HPE FlexFabric 5940 Series Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexFabric 5940 SERIES
  6. Configuration manual

HPE FlexFabric 5940 Series Configuration Manual

Layer 2 - lan switching
Hide thumbs Also See for FlexFabric 5940 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
HPE FlexFabric 5940 Switch Series
Layer 2—LAN Switching Configuration Guide
Part number: 5200-1018b
Software version: Release 25xx
Document version: 6W102-20170830

Advertisement

Table of Contents
loading

Related Manuals for HPE FlexFabric 5940 Series

Summary of Contents for HPE FlexFabric 5940 Series

  • Page 1 HPE FlexFabric 5940 Switch Series Layer 2—LAN Switching Configuration Guide Part number: 5200-1018b Software version: Release 25xx Document version: 6W102-20170830...
  • Page 2 © Copyright 2017 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Configuring Ethernet interfaces ··························································· 1   Ethernet interface naming conventions ··························································································· 1   Configuring a management Ethernet interface ·················································································· 1   Configuring common Ethernet interface settings ··············································································· 1   Splitting a 40-GE interface and combining 10-GE breakout interfaces ············································· 2  ...
  • Page 4 Enabling MAC address synchronization ························································································ 30   Configuring MAC address move notifications and suppression ·························································· 31   Enabling ARP fast update for MAC address moves ········································································· 32   Disabling static source check ······································································································ 33   Enabling conversational remote MAC learning ··············································································· 34  ...
  • Page 5 Excluding a subnet from load sharing on aggregate links ·································································· 62   Displaying and maintaining Ethernet link aggregation ······································································ 63   Ethernet link aggregation configuration examples ··········································································· 64   Layer 2 static aggregation configuration example ····································································· 64   Layer 2 dynamic aggregation configuration example ································································· 66  ...
  • Page 6 Configuration procedure ··································································································· 112   Configuring path costs of ports ·································································································· 112   Specifying a standard for the device to use when it calculates the default path cost ······················· 113   Configuring path costs of ports ··························································································· 115   Configuration example ······································································································ 115  ...
  • Page 7 Setting the loop detection interval ······························································································ 144   Displaying and maintaining loop detection ··················································································· 145   Loop detection configuration example ························································································ 145   Network requirements ······································································································ 145   Configuration procedure ··································································································· 145   Verifying the configuration ································································································· 146   Configuring VLANs ······································································· 148  ...
  • Page 8 IP phone access methods ········································································································ 193   Connecting the host and the IP phone in series ····································································· 193   Connecting the IP phone to the device ················································································· 194   Voice VLAN assignment modes ································································································ 194   Automatic mode ·············································································································· 194  ...
  • Page 9 Configuring VLAN mapping ···························································· 233   Overview ······························································································································ 233   VLAN mapping application scenarios ··················································································· 233   VLAN mapping implementations ························································································· 235   VLAN mapping configuration task list ························································································· 238   Configuring one-to-one VLAN mapping ······················································································· 238   Configuring many-to-one VLAN mapping ···················································································· 239  ...
  • Page 10 Service loopback group configuration example ············································································· 289   Network requirements ······································································································ 289   Configuration procedure ··································································································· 289   Document conventions and icons ···················································· 290   Conventions ························································································································· 290   Network topology icons ··········································································································· 291   Support and other resources ·························································· 292  ...

  • Page 11: Configuring Ethernet Interfaces

    Configuring Ethernet interfaces The Switch Series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide. This chapter describes how to configure management Ethernet interfaces and Ethernet interfaces. Ethernet interface naming conventions The Ethernet interfaces are named in the format of interface type A/B/C.

  • Page 12: Splitting A 40-Ge Interface And Combining 10-Ge Breakout Interfaces

    • 40-GE interfaces FortyGigE 1/0/1 through FortyGigE 1/0/4 and FortyGigE 1/0/29 through FortyGigE 1/0/32 on an HPE FlexFabric 5940 32QSFP+ Switch (JH396A) switch do not support one-to-four splitting. • 100-GE interfaces on an HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch (JH390A) or HPE FlexFabric 5940 48XGT 6QSFP28 Switch (JH391A) switch do not support one-to-four splitting.

  • Page 13: Configuring Basic Settings Of An Ethernet Interface Or Subinterface

    After the using fortygige command is successfully configured, you do not need to reboot the switch. You can view the 40-GE interface by using the display interface brief command. After you combine the four 10-GE breakout interfaces, replace the dedicated 1-to-4 cable with a dedicated 1-to-1 cable or a 40-GE transceiver module.

  • Page 14: Configuring The Link Mode Of An Ethernet Interface

    Step Command Remarks Restore the default settings for the Ethernet default interface. By default, Ethernet interfaces are in up state. Bring up the Ethernet undo shutdown The loopback, shutdown ,and port interface. up-mode commands are mutually exclusive. Configuring an Ethernet subinterface Step Command Remarks...

  • Page 15: Configuring Jumbo Frame Support

    Configuring jumbo frame support An Ethernet interface might receive frames larger than the standard Ethernet frame size during high-throughput data exchanges, such as file transfers. These frames are called jumbo frames. The Ethernet interface processes jumbo frames in the following ways: •...

  • Page 16: Enabling Loopback Testing On An Ethernet Interface

    Step Command Remarks Enter system view. system-view Enter Ethernet interface interface-type interface view. interface-number By default, the link-down or link-up event is immediately reported to the CPU. Configure physical link-delay [ msec ] state change delay-time [ mode { up | If you configure this command multiple times on suppression.

  • Page 17: Configuring Generic Flow Control On An Ethernet Interface

    Configuring generic flow control on an Ethernet interface To avoid dropping packets on a link, you can enable generic flow control at both ends of the link. When traffic congestion occurs at the receiving end, the receiving end sends a flow control (Pause) frame to ask the sending end to suspend sending packets.

  • Page 18: Enabling Energy Saving Features On An Ethernet Interface

    • The Enabled and Disabled fields in other cells are possible negotiation results. Make sure all interfaces that a data flow passes through have the same PFC configuration. Table 1 PFC configurations and negotiation results Local (right) enable auto Default Peer (below) Enabled Enabled.

  • Page 19: Setting The Statistics Polling Interval

    Enabling auto power-down on an Ethernet interface When an Ethernet interface with auto power-down enabled has been down for a certain period of time, both of the following events occur: • The device automatically stops supplying power to the Ethernet interface. •...

  • Page 20: Configuring Storm Suppression

    Configuring storm suppression The storm suppression feature ensures that the size of a particular type of traffic (broadcast, multicast, or unknown unicast traffic) does not exceed the threshold on an interface. When the broadcast, multicast, or unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the traffic drops below this threshold.

  • Page 21: Configuring A Layer 2 Ethernet Interface

    Configuring a Layer 2 Ethernet interface Configuring storm control on an Ethernet interface About storm control Storm control compares broadcast, multicast, and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet interface. For each type of traffic, storm control provides a lower threshold and an upper threshold.

  • Page 22: Forcibly Bringing Up A Fiber Port

    Step Command Remarks Set the control action to take when monitored traffic storm-constrain control { block By default, storm control is exceeds the upper | shutdown } disabled. threshold. (Optional.) Enable the By default, the Ethernet interface Ethernet interface to output outputs log messages when log messages when it monitored traffic exceeds the...
  • Page 23 Figure 1 Forcibly bring up a fiber port When Ethernet interfaces Correct fiber When Ethernet interfaces cannot be or are not forcibly connection are forcibly brought up brought up Device A Device A Device A Device B Device B Device B Fiber port Tx end Rx end...

  • Page 24: Setting The Mdix Mode Of An Ethernet Interface

    Setting the MDIX mode of an Ethernet interface IMPORTANT: Fiber ports do not support the MDIX mode setting. A physical Ethernet interface has eight pins, each of which plays a dedicated role. For example, pins 1 and 2 transmit signals, and pins 3 and 6 receive signals. You can use both crossover and straight-through Ethernet cables to connect copper Ethernet interfaces.

  • Page 25: Enabling Bridging On An Ethernet Interface

    NOTE: Fiber ports do not support this feature. This feature tests the cable connection of an Ethernet interface and displays cable test result within 5 seconds. The test result includes the cable's status and some physical parameters. If any fault is detected, the test result shows the length from the local port to the faulty point.

  • Page 26: Configuring A Layer 3 Ethernet Interface Or Subinterface

    Configuring a Layer 3 Ethernet interface or subinterface Setting the MTU for an Ethernet interface or subinterface The maximum transmission unit (MTU) of an Ethernet interface affects the fragmentation and reassembly of IP packets on the interface. Typically, you do not need to modify the MTU of an interface.
  • Page 27 Task Command display counters { inbound | outbound } interface Display interface traffic statistics. [ interface-type [ interface-number | interface-number.subnumber ] ] Display traffic rate statistics of interfaces display counters rate { inbound | outbound } interface in up state over the last statistics polling [ interface-type [ interface-number | interval.

  • Page 28: Configuring Loopback, Null, And Inloopback Interfaces

    Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.

  • Page 29: Configuring An Inloopback Interface

    applying an ACL. For example, if you specify a null interface as the next hop of a static route to a network segment, any packets routed to the network segment are dropped. To configure a null interface: Step Command Remarks Enter system view.

  • Page 30: Bulk Configuring Interfaces

    Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces. Configuration restrictions and guidelines When you bulk configure interfaces in interface range view, follow these restrictions and guidelines: •...

  • Page 31: Displaying And Maintaining Bulk Interface Configuration

    Step Command Remarks • interface range { interface-type interface-number [ to By using the interface range name interface-type command, you assign a name to an interface-number ] } &<1-24> Enter interface range interface range and can specify this view. • interface range name name name rather than the interface range [ interface { interface-type...

  • Page 32: Configuring The Mac Address Table

    Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table. •...

  • Page 33: Mac Address Table Configuration Task List

    • Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.

  • Page 34: Configuring Mac Address Entries

    Tasks at a glance (Optional.) Enabling conversational remote MAC learning (Optional.) Enabling SNMP notifications for the MAC address table Configuring MAC address entries Configuration guidelines • A manually configured dynamic MAC address entry will overwrite a learned entry that already exists with a different outgoing interface for the MAC address.

  • Page 35: Adding Or Modifying A Static Or Dynamic Mac Address Entry On An Interface

    Adding or modifying a static or dynamic MAC address entry on an interface Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number...

  • Page 36: Disabling Mac Address Learning

    Figure 2 NLB cluster You can configure a multiport unicast MAC address entry globally or on an interface. Configuring a multiport unicast MAC address entry globally Step Command Remarks Enter system view. system-view By default, no multiport unicast MAC address entry is configured mac-address multiport globally.

  • Page 37: Disabling Global Mac Address Learning

    After MAC address learning is disabled, the device immediately deletes existing dynamic MAC address entries. Disabling global MAC address learning Global MAC address learning does not take effect on a VXLAN VSI. For information about VXLAN VSIs, see VXLAN Configuration Guide. To disable global MAC address learning: Step Command...

  • Page 38: Setting The Aging Timer For Dynamic Mac Address Entries

    Setting the aging timer for dynamic MAC address entries For security and efficient use of table space, the MAC address table uses an aging timer for each dynamic MAC address entry. If a dynamic MAC address entry is not updated before the aging timer expires, the device deletes the entry.

  • Page 39: Configuring The Unknown Frame Forwarding Rule After The Mac Learning Limit Is Reached

    Configuring the unknown frame forwarding rule after the MAC learning limit is reached You can enable or disable forwarding of unknown frames after the MAC learning limit is reached. To configure the device to forward unknown frames received on the interface after the MAC learning limit on the interface is reached: Step Command...

  • Page 40: Enabling Mac Address Synchronization

    Enabling MAC address synchronization To avoid unnecessary floods and improve forwarding speed, make sure all member devices have the same MAC address table. After you enable MAC address synchronization, each member device advertises learned MAC address entries to other member devices. As shown in Figure •...

  • Page 41: Configuring Mac Address Move Notifications And Suppression

    Figure 4 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization: Step Command Remarks Enter system view. system-view Enable MAC address By default, MAC address mac-address mac-roaming synchronization. synchronization is disabled. enable Configuring MAC address move notifications and suppression The outgoing interface for a MAC address entry learned on interface A is changed to interface B...

  • Page 42: Enabling Arp Fast Update For Mac Address Moves

    To configure MAC address move notifications and MAC address move suppression: Step Command Remarks Enter system view. system-view By default, MAC address move notifications are disabled. If you do not specify a detection interval, the default setting of 1 minute is used. Enable MAC address move After you execute this command, the notifications and optionally...

