transmission rate of each server in the server cluster is 1000 Mbps, their total transmission rate will exceed the capability of port Ethernet 1/0/4, the port providing access to the Internet for the servers.

  • Page 18: Setting The Statistics Polling Interval

    In interface or port group view, you set the maximum size of broadcast, multicast or unknown unicast traffic allowed to pass through an interface or each interface in a port group. When the broadcast, multicast, or unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the traffic drops below this threshold.

  • Page 19: Enabling Loopback Detection On An Ethernet Interface

    Enabling loopback detection on an Ethernet interface If a switch receives a packet that it sent, a loop has occurred to the switch. Loops might cause broadcast storms, which degrade network performance. You can use this feature to detect whether a loop has occurred.

  • Page 20

    Actions Port type No protective action is configured A protective action is configured • Create traps and log messages. • Generate traps. • If loopback detection control is • If loopback detection control is enabled, place enabled, take the configured Hybrid or the receiving interface in controlled mode.

  • Page 21: Setting The Mdi Mode Of An Ethernet Interface

    NOTE: To use loopback detection on an Ethernet interface, you must enable the function both globally and on • the interface. • To disable loopback detection on all interfaces, run the undo loopback-detection enable command in system view. To enable a hybrid or trunk port to take the administratively specified protective action, you must use the •...

  • Page 22: Enabling Bridging On An Ethernet Interface

    To do… Use the command… Remarks Optional Set the MDI mode of the Ethernet By default, a copper Ethernet mdi { across | auto | normal } interface interface operates in auto mode to negotiate pin roles with its peer. Enabling bridging on an Ethernet interface When an incoming packet arrives, the device looks up the destination MAC address of the packet in the MAC address table.

  • Page 23: Configuring Storm Control On An Ethernet Interface

    Configuring storm control on an Ethernet interface Storm control compares broadcast, multicast, and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet interface. For each type of traffic, storm control provides a lower threshold and a higher threshold. For management purposes, you can configure the interface to send threshold event traps and log messages when monitored traffic exceeds the upper threshold or drops below the lower threshold from the upper threshold.

  • Page 24: Displaying And Maintaining An Ethernet Interface

    To do… Use the command… Remarks Optional By default, the interface outputs log Enable the interface to log storm messages when monitored traffic storm-constrain enable log control threshold events. exceeds the upper threshold or drops below the lower threshold from the upper threshold. NOTE: For network stability, use the default or set a higher traffic polling interval.

  • Page 25

    To do… Use the command… Remarks Display information about a display port-group manual [ all | name port-group-name ] Available in manual port group or all manual [ | { begin | exclude | include } regular-expression ] any view port groups Display information about the display loopback-detection [ | { begin | exclude | include }...

  • Page 26: Configuring A Loopback Interface

    Loopback and null interface configuration Configuring a loopback interface Introduction to the loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits. • The physical layer state and link-layer protocols of a loopback interface are always up unless the loopback interface is manually shut down.

  • Page 27: Configuring The Null Interface

    To do… Use the command… Remarks Optional Shut down the loopback interface shutdown By default, a loopback interface is up. Restore the default settings for the default Optional loopback interface NOTE: You can configure settings such as IP addresses and IP routes on loopback interfaces. For more Layer 3—IP Services Configuration Guide Layer 3—IP Routing Configuration Guide information, see...

  • Page 28: Displaying And Maintaining Loopback And Null Interfaces

    Displaying and maintaining loopback and null interfaces To do… Use the command… Remarks display interface [ loopback ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about Available in any view loopback interfaces display interface loopback interface-number [ brief ] [ | { begin | exclude | include } regular-expression ]...

  • Page 29: Mac Address Table Configuration, How A Mac Address Table Entry Is Created

    MAC address table configuration Overview An Ethernet device uses a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which port a MAC address (or host) can be reached. When forwarding a frame, the device first looks up the MAC address of the frame in the MAC address table for a match.

  • Page 30: Configuring The Mac Address Table

    Blackhole entries, which are manually configured and never age out. Blackhole entries are • configured for filtering out frames with specific source or destination MAC addresses. For example, to block all packets destined for a specific user for security concerns, you can configure the MAC address of this user as a blackhole MAC address entry.

  • Page 31: Disabling Mac Address Learning On A Vlan

    To do… Use the command… Remarks mac-address { dynamic | static } Required Add or modify a dynamic or mac-address interface interface-type Use either command. static MAC address entry interface-number vlan vlan-id Make sure that you have created Add or modify a blackhole mac-address blackhole mac-address vlan the VLAN and assign the MAC address entry...

  • Page 32: Configuring The Mac Learning Limit On Ports

    accommodate the latest network changes. Too short an interval might result in removal of valid entries, causing unnecessary broadcasts, which might affect device performance. Follow these steps to configure the aging timer for dynamic MAC address entries: To do… Use the command… Remarks Enter system view system-view...

  • Page 33

    Figure 4 MAC address tables of devices when Client A associates with AP C MAC address Port MAC address Port MAC A MAC A Device A Device B Port B1 Port A1 AP C AP D Client A If Client A roams to AP D, Device B learns the MAC address of Client A and advertises it to Device A to ensure service continuity for Client A, as shown in Figure Figure 5 MAC address tables of devices when Client A roams to AP D...

  • Page 34: Displaying And Maintaining Mac Address Tables, Mac Address Table Configuration Example

    Displaying and maintaining MAC address tables To do… Use the command… Remarks display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type Display MAC address table interface-number ] | blackhole ] [ vlan vlan-id ] Available in any view information [ count ] ] [ | { begin | exclude | include }...

  • Page 35

    # Add a blackhole MAC address entry. [Sysname] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer for dynamic MAC address entries to 500 seconds. [Sysname] mac-address timer aging 500 # Display the MAC address entry for port Ethernet 1/0/1. [Sysname] display mac-address interface ethernet 1/0/1 MAC ADDR VLAN ID...

  • Page 36: Mac Information Configuration, Introduction To Mac Information, How Mac Information Works, Configuring Mac Information

    MAC Information configuration Overview Introduction to MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users who are joining and leaving a network by monitoring their MAC addresses.

  • Page 37: Configuring Mac Information Mode, Configuring The Interval For Sending Syslog Or Trap Messages

    To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface interface-type — view interface-number Required Enable MAC Information on the mac-address information enable interface { added | deleted } Disabled by default. NOTE: To enable MAC Information on an Ethernet port, enable MAC Information globally first.

  • Page 38: Mac Information Configuration Example

    MAC Information configuration example Network requirements As shown in Figure • Host A is connected to a remote server (Server) through Device. Enable MAC Information on Ethernet 1/0/1 on Device. Device sends MAC address changes in • Syslog messages to Host B through Ethernet 1/0/3. Host B analyzes and displays the Syslog messages.

  • Page 39: Ethernet Link Aggregation Configuration

    Ethernet link aggregation configuration Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an “aggregate link”. Link aggregation delivers the following benefits: • Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.

  • Page 40

    Selected: A Selected port can forward user traffic. • Unselected: An Unselected port cannot forward user traffic. • Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key.

  • Page 41

    Reference port When setting the aggregation state of the ports in an aggregation group, the system automatically picks a member port as the reference port. A Selected port must have the same port attributes and class-two configurations as the reference port. LACP The IEEE 802.3ad Link Aggregation Control Protocol (LACP) enables dynamic aggregation of physical links.

  • Page 42: Aggregating Links In Static Mode

    the member port assumes that the peer port has failed. You can configure the LACP timeout interval as either the short timeout interval (1 second) or the long timeout interval (30 seconds). Link aggregation modes Link aggregation has the following modes: dynamic and static. Dynamic link aggregation uses LACP and static link aggregation does not.

  • Page 43: Aggregating Links In Dynamic Mode

    Setting the aggregation state of each member port After selecting the reference port, the static aggregation group sets the aggregation state of each member port. Figure 9 Setting the aggregation state of a member port in a static aggregation group NOTE: To ensure stable aggregation state and service continuity, do not change port attributes or class-two •...

  • Page 44

    The systems compare the system ID (which comprises the system LACP priority and the system MAC address). The system with the lower LACP priority value wins. If they are the same, the systems compare the system MAC addresses. The system with the lower MAC address wins. The system with the smaller system ID selects the port with the smallest port ID as the reference port.

  • Page 45: Ethernet Link Aggregation Configuration Task List

    NOTE: A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports, and will set • one, and only one, half-duplex port as a Selected port when none of the full-duplex ports can be selected or only half-duplex ports exist in the group. •...

  • Page 46: Configuring An Aggregation Group

    Task Remarks Configuring load Configuring load-sharing criteria for link aggregation groups Optional sharing for link Enabling local-first load sharing for link aggregation Optional aggregation groups Enabling link-aggregation traffic redirection Optional Configuring an aggregation group You can choose to create a Layer 2 or Layer 3 link aggregation group depending on the ports to be aggregated: •...

  • Page 47: Configuring A Static Aggregation Group

    NOTE: If a port is used as a reflector port for port mirroring, do not assign it to an aggregation group. For more • information about reflector ports, see Network Management and Monitoring Configuration Guide. • You can assign the following ports to an aggregation group: monitor ports for port mirroring, ports configured with static MAC addresses, or ports configured with MAC address learning limit.

  • Page 48: Configuring A Dynamic Aggregation Group

    To do... Use the command... Remarks Required Create a Layer 3 aggregate interface When you create a Layer 3 aggregate interface, interface and enter Layer 3 route-aggregation the system automatically creates a Layer 3 static aggregate interface view interface-number aggregation group numbered the same. Exit to system view quit —...