  • Page 43: Disabling Static Source Check

    Figure 5 ARP fast update application scenario Switch XGE1/0/1 XGE1/0/2 AP 1 AP 2 Laptop To enable ARP fast update for MAC address moves: Step Command Remarks Enter system view. system-view Enable ARP fast update for By default, ARP fast update for mac-address mac-move MAC address moves.

  • Page 44: Enabling Conversational Remote Mac Learning

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number • Enter Layer 3 Ethernet interface view: Enter interface view. interface interface-type interface-number • Enter Layer 3 aggregate interface/subinterface view: interface route-aggregation { interface-number |...

  • Page 45: Displaying And Maintaining The Mac Address Table

    For more information about SNMP and information center configuration, see the network management and monitoring configuration guide for the device. To enable SNMP notifications for the MAC address table: Step Command Remarks Enter system view. system-view By default, SNMP notifications are enabled for the MAC address table.

  • Page 46: Configuration Procedure

    Figure 6 Network diagram Configuration procedure # Add a static MAC address entry for MAC address 000f-e235-dc71 on Ten-GigabitEthernet 1/0/1 that belongs to VLAN 1. <Device> system-view [Device] mac-address static 000f-e235-dc71 interface ten-gigabitethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1. [Device] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer to 500 seconds for dynamic MAC address entries.

  • Page 47: Configuring Mac Information

    Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor user's leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.

  • Page 48: Setting The Mac Change Notification Interval

    Setting the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value. To set the MAC change notification interval: Step Command Remarks Enter system view.

  • Page 49: Configuration Procedure

    correctly to the log host. The logging facility name and the severity level are configured by using the info-center loghost and info-center source commands, respectively. Configuration procedure Configure Device to send syslog messages to Host B: # Enable the information center. <Device>...
  • Page 50 Learns a new MAC address. Deletes an existing MAC address. [Device] interface ten-gigabitethernet 1/0/1 [Device-Ten-GigabitEthernet1/0/1] mac-address information enable added [Device-Ten-GigabitEthernet1/0/1] mac-address information enable deleted [Device-Ten-GigabitEthernet1/0/1] quit # Set the MAC Information queue length to 100. [Device] mac-address information queue-length 100 # Set the MAC change notification interval to 20 seconds.

  • Page 51: Configuring Ethernet Link Aggregation

    Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.

  • Page 52: Operational Key

    Its aggregate interface is configured as an edge aggregate interface. The port has not received Link Aggregation Control Protocol Data Units (LACPDUs) from its peer port. Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode.

  • Page 53: Link Aggregation Modes

    NOTE: • The protocol configurations for an aggregate interface take effect only on the current aggregate interface. • The protocol configurations for a member port take effect only when the port leaves its aggregation group. Link aggregation modes An aggregation group operates in one of the following modes: •...

  • Page 54: Aggregating Links In Dynamic Mode

    Figure 9 Setting the aggregation state of a member port in a static aggregation group After the limit on Selected ports is reached, the aggregation state of a new member port varies by following conditions: • The port is placed in Unselected state if the port and the Selected ports have the same port priority.

  • Page 55: Lacp

    LACP LACP uses LACPDUs to exchange aggregation information between LACP-enabled devices. Each member port in a dynamic aggregation group can exchange information with its peer. When a member port receives an LACPDU, it compares the received information with information received on the other member ports.

  • Page 56: How Dynamic Link Aggregation Works

    • Long timeout interval—90 seconds. If you use the long timeout interval, the peer sends one LACPDU every 30 seconds. How dynamic link aggregation works Choosing a reference port The system chooses a reference port from the member ports in up state. A Selected port must have the same operational key and attribute configurations as the reference port.
  • Page 57 Figure 10 Setting the state of a member port in a dynamic aggregation group The system with the greater system ID can detect the aggregation state changes on the peer system. The system with the greater system ID sets the aggregation state of local member ports the same as their peer ports.

  • Page 58: Edge Aggregate Interface

    Edge aggregate interface Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device. The device forwards traffic by using only one of the physical ports that are connected to the server. To improve link reliability, configure the aggregate interface as an edge aggregate interface.

  • Page 59: Configuring An Aggregation Group

    Tasks at a glance (Optional.) Configuring load sharing for link aggregation groups: • Setting load sharing modes for link aggregation groups • Enabling local-first load sharing for link aggregation • Configuring link aggregation load sharing algorithm settings • Setting the global load sharing mode for MAC-in-MAC traffic (Optional.) Enabling link-aggregation traffic redirection (Optional.)
  • Page 60 Step Command Remarks When you create a Layer 2 Create a Layer 2 aggregate aggregate interface, the system interface bridge-aggregation interface and enter Layer 2 automatically creates a Layer 2 interface-number aggregate interface view. static aggregation group numbered the same. Exit to system view.

  • Page 61: Configuring A Layer 3 Aggregation Group

    Step Command Remarks By default, the long LACP timeout interval (90 seconds) is used by the interface. To avoid traffic interruption during Set the short LACP timeout an ISSU, do not set the short interval (3 seconds) for the lacp period short LACP timeout interval before interface.

  • Page 62: Configuring An Aggregate Interface

    Step Command Remarks Configure the aggregation By default, an aggregation group group to operate in dynamic link-aggregation mode dynamic operates in static mode. mode. Exit to system view. quit Enter Layer 3 Ethernet interface view: interface interface-type Repeat these two substeps to Assign an interface to the interface-number assign more Layer 3 Ethernet...

  • Page 63: Setting The Mac Address For An Aggregate Interface

    Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface-number interface or subinterface • Enter Layer 3 aggregate view. interface or subinterface view: interface route-aggregation { interface-number | interface-number.subnumber } Configure the By default, the description of an description of the interface is interface-name description text...

  • Page 64: Setting The Mtu For A Layer 3 Aggregate Interface

    Setting the MTU for a Layer 3 aggregate interface The MTU of an interface affects IP packets fragmentation and reassembly on the interface. To set the MTU for a Layer 3 aggregate interface: Step Command Remarks Enter system view. system-view Enter Layer 3 aggregate interface route-aggregation interface or subinterface...

  • Page 65: Setting The Expected Bandwidth For An Aggregate Interface

    Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface interface-number view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Set the minimum number of By default, the minimum number link-aggregation selected-port Selected ports for the of Selected ports is not specified minimum min-number aggregation group.

  • Page 66: Enabling Bfd For An Aggregation Group

    Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface interface-number view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Configure the aggregate By default, an aggregate interface interface as an edge does not operate as an edge lacp edge-port aggregate interface.

  • Page 67: Shutting Down An Aggregate Interface

    Configuration procedure To enable BFD for an aggregation group: Step Command Remarks Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface interface-number view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number By default, BFD is disabled for an aggregation group.

  • Page 68: Configuring Load Sharing For Link Aggregation Groups

    Step Command • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view. • Enter Layer 3 aggregate interface or subinterface view: interface route-aggregation { interface-number | interface-number.subnumber } Restore the default settings for the default aggregate interface. Configuring load sharing for link aggregation groups This section explains how to configure the load sharing modes for link aggregation groups and how...

  • Page 69: Enabling Local-First Load Sharing For Link Aggregation

    Step Command Remarks link-aggregation load-sharing mode { { destination-ip | By default, the group-specific Set the load sharing mode destination-mac | destination-port | load sharing mode is the same for the aggregation group. source-ip | source-mac } * | as the global load sharing mode. flexible } Enabling local-first load sharing for link aggregation Use local-first load sharing in a multidevice link aggregation scenario to distribute traffic preferentially...

  • Page 70: Setting The Global Load Sharing Mode For Mac-In-Mac Traffic

    This feature takes effect only when the per-flow load sharing mode is used and the per-flow load sharing mode does not use the following traffic classification criteria: • Source IP address. • Destination IP address. • Source MAC address. • Destination MAC address.

  • Page 71: Configuration Restrictions And Guidelines

    group-specific link-aggregation traffic redirection is not configured, the group uses the global link-aggregation traffic redirection settings. Configuration restrictions and guidelines When you enable link-aggregation traffic redirection, follow these restrictions and guidelines: • Link-aggregation traffic redirection applies only to dynamic link aggregation groups. •...

  • Page 72: Excluding A Subnet From Load Sharing On Aggregate Links

    This task excludes the traffic in the specified VLANs from the load sharing mechanism on the aggregate link. An aggregation group can have only one management port. If you specify multiple ports in an aggregation group as management ports, the system chooses the port with the lowest port number as the management port.

  • Page 73: Displaying And Maintaining Ethernet Link Aggregation

    Figure 12 Link aggregation scenario before management subnets are used You can configure a maximum of 20 management subnets. To ensure correct packet forwarding, delete all ARP entries of a subnet before you specify it as a management subnet or after you remove it from the management subnet list. If you are using link aggregation management subnets, do not use ARP snooping.

  • Page 74: Ethernet Link Aggregation Configuration Examples

    Task Command display link-aggregation load-sharing path interface { bridge-aggregation | route-aggregation } interface-number ingress-port interface-type interface-number [ route ] { { destination-ip ip-address | Display forwarding information for the specified destination-ipv6 ipv6-address } | { source-ip ip-address | traffic flow. source-ipv6 ipv6-address } | destination-mac mac-address | destination-port port-id | ethernet-type type-number | ip-protocol protocol-id | source-mac...
  • Page 75 Configuration procedure Configure Device A: # Create VLAN 10, and assign port Ten-GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign port Ten-GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port ten-gigabitethernet 1/0/5 [DeviceA-vlan20] quit...

  • Page 76: Layer 2 Dynamic Aggregation Configuration Example

    -------------------------------------------------------------------------------- XGE1/0/1 32768 XGE1/0/2 32768 XGE1/0/3 32768 The output shows that link aggregation group 1 is a Layer 2 static aggregation group that contains three Selected ports. Layer 2 dynamic aggregation configuration example Network requirements On the network shown in Figure 14, perform the following tasks: •...
  • Page 77 # Assign ports Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/1] quit [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/2] quit [DeviceA] interface ten-gigabitethernet 1/0/3 [DeviceA-Ten-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.

  • Page 78: Layer 2 Aggregation Load Sharing Configuration Example

    Layer 2 aggregation load sharing configuration example Network requirements On the network shown in Figure 15, perform the following tasks: • Configure Layer 2 static aggregation groups 1 and 2 on Device A and Device B, respectively. • Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.
  • Page 79 [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/1] quit [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/2] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLAN 10. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10...

  • Page 80: Layer 2 Edge Aggregate Interface Configuration Example

    -------------------------------------------------------------------------------- XGE1/0/1 32768 XGE1/0/2 32768 Aggregate Interface: Bridge-Aggregation2 Aggregation Mode: Static Loadsharing Type: Shar Management VLANs: None Port Status Priority Oper-Key -------------------------------------------------------------------------------- XGE1/0/3 32768 XGE1/0/4 32768 The output shows that: • Link aggregation groups 1 and 2 are both load-shared Layer 2 static aggregation groups. •...

  • Page 81: Layer 3 Static Aggregation Configuration Example

    # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface. [Device-Bridge-Aggregation1] lacp edge-port [Device-Bridge-Aggregation1] quit # Assign ports Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 to link aggregation group 1. [Device] interface ten-gigabitethernet 1/0/1 [Device-Ten-GigabitEthernet1/0/1] port link-aggregation group 1 [Device-Ten-GigabitEthernet1/0/1] quit [Device] interface ten-gigabitethernet 1/0/2 [Device-Ten-GigabitEthernet1/0/2] port link-aggregation group 1...
  • Page 82 Figure 17 Network diagram Configuration procedure Configure Device A: # Create Layer 3 aggregate interface Route-Aggregation 1, and configure an IP address and subnet mask for the aggregate interface. <DeviceA> system-view [DeviceA] interface route-aggregation 1 [DeviceA-Route-Aggregation1] ip address 192.168.1.1 24 [DeviceA-Route-Aggregation1] quit # Assign Layer 3 Ethernet interfaces Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to aggregation group 1.

  • Page 83: Layer 3 Dynamic Aggregation Configuration Example

    Layer 3 dynamic aggregation configuration example Network requirements On the network shown in Figure 18, perform the following tasks: • Configure a Layer 3 dynamic aggregation group on both Device A and Device B. • Configure IP addresses and subnet masks for the corresponding Layer 3 aggregate interfaces. Figure 18 Network diagram Configuration procedure Configure Device A:...