  • Page 49

    To do... Use the command... Remarks Enter Layer 2 Ethernet interface interface-type interface view interface-number Required Repeat these two steps to assign more Layer 2 Ethernet Assign the Ethernet port link-aggregation interfaces to the aggregation group. interface to the group number aggregation group Optional By default, the aggregation priority of a port is 32768.

  • Page 50: Configuring An Aggregate Interface, Configuring The Description Of An Aggregate Interface

    To do... Use the command... Remarks Set the LACP timeout Optional interval on the port to the lacp period short By default, the LACP timeout interval on a port is short timeout interval (1 the long timeout interval (30 seconds). second) Configuring an aggregate interface NOTE:...

  • Page 51: Enabling Link State Traps For An Aggregate Interface

    Enabling link state traps for an aggregate interface You can configure an aggregate interface to generate linkUp trap messages when its link goes up and linkDown trap messages when its link goes down. For more information, see Network Management and Monitoring Configuration Guide.

  • Page 52: Shutting Down An Aggregate Interface

    CAUTION: If you set this minimum threshold for a static aggregation group, you must also make the same setting for • its peer aggregation group to guarantee correct aggregation. • Configuring the minimum number of Selected ports required to bring up an aggregation group might cause all the member ports in the aggregation group to become unselected.

  • Page 53: Configuring Load Sharing For Link Aggregation Groups

    Configuring load sharing for link aggregation groups Configuring load-sharing criteria for link aggregation groups You can determine how traffic is load-shared in a link aggregation group by configuring load-sharing criteria. The criteria can be MAC addresses, service port numbers, ingress ports, or IP addresses carried in packets, or any combination.

  • Page 54: Enabling Local-first Load Sharing For Link Aggregation

    To do… Use the command… Remarks Required Configure the load-sharing link-aggregation load-sharing mode The default load-sharing criteria are criteria for the aggregation { { destination-ip | destination-mac | the same as the global load-sharing group source-ip | source-mac } * } criteria.

  • Page 55: Enabling Link-aggregation Traffic Redirection

    To do... Use the command... Remarks Optional Enable local-first load-sharing for link-aggregation load-sharing link aggregation mode local-first Enabled by default. Enabling link-aggregation traffic redirection The link-aggregation traffic redirection function can redirect traffic between IRF member switches for a cross-device link aggregation group. Link-aggregation traffic redirection prevents traffic interruption when you reboot an IRF member switch that contains link aggregation member ports.

  • Page 56: Ethernet Link Aggregation Configuration Examples

    To do... Use the command... Remarks Display summary information display link-aggregation summary [ | { begin | Available in any view about all aggregation groups exclude | include } regular-expression ] display link-aggregation verbose Display detailed information about [ { bridge-aggregation | route-aggregation } a specific or all aggregation Available in any view [ interface-number ] ] [ | { begin | exclude |...

  • Page 57

    Figure 12 Network diagram Configuration procedure Configure Device A # Create VLAN 10, and assign port Ethernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign port Ethernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port ethernet 1/0/5 [DeviceA-vlan20] quit...

  • Page 58: Layer 2 Dynamic Aggregation Configuration Example

    Configuring Ethernet1/0/3... Done. [DeviceA-Bridge-Aggregation1] quit # Configure Device A to use the source and destination MAC addresses of packets as the global link-aggregation load-sharing criteria. [DeviceA] link-aggregation load-sharing mode source-mac destination-mac Configure Device B Configure Device B using the same instructions that you used to configure Device A. Verify the configurations # Display summary information about all aggregation groups on Device A.

  • Page 59

    Figure 13 Network diagram Configuration procedure Configure Device A. # Create VLAN 10, and assign the port Ethernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Ethernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port ethernet 1/0/5 [DeviceA-vlan20] quit...

  • Page 60: Layer 3 Static Aggregation Configuration Example

    Configuring Ethernet1/0/2... Done. Configuring Ethernet1/0/3... Done. [DeviceA-Bridge-Aggregation1] quit # Configure the device to use the source and destination MAC addresses of packets as the global link-aggregation load-sharing criteria. [DeviceA] link-aggregation load-sharing mode source-mac destination-mac Configure Device B. Configure Device B using the same instructions that you used to configure Device A. Verify the configurations.

  • Page 61

    Figure 14 Network diagram Eth1/0/1 Eth1/0/1 Eth1/0/2 Eth1/0/2 Link aggregation 1 Eth1/0/3 Eth1/0/3 RAGG1 RAGG1 Device A Device B 192.168.1.1/24 192.168.1.2/24 Configuration procedure Configure Device A. # Create Layer 3 aggregate interface Route-Aggregation 1, and configure an IP address and subnet mask for the aggregate interface.

  • Page 62: Layer 3 Dynamic Aggregation Configuration Example

    # Display the global link-aggregation load-sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-ip address, source-ip address The output shows that the global link-aggregation load-sharing criteria are the source and destination IP addresses of packets. Layer 3 dynamic aggregation configuration example Network requirements As shown in...

  • Page 63

    [DeviceA] link-aggregation load-sharing mode source-ip destination-ip Configure Device B. Configure Device B using the same instructions that you used to configure Device A. Verify the configurations. # Display summary information about all aggregation groups on Device A. [DeviceA] display link-aggregation summary Aggregation Interface Type: BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation Aggregation Mode: S -- Static, D -- Dynamic...

  • Page 64: Port Isolation Configuration, Introduction To Port Isolation, Assigning A Port To The Isolation Group

    Port isolation configuration Introduction to port isolation Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another. To use the feature, you assign ports to a port isolation group. Ports in an isolation group are called “isolated ports.”...

  • Page 65: Port Isolation Configuration Example

    Port isolation configuration example Network requirements As shown in Figure 16, Host A, Host B, and Host C are connected to Ethernet 1/0/1, Ethernet 1/0/2, and Ethernet 1/0/3 of Device, and Device is connected to the Internet through Ethernet 1/0/4. All these ports are in the same VLAN.

  • Page 66: Spanning Tree Configuration, Stp Protocol Packets

    Spanning tree configuration As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, putting them in a standby state, which still also allows for link redundancy. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), Per VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).

  • Page 67: Basic Concepts In Stp

    Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge. The root bridge is not permanent, but can change with changes of the network topology. Upon initialization of a network, each device generates and periodically sends configuration BPDUs with itself as the root bridge.

  • Page 68: Calculation Process Of The Stp Algorithm

    Calculation process of the STP algorithm NOTE: The spanning tree calculation process described in the following sections is a simplified process for example only. The STP algorithm uses the following calculation process: Initial state Upon initialization of a device, each port generates a BPDU with the port as the designated port, the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge ID.

  • Page 69

    Table 10 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device compares the priority of the received configuration BPDU with that of the configuration BPDU generated by the port, and: • If the former priority is lower, the device discards the received configuration BPDU and keeps the configuration BPDU the port generated.

  • Page 70

    Table 11 Initial state of each device Device Port name Configuration BPDU on the port Port A1 {0, 0, 0, Port A1} Device A Port A2 {0, 0, 0, Port A2} Port B1 {1, 0, 1, Port B1} Device B Port B2 {1, 0, 1, Port B2} Port C1...

  • Page 71

    Configuration BPDU on Device Comparison process ports after comparison • Device B compares the configuration BPDUs of all its ports, decides that the configuration BPDU of Port B1 is the optimum, and selects Port B1 as the root port with the configuration BPDU unchanged.

  • Page 72

    Configuration BPDU on Device Comparison process ports after comparison • Device C finds that the root path cost of Port C1 (10) (root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10)) is larger than that of Port C2 (9) (root path cost of the received configuration BPDU (5) plus path cost of Port C2 (4)), decides that the configuration BPDU of Port C2 is the optimum, and selects Port C2 as the root port with the configuration BPDU...

  • Page 73: Rstp

    If the configuration BPDU received on a designated port has a lower priority than the configuration • BPDU of the local port, the port immediately sends its own configuration BPDU in response. If a path becomes faulty, the root port on this path no longer receives new configuration BPDUs and •...

  • Page 74: Mstp Features, Mstp Basic Concepts

    PVST PVST was introduced to improve link bandwidth usage in network environments where multiple virtual LANs (VLANs) exist. Unlike STP and RSTP whose bridges in a LAN must forward their VLAN packets in the same spanning tree, PVST allows each VLAN to build a separate spanning tree. PVST uses the following BPDUs: STP BPDUs: Sent by access ports according to the VLAN status, or by trunk ports and hybrid ports •...

  • Page 75

    Figure 20 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2 MSTI 2 VLAN 2 MSTI 2 Other VLANs MSTI 0 Other VLANs MSTI 0 MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1 MSTI 1 VLAN 1...

  • Page 76

    Same VLAN-to-instance mapping configuration • Same MSTP revision level • Physically linked together • Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region. In Figure 20, the switched network comprises four MST regions, MST region 1 through MST region 4, and all devices in each MST region have the same MST region configuration.

  • Page 77

    Port roles A port can play different roles in different MSTIs. As shown in Figure 22, an MST region comprises Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common root bridge.

  • Page 78: How Mstp Works

    Forwarding: The port receives and sends BPDUs, obtains MAC addresses, and forwards user • traffic. Learning: The port receives and sends BPDUs, obtains MAC addresses, but does not forward user • traffic. Learning is an intermediate port state. Discarding: The port receives and sends BPDUs, but does not obtain MAC addresses or forward •...

  • Page 79: Implementation Of Mstp On Devices

    Implementation of MSTP on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol packets. In addition to basic MSTP functions, the following functions are provided for ease of management: Root bridge hold •...

  • Page 80

    Task Remarks Required Setting the spanning tree mode Configure the device to work in STP-compatible mode. Configuring the device priority Optional Configuring the timeout factor Optional Configuring the maximum port rate Optional Configuring the leaf nodes Configuring path costs of ports Optional Configuring the port priority Optional...

  • Page 81

    Task Remarks Configuring edge ports Optional Configuring path costs of ports Optional Configuring the port priority Optional Configuring the port link type Optional Configuring the mode a port uses to recognize/send MSTP Optional packets Enabling the output of port state transition information Optional Enabling the spanning tree feature Required...

  • Page 82

    Task Remarks Required Setting the spanning tree mode Configure the device to work in PVST mode. Configuring the device priority Optional Configuring the timeout factor Optional Configuring the maximum port rate Optional Configuring Configuring edge ports Optional the leaf Configuring path costs of ports Optional nodes Configuring the port priority...

  • Page 83

    Task Remarks Optional Setting the spanning tree mode By default, the device works in MSTP mode. Configuring an MST region Required Configuring the device priority Optional Configuring the timeout factor Optional Configuring the maximum port rate Optional Configuri ng the leaf Configuring edge ports Optional nodes...

  • Page 84: Configuring The Spanning Tree, Configuring An Mst Region

    Configuring the spanning tree Setting the spanning tree mode The spanning tree modes include: • STP-compatible mode: The device sends STP BPDUs through all ports. RSTP mode: The device sends RSTP BPDUs through all ports, and ports that connect to STP devices •...

  • Page 85: Configuring The Root Bridge Or A Secondary Root Bridge

    To do... Use the command... Remarks instance instance-id vlan vlan-list Optional Configure the Use either command. VLAN-to-instance mapping vlan-mapping modulo modulo All VLANs in an MST region are mapped table to the CIST (or MSTI 0) by default. Optional Configure the MSTP revision revision-level level level of the MST region 0 by default.

  • Page 86: Configuring The Device Priority

    bridge. If you have specified multiple secondary root bridges for an instance, when the root bridge fails, the secondary root bridge with the lowest MAC address is selected as the new root bridge. Configuring the current device as the root bridge of a specific spanning tree Follow these steps to configure the current device as the root bridge of a specific spanning tree: To do...

  • Page 87: Configuring The Maximum Hops Of An Mst Region

    To do... Use the command... Remarks Configure the priority of the current stp [ instance instance-id ] priority device (in MSTP mode) priority CAUTION: You cannot change the priority of a device after it is configured as the root bridge or as a secondary root •...

  • Page 88: Configuring Spanning Tree Timers

    Max age ƒ 2 × (hello time + 1 second) • HP does not recommend you to manually set the spanning tree timers. Instead, you can specify the network diameter and let spanning tree protocols automatically calculate the timers based on the network diameter.

  • Page 89: Configuring The Timeout Factor

    If the forward delay timer is too short, temporary redundant paths might occur. If the forward delay timer is too long, network convergence might take a long time. HP recommends you to use the default setting. •...

  • Page 90: Configuring The Maximum Port Rate

    By setting an appropriate maximum port rate, you can limit the rate at which the port sends BPDUs and prevent spanning tree protocols from using excessive network resources when the network becomes unstable. HP recommends you to use the default setting. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.

  • Page 91: Configuring Path Costs Of Ports

    NOTE: If BPDU guard is disabled, a port set as an edge port will become a non-edge port again if it receives • a BPDU from another port. To restore the edge port, re-enable it. • If a port directly connects to a user terminal, configure it as an edge port and enable BPDU guard for it. This enables the port to transition to the forwarding state quickly while ensuring network security.

  • Page 92

    Path cost Link speed Port type IEEE 802.1d-1998 IEEE 802.1t Private standard Aggregate interface 1,000,000 1800 containing 2 Selected ports Aggregate interface 666,666 1600 containing 3 Selected ports Aggregate interface 500,000 1400 containing 4 Selected ports Single port 200,000 Aggregate interface 100,000 containing 2 Selected ports 100 Mbps...

  • Page 93: Configuration Example, Configuring The Port Priority

    To do... Use the command... Remarks Configure the path cost of the ports (in stp cost cost Required STP/RSTP mode) Use any command. Configure the path cost of the ports (in stp vlan vlan-list cost cost By default, the system PVST mode) automatically calculates the Configure the path cost of the ports (in...

  • Page 94: Configuring The Port Link Type

    You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that works • in full duplex mode. HP recommends you to use the default setting and let the device to automatically detect the port link type.

  • Page 95: Enabling The Output Of Port State Transition Information

    By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format. You can configure the MSTP packet format on a port. When working in MSTP mode after the configuration, the port sends and receives only MSTP packets of the format that you have configured to communicate with devices that send packets of the same format.

  • Page 96

    Enabling the spanning tree feature (in STP/RSTP/MSTP mode) In STP/RSTP/MSTP mode, make sure that the spanning tree feature is enabled globally and on the desired ports. Follow these steps to enable the spanning tree feature in STP/RSTP/MSTP mode: To do... Use the command...

  • Page 97: Performing Mcheck, Configuring Digest Snooping

    NOTE: To globally enable or disable the spanning tree feature (not for VLANs), use the stp enable command • or undo stp enable command in system view. To enable or disable the spanning tree feature for specific VLANs, use the stp vlan enable command or undo stp vlan enable command. •...

  • Page 98

    Configuring the Digest Snooping feature You can enable Digest Snooping only on the HP device that is connected to a third-party device that uses its private key to calculate the configuration digest. Follow these steps to configure Digest Snooping: To do...

  • Page 99

    To prevent loops, do not enable Digest Snooping on MST region edge ports. • HP recommends you to enable Digest Snooping first and then the spanning tree feature. To avoid • causing traffic interruption, do not configure Digest Snooping when the network is already working well.

  • Page 100: Configuring No Agreement Check

    # Enable Digest Snooping on Ethernet 1/0/1 of Device B and enable global Digest Snooping on Device <DeviceB> system-view [DeviceB] interface ethernet 1/0/1 [DeviceB-Ethernet1/0/1] stp config-digest-snooping [DeviceB-Ethernet1/0/1] quit [DeviceB] stp config-digest-snooping Configuring No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: •...

  • Page 101

    Figure 25 Rapid state transition of an RSTP designated port Upstream device Downstream device The root port blocks non-edge (1) Proposal for rapid transition ports, changes to the forwarding state, and sends an Agreement to the upstream device. The designated (2) Agreement port changes to the forwarding state.

  • Page 102: Configuring Tc Snooping

    Device A connects to a third-party device that has a different spanning tree implementation. Both • devices are in the same region. The third-party device (Device B) is the regional root bridge, and Device A is the downstream • device. Figure 26 No Agreement Check configuration Configuration procedure # Enable No Agreement Check on Ethernet 1/0/1 of Device A.

  • Page 103: Configuring Protection Functions

    With TC snooping enabled, a device actively updates the MAC address table entries and ARP entries upon receiving TC-BPDUs, so that the device can normally forward the user traffic. NOTE: For more information about MAC address table entries, see the chapter “MAC address table •...

  • Page 104

    The spanning tree protocol provides the BPDU guard function to protect the system against such attacks. With the BPDU guard function enabled on the devices, when edge ports receive configuration BPDUs, the system closes these ports and notifies the NMS that these ports have been closed by the spanning tree protocol.

  • Page 105

    Enabling loop guard A device that keeps receiving BPDUs from the upstream device can maintain the state of the root port and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail to receive BPDUs from the upstream devices. The device will reselect the port roles: Those ports in forwarding state that failed to receive upstream BPDUs will become designated ports, and the blocked ports will transition to the forwarding state, resulting in loops in the switched network.

  • Page 106: Displaying And Maintaining The Spanning Tree

    NOTE: HP does not recommend you disable this feature. Enabling BPDU drop In a spanning tree network, after receiving BPDUs, the device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious attackers to attack the network by forging BPDUs.

  • Page 107: Mstp Configuration Example

    To do... Use the command... Remarks display stp [ instance instance-id | vlan Display the spanning tree status and vlan-id ] [ interface interface-list | slot Available in any view statistics slot-number ] [ brief ] [ | { begin | exclude | include } regular-expression ] display stp region-configuration [ | Display the MST region configuration...

  • Page 108

    Configuration procedure Configure VLANs and VLAN member ports (details not shown). Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, VLAN 10, VLAN 20, and VLAN 40 on Device C, and VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.

  • Page 109

    # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4 respectively, and configure the revision level of the MST region as 0. <DeviceC>...

  • Page 110

    Ethernet1/0/3 ROOT FORWARDING NONE # Display brief spanning tree information on Device B. [DeviceB] display stp brief MSTID Port Role STP State Protection Ethernet1/0/1 DESI FORWARDING NONE Ethernet1/0/2 DESI FORWARDING NONE Ethernet1/0/3 DESI FORWARDING NONE Ethernet1/0/2 DESI FORWARDING NONE Ethernet1/0/3 ROOT FORWARDING NONE...

  • Page 111: Pvst Configuration Example

    Figure 29 MSTIs mapped to different VLANs PVST configuration example Network requirements As shown in Figure Device A and Device B work at the distribution layer. Device C and Device D work at the access • layer. Configure PVST so that packets of different VLANs are forwarded along different spanning trees. •...

  • Page 112

    Configuration procedure Configure VLANs and VLAN member ports. (Details not shown) Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, VLAN 10, VLAN 20, and VLAN 40 on Device C, and VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.