  • Page 84: Layer 3 Aggregation Load Sharing Configuration Example

    Loadsharing Type: NonS Management VLANs: None System ID: 0x8000, 000f-e267-6c6a Local: Port Status Priority Index Oper-Key Flag XGE1/0/1 32768 {ACDEF} XGE1/0/2 32768 {ACDEF} XGE1/0/3 32768 {ACDEF} Remote: Actor Priority Index Oper-Key SystemID Flag XGE1/0/1 32768 0x8000, 000f-e267-57ad {ACDEF} XGE1/0/2 32768 0x8000, 000f-e267-57ad {ACDEF} XGE1/0/3 32768...
  • Page 85 [DeviceA-Ten-GigabitEthernet1/0/1] quit [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/2] quit # Create Layer 3 aggregate interface Route-Aggregation 2. [DeviceA] interface route-aggregation 2 # Configure Layer 3 aggregation group 2 to load share packets based on destination IP addresses.

  • Page 86: Layer 3 Edge Aggregate Interface Configuration Example

    XGE1/0/4 32768 The output shows that: • Link aggregation groups 1 and 2 are both load-shared Layer 3 static aggregation groups. • Each aggregation group contains two Selected ports. # Display all the group-specific load sharing modes on Device A. [DeviceA] display link-aggregation load-sharing mode interface Route-Aggregation1 Load-Sharing Mode: source-ip address...
  • Page 87 [Device] interface ten-gigabitethernet 1/0/2 [Device-Ten-GigabitEthernet1/0/2] port link-aggregation group 1 [Device-Ten-GigabitEthernet1/0/2] quit Verifying the configuration # Display detailed information about all aggregation groups on the device when the server is not configured with dynamic link aggregation. [Device] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Port: A -- Auto port, M -- Management port, R -- Reference port Flags:...

  • Page 88: Configuring Port Isolation

    Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group The device supports multiple isolation groups, which can be configured manually.

  • Page 89: Port Isolation Configuration Example

    Port isolation configuration example Network requirements As shown in Figure • LAN users Host A, Host B, and Host C are connected to Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 on the device, respectively. • The device connects to the Internet through Ten-GigabitEthernet 1/0/4. Configure the device to provide Internet access for the hosts, and isolate them from one another at Layer 2.
  • Page 90 Port isolation group information: Group ID: 1 Group members: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 output shows that Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, Ten-GigabitEthernet 1/0/3 are assigned to isolation group 1. As a result, Host A, Host B, and Host C are isolated from one another at layer 2.

  • Page 91: Configuring Spanning Tree Protocols

    Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
  • Page 92 • Protocol ID—Fixed at 0x0000, which represents IEEE 802.1d. • Protocol version ID—Spanning tree protocol version ID. The protocol version ID for STP is 0x00. • BPDU type—Type of the BPDU. The value is 0x00 for a configuration BPDU. • Flags—An 8-bit field indicates the purpose of the BPDU.

  • Page 93: Basic Concepts In Stp

    Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called leaf nodes. The root bridge is not permanent, but can change with changes of the network topology.

  • Page 94: Calculation Process Of The Stp Algorithm

    Table 6 STP port states State Receives/sends BPDUs Learns MAC addresses Forwards use data Disabled Listening Learning Forwarding Blocking Receive Path cost Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust.
  • Page 95 Step Description The device compares the calculated configuration BPDU with the configuration BPDU on the port whose port role will be determined. Then, the device acts depending on the result of the comparison: • If the calculated configuration BPDU is superior, the device performs the following operations: Considers this port as the designated port.
  • Page 96 Figure 25 The STP algorithm As shown in Figure 25, the priority values of Device A, Device B, and Device C are 0, 1, and 2, respectively. The path costs of links among the three devices are 5, 10, and 4. Device state initialization.
  • Page 97 Table 9 Comparison process and result on each device Configuration BPDU Device Comparison process on ports after comparison Port A1 performs the following operations: Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}. Determines that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU.
  • Page 98 Configuration BPDU Device Comparison process on ports after comparison Port C1 performs the following operations: Receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}. Determines that the received configuration BPDU is superior to its existing configuration BPDU {2, 0, 2, Port C1}.
  • Page 99 Configuration BPDU Device Comparison process on ports after comparison Device C determines that the root path cost of Port C1 is larger than that of Port C2. The root path cost of Port C1 is 10, root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10).

  • Page 100: Rstp

    • If a path fails, the root port on this path no longer receives new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. The device generates a configuration BPDU with itself as the root and sends the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.

  • Page 101: Basic Concepts In Rstp

    • BPDU type—The value is 0x02 for RSTP BPDUs. • Flags—All 8 bits are used. • Version1 length—The value is 0x00, which means no version 1 protocol information is present. RSTP does not use TCN BPDUs to advertise topology changes. RSTP floods BPDUs with the TC flag set in the network to advertise topology changes.

  • Page 102: Rstp Bpdu Processing

    Because each VLAN runs RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled HPE device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled HPE device supports fast network convergence like RSTP when connected to PVST-enabled HPE devices or third-party devices enabled with Rapid PVST.

  • Page 103: Basic Concepts In Pvst

    • The destination MAC address of a PVST BPDU is 01-00-0c-cc-cc-cd, which is a private MAC address. • Each PVST BPDU carries a VLAN tag. The VLAN tag identifies the VLAN to which the PVST BPDU belongs. • The organization code and PID fields are added to the LLC header of the PVST BPDU. Figure 28 PVST BPDU format A port's link type determines the type of BPDUs the port sends.

  • Page 104: Mstp Protocol Frames

    MSTP provides the following features: • MSTP divides a switched network into multiple regions, each of which contains multiple spanning trees that are independent of one another. • MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance mapping table.

  • Page 105: Mstp Basic Concepts

    • CIST IRPC—Internal root path cost (IRPC) from the originating bridge to the root of the MST region. • CIST bridge ID—ID of the bridge that sends the MSTP BPDU. • CIST remaining ID—Remaining hop count. This field limits the scale of the MST region. The regional root sends a BPDU with the remaining hop count set to the maximum value.
  • Page 106 Figure 31 Network diagram and topology of MST region 3 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: •...
  • Page 107 The blue lines in Figure 30 represent the CST. An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 30, MSTI 0 is the IST in MST region 3.

  • Page 108: How Mstp Works

    MSTP calculation involves the following port roles: • Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. • Designated port—Forwards data to the downstream network segment or device. • Alternate port—Acts as the backup port for a root port or master port.

  • Page 109: Mstp Implementation On Devices

    Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent. CIST calculation During the CIST calculation, the following process takes place: •...
  • Page 110 Figure 33 Edge port rapid transition Root port rapid transition When a root port is blocked, the bridge will elect the alternate port with the highest priority as the new root port. If the new root port's peer is in the forwarding state, the new root port immediately transits to the forwarding state.
  • Page 111 a. Device A sends a proposal BPDU to Device B through Port A1. b. Device B receives the proposal BPDU on Port B2. Port B2 is elected as the root port. c. Device B blocks its designated port Port B1 and alternate port Port B3 to eliminate loops. d.

  • Page 112: Protocols And Standards

    Protocols and standards MSTP is documented in the following protocols and standards: • IEEE 802.1d, Media Access Control (MAC) Bridges • IEEE 802.1w, Part 3: Media Access Control (MAC) Bridges—Amendment 2: Rapid Reconfiguration • IEEE 802.1s, Virtual Bridged Local Area Networks—Amendment 3: Multiple Spanning Trees •...

  • Page 113: Stp Configuration Task List

    STP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority • (Optional.) Configuring the network diameter of a switched network •...

  • Page 114: Pvst Configuration Task List

    Tasks at a glance Configuring the leaf nodes: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the device priority • (Optional.) Setting the timeout factor • (Optional.) Configuring the BPDU transmission rate • (Optional.) Configuring edge ports • (Optional.) Configuring path costs of ports •...

  • Page 115: Mstp Configuration Task List

    Tasks at a glance (Optional.) Configuring protection features (Optional.) Enabling the device to log events of detecting or receiving TC BPDUs (Optional.) Enabling BPDU transparent transmission on a port (Optional.) Enabling SNMP notifications for new-root election and topology change events MSTP configuration task list Tasks at a glance Configuring the root bridge:...

  • Page 116: Setting The Spanning Tree Mode

    Setting the spanning tree mode The spanning tree modes include: • STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP. • RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transits to the STP mode when it receives STP BPDUs from the peer device.

  • Page 117: Configuring The Root Bridge Or A Secondary Root Bridge

    To configure an MST region: Step Command Remarks Enter system view. system-view Enter MST region view. stp region-configuration Configure the MST region The default setting is the MAC region-name name name. address. • Use one of the commands. instance instance-id vlan Configure the vlan-id-list By default, all VLANs in an MST...

  • Page 118: Configuring The Device As A Secondary Root Bridge Of A Specific Spanning Tree

    Step Command Remarks • In STP/RSTP mode: stp root primary • In PVST mode: Configure the device as By default, the device is not a stp vlan vlan-id-list root primary the root bridge. root bridge. • In MSTP mode: stp [ instance instance-list ] root primary Configuring the device as a secondary root bridge of a specific spanning tree...

  • Page 119: Configuring The Network Diameter Of A Switched Network

    Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value. When a device receives this configuration BPDU, it decrements the hop count by one, and uses the new hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches zero, it is discarded by the device that received it.

  • Page 120: Configuration Restrictions And Guidelines

    its state after a forward delay timer. This ensures that the state transition of the local port stays synchronized with the peer. • Hello time—Interval at which the device sends configuration BPDUs to detect link failures. If the device does not receive configuration BPDUs within the timeout period, it recalculates the spanning tree.

  • Page 121: Setting The Timeout Factor

    Step Command Remarks • In STP/RSTP/MSTP mode: stp timer hello time Set the hello timer. • The default setting is 2 seconds. In PVST mode: stp vlan vlan-id-list timer hello time • In STP/RSTP/MSTP mode: stp timer max-age time Set the max age timer. •...

  • Page 122: Configuring Edge Ports

    Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. Configure the BPDU transmission rate of the The default setting is 10. stp transmit-limit limit ports. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.

  • Page 123: Specifying A Standard For The Device To Use When It Calculates The Default Path Cost

    Specifying a standard for the device to use when it calculates the default path cost CAUTION: If you change the standard that the device uses to calculate the default path costs, you restore the path costs to the default. You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards: •...
  • Page 124 Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard Aggregate interface containing four Selected 500000 1400 ports Single port 200000 Aggregate interface containing two Selected 100000 ports Aggregate interface 100 Mbps containing three Selected 66666 ports Aggregate interface containing four Selected 50000 ports...

  • Page 125: Configuring Path Costs Of Ports

    Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard Aggregate interface containing three Selected ports Aggregate interface containing four Selected ports Single port Aggregate interface containing two Selected ports Aggregate interface 100 Gbps containing three Selected ports Aggregate interface containing four Selected ports...

  • Page 126: Configuring The Port Priority

    [Sysname] interface ten-gigabitethernet 1/0/3 [Sysname-Ten-GigabitEthernet1/0/3] stp instance 2 cost 200 # In PVST mode, perform the following tasks: • Configure the device to calculate the default path costs of its ports by using IEEE 802.1d-1998. • Set the path cost of Ten-GigabitEthernet 1/0/3 to 2000 on VLAN 20 through VLAN 30. <Sysname>...

  • Page 127: Configuration Procedure

    • You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that operates in full duplex mode. As a best practice, use the default setting and let the device automatically detect the port link type. •...

  • Page 128: Enabling Outputting Port State Transition Information

    Enabling outputting port state transition information In a large-scale spanning tree network, you can enable devices to output the port state transition information. Then, you can monitor the port states in real time. To enable outputting port state transition information: Step Command Remarks...

  • Page 129: Enabling The Spanning Tree Feature In Pvst Mode

    Enabling the spanning tree feature in PVST mode Step Command Remarks Enter system view. system-view When the device starts up with initial settings, the spanning tree feature is globally disabled. When the device starts up with Enable the spanning tree factory defaults, the spanning tree stp global enable feature.

  • Page 130: Performing Mcheck In Interface View

    Performing mCheck in interface view Step Command Enter system view. system-view Enter Layer 2 Ethernet interface or Layer 2 interface interface-type interface-number aggregate interface view. Perform mCheck. stp mcheck Disabling inconsistent PVID protection In PVST, if two connected ports use different PVIDs, PVST calculation errors might occur. By default, inconsistent PVID protection is enabled to avoid PVST calculation errors.

  • Page 131: Configuration Restrictions And Guidelines

    Digest Snooping when the network is already working well. Configuration procedure Use this feature on when your HPE device is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping:...

  • Page 132: Configuring No Agreement Check

    Enable Digest Snooping on the ports of Device A and Device B that connect to Device C, so that the three devices can communicate with one another. Figure 37 Network diagram MST region Device C Root bridge Root port XGE1/0/1 XGE1/0/2 Designated port Blocked port...

  • Page 133: Configuration Prerequisites

    Figure 38 Rapid state transition of an MSTP designated port Upstream device Downstream device (1) Proposal for rapid transition The root port blocks non-edge ports. The root port changes to the (2) Agreement forwarding state and sends an Agreement to the upstream device.

  • Page 134: Configuration Procedure

    Configuration procedure Enable the No Agreement Check feature on the root port. To configure No Agreement Check: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface or Layer 2 interface interface-type interface-number aggregate interface view. Enable No Agreement By default, No Agreement stp no-agreement-check Check.

  • Page 135: Configuration Restrictions And Guidelines

    Figure 41 TC Snooping application scenario To avoid traffic interruption, you can enable TC Snooping on the IRF fabric. After receiving a TC-BPDU through a port, the IRF fabric updates MAC address table and ARP table entries associated with the port's VLAN. In this way, TC Snooping prevents topology change from interrupting traffic forwarding in the network.

  • Page 136: Configuring Protection Features

    Configuring protection features A spanning tree device supports the following protection features: • BPDU guard • Root guard • Loop guard • Port role restriction • TC-BPDU transmission restriction • TC-BPDU guard • BPDU drop • PVST BPDU guard • Dispute gurad Configuring BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs)

  • Page 137: Enabling Root Guard

    Step Command Remarks Enter system view. system-view The specified interface must Enter Layer 2 Ethernet connect to a user terminal rather interface interface-type interface or Layer 2 than other device or shared LAN interface-number aggregate interface view. segment. By default, BPDU guard is not configured on a per-edge port stp port bpdu-protection Configure BPDU guard.

  • Page 138: Configuring Port Role Restriction

    As a result, loops occur in the switched network. The loop guard feature can suppress the occurrence of such loops. The initial state of a loop guard-enabled port is discarding in every MSTI. When the port receives BPDUs, it transits its state. Otherwise, it stays in the discarding state to prevent temporary loops. Do not enable loop guard on a port that connects user terminals.

  • Page 139: Enabling Tc-Bpdu Guard

    affect the core network. To avoid this problem, you can enable TC-BPDU transmission restriction on a port. With this feature enabled, when the port receives a TC-BPDU, it does not forward the TC-BPDU to other ports. Make this configuration on the port that connects to the user access network. To configure TC-BPDU transmission restriction: Step Command...

  • Page 140: Enabling Pvst Bpdu Guard

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number Enable BPDU drop on the By default, BPDU drop is bpdu-drop any interface. disabled. Enabling PVST BPDU guard An MSTP-enabled device forwards PVST BPDUs as data traffic because it cannot recognize PVST BPDUs.

  • Page 141: Enabling The Device To Log Events Of Detecting Or Receiving Tc Bpdus

    Figure 42 Dispute guard triggering scenario Dispute guard is Unidirectional link Normal condition triggered occurs Device A Device A Device A Root Root Root Port A1 Port A2 Port A1 Port A2 Port A1 Port A2 Port B1 Port B2 Port B1 Port B2 Port B1...

  • Page 142: Enabling Snmp Notifications For New-Root Election And Topology Change Events

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. By default, the BPDU Enable BPDU transparent transparent transmission feature stp transparent enable transmission. is disabled on a port. Enabling SNMP notifications for new-root election and topology change events This task enables the device to generate logs and report new-root election events or spanning tree...

  • Page 143: Spanning Tree Configuration Example

    Task Command Display history about ports blocked by spanning tree display stp abnormal-port protection features. display stp bpdu-statistics [ interface Display BPDU statistics on ports. interface-type interface-number [ instance instance-list ] ] Display information about ports shut down by spanning display stp down-port tree protection features.
  • Page 144 Figure 43 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
  • Page 145 [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Configure Device B as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally.
  • Page 146 Verifying the configuration In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0. When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device.

  • Page 147: Pvst Configuration Example

    Figure 44 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30 MSTI 4 mapped to VLAN 40 Root bridge Normal link Blocked link PVST configuration example Network requirements As shown in Figure...
  • Page 148 Figure 45 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
  • Page 149 [DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST. <DeviceD> system-view [DeviceD] stp mode pvst # Enable the spanning tree feature globally and in VLAN 20, VLAN 30, and VLAN 40. [DeviceD] stp global enable [DeviceD] stp vlan 20 30 40 enable Verifying the configuration...
  • Page 150 Ten-GigabitEthernet1/0/2 ALTE DISCARDING NONE Ten-GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw a topology for each VLAN spanning tree, as shown in Figure Figure 46 VLAN spanning tree topologies...

  • Page 151: Configuring Loop Detection

    Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmissions can waste network resources and can paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.

  • Page 152: Loop Detection Interval

    The inner frame header for loop detection contains the following fields: • Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header.

  • Page 153: Loop Detection Configuration Task List

    The device automatically sets the port to the forwarding state after the detection timer set by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.

  • Page 154: Setting The Loop Protection Action

    Setting the loop protection action You can set the loop protection action globally or on a per-port basis. The global setting applies to all ports. The per-port setting applies to the individual ports. The per-port setting takes precedence over the global setting. Setting the global loop protection action Step Command...

  • Page 155: Displaying And Maintaining Loop Detection

    Step Command Remarks Enter system view. system-view Set the loop detection loopback-detection The default setting is 30 seconds. interval. interval-time interval Displaying and maintaining loop detection Execute display commands in any view. Task Command Display the loop detection configuration and status. display loopback-detection Loop detection configuration example Network requirements...

  • Page 156: Verifying The Configuration

    # Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100. [DeviceA] interface Ten-GigabitEthernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port link-type trunk [DeviceA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 [DeviceA-Ten-GigabitEthernet1/0/1] quit [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-type trunk [DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceA-Ten-GigabitEthernet1/0/2] quit # Set the global loop protection action to shutdown.
  • Page 157 [DeviceA] %Feb 15:04:29:663 2013 DeviceA LPDT/4/LPDT LOOPED: Loopback exists Ten-GigabitEthernet1/0/1. %Feb 15:04:29:667 2013 DeviceA LPDT/4/LPDT LOOPED: Loopback exists Ten-GigabitEthernet1/0/2. %Feb 15:04:44:243 2013 DeviceA LPDT/5/LPDT RECOVERED: Loopback Ten-GigabitEthernet1/0/1 recovered. %Feb 15:04:44:248 2013 DeviceA LPDT/5/LPDT RECOVERED: Loopback Ten-GigabitEthernet1/0/2 recovered. The output shows the following information: •...

  • Page 158: Configuring Vlans

    Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.

  • Page 159: Protocols And Standards

    TPID to a different value. For compatibility with a neighbor device, set the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide.

  • Page 160: Configuring Vlan Interfaces

    Step Command Remarks By default, packet dropping is disabled in a VLAN. This feature enables the device to drop Layer 3 packets in a VLAN and packets (Optional.) Enable originating from the device. To drop all packet dropping in the block outbound packets that are received and transmitted VLAN.

  • Page 161: Configuring Port-Based Vlans

    Step Command Remarks Set the MTU for the VLAN The default setting is 1500 bytes. mtu size interface. Set the MAC address for By default, no MAC address is set for a mac-address mac-address the VLAN interface. VLAN interface. Set the expected By default, the expected bandwidth (in bandwidth for the kbps) is the interface baud rate divided...

  • Page 162: Assigning An Access Port To A Vlan

    You can use a nonexistent VLAN as the PVID for a hybrid or trunk port, but not for an access port. • As a best practice, set the same PVID for a local port and its peer. • To prevent a port from dropping untagged packets or PVID-tagged packets, assign the port to its PVID.

  • Page 163: Assigning A Trunk Port To A Vlan

    Assign an access port to a VLAN in interface view Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Set the port link type to By default, all ports are port link-type access...

  • Page 164: Configuring Mac-Based Vlans

    To assign a hybrid port to one or multiple VLANs: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Set the port link type to By default, all ports are port link-type hybrid...
  • Page 165 MAC address of a MAC-to-VLAN entry, the port tags the frame with the VLAN ID specific to this entry. c. If no matching VLAN ID is found, the port determines the VLAN for the packet by using the following VLAN match order: −...
  • Page 166 Figure 52 Flowchart for processing a frame in dynamic MAC-based VLAN assignment The port receives a frame Tagged frame ? Selects a VLAN for the Gets the source MAC frame Uses source MAC to match the MAC in MAC- to-VLAN entries MAC addresses VLAN ID match the Is the VLAN ID the primary VLAN ID and the...

  • Page 167: General Configuration Restrictions And Guidelines

    Assigns the port that connects the user to the MAC-based VLAN. When the user goes offline, the device automatically deletes the MAC-to-VLAN entry and removes the port from the MAC-based VLAN. For more information about 802.1X and MAC authentication, see Security Configuration Guide. General configuration restrictions and guidelines When you configure MAC-based VLANs, follow these restrictions and guideline: •...
  • Page 168 If the two features are configured together on a port and the port learns the configured maximum number of MAC address entries, the port processes packets as follows: Forwards only packets matching the MAC address entries learnt by the port. Drops unmatching packets.

  • Page 169: Configuring Server-Assigned Mac-Based Vlan

    Configuring server-assigned MAC-based VLAN Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface-number interface view. Set the port link type to By default, all ports are port link-type hybrid hybrid. access ports. By default, a hybrid port is an Assign the hybrid port untagged member of the port hybrid vlan vlan-id-list { tagged |...

  • Page 170: Configuring Protocol-Based Vlans

    Task Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Set the port link type By default, all ports are access ports. port link-type hybrid to hybrid.

  • Page 171: Configuring A Vlan Group

    Step Command Remarks protocol-vlan [ protocol-index ] { at | ipv4 Associate the VLAN | ipv6 | ipx { ethernetii | llc | raw | snap } | By default, a VLAN is not with a protocol mode { ethernetii etype etype-id | llc associated with a protocol template.

  • Page 172: Vlan Configuration Examples

    Task Command display interface vlan-interface [ interface-number ] [ brief Display VLAN interface information. [ description | down ] ] Display information about IP display ip-subnet-vlan interface { interface-type subnet-based VLANs that are associated interface-number1 [ to interface-type interface-number2 ] | all } with the specified ports.
  • Page 173 [DeviceA] vlan 100 [DeviceA-vlan100] port ten-gigabitethernet 1/0/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign Ten-GigabitEthernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port ten-gigabitethernet 1/0/2 [DeviceA-vlan200] quit # Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign the port to VLANs 100 and 200.

  • Page 174: Mac-Based Vlan Configuration Example

    MAC-based VLAN configuration example Network requirements As shown in Figure • Ten-GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
  • Page 175 [DeviceA-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Enable the MAC-based VLAN feature on Ten-GigabitEthernet 1/0/1. [DeviceA-Ten-GigabitEthernet1/0/1] mac-vlan enable [DeviceA-Ten-GigabitEthernet1/0/1] quit # Configure the uplink port (Ten-GigabitEthernet 1/0/2) as a trunk port, and assign it to VLANs 100 and 200. [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-type trunk [DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200...

  • Page 176: Ip Subnet-Based Vlan Configuration Example

    IP subnet-based VLAN configuration example Network requirements As shown in Figure 55, the hosts in the office belong to different IP subnets. Configure Device C to transmit packets from 192.168.5.0/24 and 192.168.50.0/24 in VLANs 100 and 200, respectively. Figure 55 Network diagram Device A Device B VLAN 100...

  • Page 177: Protocol-Based Vlan Configuration Example

    # Configure Ten-GigabitEthernet 1/0/3 as a hybrid port, and assign it to VLAN 200 as a tagged VLAN member. [DeviceC] interface ten-gigabitethernet 1/0/3 [DeviceC-Ten-GigabitEthernet1/0/3] port link-type hybrid [DeviceC-Ten-GigabitEthernet1/0/3] port hybrid vlan 200 tagged [DeviceC-Ten-GigabitEthernet1/0/3] quit # Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member.
  • Page 178 Figure 56 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server XGE1/0/3 XGE1/0/4 XGE1/0/1 XGE1/0/2 Device L2 switch A L2 switch B IPv4 host A IPv6 host A IPv4 host B IPv6 host B VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration procedure In this example, L2 Switch A and L2 Switch B use the factory configuration.
  • Page 179 # Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface ten-gigabitethernet 1/0/1 [Device-Ten-GigabitEthernet1/0/1] port link-type hybrid [Device-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate Ten-GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
  • Page 180 IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: Ten-GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...