  • Page 113

    # Display brief spanning tree information on Device A. [DeviceA] display stp brief VLAN Port Role STP State Protection Ethernet1/0/1 DESI DISCARDING NONE Ethernet1/0/3 DESI FORWARDING NONE Ethernet1/0/1 DESI FORWARDING NONE Ethernet1/0/2 DESI FORWARDING NONE Ethernet1/0/3 DESI FORWARDING NONE Ethernet1/0/2 DESI FORWARDING NONE...

  • Page 114

    Figure 31 Spanning trees mapped to different VLANs...

  • Page 115: Introduction To Bpdu Tunneling

    PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to CE 2. HP devices support BPDU tunneling for the following protocols: Cisco Discovery Protocol (CDP) •...

  • Page 116: Bpdu Tunneling Implementation

    Ethernet Operation, Administration and Maintenance (EOAM) • GARP VLAN Registration Protocol (GVRP) • HW Group Management Protocol (HGMP) • • Link Aggregation Control Protocol (LACP) Link Layer Discovery Protocol (LLDP) • Port Aggregation Protocol (PAGP) • Per VLAN Spanning Tree (PVST) •...

  • Page 117: Configuring Bpdu Tunneling

    Figure 33 BPDU tunneling implementation The upper section of Figure 33 represents the service provider network (ISP network). The lower section, including User A network 1 and User A network 2, represents the customer networks. Enabling BPDU tunneling on edge devices (PE 1 and PE 2) in the service provider network allows BPDUs of User A network 1 and User A network 2 to be transparently transmitted through the service provider network.

  • Page 118: Enabling Bpdu Tunneling, Configuring Destination Multicast Mac Address For Bpdus

    Enabling BPDU tunneling You can enable BPDU tunneling for different protocols in different views. NOTE: Settings made in Layer 2 Ethernet interface view or Layer 2 aggregate interface view take effect only on • the current port. Settings made in port group view take effect on all ports in the port group. Before you enable BPDU tunneling for DLDP, EOAM, GVRP, HGMP, LLDP, or STP on a port, disable the •...

  • Page 119: Bpdu Tunneling Configuration Examples, Bpdu Tunneling For Stp Configuration Example

    Follow these steps to configure destination multicast MAC address for BPDUs: To do… Use the command… Remarks Enter system view system-view — Optional Configure the destination multicast bpdu-tunnel tunnel-dmac MAC address for BPDUs mac-address 0x010F-E200-0003 by default NOTE: For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network.

  • Page 120: Bpdu Tunneling For Pvst Configuration Example

    [PE1] vlan 2 [PE1-vlan2] quit [PE1] interface ethernet 1/0/1 [PE1-Ethernet1/0/1] port access vlan 2 # Disable STP on Ethernet 1/0/1, and then enable BPDU tunneling for STP on it. [PE1-Ethernet1/0/1] undo stp enable [PE1-Ethernet1/0/1] bpdu-tunnel dot1q stp Configure PE 2. # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0.

  • Page 121

    Configuration procedure Configure PE 1. # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure Ethernet 1/0/1 as a trunk port and assign it to all VLANs. [PE1] interface ethernet 1/0/1 [PE1-Ethernet1/0/1] port link-type trunk [PE1-Ethernet1/0/1] port trunk permit vlan all # Disable STP on Ethernet 1/0/1, and then enable BPDU tunneling for STP and PVST on it.

  • Page 122: Vlan Configuration, Vlan Fundamentals

    VLAN configuration Overview VLAN Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) mechanism. Because the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, virtual LAN (VLAN) was introduced to break a LAN down into separate VLANs.

  • Page 123: Vlan Types

    The format of VLAN-tagged frames is defined in IEEE 802.1Q issued by the Institute of Electrical and Electronics Engineers (IEEE) in 1999. In the header of a traditional Ethernet data frame, the field after the destination MAC address and the source MAC address is the Type field, which indicates the upper layer protocol type, as shown in Figure Figure 37 Traditional Ethernet frame format...

  • Page 124: Configuring Basic Vlan Settings

    Other criteria • The 3600 v2 Switch Series supports port-based VLAN, MAC-based VLAN, protocol-based VLAN, and IP-based VLAN. The port-based VLAN implementation is the basis of all other VLAN implementations. To use any other VLAN implementations, you must configure port-based VLAN settings. You can configure all these types of VLANs on a port at the same time.

  • Page 125: Configuring Basic Settings Of A Vlan Interface

    Configuring basic settings of a VLAN interface VLAN interface overview For hosts of different VLANs to communicate, you must use a router or Layer 3 switch to perform Layer 3 forwarding. You use VLAN interfaces to achieve this. VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices.

  • Page 126: Vlan Interface Configuration Example

    VLAN interface configuration example Network requirements As shown in Figure 39, PC A is assigned to VLAN 5. PC B is assigned to VLAN 10. The PCs belong to different IP subnets and cannot communicate with each other. Configure VLAN interfaces on Switch A and configure the PCs to enable Layer 3 communication between the PCs.

  • Page 127: Port-based Vlan Configuration

    Verifying the configurations The PCs can ping each other. Display brief information about Layer 3 interfaces on Switch A to verify the configuration. <SwitchA> display ip interface brief *down: administratively down (s): spoofing Interface Physical Protocol IP Address Description Vlan-interface5 192.168.0.10 Vlan-inte...

  • Page 128: Assigning An Access Port To A Vlan

    VLAN, see the chapter “Voice VLAN configuration.” • HP recommends that you set the same PVID ID for local and remote ports. Make sure that a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the •...

  • Page 129: Assigning A Trunk Port To A Vlan

    Follow these steps to assign an access port (in interface view) or multiple access ports (in port group view) to a VLAN: To do… Use the command… Remarks Enter system view system-view — Required Enter Layer 2 Ethernet Use any command. interface view: •...

  • Page 130: Assigning A Hybrid Port To A Vlan

    Follow these steps to assign a trunk port to one or multiple VLANs: To do… Use the command… Remarks Enter system view system-view — Required Use any command. • The configuration made in Layer 2 Ethernet Enter Layer 2 Ethernet interface view: interface view applies only to the port.

  • Page 131: Port-based Vlan Configuration Example

    To do… Use the command… Remarks Required Use any command. • The configuration made in Ethernet interface view applies only to the port. Enter Layer 2 Ethernet interface view: • The configuration made in port group interface interface-type view applies to all ports in the port group. interface-number •...

  • Page 132

    Figure 40 Network diagram Configuration procedure Configure Device A. # Create VLAN 100, and assign port Ethernet 1/0/1 to VLAN 100. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] port ethernet 1/0/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign port Ethernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port ethernet 1/0/2 [DeviceA-vlan200] quit...

  • Page 133: Mac-based Vlan Configuration

    [DeviceA-Ethernet1/0/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not configured Description: VLAN 0200 Name: VLAN 0200 Tagged Ports: Ethernet1/0/3 Untagged Ports: Ethernet1/0/2 MAC-based VLAN configuration Introduction to MAC-based VLAN The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is usually used in conjunction with security technologies such as 802.1X to provide secure, flexible network access for terminal devices.

  • Page 134

    multiple MAC address-to-VLAN entries, and enable the MAC-based VLAN feature and dynamic MAC-based VLAN assignment on the port. Dynamic MAC-based VLAN assignment uses the following workflows. When the port receives a frame, the port first determines whether the frame is tagged. If yes, the port reports the source MAC address of the frame.

  • Page 135: Configuring A Mac-based Vlan

    NOTE: When a port is assigned to the corresponding VLAN in a MAC address-to-VLAN entry, but has not • been assigned to the VLAN by using the port hybrid vlan command, the port sends packets from the VLAN with VLAN tags removed. •...

  • Page 136

    To do... Use the command... Remarks Enter system view system-view — mac-vlan mac-address Associate a specific MAC mac-address [ mask Required address with a VLAN mac-mask ] vlan vlan-id [ priority priority ] Enter Layer 2 Ethernet interface view: Use either command. interface interface-type •...

  • Page 137: Mac-based Vlan Configuration Example

    To do... Use the command... Remarks Optional Disable the PVID of the port from forwarding packets with By default, when a port receives a unknown source MAC packet with an unknown source MAC port pvid disable addresses that do not match address that does not match to any any MAC address-to-VLAN MAC address-to-VLAN entry, it...

  • Page 138

    Figure 42 Network diagram VLAN 100 VLAN 200 Server1 Server2 IP: 1.1.1.1/24 IP: 1.1.2.1/24 Eth1/0/14 Eth1/0/13 Eth1/0/4 Eth1/0/3 Device B Eth1/0/2 Eth1/0/2 Device C Device A Eth1/0/1 Eth1/0/1 VLAN 100 VLAN 200 Laptop1 Laptop2 IP: 1.1.1.2/24 IP: 1.1.2.2/24 MAC: 000d-88f8-4e71 MAC: 0014-222c-aa69 Configuration consideration •...

  • Page 139

    [DeviceA-Ethernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceA-Ethernet1/0/1] mac-vlan enable [DeviceA-Ethernet1/0/1] quit # To enable the laptops to access Server 1 and Server 2, configure the uplink port Ethernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [DeviceA] interface ethernet 1/0/2 [DeviceA-Ethernet1/0/2] port link-type trunk [DeviceA-Ethernet1/0/2] port trunk permit vlan 100 200...

  • Page 140: Protocol-based Vlan Configuration

    Configuration guidelines MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is usually configured on the downlink ports of access layer devices, and cannot be configured together with the link aggregation function. Protocol-based VLAN configuration Introduction to protocol-based VLAN You use the protocol-based VLAN feature to assign packets to VLANs by their application type.

  • Page 141: Protocol-based Vlan Configuration Example

    To do… Use the command… Remarks Required Use any command. • The configuration made in Ethernet Enter Layer 2 Ethernet interface interface view applies only to the port. view: • The configuration made in port group interface interface-type view applies to all ports in the port group. interface-number •...

  • Page 142

    Figure 43 Network diagram VLAN 100 VLAN 200 IPv4 Server IPv6 Server Eth1/0/11 Eth1/0/12 Eth1/0/1 Eth1/0/2 Device L2 Switch A L2 Switch B IPv4 Host A IPv6 Host A IPv4 Host B IPv6 Host B VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration consideration Create VLANs 100 and 200.

  • Page 143

    [Device-Ethernet1/0/1] port link-type hybrid [Device-Ethernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. # Associate port Ethernet 1/0/1 with the IPv4 protocol template of VLAN 100 and the IPv6 protocol template of VLAN 200. [Device-Ethernet1/0/1] port hybrid protocol-vlan vlan 100 1 [Device-Ethernet1/0/1] port hybrid protocol-vlan vlan 200 1 [Device-Ethernet1/0/1] quit # Configure Ethernet 1/0/2 as a hybrid port that forwards packets of VLANs 100 and 200 untagged,...

  • Page 144: Ip Subnet-based Vlan Configuration

    ====================================================== ipv4 ipv6 Configuration guidelines Protocol-based VLAN configuration applies only to hybrid ports. IP subnet-based VLAN configuration Introduction In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet.

  • Page 145: Ip Subnet-based Vlan Configuration Example

    To do… Use the command… Remarks Required Use any command. • The configuration made in Ethernet interface view applies only to the port. • The configuration made in port group Enter Layer 2 Ethernet interface view: view applies to all ports in the port group.

  • Page 146

    Configuration consideration • Create VLANs 100 and 200. Associate IP subnets with the VLANs. • • Assign ports to the VLANs. Configuration procedure # Associate IP subnet 192.168.5.0/24 with VLAN 100. <DeviceC> system-view [DeviceC] vlan 100 [DeviceC-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0 [DeviceC-vlan100] quit # Associate IP subnet 192.168.50.0/24 with VLAN 200.

  • Page 147: Displaying And Maintaining Vlan

    Please wait... Done. [DeviceC-Ethernet1/0/12] quit # Associate interface Ethernet 1/0/1 with IP subnet-based VLANs 100 and 200. [DeviceC] interface Ethernet 1/0/1 [DeviceC-Ethernet1/0/1] port link-type hybrid [DeviceC-Ethernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceC-Ethernet1/0/1] port hybrid ip-subnet-vlan vlan 100 [DeviceC-Ethernet1/0/1] port hybrid ip-subnet-vlan vlan 200 [DeviceC-Ethernet1/0/1] return Verifying the configurations...

  • Page 148

    To do... Use the command… Remarks display mac-vlan { all | dynamic | mac-address Display MAC address-to-VLAN mac-address [ mask mac-mask ] | static | vlan Available in any entries vlan-id } [ | { begin | exclude | include } view regular-expression ] Display all interfaces with...

  • Page 149: Super Vlan Configuration, Configuring A Super Vlan

    Super VLAN configuration Overview Super VLAN, also called VLAN aggregation, was introduced to save IP address space. A super VLAN is associated with multiple sub-VLANs. You can create a VLAN interface for a super VLAN and assign an IP address for the VLAN interface. However, you cannot create a VLAN interface for a sub-VLAN.

  • Page 150

    To do… Use the command… Remarks Enter system view system-view — Required Enter VLAN view vlan vlan-id If the specified VLAN does not exist, this command creates the VLAN first, and then enters VLAN view. Required Configure the VLAN as a supervlan super VLAN Not configured by default.

  • Page 151: Super Vlan Configuration Example

    You can configure DHCP, Layer 3 multicast, and dynamic routing for the VLAN interface of a super • VLAN. However, only DHCP takes effect. HP does not recommend configuring VRRP for the VLAN interface of a super VLAN, because it affects • High Availability Configuration Guide network performance.

  • Page 152

    [Sysname] vlan 10 [Sysname-vlan10] quit [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ip address 10.0.0.1 255.255.255.0 # Enable local proxy ARP. [Sysname-Vlan-interface10] local-proxy-arp enable [Sysname-Vlan-interface10] quit # Create VLAN 2, and assign Ethernet 1/0/1 and Ethernet 1/0/2 to it. [Sysname] vlan 2 [Sysname-vlan2] port ethernet 1/0/1 ethernet 1/0/2 [Sysname-vlan2] quit # Create VLAN 3, and assign Ethernet 1/0/3 and Ethernet 1/0/4 to it.

  • Page 153

    Route Interface: configured IPv4 address: 10.0.0.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0002 Name: VLAN 0002 Tagged Ports: none Untagged Ports: Ethernet1/0/1 Ethernet1/0/2 VLAN ID: 3 VLAN Type: static It is a Sub VLAN. Route Interface: configured IPv4 address: 10.0.0.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003...

  • Page 154: Isolate-user-vlan Configuration

    Isolate-user-VLAN configuration Overview An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, the following types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device. The following are the characteristics of the isolate-user-VLAN implementation: Isolate-user-VLANs are mainly used for upstream data exchange. An isolate-user-VLAN can be •...

  • Page 155

    Configure the downlink ports, for example, the ports connecting Device B to hosts in Figure to work in host mode, so that the downlink ports can be added to the isolate-user-VLAN associated with the secondary VLAN synchronously. For more information about the promiscuous and host mode commands, see Layer 2—LAN Switching Command Reference.

  • Page 156: Displaying And Maintaining Isolate-user-vlan

    To do... Use the command Remarks Enter Layer 2 Ethernet or aggregate interface view: interface interface-type interface-number interface bridge-aggregation interface-number Configure the link type of the port port link-type { access | hybrid | trunk } Configure the downlink port Assign ports to the secondary Required VLAN...

  • Page 157: Isolate-user-vlan Configuration Example

    Isolate-user-VLAN configuration example Network requirements As shown in Figure • Connect Device A to downstream devices Device B and Device C. Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port Ethernet 1/0/5 to • VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3. Assign Ethernet 1/0/2 to VLAN 2 and Ethernet 1/0/1 to VLAN 3.

  • Page 158

    [DeviceB-Ethernet1/0/1] port isolate-user-vlan host [DeviceB-Ethernet1/0/1] quit [DeviceB] interface ethernet 1/0/2 [DeviceB-Ethernet1/0/2] port access vlan 2 [DeviceB-Ethernet1/0/2] port isolate-user-vlan host [DeviceB-Ethernet1/0/2] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 Configure Device C. # Configure the isolate-user-VLAN. <DeviceC>...

  • Page 159

    Untagged Ports: Ethernet1/0/1 Ethernet1/0/2 Ethernet1/0/5 VLAN ID: 2 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0002 Name: VLAN 0002 Tagged Ports: none Untagged Ports: Ethernet1/0/2 Ethernet1/0/5 VLAN ID: 3 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0003 Name: VLAN 0003...

  • Page 160: Voice Vlan Configuration, Oui Addresses, Voice Vlan Assignment Modes

    Voice VLAN configuration Overview A voice VLAN is configured for voice traffic. After assigning the ports that connect to voice devices to a voice VLAN, the system automatically configures quality of service (QoS) parameters for voice traffic, to improve the transmission priority of voice traffic and ensure voice quality. NOTE: Common voice devices include IP phones and integrated access devices (IADs).

  • Page 161

    In automatic mode, the system matches the source MAC address carried in the untagged packets • sent when an IP phone is powered on against the device’s OUI addresses. If the system finds a match, it automatically assigns the receiving port to the voice VLAN, issues ACL rules, and configures the packet precedence.

  • Page 162: Security Mode And Normal Mode Of Voice Vlans

    Table 16 Required configurations on ports of different link types for them to support tagged voice traffic Port link Voice VLAN Support for tagged Configuration requirements type assignment mode voice traffic Automatic Access — Manual Automatic The PVID of the port cannot be the voice VLAN. The PVID of the port cannot be the voice VLAN.

  • Page 163: Configuring A Voice Vlan

    MAC addresses checking. TIP: HP does not recommend you transmit both voice traffic and non-voice traffic in a voice VLAN. If you must transmit both voice traffic and nonvoice traffic, make sure that the voice VLAN security mode is disabled.

  • Page 164: Configuring Qos Priority Settings For Voice Traffic On An Interface

    Configuring QoS priority settings for voice traffic on an interface In voice VLAN applications, you can improve the quality of voice traffic by configuring the appropriate QoS priority settings, including the Class of Service (CoS) and Differentiated Services Code Point (DSCP) values, for voice traffic.

  • Page 165: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode

    To do... Use the command... Remarks Enter Ethernet interface interface interface-type — view interface-number Optional Configure the port to By default, the automatic voice VLAN assignment operate in automatic voice vlan mode auto mode is enabled. voice VLAN assignment The voice VLAN assignment modes on different ports mode are independent of one another.

  • Page 166: Displaying And Maintaining Voice Vlan, Voice Vlan Configuration Examples

    To do... Use the command... Remarks Required Enable voice VLAN on voice vlan vlan-id enable the port Disabled by default. NOTE: You can configure different voice VLANs on different ports at the same time. However, you can • configure one port with only one voice VLAN, and this voice VLAN must be a static VLAN that already exists on the device.

  • Page 167

    Figure 50 Network diagram Configuration procedure # Create VLAN 2 and VLAN 3. <DeviceA> system-view [DeviceA] vlan 2 to 3 Please wait... Done. # Set the voice VLAN aging time to 30 minutes. [DeviceA] voice vlan aging 30 # Since Ethernet 1/0/1 might receive both voice traffic and data traffic at the same time, to ensure the quality of voice packets and effective bandwidth use, configure voice VLANs to work in security mode.