  • Page 181: Configuring Super Vlans

    Configuring super VLANs Hosts in a VLAN typically use IP addresses in the same subnet. For Layer 3 interoperability with other VLANs, you can create a VLAN interface for the VLAN and assign an IP address to it. This requires a large number of IP addresses. The super VLAN feature was introduced to save IP addresses.

  • Page 182: Configuring A Super Vlan Interface

    To configure a super VLAN: Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id Configure the VLAN By default, a VLAN is not a super VLAN. supervlan as a super VLAN. By default, a super VLAN is not associated with Associate the super any sub-VLANs.

  • Page 183: Super Vlan Configuration Example

    Task Command Display information about super VLANs and their display supervlan [ supervlan-id ] associated sub-VLANs. Super VLAN configuration example Network requirements As shown in Figure • Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 are in VLAN 2. • Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 are in VLAN 3. •...

  • Page 184: Verifying The Configuration

    [DeviceA-vlan2] quit # Create VLAN 3, and assign Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 to the VLAN. [DeviceA] vlan 3 [DeviceA-vlan3] port ten-gigabitethernet 1/0/3 ten-gigabitethernet 1/0/4 [DeviceA-vlan3] quit # Create VLAN 5, and assign Ten-GigabitEthernet 1/0/5 and Ten-GigabitEthernet 1/0/6 to the VLAN. [DeviceA] vlan 5 [DeviceA-vlan5] port ten-gigabitethernet 1/0/5 ten-gigabitethernet 1/0/6 [DeviceA-vlan5] quit...
  • Page 185 VLAN type: Static It is a sub VLAN. Route interface: Configured Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/3 Ten-GigabitEthernet1/0/4 VLAN ID: 5 VLAN type: Static It is a sub VLAN. Route interface: Configured Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0...

  • Page 186: Configuring The Private Vlan

    Configuring the private VLAN VLAN technology provides a method for isolating traffic from customers. At the access layer of a network, customer traffic must be isolated for security or accounting purposes. If VLANs are assigned on a per-user basis, a large number of VLANs will be required. The private VLAN feature saves VLAN resources.

  • Page 187: Configuration Restrictions And Guidelines

    Associate the secondary VLANs with the primary VLAN. Configure the uplink and downlink ports: Configure the uplink port (for example, the port connecting L2 Device B to L3 Device A Figure 58): − When the port allows only one primary VLAN, configure the port as a promiscuous port of the primary VLAN.
  • Page 188 Step Command Remarks Create one or multiple vlan { vlan-id1 [ to vlan-id2 ] | all } secondary VLANs. Return to system view. quit Enter VLAN view of the vlan vlan-id primary VLAN. Associate the primary By default, a primary VLAN is not VLAN with the secondary associated with any secondary private-vlan secondary vlan-id-list...

  • Page 189: Displaying And Maintaining The Private Vlan

    Step Command Remarks 19. Return to system view. quit Enter VLAN interface view of Use substeps a, b, c, and e for the primary VLAN interface: devices that run IPv4 protocols. interface vlan-interface Use substeps a, b, d, and f for interface-number devices that run IPv6 protocols.
  • Page 190 Figure 59 Network diagram Configuration procedure This example describes the configurations on Device B and Device C. Configure Device B: # Configure VLAN 5 as a primary VLAN. <DeviceB> system-view [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan primary [DeviceB-vlan5] quit # Create VLANs 2 and 3. [DeviceB] vlan 2 to 3 # Associate secondary VLANs 2 and 3 with primary VLAN 5.
  • Page 191 [DeviceB-Ten-GigabitEthernet1/0/3] quit Configure Device C: # Configure VLAN 6 as a primary VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC–vlan6] private-vlan primary [DeviceC–vlan6] quit # Create VLANs 3 and 4. [DeviceC] vlan 3 to 4 # Associate secondary VLANs 3 and 4 with primary VLAN 6. [DeviceC] vlan 6 [DeviceC-vlan6] private-vlan secondary 3 to 4 [DeviceC-vlan6] quit...

  • Page 192: Trunk Promiscuous Port Configuration Example

    VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/5 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports:...
  • Page 193 Figure 60 Network diagram Configuration procedure Configure Device B: # Configure VLANs 5 and 10 as primary VLANs. <DeviceB> system-view [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan primary [DeviceB-vlan5] quit [DeviceB] vlan 10 [DeviceB-vlan10] private-vlan primary [DeviceB-vlan10] quit # Create VLANs 2, 3, 6, and 8. [DeviceB] vlan 2 to 3 [DeviceB] vlan 6 [DeviceB-vlan6] quit...
  • Page 194 # Assign downlink port Ten-GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port. [DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port access vlan 2 [DeviceB-Ten-GigabitEthernet1/0/2] port private-vlan host [DeviceB-Ten-GigabitEthernet1/0/2] quit # Assign downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3, and configure the port as a host port.

  • Page 195: Trunk Promiscuous And Trunk Secondary Port Configuration Example

    Name: VLAN 0005 Tagged ports: Ten-GigabitEthernet1/0/1 Untagged ports: Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: Ten-GigabitEthernet1/0/1 Untagged ports: Ten-GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003...
  • Page 196 Downlink port Ten-GigabitEthernet 1/0/3 permits secondary VLAN 12. • Secondary VLANs 11 and 12 are associated with primary VLAN 10. • Secondary VLANs 21 and 22 are associated with primary VLAN 20. Figure 61 Network diagram Configuration procedure Configure Device A: # Configure VLANs 10 and 20 as primary VLANs.
  • Page 197 [DeviceA-vlan20] quit # Configure the uplink port (Ten-GigabitEthernet 1/0/5) as a trunk promiscuous port of VLANs 10 and 20. [DeviceA] interface ten-gigabitethernet 1/0/5 [DeviceA-Ten-GigabitEthernet1/0/5] port private-vlan 10 20 trunk promiscuous [DeviceA-Ten-GigabitEthernet1/0/5] quit # Assign downlink port Ten-GigabitEthernet 1/0/1 to VLAN 22 and configure the port as a host port.
  • Page 198 [DeviceC-vlan10] quit [DeviceC] vlan 20 [DeviceC-vlan20] quit # Configure Ten-GigabitEthernet 1/0/5 as a hybrid port, and assign it to VLANs 10 and 20 as a tagged VLAN member. [DeviceC] interface ten-gigabitethernet 1/0/5 [DeviceC-Ten-GigabitEthernet1/0/5] port link-type hybrid [DeviceC-Ten-GigabitEthernet1/0/5] port hybrid vlan 10 20 tagged [DeviceC-Ten-GigabitEthernet1/0/5] quit Verifying the configuration # Verify the primary VLAN configurations on Device A.

  • Page 199: Secondary Vlan Layer 3 Communication Configuration Example

    Ten-GigabitEthernet1/0/3 The output shows that: • The trunk promiscuous port (Ten-GigabitEthernet 1/0/5) is a tagged member of primary VLAN 10 and secondary VLANs 11 and 12. • The trunk secondary port (Ten-GigabitEthernet 1/0/2) is a tagged member of primary VLAN 10 and secondary VLAN 11.
  • Page 200 # Configure the uplink port (Ten-GigabitEthernet 1/0/1) as a promiscuous port of VLAN 10. [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port private-vlan 10 promiscuous [DeviceA-Ten-GigabitEthernet1/0/1] quit # Assign downlink port Ten-GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port. [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port access vlan 2 [DeviceA-Ten-GigabitEthernet1/0/2] port private-vlan host...
  • Page 201 IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports:...

  • Page 202: Configuring Voice Vlans

    Configuring voice VLANs Overview A voice VLAN is used for transmitting voice traffic. The device can configure QoS parameters for voice packets to ensure higher transmission priority of the voice packets. Common voice devices include IP phones and integrated access devices (IADs). This chapter uses IP phones as an example.

  • Page 203: Automatically Identifying Ip Phones Through Lldp

    Automatically identifying IP phones through LLDP If IP phones support LLDP, configure LLDP for automatic IP phone discovery on the device. The device can then automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device performs the following operations: Sends an LLDP TLV with the voice VLAN configuration to the peer.

  • Page 204: Connecting The Ip Phone To The Device

    Figure 64 Connecting the host and IP phone in series Voice gateway Host IP phone Device Connecting the IP phone to the device As shown in Figure 65, IP phones are connected to the device without the presence of the host. Use this connection method when IP phones sends out untagged voice packets.

  • Page 205: Manual Mode

    When the IP phone reboots, the port is reassigned to the voice VLAN to ensure the correct operation of the existing voice connections. The reassignment occurs automatically without being triggered by voice traffic as long as the voice VLAN operates correctly. Manual mode Use manual mode when only IP phones access the network through the device, as shown in Figure...

  • Page 206: Security Mode And Normal Mode Of Voice Vlans

    If an IP phone sends out tagged voice traffic, and its access port is configured with 802.1X authentication, guest VLAN, Auth-Fail VLAN, or critical VLAN, VLAN IDs must be different for the following VLANs: • Voice VLAN. • PVID of the access port. •...

  • Page 207: Configuring The Qos Priority Settings For Voice Traffic

    Tasks at a glance (Required.) Use one of the following methods: • Configuring a port to operate in automatic voice VLAN assignment mode • Configuring a port to operate in manual voice VLAN assignment mode (Optional.) Enabling LLDP for automatic IP phone discovery (Optional.) Use one of the following methods: •...

  • Page 208: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode

    Configuring a port to operate in automatic voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in automatic voice VLAN assignment mode, follow these restrictions and guidelines: • Do not configure a VLAN as both a voice VLAN and a protocol-based VLAN. A voice VLAN in automatic mode on a hybrid port processes only tagged incoming voice traffic.

  • Page 209: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode

    Step Command Remarks • Configure the link type of port link-type trunk the port. • port link-type hybrid Configure the port to By default, the automatic operate in automatic voice voice VLAN assignment mode voice-vlan mode auto VLAN assignment mode. is enabled.

  • Page 210: Enabling Lldp For Automatic Ip Phone Discovery

    Step Command Remarks Configure the port to By default, a port operates in operate in manual voice automatic voice VLAN undo voice-vlan mode auto VLAN assignment assignment mode. mode. • For the access port, see "Assigning an access port to a VLAN."...

  • Page 211: Configuring Cdp To Advertise A Voice Vlan

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default, no advertised voice VLAN ID is configured. Configure an advertised lldp tlv-enable med-tlv For more information about voice VLAN ID. network-policy vlan-id the command, see Layer 2—LAN Switching Command Reference.

  • Page 212: Displaying And Maintaining Voice Vlans

    Displaying and maintaining voice VLANs Execute display commands in any view. Task Command Display the voice VLAN state. display voice-vlan state Display OUI addresses on a device. display voice-vlan mac-address Voice VLAN configuration examples Automatic voice VLAN assignment mode configuration example Network requirements As shown in...
  • Page 213 [DeviceA] voice-vlan aging 30 # Enable security mode for voice VLANs. [DeviceA] voice-vlan security enable # Add MAC addresses of IP phones A and B to the device with mask FFFF-FF00-0000. [DeviceA] voice-vlan mac-address 0011-1100-0001 mask ffff-ff00-0000 description IP phone A [DeviceA] voice-vlan mac-address 0011-2200-0001 mask ffff-ff00-0000 description IP phone B Configure Ten-GigabitEthernet 1/0/1:...

  • Page 214: Manual Voice Vlan Assignment Mode Configuration Example

    Voice VLAN enabled ports and their modes: Port VLAN Mode DSCP XGE1/0/1 Auto XGE1/0/2 Auto Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure 67, IP phone A send untagged voice traffic. To enable Ten-GigabitEthernet 1/0/1 to transmit only voice packets, perform the following tasks on Device A: •...
  • Page 215 # Enable voice VLAN and configure VLAN 2 as the voice VLAN on Ten-GigabitEthernet 1/0/1. [DeviceA-Ten-GigabitEthernet1/0/1] voice-vlan 2 enable [DeviceA-Ten-GigabitEthernet1/0/1] quit Verifying the configuration # Display the OUI addresses supported on Device A. [DeviceA] display voice-vlan mac-address OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000...

  • Page 216: Configuring Mvrp

    Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
  • Page 217 Join message An MRP participant sends a Join message to request the peer participant to register attributes in the Join message. When receiving a Join message from the peer participant, an MRP participant performs the following tasks: • Registers the attributes in the Join message. •...

  • Page 218: Mrp Timers

    LeaveAll message Each MRP participant starts its LeaveAll timer when starting up. When the timer expires, the MRP participant sends LeaveAll messages to the peer participant. Upon sending or receiving a LeaveAll message, the local participant starts the Leave timer. The local participant determines whether to send a Join message depending on its attribute status.

  • Page 219: Mvrp Registration Modes

    • Effectively reduces the number of LeaveAll messages in the network. • Prevents the LeaveAll timer of a particular participant from always expiring first. MVRP registration modes VLAN information propagated by MVRP includes dynamic VLAN information from other devices and local static VLAN information.

  • Page 220: Configuration Prerequisites

    receive undesired copies. For more information about port mirroring, see Network Management and Monitoring Configuration Guide. • MVRP takes effect only on trunk ports. For more information about trunk ports, see "Configuring VLANs." • Enabling MVRP on a Layer 2 aggregate interface takes effect on the aggregate interface and all Selected member ports in the link aggregation group.

  • Page 221: Setting Mrp Timers

    Step Command Remarks Optional. Set an MVRP registration mvrp registration { fixed | The default setting is normal mode for the port. forbidden | normal } registration mode. Setting MRP timers To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.

  • Page 222: Enabling Gvrp Compatibility

    Enabling GVRP compatibility Enable GVRP compatibility for MVRP when the peer device supports GVRP. Then, the local end can receive and send both MVRP and GVRP frames. When you enable GVRP compatibility, follow these restrictions and guidelines: • GVRP compatibility enables MVRP to work with STP or RSTP, but not MSTP. •...

  • Page 223: Configuration Procedure

    Figure 69 Network diagram Device A Device B Permit: all VLANs XGE1/0/3 XGE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 MSTI 1 VLAN 20 MSTI 2 Other VLANs MSTI 0 Device C Device D MSTI 0 MSTI 1 MSTI 2...
  • Page 224 [DeviceA] mvrp global enable # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port link-type trunk [DeviceA-Ten-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port Ten-GigabitEthernet 1/0/1. [DeviceA-Ten-GigabitEthernet1/0/1] mvrp enable [DeviceA-Ten-GigabitEthernet1/0/1] quit # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and configure it to permit VLAN 40.
  • Page 225 [DeviceB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 20 40 # Enable MVRP on Ten-GigabitEthernet 1/0/1. [DeviceB-Ten-GigabitEthernet1/0/1] mvrp enable [DeviceB-Ten-GigabitEthernet1/0/1] quit # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port link-type trunk [DeviceB-Ten-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on Ten-GigabitEthernet 1/0/2.

  • Page 226: Verifying The Configuration

    [DeviceC] interface ten-gigabitethernet 1/0/2 [DeviceC-Ten-GigabitEthernet1/0/2] port link-type trunk [DeviceC-Ten-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on Ten-GigabitEthernet 1/0/2. [DeviceC-Ten-GigabitEthernet1/0/2] mvrp enable [DeviceC-Ten-GigabitEthernet1/0/2] quit Configure Device D: # Enter MST region view. <DeviceD> system-view [DeviceD] stp region-configuration # Configure the MST region name, VLAN-to-instance mappings, and revision level. [DeviceD-mst-region] region-name example [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 2 vlan 20...
  • Page 227 ----[Ten-GigabitEthernet1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default) Declared VLANs : 1(default), 10, 20 Propagated VLANs : 1(default)
  • Page 228 • Ten-GigabitEthernet 1/0/3 has registered VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 20 through MVRP. # Display local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[Ten-GigabitEthernet1/0/1]---- Config Status...
  • Page 229 Declared VLANs : Propagated VLANs : The output shows that the following events have occurred: • Ten-GigabitEthernet 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. • Ten-GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.
  • Page 230 • Ten-GigabitEthernet 1/0/1 has registered VLAN 1, VLAN 10, and VLAN 20, declared VLAN 1, and propagated VLAN 1 and VLAN 10 through MVRP. • Ten-GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP.
  • Page 231 [DeviceB] interface ten-gigabitethernet 1/0/3 [DeviceB-Ten-GigabitEthernet1/0/3] mvrp registration fixed [DeviceB-Ten-GigabitEthernet1/0/3] quit # Display local MVRP VLAN information on Ten-GigabitEthernet 1/0/3. [DeviceB] display mvrp running-status interface ten-gigabitethernet 1/0/3 -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[Ten-GigabitEthernet1/0/3]---- Config Status : Enabled Running Status : Enabled Join Timer...
  • Page 232 The output shows that dynamic VLAN information on Ten-GigabitEthernet 1/0/3 is not changed after you set its MVRP registration mode to fixed.

  • Page 233: Configuring Qinq

    Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.

  • Page 234: Qinq Implementations

    When a tagged Ethernet frame from CE 1 arrives at PE 1, the PE tags the frame with SVLAN 3. The double-tagged Ethernet frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4. Figure 71 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10...

  • Page 235: Protocols And Standards

    Protocols and standards • IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks • IEEE 802.1ad, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks-Amendment 4: Provider Bridges Restrictions and guidelines When you configure QinQ, follow these restrictions and guidelines: •...

  • Page 236: Configuring The Tpid For Vlan Tags

    Configuring the TPID for VLAN tags TPID identifies a frame as an 802.1Q tagged frame. The TPID value varies by vendor. On an HPE device, the TPID in the 802.1Q tag added on a QinQ-enabled port is 0x8100 by default, in compliance with IEEE 802.1Q.

  • Page 237: Configuring The Tpid For Cvlan Tags

    Protocol type Value IPX/SPX 0x8137 IS-IS 0x8000 LACP 0x8809 LLDP 0x88cc 802.1X 0x888e 802.1ag 0x8902 Cluster 0x88a7 Reserved 0xfffd/0xfffe/0xffff Configuring the TPID for CVLAN tags Perform this task on the PE device. To configure the TPID value for CVLAN tags: Step Command Remarks...

  • Page 238: Displaying And Maintaining Qinq

    Step Command Remarks Enter system view. system-view Create a traffic class and traffic classifier classifier-name [ operator By default, no traffic enter its view. { and | or } ] classes exist. • Match CVLAN IDs: if-match customer-vlan-id vlan-id-list Configure CVLAN match •...

  • Page 239: Qinq Configuration Examples

    Task Command display qinq [ interface interface-type Display QinQ-enabled ports. interface-number ] QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to Company A's VLANs 10 through 70. • The service provider assigns VLAN 200 to Company B's VLANs 30 through 90.
  • Page 240 # Set the PVID of Ten-GigabitEthernet 1/0/1 to VLAN 100. [PE1-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on Ten-GigabitEthernet 1/0/1. [PE1-Ten-GigabitEthernet1/0/1] qinq enable [PE1-Ten-GigabitEthernet1/0/1] quit # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [PE1] interface ten-gigabitethernet 1/0/2 [PE1-Ten-GigabitEthernet1/0/2] port link-type trunk [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200...

  • Page 241: Vlan Transparent Transmission Configuration Example

    # Enable QinQ on Ten-GigabitEthernet 1/0/3. [PE2-Ten-GigabitEthernet1/0/3] qinq enable [PE2-Ten-GigabitEthernet1/0/3] quit Configure the devices between PE 1 and PE 2: # Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. (Details not shown.) # Configure all ports on the forwarding path to allow frames from VLANs 100 and 200 to pass through without removing the VLAN tag.
  • Page 242 [PE1-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 3000 [PE1-Ten-GigabitEthernet1/0/1] quit # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 3000. [PE1] interface ten-gigabitethernet 1/0/2 [PE1-Ten-GigabitEthernet1/0/2] port link-type trunk [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 3000 [PE1-Ten-GigabitEthernet1/0/2] quit Configure PE 2: # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 10 through 50, 100, and 3000.

  • Page 243: Configuring Vlan Mapping

    Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. Hewlett Packard Enterprise provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag. •...
  • Page 244 Figure 74 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 Wiring-closet switch DHCP server VLAN 1 VLAN 1 ->...

  • Page 245: Vlan Mapping Implementations

    Figure 75 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively. The SP 1 network assigns SVLAN 10 to Site 1. The SP 2 network assigns SVLAN 20 to Site 2. When the packet from Site 1 arrives at PE 1, PE 1 tags the packet with SVLAN 10 by using one-to-two VLAN mapping.
  • Page 246 Figure 76 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 77, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
  • Page 247 Figure 78 Many-to-one VLAN mapping implementation One-to-two VLAN mapping As shown in Figure 79, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic. For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission.

  • Page 248: Vlan Mapping Configuration Task List

    Figure 80 Two-to-two VLAN mapping implementation VLAN mapping configuration task list When you configure VLAN mapping, follow these guidelines: • To add VLAN tags to packets, you can configure both VLAN mapping and QinQ. VLAN mapping takes effect if a configuration conflict occurs. For more information about QinQ, see "Configuring QinQ."...

  • Page 249: Configuring Many-To-One Vlan Mapping

    Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number • Set the port link type to trunk: port link-type trunk By default, the link type of a...
  • Page 250 Many-to-one VLAN mapping configuration task list Tasks at a glance Enabling DHCP snooping Enabling ARP detection Configuring the customer-side port Configuring the network-side port Enabling DHCP snooping Step Command Remarks Enter system view. system-view By default, DHCP snooping is disabled. Enable DHCP For more information about DHCP snooping dhcp snooping enable...
  • Page 251 Step Command Remarks • For the trunk port: port trunk permit vlan Assign the port to the original vlan-id-list VLANs and the translated • For the hybrid port: VLANs. port hybrid vlan vlan-id-list tagged vlan mapping uni { range Configure a many-to-one By default, no VLAN mapping vlan-range-list | single vlan-id-list } VLAN mapping.

  • Page 252: Configuring Many-To-One Vlan Mapping In A Network With Static Ip Address Assignment

    Configuring many-to-one VLAN mapping in a network with static IP address assignment In a network that uses static IP addresses, configure many-to-one VLAN mapping with ARP snooping. The switch replaces the SVLAN tag of the downlink traffic with the associated CVLAN tag based on the ARP snooping entry lookup.
  • Page 253 Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number • Set the port link type to trunk: port link-type trunk By default, the link type of a port is Set the link type of the port.

  • Page 254: Configuring One-To-Two Vlan Mapping

    Configuring one-to-two VLAN mapping Configure one-to-two VLAN mapping on the customer-side ports of edge devices from which customer traffic enters SP networks, for example, on PEs 1 and 4 in Figure 75. One-to-two VLAN mapping enables the edge devices to add an SVLAN tag to each incoming packet. Before you configure one-to-two VLAN mapping, create the CVLAN and the SVLAN.

  • Page 255: Configuring Two-To-Two Vlan Mapping

    Configuring two-to-two VLAN mapping Configure two-to-two VLAN mapping on the customer-side port of an edge device that connects two SP networks, for example, on PE 3 in Figure 75. Two-to-two VLAN mapping enables two sites in different VLANs to communicate at Layer 2 across two service provider networks that use different VLAN assignment schemes.
  • Page 256 • Each household subscribes to PC, VoD, and VoIP services, and obtains the IP address through DHCP. • On the home gateways, VLANs 1, 2, and 3 are assigned to PC, VoD, and VoIP traffic, respectively. To isolate traffic of the same service type from different households, configure one-to-one VLAN mappings on the wiring-closet switches.
  • Page 257 Figure 81 Network diagram DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 XGE1/0/1 XGE1/0/3 Wiring-closet Switch A VLAN 1 XGE1/0/2 VLAN 1 -> VLAN 102 DHCP server VLAN 2 ->...
  • Page 258 # Assign Ten-GigabitEthernet 1/0/1 to all original VLANs and translated VLANs. [SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3 101 201 301 # Configure one-to-one VLAN mappings on Ten-GigabitEthernet 1/0/1 to map VLANs 1, 2, and 3 to VLANs 101, 201, and 301, respectively. [SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 1 translated-vlan 101 [SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 2 translated-vlan 201 [SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 3 translated-vlan 301...
  • Page 259 [SwitchC-vlan203] vlan 303 [SwitchC-vlan303] arp detection enable [SwitchC-vlan303] vlan 104 [SwitchC-vlan104] arp detection enable [SwitchC-vlan104] vlan 204 [SwitchC-vlan204] arp detection enable [SwitchC-vlan204] vlan 304 [SwitchC-vlan304] arp detection enable [SwitchC-vlan304] vlan 501 [SwitchC-vlan501] arp detection enable [SwitchC-vlan501] vlan 502 [SwitchC-vlan502] arp detection enable [SwitchC-vlan502] vlan 503 [SwitchC-vlan503] arp detection enable [SwitchC-vlan503] quit...
  • Page 260 [SwitchC-Ten-GigabitEthernet1/0/2] quit # Configure the network-side port (Ten-GigabitEthernet 1/0/3) to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destined for the user network. [SwitchC] interface ten-gigabitethernet 1/0/3 [SwitchC-Ten-GigabitEthernet1/0/3] vlan mapping nni # Configure Ten-GigabitEthernet 1/0/3 as a trunk port.