  • Page 168: Manual Voice Vlan Assignment Mode Configuration Example

    [DeviceA-Ethernet1/0/2] voice vlan mode auto [DeviceA-Ethernet1/0/2] voice vlan 3 enable Verifying the configurations # Display the OUI addresses, OUI address masks, and description strings. <DeviceA> display voice vlan oui Oui Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone...

  • Page 169

    Figure 51 Network diagram Configuration procedure # Configure the voice VLAN to operate in security mode. A voice VLAN operates in security mode by default. (Optional) <DeviceA> system-view [DeviceA] voice vlan security enable # Add a recognizable OUI address 001 1-2200-0000. [DeviceA] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test # Create VLAN 2.

  • Page 170

    # Display the states of voice VLANs. <DeviceA> display voice vlan state Maximum of Voice VLANs: 128 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE DSCP...

  • Page 171: Gvrp Configuration, Introduction To Gvrp

    GVRP configuration The Generic Attribute Registration Protocol (GARP) provides a generic framework for devices in a switched LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes. GVRP uses the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for GVRP devices on the network.

  • Page 172

    • Table 20 for their dependencies. HP's implementation of GARP uses the following timers to control GARP message transmission: Hold timer The Hold timer sets the delay that a GARP participant waits before sending a Join or Leave message. When an attribute value changes or a Join or Leave message arrives, the GARP participant does not send the message immediately.

  • Page 173

    A GARP participant starts a Leave timer when it receives a Leave message for an attribute value. If the GARP participant receives no Join message for the attribute value before the timer expires, it deregisters the attribute value. LeaveAll timer When a GARP application is enabled, a LeaveAll timer starts.

  • Page 174: Gvrp

    Field Description Value Consists of an attribute length, an attribute Attribute –– event, and an attribute value Length of an attribute, inclusive of the Attribute length 2 to 255 (in bytes) attribute length field • 0x00: LeaveAll event • 0x01: JoinEmpty event •...

  • Page 175: Gvrp Configuration Task List, Configuring Gvrp Functions

    GVRP configuration task list Complete these tasks to configure GVRP: Task Remarks Configuring GVRP functions Required Configuring the GARP timers Optional NOTE: GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes effect on • the current interface only; GVRP configuration made in port group view takes effect on all the member ports in the group.

  • Page 176: Configuring The Garp Timers

    NOTE: For more information about the port link-type trunk and port trunk permit vlan all commands, see • Layer 2—LAN Switching Command Reference • GVRP is mutually exclusive with service loopback. GVRP can work with STP, RSTP, or MSTP CIST but not PVST. When GVRP runs on the CIST, blocked ports •...

  • Page 177: Displaying And Maintaining Gvrp, Gvrp Configuration Examples

    Table 20 Dependencies of the GARP timers Timer Lower limit Upper limit Hold 10 centiseconds No greater than half of the Join timer Join No less than twice the Hold timer Less than half of the Leave timer Leave Greater than twice the Join timer Less than the LeaveAll timer LeaveAll Greater than the Leave timer...

  • Page 178

    Enable GVRP and configure the normal registration mode on ports to enable the registration and • deregistration of dynamic and static VLAN information between the two devices. Figure 54 Network diagram Configuration procedure Configure Device A. # Enable GVRP globally. <DeviceA>...

  • Page 179: Gvrp Fixed Registration Mode Configuration Example

    According to the output, information about VLAN 1, static VLAN information of VLAN 2 on the local device, and dynamic VLAN information of VLAN 3 on Device B are all registered through GVRP. # Display the local VLAN information that GVRP maintains on port Ethernet 1/0/1 of Device B. [DeviceB] display gvrp local-vlan interface ethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default),2-3...

  • Page 180: Gvrp Forbidden Registration Mode Configuration Example

    [DeviceB-Ethernet1/0/1] port link-type trunk [DeviceB-Ethernet1/0/1] port trunk permit vlan all # Enable GVRP on Ethernet 1/0/1, and set the GVRP registration mode to fixed on the port. [DeviceB-Ethernet1/0/1] gvrp [DeviceB-Ethernet1/0/1] gvrp registration fixed [DeviceB-Ethernet1/0/1] quit # Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration.

  • Page 181

    [DeviceA] interface ethernet 1/0/1 [DeviceA-Ethernet1/0/1] port link-type trunk [DeviceA-Ethernet1/0/1] port trunk permit vlan all # Enable GVRP on Ethernet 1/0/1, and set the GVRP registration mode to forbidden on the port. [DeviceA-Ethernet1/0/1] gvrp [DeviceA-Ethernet1/0/1] gvrp registration forbidden [DeviceA-Ethernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 [DeviceA-vlan2] quit Configure Device B.

  • Page 182: Qinq Configuration, Introduction To Qinq, How Qinq Works

    QinQ configuration NOTE: Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network; and service provider network VLANs (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.

  • Page 183: Qinq Frame Structure

    Figure 57 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10 CE 3 CE 4 Customer Customer network B network A VLAN 3 VLAN 4 PE 1 IP network PE 2 VLAN 3 VLAN 4 Public network Customer Customer network A...

  • Page 184: Implementations Of Qinq, Modifying The Tpid In A Vlan Tag

    The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. HP recommends you to increase the MTU of each interface on the service provider network to at least 1504 bytes. For more information about interface MTU configuration, see the chapter “Ethernet interface configuration.”...

  • Page 185

    Figure 59 VLAN tag structure of an Ethernet frame The device determines whether a received frame carries an SVLAN or CVLAN tag by checking the TPID value. For example, if a frame carries an SVLAN tag with TPID value 0x9100 and a CVLAN tag with TPID value 0x8100 and the configured TPID value of the SVLAN tag is 0x9100 and that of the CVLAN tag is 0x8200, the device considers that the frame carries only the SVLAN tag but not the CVLAN tag.

  • Page 186: Configuring Basic Qinq

    QinQ configuration task list Complete the follows tasks to configure QinQ: Task Remarks Enabling basic QinQ Required Configuring basic QinQ Configuring VLAN transparent transmission Optional Configuring an outer VLAN tagging policy Required Configuring selective Configuring an inner-outer VLAN 802.1p priority mapping Perform at least QinQ one task.

  • Page 187: Configuring Vlan Transparent Transmission, Configuring Selective Qinq

    Configuring VLAN transparent transmission When basic QinQ is enabled on a port, all packets passing through the port are tagged with the port’s PVID tag. However, by configuring the VLAN transparent transmission function on a port, you can specify the port not to add its PVID tag to packets carrying specific inner VLAN tags when they pass through it, so that these packets are transmitted in the service provider network with single tags.

  • Page 188: Configuring An Inner-outer Vlan 802.1p Priority Mapping

    Configure a traffic behavior to tag packets with an outer VLAN tag. • Create a QoS policy and associate the class with the behavior in the policy. • Apply the QoS policy to the port that connects to the user. •...

  • Page 189

    Marking the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p • priorities in the inner VLAN tags. Copying the 802.1p priority in the inner VLAN tags to the outer VLAN tags. • Follow these steps to mark the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p priorities in the inner VLAN tags: To do...

  • Page 190: Configuring Inner Vlan Id Substitution

    NOTE: On the 3600 v2 Switch Series, if you have not used either of the two methods previously mentioned to • mark the 802.1p priority of the outer VLAN tag, a basic QinQ-enabled or selective QinQ-enabled port which is configured to trust packet priority copies the 802.1p priority in the inner VLAN tag to the outer VLAN tag when tagging a packet;...

  • Page 191: Configuring The Tpid Value In Vlan Tags, Qinq Configuration Examples, Basic Qinq Configuration Example

    To do... Use the command... Remarks Apply the QoS policy to the outgoing qos apply policy policy-name outbound Required traffic Configuring the TPID value in VLAN tags Follow these steps to configure the TPID value of a VLAN tag: To do... Use the command...

  • Page 192

    Figure 60 Network diagram Configuration procedure NOTE: Be sure that you have configured the switches in the service provider network to allow QinQ packets to pass through. Configure PE 1. • Configure Ethernet 1/0/1. # Configure Ethernet 1/0/1 as a trunk port and assign it to VLAN 100. <PE1>...

  • Page 193

    Configure Ethernet 1/0/3. • # Configure Ethernet 1/0/3 as a trunk port and assign it to VLAN 200. [PE1] interface ethernet 1/0/3 [PE1-Ethernet1/0/3] port link-type trunk [PE1-Ethernet1/0/3] port trunk permit vlan 200 # Configure VLAN 200 as the PVID for the port. [PE1-Ethernet1/0/3] port trunk pvid vlan 200 # Enable basic QinQ on the port.

  • Page 194: Simple Selective Qinq Configuration Example

    Simple selective QinQ configuration example Network requirements As shown in Figure • The two branches of a company, Site 1 and Site 2, are connected through the service provider network and use CVLAN 10 and CVLAN 20 to transmit voice traffic and data traffic separately. PE 1 and PE 2 are edge devices on the service provider network and are connected through •...

  • Page 195

    [PE1-classifier-A10] if-match customer-vlan-id 10 [PE1-classifier-A10] quit # Create traffic behavior P100 and add the action of inserting outer VLAN tag 100. [PE1] traffic behavior P100 [PE1-behavior-P100] nest top-most vlan-id 100 [PE1-behavior-P100] quit # Create class A20 and configure the class to match frames with CVLAN 20. Create traffic behavior P200 and add the action of inserting outer VLAN tag 200.