  • Page 261: One-To-Two And Two-To-Two Vlan Mapping Configuration Example

    103-104 203-204 303-304 One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure • Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • The two sites use different VPN access services from different service providers, SP 1 and SP •...
  • Page 262 # Assign Ten-GigabitEthernet 1/0/1 to VLAN 100 as an untagged member. [PE1-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged [PE1-Ten-GigabitEthernet1/0/1] quit # Configure the network-side port (Ten-GigabitEthernet 1/0/2) as a trunk port. [PE1] interface ten-gigabitethernet 1/0/2 [PE1-Ten-GigabitEthernet1/0/2] port link-type trunk # Assign Ten-GigabitEthernet 1/0/2 to VLAN 100. [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-Ten-GigabitEthernet1/0/2] quit Configure PE 2:...
  • Page 263 [PE3-Ten-GigabitEthernet1/0/2] port trunk permit vlan 200 [PE3-Ten-GigabitEthernet1/0/2] quit Configure PE 4: # Create VLANs 6 and 200. <PE4> system-view [PE4] vlan 6 [PE4-vlan6] quit [PE4] vlan 200 [PE4-vlan200] quit # Configure the network-side port (Ten-GigabitEthernet 1/0/1) as a trunk port. [PE4] interface ten-gigabitethernet 1/0/1 [PE4-Ten-GigabitEthernet1/0/1] port link-type trunk # Assign Ten-GigabitEthernet 1/0/1 to VLAN 200.

  • Page 264: Configuring Lldp

    Configuring LLDP Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
  • Page 265 LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or Subnetwork Access Protocol (SNAP) frames. • LLDP frame encapsulated in Ethernet II Figure 84 Ethernet II-encapsulated LLDP frame Table 21 Fields in an Ethernet II-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised.
  • Page 266 Figure 85 SNAP-encapsulated LLDP frame Table 22 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as Destination MAC address that for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.
  • Page 267 Table 23 Basic management TLVs Type Description Remarks Chassis ID Specifies the bridge MAC address of the sending device. Specifies the ID of the sending port: • If the LLDPDU carries LLDP-MED TLVs, the port ID Port ID TLV carries the MAC address of the sending port. Mandatory.
  • Page 268 Type Description Quantized Congestion Notification. NOTE: • HPE devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs Table 25 IEEE 802.3 organizationally specific TLVs...

  • Page 269: Working Mechanism

    Type Description Allows a network device or terminal device to advertise the Network Policy VLAN ID of a port, the VLAN type, and the Layer 2 and Layer 3 priorities for specific applications. Allows a network device or terminal device to advertise power Extended Power-via-MDI supply capability.

  • Page 270: Protocols And Standards

    the token bucket mechanism to rate limit LLDP frames. For more information about the token bucket mechanism, see ACL and QoS Configuration Guide. LLDP automatically enables the fast LLDP frame transmission mechanism in either of the following cases: • A new LLDP frame is received and carries device information new to the local device. •...

  • Page 271: Performing Basic Lldp Configurations

    Performing basic LLDP configurations Enabling LLDP To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports. To use LLDP together with OpenFlow, you must enable LLDP globally on OpenFlow switches. To prevent LLDP from affecting topology discovery of OpenFlow controllers, disable LLDP on ports of OpenFlow instances.

  • Page 272: Setting The Lldp Reinitialization Delay

    Step Command Remarks Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface view, Layer interface-number 2/Layer 3 aggregate interface view, or IRF physical interface view. By default: • The nearest bridge agent • In Layer 2/Layer 3 Ethernet operates in txrx mode.

  • Page 273: Configuring The Advertisable Tlvs

    Step Command Remarks Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface view, Layer 2/Layer interface-number 3 aggregate interface view, or IRF physical interface view. • In Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] check-change-interval interval...
  • Page 274 Step Command Remarks • lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all | congestion-notification | port-vlan-id | link-aggregation | protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] | management-vid [ mvlan-id ] } | dot3-tlv { all | mac-physic |...
  • Page 275 Step Command Remarks • lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv By default: [ ipv6 ] [ ip-address | interface • loopback interface-number ] } | Nearest bridge agents can dot1-tlv { all | advertise all types of LLDP link-aggregation } | dot3-tlv TLVs (only link aggregation...

  • Page 276: Configuring The Management Address And Its Encoding Format

    Step Command Remarks • lldp agent nearest-nontpmr tlv-enable { basic-tlv { all | management-address-tlv By default: [ ipv6 ] [ ip-address ] | port-description | • Nearest non-TPMR bridge system-capability | agents do not advertise system-description | TLVs. system-name } | dot1-tlv { all | •...

  • Page 277: Setting Other Lldp Parameters

    Step Command Remarks Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface interface-type interface view, or Layer interface-number 2/Layer 3 aggregate interface view. • In Layer 2 Ethernet interface view or management Ethernet interface view: lldp [ agent { nearest-customer | By default: nearest-nontpmr } ] tlv-enable •...

  • Page 278: Setting An Encapsulation Format For Lldp Frames

    Step Command Remarks Enter system view. system-view Set the TTL multiplier. The default setting is 4. lldp hold-multiplier value Set the LLDP frame The default setting is 30 lldp timer tx-interval interval transmission interval. seconds. Set the token bucket size for The default setting is 5.

  • Page 279: Disabling Lldp Pvid Inconsistency Check

    Disabling LLDP PVID inconsistency check By default, when the system receives an LLDP packet, it compares the PVID value contained in packet with the PVID configured on the receiving interface. If the two PVIDs do not match, a log message will be printed to notify the user. You can disable PVID inconsistency check if different PVIDs are required on a link.

  • Page 280: Configuration Prerequisites

    Configuration prerequisites Before you configure CDP compatibility, complete the following tasks: • Globally enable LLDP. • Enable LLDP on the port connecting to a CDP device. • Configure LLDP to operate in TxRx mode on the port. Configuration procedure CDP-compatible LLDP operates in one of the following modes: •...

  • Page 281: Displaying And Maintaining Lldp

    Step Command Remarks Enter system view. system-view Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface view, Layer interface interface-type interface-number 2/Layer 3 aggregate interface view, or IRF physical interface view. • In Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] notification...

  • Page 282: Lldp Configuration Examples

    LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure 87, enable LLDP globally on Switch A and Switch B to perform the following tasks: • Monitor the link between Switch A and Switch B on the NMS. •...
  • Page 283 [SwitchB-Ten-GigabitEthernet1/0/1] quit Verifying the configuration # Verify the following items: • Ten-GigabitEthernet 1/0/1 of Switch A connects to a MED device. • Ten-GigabitEthernet 1/0/2 of Switch A connects to a non-MED device. • Both ports operate in Rx mode, and they can receive LLDP frames but cannot send LLDP frames.
  • Page 284 Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 21 Number of received unknown TLV : 3 LLDP agent nearest-nontpmr:...
  • Page 285 LLDP status information of port 1 [Ten-GigabitEthernet1/0/1]: LLDP agent nearest-bridge: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 5...

  • Page 286: Cdp-Compatible Lldp Configuration Example

    Number of sent optional TLV Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV...
  • Page 287 # Enable LLDP globally, and enable CDP compatibility globally. [SwitchA] lldp global enable [SwitchA] lldp compliance cdp # Enable LLDP on Ten-GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] lldp enable # Configure LLDP to operate in TxRx mode on Ten-GigabitEthernet 1/0/1. [SwitchA-Ten-GigabitEthernet1/0/1] lldp admin-status txrx # Configure CDP-compatible LLDP to operate in TxRx mode on Ten-GigabitEthernet 1/0/1.

  • Page 288: Configuring L2Pt

    Layer 2 protocol calculation, which is transparent to the service provider network. • Isolates Layer 2 protocol packets from different customer networks through different VLANs. HPE devices support L2PT for the following protocols: • CDP. •...

  • Page 289: L2Pt Operating Mechanism

    • PVST. • STP (including STP, RSTP, and MSTP). • UDLD. • VTP. L2PT operating mechanism As shown in Figure 90, L2PT operates as follows: • When a port of PE 1 receives a Layer 2 protocol packet from the customer network in a VLAN, it performs the following operations: Multicasts the packet out of all customer-facing ports in the VLAN except the receiving port.

  • Page 290: L2Pt Configuration Task List

    Figure 91 L2PT network diagram L2PT configuration task list Tasks at a glance (Required.) Enabling L2PT (Optional.) Setting the destination multicast MAC address for tunneled packets Enabling L2PT Restrictions and guidelines • Before you enable L2PT for a Layer 2 protocol on a port, perform the following tasks: Enable the protocol on the connected CE, and disable the protocol on the port.

  • Page 291: Setting The Destination Multicast Mac Address For Tunneled Packets

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-type interface-number • Layer Ethernet interface view: l2protocol { cdp | dldp | eoam | gvrp | lacp | lldp | mvrp | pagp | pvst | stp | udld | vtp } tunnel By default, L2PT is Enable L2PT for a...

  • Page 292: L2Pt Configuration Examples

    L2PT configuration examples Configuring L2PT for STP Network requirements As shown in Figure 92, the MAC addresses of CE 1 and CE 2 are 00e0-fc02-5800 and 00e0-fc02-5802, respectively. MSTP is enabled in Customer A's network, and default MSTP settings are used. Perform the following tasks on the PEs: •...

  • Page 293: Configuring L2Pt For Lacp

    [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan all [PE1-Ten-GigabitEthernet1/0/2] quit Configure PE 2 in the same way PE 1 is configured. (Details not shown.) Verifying the configuration # Verify that the root bridge of Customer A's network is CE 1. <CE2> display stp root MST ID Root Bridge ID ExtPathCost IntPathCost Root Port...

  • Page 294: Configuration Procedures

    • For packets from any VLAN to be transmitted, configure all ports in the service provider network as trunk ports. Configuration procedures Configure CE 1: # Configure Layer 2 aggregation group Bridge-Aggregation 1 to operate in dynamic aggregation mode. <CE1> system-view [CE1] interface bridge-aggregation 1 [CE1-Bridge-Aggregation1] port link-type access [CE1-Bridge-Aggregation1] link-aggregation mode dynamic...
  • Page 295 # Enable L2PT for LACP on Ten-GigabitEthernet 1/0/2. [PE1-Ten-GigabitEthernet1/0/2] l2protocol lacp tunnel dot1q [PE1-Ten-GigabitEthernet1/0/2] quit Configure PE 2 in the same way PE 1 is configured. (Details not shown.) Verifying the configuration # Verify that CE 1 and CE 2 have completed Ethernet link aggregation successfully. [CE1] display link-aggregation member-port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing,...
  • Page 296 Ten-GigabitEthernet1/0/1: Aggregate Interface: Bridge-Aggregation1 Local: Port Number: 3 Port Priority: 32768 Oper-Key: 1 Flag: {ACDEF} Remote: System ID: 0x8000, 0001-0000-0000 Port Number: 3 Port Priority: 32768 Oper-Key: 1 Flag: {ACDEF} Received LACP Packets: 23 packet(s) Illegal: 0 packet(s) Sent LACP Packets: 26 packet(s) Ten-GigabitEthernet1/0/2: Aggregate Interface: Bridge-Aggregation1 Local:...

  • Page 297: Configuring Cut-Through Forwarding

    Configuring cut-through forwarding A cut-through forwarding-enabled device forwards a frame after it receives the first 64 bytes of the frame. This feature reduces the transmission time of a frame and enhances forwarding performance. To configure cut-through forwarding: Step Command Remarks Enter system view.

  • Page 298: Configuring Service Loopback Groups

    Configuring service loopback groups A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: •...

  • Page 299: Displaying And Maintaining Service Loopback Groups

    Displaying and maintaining service loopback groups Execute display commands in any view. Task Command Display information about service loopback groups. display service-loopback group [ group-id ] Service loopback group configuration example Network requirements All Ethernet ports on Device A support the tunnel service. Assign Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to a service loopback group to loop GRE packets sent out by the device back to the device.

  • Page 300: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values. Italic Square brackets enclose syntax choices (keywords or arguments) that are optional.

  • Page 301: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 302: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 303: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 304 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 305: Index

    Index MAC Information queue length, Numerics advertising 1:1 VLAN mapping LLDP advertisable TLV, application scenario, 233, 233 voice VLAN advertisement (CDP), configuration, 238, 245 voice VLAN advertisement (LLDP), implementation, 235, 236 voice VLAN information advertisement to IP 1:2 VLAN mapping phones, application scenario, 233, 234...
  • Page 306 voice VLAN assignment mode configuration spanning tree loop guard, (automatic), spanning tree root bridge, voice VLAN LLDP automatic IP phone spanning tree root bridge (device), discovery enable, spanning tree root guard, voice VLAN port operation configuration spanning tree secondary root bridge (device), (automatic assignment), STP designated bridge, AutoMDIX mode (Ethernet interface),...
  • Page 307 Ethernet aggregate interface, L2PT for LACP, Ethernet aggregate interface (description), L2PT for STP, Ethernet aggregate interface (Layer 3 Layer 2 forwarding (cut-through), edge), LLDP, 254, 260, 272 Ethernet interface, LLDP (CDP-compatible), Ethernet interface (Layer 2), LLDP advertisable TLVs, Ethernet interface (Layer 3), LLDP basics, 261, 272 Ethernet interface basic settings,...
  • Page 308 protocol-based VLAN, 160, 167 voice VLAN port operation (automatic assignment), PVST, 104, 137 voice VLAN port operation (manual QinQ, 223, 229 assignment), QinQ basics, voice VLAN traffic QoS priority settings, QinQ CVLAN tag TPID value, connecting QinQ SVLAN tag TPID value, Ethernet interface cable connection (Layer 2), QinQ VLAN tag TPID value, voice VLAN host+IP phone connection (in...
  • Page 309 LLDP parameters, loop detection, loop protection actions, MAC address table, MSTP implementation, MVRP, MVRP configuration, 206, 209, 212 port isolation, PVST BPDU guard, private VLAN, spanning tree BPDU drop, QinQ, service loopback group, spanning tree BPDU guard, spanning tree Digest Snooping, 120, 121 spanning tree, spanning tree dispute guard,...
  • Page 310 enabling LLDP frame encapsulation (Ethernet II), conversational remote MAC learning, LLDP frame encapsulation (SNAP), Ethernet interface auto power-down, LLDP frame encapsulation format, Ethernet interface bridging (Layer 2), VLAN frame encapsulation, Ethernet interface EEE, Energy Efficient Ethernet. See EEE Ethernet interface energy-saving features, energy-saving features, Ethernet interface loopback testing, entry...
  • Page 311 port isolation configuration, 78, 79 configuration, 41, 48, 64 port-based VLAN assignment (access configuration types, port), display, port-based VLAN assignment (hybrid dynamic mode, port), edge aggregate interface, 48, 55 port-based VLAN assignment (trunk port), group (Layer 3 dynamic), port-based VLAN configuration, group (Layer 3 static), private VLAN configuration, 176, 177, 179...
  • Page 312 external STP TCN BPDU protocol frames, Ethernet interface external loopback testing, VLAN frame encapsulation, fast GARP MAC address table ARP fast update, VLAN Registration Protocol. Use GVRP fiber port generating Ethernet interface fiber port (Layer 2), conversational remote MAC learning, flow control generic flow control (Ethernet interface), Ethernet interface generic flow control,...
  • Page 313 voice VLAN IP phone identification voice VLAN assignment mode+IP phone (LLDP), cooperation, voice VLAN IP phone identification (OUI voice VLAN host+IP phone connection (in address), series), ignored VLAN voice VLAN identification (LLDP), Layer 2 aggregate interface, voice VLAN identification (OUI address), implementing voice VLAN information advertisement, 1:1 VLAN mapping,...
  • Page 314 Ethernet link aggregate interface (Layer 2 L2PT configuration, 278, 282 edge), L2PT display, Ethernet link aggregate interface default L2PT enable, settings, L2PT enable restrictions, Ethernet link aggregate interface L2PT for LACP configuration, shutdown, L2PT for STP configuration, Ethernet link aggregation (dynamic mode), L2PT maintain, Ethernet link aggregation (Layer 2 LLDP basic concepts,...
  • Page 315 private VLAN promiscuous port voice VLAN display, configuration, voice VLAN LLDP automatic IP phone discovery private VLAN trunk promiscuous port enable, configuration, voice VLAN port operation configuration private VLAN trunk promiscuous+secondary (automatic assignment), port configuration, voice VLAN port operation configuration (manual protocol-based VLAN configuration, 160, 167 assignment),...
  • Page 316 Ethernet link aggregate group Selected ports loop detection no-learning action, min/max, MAC address, Ethernet link aggregate interface (expected MAC address learning disable, bandwidth), MAC address table learning limit, Ethernet link aggregate interface default MAC address table learning priority, settings, MST learning port state, Ethernet link aggregate interface legacy shutdown,...
  • Page 317 operating mode set, logging parameter set, spanning tree TC BPDU event logging (PVST mode), polling enable, loop protocols and standards, MSTP configuration, reinitialization delay, PVST configuration, trapping configuration, spanning tree configuration, 81, 102, 133 voice VLAN advertisement, spanning tree loop guard, voice VLAN information advertisement to IP phones, loop detection...
  • Page 318 network-side port (static IP address mode configuration, assignment), queue length setting, MAC address table MAC relay (LLDP agent), address learning, MAC-based VLAN address synchronization, assignment (dynamic), ARP fast update enable, assignment (static), blackhole entry, configuration, 154, 164 configuration, 22, 23, 35 configuration (server-assigned), conversational remote MAC learning dynamic assignment,...
  • Page 319 MRP Leave, timers, MRP LeaveAll, MRP New, region max hops, MRP timers, MSTI calculation, LLDP basic configuration, 261, 272 MRP, LLDP configuration, 254, 260, 272 MST instance, mode MSTP, See also Ethernet interface Auto MDIX (Layer 2), basic concepts, Ethernet interface link, CIST, Ethernet interface MDI (Layer 2), CIST calculation,...
  • Page 320 GVRP compatibility, Ethernet link aggregation (Layer 3 dynamic), maintain, Ethernet link aggregation (Layer 3 static), MRP implementation, Ethernet link aggregation (static mode), protocols and standards, Ethernet link aggregation configuration types, registration mode setting, Ethernet link aggregation edge aggregate interface, registration modes, Ethernet link aggregation LACP, timer set, Ethernet link aggregation load sharing (Layer...
  • Page 321 MAC address move suppression, QinQ VLAN transparent transmission configuration, MAC address table address synchronization, RSTP basic concepts, MAC address table ARP fast update, RSTP network convergence, MAC address table blackhole entry, RSTP port role, MAC address table dynamic aging timer, RSTP port state, MAC address table entry configuration, secondary VLAN Layer 3 communication...
  • Page 322 VLAN interface, service loopback group configuration, VLAN mapping 1:1 implementation, spanning tree configuration, 81, 102, 133 VLAN mapping 1:2 implementation, super VLAN configuration, VLAN mapping 2:2 implementation, VLAN configuration, 148, 162 VLAN mapping M:1 implementation, VLAN mapping configuration, 233, 238, 245 VLAN port-based configuration, voice VLAN configuration, 192, 196...
  • Page 323 parameter Ethernet link aggregation group (Layer 2 static), 49, 50 spanning tree timeout factor, Ethernet link aggregation group (Layer 2), Ethernet link aggregation group (Layer 3 L2PT configuration, 278, 280, 282 dynamic), L2PT for LACP configuration, Ethernet link aggregation group (Layer 3 L2PT for STP configuration, static), per-flow load sharing,...
  • Page 324 loop detection protection action setting, STP rapid transition, loop detection protection actions, STP root port, loop detection status auto recovery, STP root port rapid transition, M:1 VLAN mapping customer-side port VLAN port link type, (dynamic IP address assignment), voice VLAN port operation configuration M:1 VLAN mapping customer-side port (static (automatic assignment), IP address assignment),...
  • Page 325 assigning MAC address table learning priority configuring Ethernet link aggregation (Layer 3 to interface, static), assigning port isolation group (multiple configuring Ethernet link aggregation edge ports), aggregate interface, assigning port-based VLAN access port, configuring Ethernet link aggregation group, assigning port-based VLAN access port configuring Ethernet link aggregation group (interface view), (Layer 2 dynamic),...
  • Page 326 configuring M:1 VLAN mapping customer-side configuring spanning tree BPDU transmission port (dynamic IP address assignment), rate, configuring M:1 VLAN mapping customer-side configuring spanning tree device priority, port (static IP address assignment), configuring spanning tree Digest configuring M:1 VLAN mapping network-side Snooping, 120, 121 port (dynamic IP address assignment),...
  • Page 327 disabling MAC address learning (global), enabling MAC address table ARP fast update, disabling MAC address learning (on enabling MAC address table move notification, interface), enabling MAC address table SNMP disabling MAC address learning (on notification, VLAN), enabling MAC Information, disabling MAC address table static source enabling MVRP, check, enabling MVRP GVRP compatibility,...
  • Page 328 setting Ethernet interface connection distance specifying link aggregation management (Layer 2), subnet, 62, 62 setting Ethernet interface MAC address specifying link aggregation management (Layer 3), VLAN+management port, 61, 61 setting Ethernet interface MDIX mode (Layer specifying spanning tree port path cost calculation standard, setting Ethernet interface MTU (Layer 3), splitting Ethernet interface (40-GE),...
  • Page 329 basic configuration, Ethernet interface storm suppression, configuration, 223, 229 Ethernet link aggregation BFD configuration, configuration restrictions, Ethernet link aggregation group, CVLAN tag, Ethernet link aggregation traffic redirection, display, L2PT enable, enable, Layer 2 Ethernet interface fiber port, how it works, Layer 2 Ethernet interface storm control configuration, implementation,...
  • Page 330 MAC-based VLAN configuration Ethernet link aggregate group Selected ports (server-assigned), min/max, protocol-based VLAN configuration, 160, 167 Ethernet link aggregate interface (expected bandwidth), voice VLAN configuration, 192, 196, 202 Ethernet link aggregation load sharing mode voice VLAN IP phone access method, (global), RSTP, See also...
  • Page 331 BPDU guard configuration, Ethernet interface state change suppression, BPDU transmission rate configuration, Ethernet link aggregation member port state, 41, 43, 46 BPDU transparent transmission (on port), static configuration, 81, 102, 133 Ethernet link aggregation (Layer 2), device priority configuration, Ethernet link aggregation (Layer 3), Digest Snooping, 120, 121 Ethernet link aggregation (static mode),...
  • Page 332 subinterface, Ethernet subinterface M:1 VLAN mapping configuration (dynamic IP See also address assignment), subnetting M:1 VLAN mapping configuration (static IP IP subnet-based VLAN address assignment), configuration, 159, 166 QinQ CVLAN, sub-VLAN QinQ SVLAN, creation, QinQ SVLAN tag 802.1p priority, super VLAN QinQ VLAN tag TPID value, configuration, 171, 171, 173...
  • Page 333 STP TCN BPDU protocol frames, L2PT for STP configuration, traffic Layer 2 Ethernet aggregate interface (ignored VLAN), Ethernet link aggregation traffic redirection, link aggregation management subnet, private VLAN configuration, 177, 179 link aggregation management voice VLAN traffic QoS priority settings, VLAN+management port, transmitting LLDP CDP compatibility,...
  • Page 334 voice VLAN advertisement (LLDP), assignment mode+IP phone cooperation, voice VLAN assignment mode configuration configuration, 192, 196, 202 (automatic), display, voice VLAN assignment mode configuration host+IP phone connection (in series), (manual), information advertisement to IP phone, voice VLAN configuration, 192, 196, 202 IP phone access method, voice VLAN host+IP phone connection (in IP phone identification (LLDP),...

Table of Contents