  • Page 196: Comprehensive Selective Qinq Configuration Example

    # Create traffic behavior P100 and add the action of inserting outer VLAN tag 100. [PE2] traffic behavior P100 [PE2-behavior-P100] nest top-most vlan-id 100 [PE2-behavior-P100] quit # Create class A20 and configure the class to match frames with CVLAN 20. Create traffic behavior P200 and add the action of inserting outer VLAN tag 200.

  • Page 197

    Configure the edge and third-party devices to allow the voice traffic and data traffic to be • transmitted between the two companies via SVLAN 100 SVLAN 200 separately. Figure 62 Network diagram PE 1 PE 2 Eth1/0/2 Eth1/0/2 VLANs 100, 200 TPID = 0x8200 Eth1/0/1 Eth1/0/1...

  • Page 198

    [PE1-classifier-A20] if-match customer-vlan-id 20 [PE1-classifier-A20] quit [PE1] traffic behavior P200 [PE1-behavior-P200] nest top-most vlan-id 200 [PE1-behavior-P200] quit # Create a QoS policy named qinq, associate traffic class A10 with traffic behavior P100, and associate traffic class A20 with traffic behavior P200. [PE1] qos policy qinq [PE1-qospolicy-qinq] classifier A10 behavior P100 [PE1-qospolicy-qinq] classifier A20 behavior P200...

  • Page 199

    # Apply QoS policy sqinq to the outgoing traffic on the port. [PE1-Ethernet1/0/2] qos apply policy sqinq outbound # Set the TPID value in the outer tag to 0x8200. [PE1-Ethernet1/0/2] qinq ethernet-type service-tag 8200 [PE1-Ethernet1/0/2] quit Configure PE 2. Configure Ethernet 1/0/1. •...

  • Page 200

    # Create class A100 and configure the class to match frames with CVLAN 30 and SVLAN 100. [PE2] traffic classifier A100 [PE2-classifier-A100] if-match customer-vlan-id 30 [PE2-classifier-A100] if-match service-vlan-id 100 [PE2-classifier-A100] quit # Configure traffic behavior T100 to mark matching packets with CVLAN 10. [PE2] traffic behavior T100 [PE2-behavior-T100] remark customer-vlan-id 10 [PE2-behavior-T100] quit...

  • Page 201: Vlan Mapping Configuration, Vlan Mapping Overview

    VLAN mapping configuration VLAN mapping overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN mapping to sub-classify traffic from a particular VLAN for granular QoS control.

  • Page 202: Application Scenario Of Two-to-two Vlan Mapping

    Figure 63 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 - > VLAN 101 VLAN 2 - > VLAN 201 VLAN 3 VoIP VLAN 3 - > VLAN 301 Wiring - closet switch VLAN 1 VLAN 1 - >...

  • Page 203: Concepts And Terms

    Figure 64 Application scenario of two-to-two VLAN mapping QinQ or selective QinQ or selective Two-to-two VLAN QinQ QinQ mapping VLAN 10 VLAN 2 Data VLAN 20 VLAN 3 Data PE 1 PE 2 PE 3 PE 4 SP 1 SP 2 VLAN 2 Data VLAN 3...

  • Page 204: Vlan Mapping Implementations

    Figure 65 Basic concepts of VLAN mapping Uplink traffic: Traffic transmitted from the customer network to the service provider network. • • Downlink traffic: Traffic transmitted from the service provider network to the customer network. Network-side port: A port connected to the service provider network. •...

  • Page 205

    Figure 66 One-to-one VLAN mapping implementation Many-to-one VLAN mapping Implement many-to-one VLAN mapping through the following configurations, as shown in Figure Apply an uplink policy to the incoming traffic on the customer-side port to map different CVLAN IDs • to one SVLAN ID. When a packet arrives, the switch replaces its CVLAN tag with the matching SVLAN tag.

  • Page 206: Configuring Vlan Mapping

    Figure 68 Two-to-two VLAN mapping implementation Inbound Outbound uplink policy uplink policy SVLAN CVLAN Data SVLAN’ CVLAN’ Data Customer SP network network SVLAN CVLAN Data SVLAN’ CVLAN’ Data Outbound downlink policy Network-side port Customer-side port Uplink traffic Downlink traffic Configuring VLAN mapping Use the VLAN mapping methods as appropriate to the roles of your switches in the network, as described in this table: Task...

  • Page 207

    To do... Use the command... Remarks traffic classifier tcl-name Create a class and enter class view [ operator { and | or } ] Required Specify a CVLAN as the match Repeat these steps to configure one if-match customer-vlan-id vlan-id criterion class for each CVLAN.

  • Page 208: Configuring Many-to-one Vlan Mapping

    To do... Use the command... Remarks interface interface-type Enter Ethernet interface view — interface-number Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access. Required Assign the port to CVLANs and port trunk permit vlan SVLANs { vlan-id-list | all }...

  • Page 209

    CAUTION: Before changing VLAN mappings on a port, clear all DHCP snooping entries by using the reset Layer 3—IP Services Command Reference dhcp-snooping command (see Configuration prerequisites Before configuring many-to-one VLAN mapping: Make sure that all home users obtain IP addresses through DHCP. For how to assign IP addresses •...

  • Page 210

    To do... Use the command... Remarks Create a traffic behavior and enter traffic behavior behavior-name traffic behavior view Required Configure an SVLAN marking Repeat these steps to configure one remark service-vlan-id vlan-id action behavior for each SVLAN. Return to system view quit Create a QoS policy and enter qos policy policy-name...

  • Page 211: Configuring Two-to-two Vlan Mapping

    To do... Use the command... Remarks Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access. Required port trunk permit vlan Assign the port to SVLANs { vlan-id-list | all } By default, a trunk port is in only VLAN 1.

  • Page 212

    To do... Use the command... Remarks Enter system view system-view — traffic classifier tcl-name Create a class and enter class view [ operator and ] Required Specify a foreign CVLAN as a match if-match customer-vlan-id Repeat these steps to create one criterion vlan-id class for each foreign CVLAN and...

  • Page 213

    To do... Use the command... Remarks Required classifier tcl-name behavior Associate the class with the behavior Repeat this step to create other behavior-name class-behavior associations. Configuring a downlink policy for the customer-side port The downlink policy on the customer-side port replaces local SVLAN and CVLAN pairs with foreign SVLAN and CVLAN pairs.

  • Page 214: Vlan Mapping Configuration Examples

    To do... Use the command... Remarks Required port trunk permit vlan { vlan-id-list Assign the port to the local SVLANs By default, a trunk port is in | all } only VLAN 1. Apply the uplink policy configured for the qos apply policy policy-name Required customer-side port to the incoming traffic...

  • Page 215

    Figure 69 Network diagram Configuration procedure Configuring Switch A. # Create the CVLANs and the SVLANs. <SwitchA> system-view [SwitchA] vlan 2 to 3 [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure uplink policies p1 and p2 to enable one SVLAN to transmit one service for one customer. [SwitchA] traffic classifier c1 [SwitchA-classifier-c1] if-match customer-vlan-id 1 [SwitchA-classifier-c1] traffic classifier c2...

  • Page 216

    [SwitchA-classifier-c2] if-match customer-vlan-id 2 [SwitchA-classifier-c2] traffic classifier c3 [SwitchA-classifier-c3] if-match customer-vlan-id 3 [SwitchA-classifier-c3] quit [SwitchA] traffic behavior b1 [SwitchA-behavior-b1] remark service-vlan-id 101 [SwitchA-behavior-b1] traffic behavior b2 [SwitchA-behavior-b2] remark service-vlan-id 201 [SwitchA-behavior-b2] traffic behavior b3 [SwitchA-behavior-b3] remark service-vlan-id 301 [SwitchA-behavior-b3] traffic behavior b4 [SwitchA-behavior-b4] remark service-vlan-id 102 [SwitchA-behavior-b4] traffic behavior b5 [SwitchA-behavior-b5] remark service-vlan-id 202...

  • Page 217

    [SwitchA] qos policy p11 [SwitchA-policy-p11] classifier c11 behavior b11 [SwitchA-policy-p11] classifier c22 behavior b22 [SwitchA-policy-p11] classifier c33 behavior b33 [SwitchA-policy-p11] quit [SwitchA] qos policy p22 [SwitchA-policy-p22] classifier c44 behavior b11 [SwitchA-policy-p22] classifier c55 behavior b22 [SwitchA-policy-p22] classifier c66 behavior b33 [SwitchA-policy-p22] quit # Assign customer-side port Ethernet 1/0/1 to CVLANs 1 to 3, and SVLANs 101, 201, and 301, and enable basic QinQ, and apply uplink policy p1 to the incoming traffic and downlink policy p1 1 to the...

  • Page 218

    [SwitchC] dhcp-snooping # Create the CVLANs and SVLANs, and enable ARP detection in each VLAN. [SwitchC] vlan 101 [SwitchC-vlan101] arp detection enable [SwitchC-vlan101] vlan 201 [SwitchC-vlan201] arp detection enable [SwitchC-vlan201] vlan 301 [SwitchC-vlan301] arp detection enable [SwitchC-vlan301] vlan 102 [SwitchC-vlan102] arp detection enable [SwitchC-vlan102] vlan 202 [SwitchC-vlan202] arp detection enable [SwitchC-vlan202] vlan 302...

  • Page 219: Enable Dhcp Snooping

    [SwitchC] traffic behavior b1 [SwitchC-behavior-b1] remark service-vlan-id 501 [SwitchC-behavior-b1] traffic behavior b2 [SwitchC-behavior-b2] remark service-vlan-id 502 [SwitchC-behavior-b2] traffic behavior b3 [SwitchC-behavior-b3] remark service-vlan-id 503 [SwitchC-behavior-b3] quit [SwitchC] qos policy p1 [SwitchC-policy-p1] classifier c1 behavior b1 mode dot1q-tag-manipulation [SwitchC-policy-p1] classifier c2 behavior b2 mode dot1q-tag-manipulation [SwitchC-policy-p1] classifier c3 behavior b3 mode dot1q-tag-manipulation [SwitchC-policy-p1] quit [SwitchC] qos policy p2...

  • Page 220: Two-to-two Vlan Mapping Configuration Example

    <SwitchD> system-view [SwitchD] dhcp-snooping # Assign port Ethernet 1/0/1 to SVLANs 501 to 503. [SwitchD] interface ethernet 1/0/1 [SwitchD-Ethernet1/0/1] port link-type trunk [SwitchD-Ethernet1/0/1] port trunk permit vlan 501 502 503 Two-to-two VLAN mapping configuration example Network requirements As shown in Figure 70, two VPN A branches, Site 1 and Site 2, are in VLAN 10 and VLAN 30 respectively.

  • Page 221

    [PE2] interface ethernet 1/0/1 [PE2-Ethernet1/0/1] port link-type trunk [PE2-Ethernet1/0/1] port trunk permit vlan 100 [PE2-Ethernet1/0/1] quit # Set port Ethernet 1/0/2 as a trunk port, and assign it to VLAN 100. [PE2] interface ethernet 1/0/2 [PE2-Ethernet1/0/2] port link-type trunk [PE2-Ethernet1/0/2] port trunk permit vlan 100 Configuring PE 3.

  • Page 222

    # Set customer-side port Ethernet 1/0/1 as a trunk port, assign it to VLAN 200, and apply uplink policy down_uplink to the incoming traffic and downlink policy down_downlink to the outgoing traffic on the port. [PE3] interface ethernet 1/0/1 [PE3-Ethernet1/0/1] port link-type trunk [PE3-Ethernet1/0/1] port trunk permit vlan 200 [PE3-Ethernet1/0/1] qos apply policy down_uplink inbound [PE3-Ethernet1/0/1] qos apply policy down_downlink outbound...

  • Page 223: Lldp Configuration

    LLDP configuration Overview Background In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The IETF drafted the Link Layer Discovery Protocol (LLDP) in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.

  • Page 224

    Table 22 Fields in an Ethernet II-encapsulated LLDPDU Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address. The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used.

  • Page 225

    An LLDPDU can carry up to 28 types of TLVs. Mandatory TLVs include Chassis ID TLV, Port ID TLV, Time To Live TLV, and End of LLDPDU TLV. Other TLVs are optional. TLVs TLVs are type, length, and value sequences that carry information elements. The type field identifies the type of information, the length field measures the length of the information field in octets, and the value field contains the information itself.

  • Page 226

    NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. HP devices send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.

  • Page 227: How Lldp Works

    Table 27 LLDP-MED TLVs Type Description Allows a network device to advertise the LLDP-MED TLVs that it LLDP-MED Capabilities supports. Allows a network device or terminal device to advertise the VLAN ID of Network Policy the specific port, the VLAN type, and the Layer 2 and Layer 3 priorities for specific applications.

  • Page 228: Lldp Configuration Task List

    overwhelming the network during times of frequent changes to local device information, an interval is introduced between two successive LLDPDUs. This interval is shortened to 1 second in either of the following cases: A new neighbor is discovered. A new LLDPDU is received and carries device information new to the •...

  • Page 229: Performing Basic Lldp Configuration, Enabling Lldp

    Performing basic LLDP configuration Enabling LLDP To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports. Follow these steps to enable LLDP: To do… Use the command… Remarks Enter system view system-view —...

  • Page 230: Enabling Lldp Polling

    To do… Use the command… Remarks Enter system view system-view — Optional Set the LLDP re-initialization delay lldp timer reinit-delay delay 2 seconds by default. Enabling LLDP polling With LLDP polling enabled, a device periodically searches for local configuration changes. On detecting a configuration change, the device sends LLDPDUs to inform neighboring devices of the change.

  • Page 231: Configuring The Management Address And Its Encoding Format

    To do… Use the command… Remarks lldp tlv-enable { basic-tlv { all | Optional port-description | system-capability | system-description | system-name } | By default, all types of LLDP dot3-tlv { all | link-aggregation | TLVs, except IEEE 802.1 Configure the advertisable TLVs mac-physic | max-frame-size | power } | organizationally specific (Layer 3 Ethernet interface view)

  • Page 232: Setting Other Lldp Parameters, Setting An Encapsulation Format For Lldpdus

    Setting other LLDP parameters The Time to Live TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device. By setting the TTL multiplier, you can configure the TTL of locally sent LLDPDUs, which determines how long information about the local device can be saved on a neighboring device.

  • Page 233: Configuring Cdp Compatibility

    To do… Use the command… Remarks Enter system view system-view — Enter Layer interface interface-type Enter Ethernet 2/Layer 3 Ethernet interface-number Required interface view interface view or port group Use either command. Enter port group view port-group manual port-group-name view Required Set the encapsulation format for lldp encapsulation snap...

  • Page 234: Configuring Lldp Trapping

    To do… Use the command… Remarks Enter system view system-view — Required Enable CDP compatibility globally lldp compliance cdp Disabled by default. Enter Layer Enter 2/Layer 3 Ethernet interface interface-type interface-number Ethernet Required interface view interface Use either command. view or port Enter port group port-group manual port-group-name group view...

  • Page 235: Displaying And Maintaining Lldp, Lldp Configuration Examples, Basic Lldp Configuration Example

    Displaying and maintaining LLDP To do… Use the command… Remarks Display the global LLDP display lldp local-information [ global | interface information or the information Available in any interface-type interface-number ] [ | { begin | exclude contained in the LLDP TLVs to be view | include } regular-expression ] sent through a port...

  • Page 236

    [SwitchA] lldp enable # Enable LLDP on Ethernet 1/0/1 and Ethernet 1/0/2. (You can skip this step because LLDP is enabled on ports by default.) Set the LLDP operating mode to Rx. [SwitchA] interface ethernet 1/0/1 [SwitchA-Ethernet1/0/1] lldp enable [SwitchA-Ethernet1/0/1] lldp admin-status rx [SwitchA-Ethernet1/0/1] quit [SwitchA] interface ethernet 1/0/2 [SwitchA-Ethernet1/0/2] lldp enable...

  • Page 237

    Port 2 [Ethernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s Number of neighbors: Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 3 As the sample output shows, Ethernet 1/0/1 of Switch A connects to an MED device, and Ethernet 1/0/2 of Switch A connects to a non-MED device.

  • Page 238: Cdp-compatible Lldp Configuration Example

    Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV As the sample output shows, Ethernet 1/0/2 of Switch A does not connect to any neighboring devices. CDP-compatible LLDP configuration example Network requirements As shown in Figure Ethernet 1/0/1 and Ethernet 1/0/2 of Switch A are each connected to a Cisco IP phone.

  • Page 239

    [SwitchA-Ethernet1/0/1] quit [SwitchA] interface ethernet 1/0/2 [SwitchA-Ethernet1/0/2] lldp enable [SwitchA-Ethernet1/0/2] lldp admin-status txrx [SwitchA-Ethernet1/0/2] lldp compliance admin-status cdp txrx [SwitchA-Ethernet1/0/2] quit Verify the configuration. # Display the neighbor information on Switch A. [SwitchA] display lldp neighbor-information CDP neighbor-information of port 1[Ethernet1/0/1]: CDP neighbor index : 1 Chassis ID : SEP00141CBCDBFE...

  • Page 240: Service Loopback Group Configuration

    Service loopback group configuration Overview To increase traffic redirecting throughput, you can bundle multiple Ethernet ports of a device together to increase bandwidth and implement load sharing. These ports that act as a logical link form a service loopback group. A service loopback group must contain at least one Ethernet port as its member port, called a service loopback port.

  • Page 241: Configuring A Service Loopback Group

    Set the state of each member port in the service loopback group. Figure 76 Set the state of each member port in a service loopback group NOTE: Every time a new port is assigned to a service loopback group, the system resets the state of the member ports in the service loopback group according to the process described previously.

  • Page 242: Displaying And Maintaining Service Loopback Groups

    You can change the service type of an existing service loopback group. For the change to be successful, • make sure that the service group has not been referenced, the attributes of all member ports (if any) do not conflict with the target service type, and no service loopback group has been created for the target service type, because only one service loopback group is allowed for a service type.

  • Page 243

    # Create logical interface Tunnel 1 and reference service loopback group 1 on Tunnel 1. [DeviceA] interface tunnel 1 [DeviceA-Tunnel1] service-loopback-group 1...

  • Page 244: Support And Other Resources, Subscription Service, Related Information

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals • For related documentation, navigate to the Networking section, and select a networking category.

  • Page 245: Command Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 246

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 247: Index

    Index A B C D E G I L M O P Q R S V Displaying and maintaining isolation groups,56 Displaying and maintaining LLDP,227 Assigning a port to the isolation group,56 Displaying and maintaining loopback and null interfaces,20 Displaying and maintaining MAC address tables,26 BPDU tunneling configuration examples,1 1 1...

  • Page 248

    Overview,28 QinQ configuration examples,183 Overview,21 QinQ configuration task list,178 Overview,141 Overview,232 RSTP,65 Overview,215 Overview,1 14 Overview,146 Service loopback group configuration example,234 Overview,31 Setting the MTU for a Layer 3 Ethernet interface,16 Overview,152 Spanning tree configuration examples,99 Spanning tree configuration task list,71 STP,58 Performing basic LLDP...

Comments to this Manuals

Symbols: 0
Latest comments: