Contents Configuring Ethernet interfaces ··························································· 1 Ethernet interface naming conventions ··························································································· 1 Configuring a management Ethernet interface ·················································································· 1 Configuring common Ethernet interface settings ··············································································· 1 Splitting a 40-GE interface and combining 10-GE breakout interfaces ············································· 2 ...
Page 4
Enabling MAC address synchronization ························································································ 30 Configuring MAC address move notifications and suppression ·························································· 31 Enabling ARP fast update for MAC address moves ········································································· 32 Disabling static source check ······································································································ 33 Enabling conversational remote MAC learning ··············································································· 34 ...
Page 5
Excluding a subnet from load sharing on aggregate links ·································································· 62 Displaying and maintaining Ethernet link aggregation ······································································ 63 Ethernet link aggregation configuration examples ··········································································· 64 Layer 2 static aggregation configuration example ····································································· 64 Layer 2 dynamic aggregation configuration example ································································· 66 ...
Page 6
Configuration procedure ··································································································· 112 Configuring path costs of ports ·································································································· 112 Specifying a standard for the device to use when it calculates the default path cost ······················· 113 Configuring path costs of ports ··························································································· 115 Configuration example ······································································································ 115 ...
Page 7
Setting the loop detection interval ······························································································ 144 Displaying and maintaining loop detection ··················································································· 145 Loop detection configuration example ························································································ 145 Network requirements ······································································································ 145 Configuration procedure ··································································································· 145 Verifying the configuration ································································································· 146 Configuring VLANs ······································································· 148 ...
Page 8
IP phone access methods ········································································································ 193 Connecting the host and the IP phone in series ····································································· 193 Connecting the IP phone to the device ················································································· 194 Voice VLAN assignment modes ································································································ 194 Automatic mode ·············································································································· 194 ...
Configuring Ethernet interfaces The Switch Series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide. This chapter describes how to configure management Ethernet interfaces and Ethernet interfaces. Ethernet interface naming conventions The Ethernet interfaces are named in the format of interface type A/B/C.
• 40-GE interfaces FortyGigE 1/0/1 through FortyGigE 1/0/4 and FortyGigE 1/0/29 through FortyGigE 1/0/32 on an HPE FlexFabric 5940 32QSFP+ Switch (JH396A) switch do not support one-to-four splitting. • 100-GE interfaces on an HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch (JH390A) or HPE FlexFabric 5940 48XGT 6QSFP28 Switch (JH391A) switch do not support one-to-four splitting.
After the using fortygige command is successfully configured, you do not need to reboot the switch. You can view the 40-GE interface by using the display interface brief command. After you combine the four 10-GE breakout interfaces, replace the dedicated 1-to-4 cable with a dedicated 1-to-1 cable or a 40-GE transceiver module.
Step Command Remarks Restore the default settings for the Ethernet default interface. By default, Ethernet interfaces are in up state. Bring up the Ethernet undo shutdown The loopback, shutdown ,and port interface. up-mode commands are mutually exclusive. Configuring an Ethernet subinterface Step Command Remarks...
Configuring jumbo frame support An Ethernet interface might receive frames larger than the standard Ethernet frame size during high-throughput data exchanges, such as file transfers. These frames are called jumbo frames. The Ethernet interface processes jumbo frames in the following ways: •...
Step Command Remarks Enter system view. system-view Enter Ethernet interface interface-type interface view. interface-number By default, the link-down or link-up event is immediately reported to the CPU. Configure physical link-delay [ msec ] state change delay-time [ mode { up | If you configure this command multiple times on suppression.
Configuring generic flow control on an Ethernet interface To avoid dropping packets on a link, you can enable generic flow control at both ends of the link. When traffic congestion occurs at the receiving end, the receiving end sends a flow control (Pause) frame to ask the sending end to suspend sending packets.
• The Enabled and Disabled fields in other cells are possible negotiation results. Make sure all interfaces that a data flow passes through have the same PFC configuration. Table 1 PFC configurations and negotiation results Local (right) enable auto Default Peer (below) Enabled Enabled.
Enabling auto power-down on an Ethernet interface When an Ethernet interface with auto power-down enabled has been down for a certain period of time, both of the following events occur: • The device automatically stops supplying power to the Ethernet interface. •...
Configuring storm suppression The storm suppression feature ensures that the size of a particular type of traffic (broadcast, multicast, or unknown unicast traffic) does not exceed the threshold on an interface. When the broadcast, multicast, or unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the traffic drops below this threshold.
Configuring a Layer 2 Ethernet interface Configuring storm control on an Ethernet interface About storm control Storm control compares broadcast, multicast, and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet interface. For each type of traffic, storm control provides a lower threshold and an upper threshold.
Step Command Remarks Set the control action to take when monitored traffic storm-constrain control { block By default, storm control is exceeds the upper | shutdown } disabled. threshold. (Optional.) Enable the By default, the Ethernet interface Ethernet interface to output outputs log messages when log messages when it monitored traffic exceeds the...
Page 23
Figure 1 Forcibly bring up a fiber port When Ethernet interfaces Correct fiber When Ethernet interfaces cannot be or are not forcibly connection are forcibly brought up brought up Device A Device A Device A Device B Device B Device B Fiber port Tx end Rx end...
Setting the MDIX mode of an Ethernet interface IMPORTANT: Fiber ports do not support the MDIX mode setting. A physical Ethernet interface has eight pins, each of which plays a dedicated role. For example, pins 1 and 2 transmit signals, and pins 3 and 6 receive signals. You can use both crossover and straight-through Ethernet cables to connect copper Ethernet interfaces.
NOTE: Fiber ports do not support this feature. This feature tests the cable connection of an Ethernet interface and displays cable test result within 5 seconds. The test result includes the cable's status and some physical parameters. If any fault is detected, the test result shows the length from the local port to the faulty point.
Configuring a Layer 3 Ethernet interface or subinterface Setting the MTU for an Ethernet interface or subinterface The maximum transmission unit (MTU) of an Ethernet interface affects the fragmentation and reassembly of IP packets on the interface. Typically, you do not need to modify the MTU of an interface.
Page 27
Task Command display counters { inbound | outbound } interface Display interface traffic statistics. [ interface-type [ interface-number | interface-number.subnumber ] ] Display traffic rate statistics of interfaces display counters rate { inbound | outbound } interface in up state over the last statistics polling [ interface-type [ interface-number | interval.
Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.
applying an ACL. For example, if you specify a null interface as the next hop of a static route to a network segment, any packets routed to the network segment are dropped. To configure a null interface: Step Command Remarks Enter system view.
Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces. Configuration restrictions and guidelines When you bulk configure interfaces in interface range view, follow these restrictions and guidelines: •...
Step Command Remarks • interface range { interface-type interface-number [ to By using the interface range name interface-type command, you assign a name to an interface-number ] } &<1-24> Enter interface range interface range and can specify this view. • interface range name name name rather than the interface range [ interface { interface-type...
Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table. •...
• Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.
Tasks at a glance (Optional.) Enabling conversational remote MAC learning (Optional.) Enabling SNMP notifications for the MAC address table Configuring MAC address entries Configuration guidelines • A manually configured dynamic MAC address entry will overwrite a learned entry that already exists with a different outgoing interface for the MAC address.
Adding or modifying a static or dynamic MAC address entry on an interface Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number...
Figure 2 NLB cluster You can configure a multiport unicast MAC address entry globally or on an interface. Configuring a multiport unicast MAC address entry globally Step Command Remarks Enter system view. system-view By default, no multiport unicast MAC address entry is configured mac-address multiport globally.
After MAC address learning is disabled, the device immediately deletes existing dynamic MAC address entries. Disabling global MAC address learning Global MAC address learning does not take effect on a VXLAN VSI. For information about VXLAN VSIs, see VXLAN Configuration Guide. To disable global MAC address learning: Step Command...
Setting the aging timer for dynamic MAC address entries For security and efficient use of table space, the MAC address table uses an aging timer for each dynamic MAC address entry. If a dynamic MAC address entry is not updated before the aging timer expires, the device deletes the entry.
Configuring the unknown frame forwarding rule after the MAC learning limit is reached You can enable or disable forwarding of unknown frames after the MAC learning limit is reached. To configure the device to forward unknown frames received on the interface after the MAC learning limit on the interface is reached: Step Command...
Enabling MAC address synchronization To avoid unnecessary floods and improve forwarding speed, make sure all member devices have the same MAC address table. After you enable MAC address synchronization, each member device advertises learned MAC address entries to other member devices. As shown in Figure •...
Figure 4 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization: Step Command Remarks Enter system view. system-view Enable MAC address By default, MAC address mac-address mac-roaming synchronization. synchronization is disabled. enable Configuring MAC address move notifications and suppression The outgoing interface for a MAC address entry learned on interface A is changed to interface B...
To configure MAC address move notifications and MAC address move suppression: Step Command Remarks Enter system view. system-view By default, MAC address move notifications are disabled. If you do not specify a detection interval, the default setting of 1 minute is used. Enable MAC address move After you execute this command, the notifications and optionally...
Figure 5 ARP fast update application scenario Switch XGE1/0/1 XGE1/0/2 AP 1 AP 2 Laptop To enable ARP fast update for MAC address moves: Step Command Remarks Enter system view. system-view Enable ARP fast update for By default, ARP fast update for mac-address mac-move MAC address moves.
For more information about SNMP and information center configuration, see the network management and monitoring configuration guide for the device. To enable SNMP notifications for the MAC address table: Step Command Remarks Enter system view. system-view By default, SNMP notifications are enabled for the MAC address table.
Figure 6 Network diagram Configuration procedure # Add a static MAC address entry for MAC address 000f-e235-dc71 on Ten-GigabitEthernet 1/0/1 that belongs to VLAN 1. <Device> system-view [Device] mac-address static 000f-e235-dc71 interface ten-gigabitethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1. [Device] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer to 500 seconds for dynamic MAC address entries.
Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor user's leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.
Setting the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value. To set the MAC change notification interval: Step Command Remarks Enter system view.
correctly to the log host. The logging facility name and the severity level are configured by using the info-center loghost and info-center source commands, respectively. Configuration procedure Configure Device to send syslog messages to Host B: # Enable the information center. <Device>...
Page 50
Learns a new MAC address. Deletes an existing MAC address. [Device] interface ten-gigabitethernet 1/0/1 [Device-Ten-GigabitEthernet1/0/1] mac-address information enable added [Device-Ten-GigabitEthernet1/0/1] mac-address information enable deleted [Device-Ten-GigabitEthernet1/0/1] quit # Set the MAC Information queue length to 100. [Device] mac-address information queue-length 100 # Set the MAC change notification interval to 20 seconds.
Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
Its aggregate interface is configured as an edge aggregate interface. The port has not received Link Aggregation Control Protocol Data Units (LACPDUs) from its peer port. Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode.
NOTE: • The protocol configurations for an aggregate interface take effect only on the current aggregate interface. • The protocol configurations for a member port take effect only when the port leaves its aggregation group. Link aggregation modes An aggregation group operates in one of the following modes: •...
Figure 9 Setting the aggregation state of a member port in a static aggregation group After the limit on Selected ports is reached, the aggregation state of a new member port varies by following conditions: • The port is placed in Unselected state if the port and the Selected ports have the same port priority.
LACP LACP uses LACPDUs to exchange aggregation information between LACP-enabled devices. Each member port in a dynamic aggregation group can exchange information with its peer. When a member port receives an LACPDU, it compares the received information with information received on the other member ports.
• Long timeout interval—90 seconds. If you use the long timeout interval, the peer sends one LACPDU every 30 seconds. How dynamic link aggregation works Choosing a reference port The system chooses a reference port from the member ports in up state. A Selected port must have the same operational key and attribute configurations as the reference port.
Page 57
Figure 10 Setting the state of a member port in a dynamic aggregation group The system with the greater system ID can detect the aggregation state changes on the peer system. The system with the greater system ID sets the aggregation state of local member ports the same as their peer ports.
Edge aggregate interface Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device. The device forwards traffic by using only one of the physical ports that are connected to the server. To improve link reliability, configure the aggregate interface as an edge aggregate interface.
Tasks at a glance (Optional.) Configuring load sharing for link aggregation groups: • Setting load sharing modes for link aggregation groups • Enabling local-first load sharing for link aggregation • Configuring link aggregation load sharing algorithm settings • Setting the global load sharing mode for MAC-in-MAC traffic (Optional.) Enabling link-aggregation traffic redirection (Optional.)
Page 60
Step Command Remarks When you create a Layer 2 Create a Layer 2 aggregate aggregate interface, the system interface bridge-aggregation interface and enter Layer 2 automatically creates a Layer 2 interface-number aggregate interface view. static aggregation group numbered the same. Exit to system view.
Step Command Remarks By default, the long LACP timeout interval (90 seconds) is used by the interface. To avoid traffic interruption during Set the short LACP timeout an ISSU, do not set the short interval (3 seconds) for the lacp period short LACP timeout interval before interface.
Step Command Remarks Configure the aggregation By default, an aggregation group group to operate in dynamic link-aggregation mode dynamic operates in static mode. mode. Exit to system view. quit Enter Layer 3 Ethernet interface view: interface interface-type Repeat these two substeps to Assign an interface to the interface-number assign more Layer 3 Ethernet...
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface-number interface or subinterface • Enter Layer 3 aggregate view. interface or subinterface view: interface route-aggregation { interface-number | interface-number.subnumber } Configure the By default, the description of an description of the interface is interface-name description text...
Setting the MTU for a Layer 3 aggregate interface The MTU of an interface affects IP packets fragmentation and reassembly on the interface. To set the MTU for a Layer 3 aggregate interface: Step Command Remarks Enter system view. system-view Enter Layer 3 aggregate interface route-aggregation interface or subinterface...
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface interface-number view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Set the minimum number of By default, the minimum number link-aggregation selected-port Selected ports for the of Selected ports is not specified minimum min-number aggregation group.
Step Command Remarks • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface interface-number view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number Configure the aggregate By default, an aggregate interface interface as an edge does not operate as an edge lacp edge-port aggregate interface.
Configuration procedure To enable BFD for an aggregation group: Step Command Remarks Enter system view. system-view • Enter Layer 2 aggregate interface view: interface bridge-aggregation Enter aggregate interface interface-number view. • Enter Layer 3 aggregate interface view: interface route-aggregation interface-number By default, BFD is disabled for an aggregation group.
Step Command • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter aggregate interface view. • Enter Layer 3 aggregate interface or subinterface view: interface route-aggregation { interface-number | interface-number.subnumber } Restore the default settings for the default aggregate interface. Configuring load sharing for link aggregation groups This section explains how to configure the load sharing modes for link aggregation groups and how...
Step Command Remarks link-aggregation load-sharing mode { { destination-ip | By default, the group-specific Set the load sharing mode destination-mac | destination-port | load sharing mode is the same for the aggregation group. source-ip | source-mac } * | as the global load sharing mode. flexible } Enabling local-first load sharing for link aggregation Use local-first load sharing in a multidevice link aggregation scenario to distribute traffic preferentially...
This feature takes effect only when the per-flow load sharing mode is used and the per-flow load sharing mode does not use the following traffic classification criteria: • Source IP address. • Destination IP address. • Source MAC address. • Destination MAC address.
group-specific link-aggregation traffic redirection is not configured, the group uses the global link-aggregation traffic redirection settings. Configuration restrictions and guidelines When you enable link-aggregation traffic redirection, follow these restrictions and guidelines: • Link-aggregation traffic redirection applies only to dynamic link aggregation groups. •...
This task excludes the traffic in the specified VLANs from the load sharing mechanism on the aggregate link. An aggregation group can have only one management port. If you specify multiple ports in an aggregation group as management ports, the system chooses the port with the lowest port number as the management port.
Figure 12 Link aggregation scenario before management subnets are used You can configure a maximum of 20 management subnets. To ensure correct packet forwarding, delete all ARP entries of a subnet before you specify it as a management subnet or after you remove it from the management subnet list. If you are using link aggregation management subnets, do not use ARP snooping.
-------------------------------------------------------------------------------- XGE1/0/1 32768 XGE1/0/2 32768 XGE1/0/3 32768 The output shows that link aggregation group 1 is a Layer 2 static aggregation group that contains three Selected ports. Layer 2 dynamic aggregation configuration example Network requirements On the network shown in Figure 14, perform the following tasks: •...
Page 77
# Assign ports Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/1] quit [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/2] quit [DeviceA] interface ten-gigabitethernet 1/0/3 [DeviceA-Ten-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.
Layer 2 aggregation load sharing configuration example Network requirements On the network shown in Figure 15, perform the following tasks: • Configure Layer 2 static aggregation groups 1 and 2 on Device A and Device B, respectively. • Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.
Page 79
[DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/1] quit [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/2] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLAN 10. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10...
Layer 3 dynamic aggregation configuration example Network requirements On the network shown in Figure 18, perform the following tasks: • Configure a Layer 3 dynamic aggregation group on both Device A and Device B. • Configure IP addresses and subnet masks for the corresponding Layer 3 aggregate interfaces. Figure 18 Network diagram Configuration procedure Configure Device A:...
XGE1/0/4 32768 The output shows that: • Link aggregation groups 1 and 2 are both load-shared Layer 3 static aggregation groups. • Each aggregation group contains two Selected ports. # Display all the group-specific load sharing modes on Device A. [DeviceA] display link-aggregation load-sharing mode interface Route-Aggregation1 Load-Sharing Mode: source-ip address...
Page 87
[Device] interface ten-gigabitethernet 1/0/2 [Device-Ten-GigabitEthernet1/0/2] port link-aggregation group 1 [Device-Ten-GigabitEthernet1/0/2] quit Verifying the configuration # Display detailed information about all aggregation groups on the device when the server is not configured with dynamic link aggregation. [Device] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Port: A -- Auto port, M -- Management port, R -- Reference port Flags:...
Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group The device supports multiple isolation groups, which can be configured manually.
Port isolation configuration example Network requirements As shown in Figure • LAN users Host A, Host B, and Host C are connected to Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 on the device, respectively. • The device connects to the Internet through Ten-GigabitEthernet 1/0/4. Configure the device to provide Internet access for the hosts, and isolate them from one another at Layer 2.
Page 90
Port isolation group information: Group ID: 1 Group members: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 output shows that Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, Ten-GigabitEthernet 1/0/3 are assigned to isolation group 1. As a result, Host A, Host B, and Host C are isolated from one another at layer 2.
Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
Page 92
• Protocol ID—Fixed at 0x0000, which represents IEEE 802.1d. • Protocol version ID—Spanning tree protocol version ID. The protocol version ID for STP is 0x00. • BPDU type—Type of the BPDU. The value is 0x00 for a configuration BPDU. • Flags—An 8-bit field indicates the purpose of the BPDU.
Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called leaf nodes. The root bridge is not permanent, but can change with changes of the network topology.
Table 6 STP port states State Receives/sends BPDUs Learns MAC addresses Forwards use data Disabled Listening Learning Forwarding Blocking Receive Path cost Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust.
Page 95
Step Description The device compares the calculated configuration BPDU with the configuration BPDU on the port whose port role will be determined. Then, the device acts depending on the result of the comparison: • If the calculated configuration BPDU is superior, the device performs the following operations: Considers this port as the designated port.
Page 96
Figure 25 The STP algorithm As shown in Figure 25, the priority values of Device A, Device B, and Device C are 0, 1, and 2, respectively. The path costs of links among the three devices are 5, 10, and 4. Device state initialization.
Page 97
Table 9 Comparison process and result on each device Configuration BPDU Device Comparison process on ports after comparison Port A1 performs the following operations: Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}. Determines that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU.
Page 98
Configuration BPDU Device Comparison process on ports after comparison Port C1 performs the following operations: Receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}. Determines that the received configuration BPDU is superior to its existing configuration BPDU {2, 0, 2, Port C1}.
Page 99
Configuration BPDU Device Comparison process on ports after comparison Device C determines that the root path cost of Port C1 is larger than that of Port C2. The root path cost of Port C1 is 10, root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10).
• If a path fails, the root port on this path no longer receives new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. The device generates a configuration BPDU with itself as the root and sends the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.
• BPDU type—The value is 0x02 for RSTP BPDUs. • Flags—All 8 bits are used. • Version1 length—The value is 0x00, which means no version 1 protocol information is present. RSTP does not use TCN BPDUs to advertise topology changes. RSTP floods BPDUs with the TC flag set in the network to advertise topology changes.
Because each VLAN runs RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled HPE device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled HPE device supports fast network convergence like RSTP when connected to PVST-enabled HPE devices or third-party devices enabled with Rapid PVST.
• The destination MAC address of a PVST BPDU is 01-00-0c-cc-cc-cd, which is a private MAC address. • Each PVST BPDU carries a VLAN tag. The VLAN tag identifies the VLAN to which the PVST BPDU belongs. • The organization code and PID fields are added to the LLC header of the PVST BPDU. Figure 28 PVST BPDU format A port's link type determines the type of BPDUs the port sends.
MSTP provides the following features: • MSTP divides a switched network into multiple regions, each of which contains multiple spanning trees that are independent of one another. • MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance mapping table.
• CIST IRPC—Internal root path cost (IRPC) from the originating bridge to the root of the MST region. • CIST bridge ID—ID of the bridge that sends the MSTP BPDU. • CIST remaining ID—Remaining hop count. This field limits the scale of the MST region. The regional root sends a BPDU with the remaining hop count set to the maximum value.
Page 106
Figure 31 Network diagram and topology of MST region 3 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: •...
Page 107
The blue lines in Figure 30 represent the CST. An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 30, MSTI 0 is the IST in MST region 3.
MSTP calculation involves the following port roles: • Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. • Designated port—Forwards data to the downstream network segment or device. • Alternate port—Acts as the backup port for a root port or master port.
Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent. CIST calculation During the CIST calculation, the following process takes place: •...
Page 110
Figure 33 Edge port rapid transition Root port rapid transition When a root port is blocked, the bridge will elect the alternate port with the highest priority as the new root port. If the new root port's peer is in the forwarding state, the new root port immediately transits to the forwarding state.
Page 111
a. Device A sends a proposal BPDU to Device B through Port A1. b. Device B receives the proposal BPDU on Port B2. Port B2 is elected as the root port. c. Device B blocks its designated port Port B1 and alternate port Port B3 to eliminate loops. d.
Protocols and standards MSTP is documented in the following protocols and standards: • IEEE 802.1d, Media Access Control (MAC) Bridges • IEEE 802.1w, Part 3: Media Access Control (MAC) Bridges—Amendment 2: Rapid Reconfiguration • IEEE 802.1s, Virtual Bridged Local Area Networks—Amendment 3: Multiple Spanning Trees •...
STP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority • (Optional.) Configuring the network diameter of a switched network •...
Tasks at a glance (Optional.) Configuring protection features (Optional.) Enabling the device to log events of detecting or receiving TC BPDUs (Optional.) Enabling BPDU transparent transmission on a port (Optional.) Enabling SNMP notifications for new-root election and topology change events MSTP configuration task list Tasks at a glance Configuring the root bridge:...
Setting the spanning tree mode The spanning tree modes include: • STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP. • RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transits to the STP mode when it receives STP BPDUs from the peer device.
To configure an MST region: Step Command Remarks Enter system view. system-view Enter MST region view. stp region-configuration Configure the MST region The default setting is the MAC region-name name name. address. • Use one of the commands. instance instance-id vlan Configure the vlan-id-list By default, all VLANs in an MST...
Step Command Remarks • In STP/RSTP mode: stp root primary • In PVST mode: Configure the device as By default, the device is not a stp vlan vlan-id-list root primary the root bridge. root bridge. • In MSTP mode: stp [ instance instance-list ] root primary Configuring the device as a secondary root bridge of a specific spanning tree...
Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value. When a device receives this configuration BPDU, it decrements the hop count by one, and uses the new hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches zero, it is discarded by the device that received it.
its state after a forward delay timer. This ensures that the state transition of the local port stays synchronized with the peer. • Hello time—Interval at which the device sends configuration BPDUs to detect link failures. If the device does not receive configuration BPDUs within the timeout period, it recalculates the spanning tree.
Step Command Remarks • In STP/RSTP/MSTP mode: stp timer hello time Set the hello timer. • The default setting is 2 seconds. In PVST mode: stp vlan vlan-id-list timer hello time • In STP/RSTP/MSTP mode: stp timer max-age time Set the max age timer. •...
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. Configure the BPDU transmission rate of the The default setting is 10. stp transmit-limit limit ports. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.
Specifying a standard for the device to use when it calculates the default path cost CAUTION: If you change the standard that the device uses to calculate the default path costs, you restore the path costs to the default. You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards: •...
Page 124
Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard Aggregate interface containing four Selected 500000 1400 ports Single port 200000 Aggregate interface containing two Selected 100000 ports Aggregate interface 100 Mbps containing three Selected 66666 ports Aggregate interface containing four Selected 50000 ports...
Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard Aggregate interface containing three Selected ports Aggregate interface containing four Selected ports Single port Aggregate interface containing two Selected ports Aggregate interface 100 Gbps containing three Selected ports Aggregate interface containing four Selected ports...
[Sysname] interface ten-gigabitethernet 1/0/3 [Sysname-Ten-GigabitEthernet1/0/3] stp instance 2 cost 200 # In PVST mode, perform the following tasks: • Configure the device to calculate the default path costs of its ports by using IEEE 802.1d-1998. • Set the path cost of Ten-GigabitEthernet 1/0/3 to 2000 on VLAN 20 through VLAN 30. <Sysname>...
• You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that operates in full duplex mode. As a best practice, use the default setting and let the device automatically detect the port link type. •...
Enabling outputting port state transition information In a large-scale spanning tree network, you can enable devices to output the port state transition information. Then, you can monitor the port states in real time. To enable outputting port state transition information: Step Command Remarks...
Enabling the spanning tree feature in PVST mode Step Command Remarks Enter system view. system-view When the device starts up with initial settings, the spanning tree feature is globally disabled. When the device starts up with Enable the spanning tree factory defaults, the spanning tree stp global enable feature.
Performing mCheck in interface view Step Command Enter system view. system-view Enter Layer 2 Ethernet interface or Layer 2 interface interface-type interface-number aggregate interface view. Perform mCheck. stp mcheck Disabling inconsistent PVID protection In PVST, if two connected ports use different PVIDs, PVST calculation errors might occur. By default, inconsistent PVID protection is enabled to avoid PVST calculation errors.
Digest Snooping when the network is already working well. Configuration procedure Use this feature on when your HPE device is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping:...
Enable Digest Snooping on the ports of Device A and Device B that connect to Device C, so that the three devices can communicate with one another. Figure 37 Network diagram MST region Device C Root bridge Root port XGE1/0/1 XGE1/0/2 Designated port Blocked port...
Figure 38 Rapid state transition of an MSTP designated port Upstream device Downstream device (1) Proposal for rapid transition The root port blocks non-edge ports. The root port changes to the (2) Agreement forwarding state and sends an Agreement to the upstream device.
Configuration procedure Enable the No Agreement Check feature on the root port. To configure No Agreement Check: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface or Layer 2 interface interface-type interface-number aggregate interface view. Enable No Agreement By default, No Agreement stp no-agreement-check Check.
Figure 41 TC Snooping application scenario To avoid traffic interruption, you can enable TC Snooping on the IRF fabric. After receiving a TC-BPDU through a port, the IRF fabric updates MAC address table and ARP table entries associated with the port's VLAN. In this way, TC Snooping prevents topology change from interrupting traffic forwarding in the network.
Configuring protection features A spanning tree device supports the following protection features: • BPDU guard • Root guard • Loop guard • Port role restriction • TC-BPDU transmission restriction • TC-BPDU guard • BPDU drop • PVST BPDU guard • Dispute gurad Configuring BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs)
Step Command Remarks Enter system view. system-view The specified interface must Enter Layer 2 Ethernet connect to a user terminal rather interface interface-type interface or Layer 2 than other device or shared LAN interface-number aggregate interface view. segment. By default, BPDU guard is not configured on a per-edge port stp port bpdu-protection Configure BPDU guard.
As a result, loops occur in the switched network. The loop guard feature can suppress the occurrence of such loops. The initial state of a loop guard-enabled port is discarding in every MSTI. When the port receives BPDUs, it transits its state. Otherwise, it stays in the discarding state to prevent temporary loops. Do not enable loop guard on a port that connects user terminals.
affect the core network. To avoid this problem, you can enable TC-BPDU transmission restriction on a port. With this feature enabled, when the port receives a TC-BPDU, it does not forward the TC-BPDU to other ports. Make this configuration on the port that connects to the user access network. To configure TC-BPDU transmission restriction: Step Command...
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number Enable BPDU drop on the By default, BPDU drop is bpdu-drop any interface. disabled. Enabling PVST BPDU guard An MSTP-enabled device forwards PVST BPDUs as data traffic because it cannot recognize PVST BPDUs.
Figure 42 Dispute guard triggering scenario Dispute guard is Unidirectional link Normal condition triggered occurs Device A Device A Device A Root Root Root Port A1 Port A2 Port A1 Port A2 Port A1 Port A2 Port B1 Port B2 Port B1 Port B2 Port B1...
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. By default, the BPDU Enable BPDU transparent transparent transmission feature stp transparent enable transmission. is disabled on a port. Enabling SNMP notifications for new-root election and topology change events This task enables the device to generate logs and report new-root election events or spanning tree...
Task Command Display history about ports blocked by spanning tree display stp abnormal-port protection features. display stp bpdu-statistics [ interface Display BPDU statistics on ports. interface-type interface-number [ instance instance-list ] ] Display information about ports shut down by spanning display stp down-port tree protection features.
Page 144
Figure 43 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
Page 145
[DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Configure Device B as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally.
Page 146
Verifying the configuration In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0. When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device.
Figure 44 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30 MSTI 4 mapped to VLAN 40 Root bridge Normal link Blocked link PVST configuration example Network requirements As shown in Figure...
Page 148
Figure 45 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
Page 149
[DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST. <DeviceD> system-view [DeviceD] stp mode pvst # Enable the spanning tree feature globally and in VLAN 20, VLAN 30, and VLAN 40. [DeviceD] stp global enable [DeviceD] stp vlan 20 30 40 enable Verifying the configuration...
Page 150
Ten-GigabitEthernet1/0/2 ALTE DISCARDING NONE Ten-GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw a topology for each VLAN spanning tree, as shown in Figure Figure 46 VLAN spanning tree topologies...
Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmissions can waste network resources and can paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.
The inner frame header for loop detection contains the following fields: • Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header.
The device automatically sets the port to the forwarding state after the detection timer set by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.
Setting the loop protection action You can set the loop protection action globally or on a per-port basis. The global setting applies to all ports. The per-port setting applies to the individual ports. The per-port setting takes precedence over the global setting. Setting the global loop protection action Step Command...
Step Command Remarks Enter system view. system-view Set the loop detection loopback-detection The default setting is 30 seconds. interval. interval-time interval Displaying and maintaining loop detection Execute display commands in any view. Task Command Display the loop detection configuration and status. display loopback-detection Loop detection configuration example Network requirements...
# Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100. [DeviceA] interface Ten-GigabitEthernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port link-type trunk [DeviceA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 [DeviceA-Ten-GigabitEthernet1/0/1] quit [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-type trunk [DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceA-Ten-GigabitEthernet1/0/2] quit # Set the global loop protection action to shutdown.
Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.
TPID to a different value. For compatibility with a neighbor device, set the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide.
Step Command Remarks By default, packet dropping is disabled in a VLAN. This feature enables the device to drop Layer 3 packets in a VLAN and packets (Optional.) Enable originating from the device. To drop all packet dropping in the block outbound packets that are received and transmitted VLAN.
Step Command Remarks Set the MTU for the VLAN The default setting is 1500 bytes. mtu size interface. Set the MAC address for By default, no MAC address is set for a mac-address mac-address the VLAN interface. VLAN interface. Set the expected By default, the expected bandwidth (in bandwidth for the kbps) is the interface baud rate divided...
You can use a nonexistent VLAN as the PVID for a hybrid or trunk port, but not for an access port. • As a best practice, set the same PVID for a local port and its peer. • To prevent a port from dropping untagged packets or PVID-tagged packets, assign the port to its PVID.
Assign an access port to a VLAN in interface view Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Set the port link type to By default, all ports are port link-type access...
To assign a hybrid port to one or multiple VLANs: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Set the port link type to By default, all ports are port link-type hybrid...
Page 165
MAC address of a MAC-to-VLAN entry, the port tags the frame with the VLAN ID specific to this entry. c. If no matching VLAN ID is found, the port determines the VLAN for the packet by using the following VLAN match order: −...
Page 166
Figure 52 Flowchart for processing a frame in dynamic MAC-based VLAN assignment The port receives a frame Tagged frame ? Selects a VLAN for the Gets the source MAC frame Uses source MAC to match the MAC in MAC- to-VLAN entries MAC addresses VLAN ID match the Is the VLAN ID the primary VLAN ID and the...
Assigns the port that connects the user to the MAC-based VLAN. When the user goes offline, the device automatically deletes the MAC-to-VLAN entry and removes the port from the MAC-based VLAN. For more information about 802.1X and MAC authentication, see Security Configuration Guide. General configuration restrictions and guidelines When you configure MAC-based VLANs, follow these restrictions and guideline: •...
Page 168
If the two features are configured together on a port and the port learns the configured maximum number of MAC address entries, the port processes packets as follows: Forwards only packets matching the MAC address entries learnt by the port. Drops unmatching packets.
Configuring server-assigned MAC-based VLAN Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface-number interface view. Set the port link type to By default, all ports are port link-type hybrid hybrid. access ports. By default, a hybrid port is an Assign the hybrid port untagged member of the port hybrid vlan vlan-id-list { tagged |...
Task Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Set the port link type By default, all ports are access ports. port link-type hybrid to hybrid.
Step Command Remarks protocol-vlan [ protocol-index ] { at | ipv4 Associate the VLAN | ipv6 | ipx { ethernetii | llc | raw | snap } | By default, a VLAN is not with a protocol mode { ethernetii etype etype-id | llc associated with a protocol template.
Task Command display interface vlan-interface [ interface-number ] [ brief Display VLAN interface information. [ description | down ] ] Display information about IP display ip-subnet-vlan interface { interface-type subnet-based VLANs that are associated interface-number1 [ to interface-type interface-number2 ] | all } with the specified ports.
Page 173
[DeviceA] vlan 100 [DeviceA-vlan100] port ten-gigabitethernet 1/0/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign Ten-GigabitEthernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port ten-gigabitethernet 1/0/2 [DeviceA-vlan200] quit # Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign the port to VLANs 100 and 200.
MAC-based VLAN configuration example Network requirements As shown in Figure • Ten-GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms.
Page 175
[DeviceA-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Enable the MAC-based VLAN feature on Ten-GigabitEthernet 1/0/1. [DeviceA-Ten-GigabitEthernet1/0/1] mac-vlan enable [DeviceA-Ten-GigabitEthernet1/0/1] quit # Configure the uplink port (Ten-GigabitEthernet 1/0/2) as a trunk port, and assign it to VLANs 100 and 200. [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-type trunk [DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200...
IP subnet-based VLAN configuration example Network requirements As shown in Figure 55, the hosts in the office belong to different IP subnets. Configure Device C to transmit packets from 192.168.5.0/24 and 192.168.50.0/24 in VLANs 100 and 200, respectively. Figure 55 Network diagram Device A Device B VLAN 100...
# Configure Ten-GigabitEthernet 1/0/3 as a hybrid port, and assign it to VLAN 200 as a tagged VLAN member. [DeviceC] interface ten-gigabitethernet 1/0/3 [DeviceC-Ten-GigabitEthernet1/0/3] port link-type hybrid [DeviceC-Ten-GigabitEthernet1/0/3] port hybrid vlan 200 tagged [DeviceC-Ten-GigabitEthernet1/0/3] quit # Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member.
Page 178
Figure 56 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server XGE1/0/3 XGE1/0/4 XGE1/0/1 XGE1/0/2 Device L2 switch A L2 switch B IPv4 host A IPv6 host A IPv4 host B IPv6 host B VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration procedure In this example, L2 Switch A and L2 Switch B use the factory configuration.
Page 179
# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface ten-gigabitethernet 1/0/1 [Device-Ten-GigabitEthernet1/0/1] port link-type hybrid [Device-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate Ten-GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
Page 180
IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: Ten-GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...
Configuring super VLANs Hosts in a VLAN typically use IP addresses in the same subnet. For Layer 3 interoperability with other VLANs, you can create a VLAN interface for the VLAN and assign an IP address to it. This requires a large number of IP addresses. The super VLAN feature was introduced to save IP addresses.
To configure a super VLAN: Step Command Remarks Enter system view. system-view Enter VLAN view. vlan vlan-id Configure the VLAN By default, a VLAN is not a super VLAN. supervlan as a super VLAN. By default, a super VLAN is not associated with Associate the super any sub-VLANs.
Task Command Display information about super VLANs and their display supervlan [ supervlan-id ] associated sub-VLANs. Super VLAN configuration example Network requirements As shown in Figure • Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 are in VLAN 2. • Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 are in VLAN 3. •...
Configuring the private VLAN VLAN technology provides a method for isolating traffic from customers. At the access layer of a network, customer traffic must be isolated for security or accounting purposes. If VLANs are assigned on a per-user basis, a large number of VLANs will be required. The private VLAN feature saves VLAN resources.
Associate the secondary VLANs with the primary VLAN. Configure the uplink and downlink ports: Configure the uplink port (for example, the port connecting L2 Device B to L3 Device A Figure 58): − When the port allows only one primary VLAN, configure the port as a promiscuous port of the primary VLAN.
Page 188
Step Command Remarks Create one or multiple vlan { vlan-id1 [ to vlan-id2 ] | all } secondary VLANs. Return to system view. quit Enter VLAN view of the vlan vlan-id primary VLAN. Associate the primary By default, a primary VLAN is not VLAN with the secondary associated with any secondary private-vlan secondary vlan-id-list...
Step Command Remarks 19. Return to system view. quit Enter VLAN interface view of Use substeps a, b, c, and e for the primary VLAN interface: devices that run IPv4 protocols. interface vlan-interface Use substeps a, b, d, and f for interface-number devices that run IPv6 protocols.
Page 190
Figure 59 Network diagram Configuration procedure This example describes the configurations on Device B and Device C. Configure Device B: # Configure VLAN 5 as a primary VLAN. <DeviceB> system-view [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan primary [DeviceB-vlan5] quit # Create VLANs 2 and 3. [DeviceB] vlan 2 to 3 # Associate secondary VLANs 2 and 3 with primary VLAN 5.
Page 191
[DeviceB-Ten-GigabitEthernet1/0/3] quit Configure Device C: # Configure VLAN 6 as a primary VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC–vlan6] private-vlan primary [DeviceC–vlan6] quit # Create VLANs 3 and 4. [DeviceC] vlan 3 to 4 # Associate secondary VLANs 3 and 4 with primary VLAN 6. [DeviceC] vlan 6 [DeviceC-vlan6] private-vlan secondary 3 to 4 [DeviceC-vlan6] quit...
Page 194
# Assign downlink port Ten-GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port. [DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port access vlan 2 [DeviceB-Ten-GigabitEthernet1/0/2] port private-vlan host [DeviceB-Ten-GigabitEthernet1/0/2] quit # Assign downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3, and configure the port as a host port.
Page 196
Downlink port Ten-GigabitEthernet 1/0/3 permits secondary VLAN 12. • Secondary VLANs 11 and 12 are associated with primary VLAN 10. • Secondary VLANs 21 and 22 are associated with primary VLAN 20. Figure 61 Network diagram Configuration procedure Configure Device A: # Configure VLANs 10 and 20 as primary VLANs.
Page 197
[DeviceA-vlan20] quit # Configure the uplink port (Ten-GigabitEthernet 1/0/5) as a trunk promiscuous port of VLANs 10 and 20. [DeviceA] interface ten-gigabitethernet 1/0/5 [DeviceA-Ten-GigabitEthernet1/0/5] port private-vlan 10 20 trunk promiscuous [DeviceA-Ten-GigabitEthernet1/0/5] quit # Assign downlink port Ten-GigabitEthernet 1/0/1 to VLAN 22 and configure the port as a host port.
Page 198
[DeviceC-vlan10] quit [DeviceC] vlan 20 [DeviceC-vlan20] quit # Configure Ten-GigabitEthernet 1/0/5 as a hybrid port, and assign it to VLANs 10 and 20 as a tagged VLAN member. [DeviceC] interface ten-gigabitethernet 1/0/5 [DeviceC-Ten-GigabitEthernet1/0/5] port link-type hybrid [DeviceC-Ten-GigabitEthernet1/0/5] port hybrid vlan 10 20 tagged [DeviceC-Ten-GigabitEthernet1/0/5] quit Verifying the configuration # Verify the primary VLAN configurations on Device A.
Ten-GigabitEthernet1/0/3 The output shows that: • The trunk promiscuous port (Ten-GigabitEthernet 1/0/5) is a tagged member of primary VLAN 10 and secondary VLANs 11 and 12. • The trunk secondary port (Ten-GigabitEthernet 1/0/2) is a tagged member of primary VLAN 10 and secondary VLAN 11.
Page 200
# Configure the uplink port (Ten-GigabitEthernet 1/0/1) as a promiscuous port of VLAN 10. [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port private-vlan 10 promiscuous [DeviceA-Ten-GigabitEthernet1/0/1] quit # Assign downlink port Ten-GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port. [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port access vlan 2 [DeviceA-Ten-GigabitEthernet1/0/2] port private-vlan host...
Configuring voice VLANs Overview A voice VLAN is used for transmitting voice traffic. The device can configure QoS parameters for voice packets to ensure higher transmission priority of the voice packets. Common voice devices include IP phones and integrated access devices (IADs). This chapter uses IP phones as an example.
Automatically identifying IP phones through LLDP If IP phones support LLDP, configure LLDP for automatic IP phone discovery on the device. The device can then automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device performs the following operations: Sends an LLDP TLV with the voice VLAN configuration to the peer.
Figure 64 Connecting the host and IP phone in series Voice gateway Host IP phone Device Connecting the IP phone to the device As shown in Figure 65, IP phones are connected to the device without the presence of the host. Use this connection method when IP phones sends out untagged voice packets.
When the IP phone reboots, the port is reassigned to the voice VLAN to ensure the correct operation of the existing voice connections. The reassignment occurs automatically without being triggered by voice traffic as long as the voice VLAN operates correctly. Manual mode Use manual mode when only IP phones access the network through the device, as shown in Figure...
If an IP phone sends out tagged voice traffic, and its access port is configured with 802.1X authentication, guest VLAN, Auth-Fail VLAN, or critical VLAN, VLAN IDs must be different for the following VLANs: • Voice VLAN. • PVID of the access port. •...
Tasks at a glance (Required.) Use one of the following methods: • Configuring a port to operate in automatic voice VLAN assignment mode • Configuring a port to operate in manual voice VLAN assignment mode (Optional.) Enabling LLDP for automatic IP phone discovery (Optional.) Use one of the following methods: •...
Configuring a port to operate in automatic voice VLAN assignment mode Configuration restrictions and guidelines When you configure a port to operate in automatic voice VLAN assignment mode, follow these restrictions and guidelines: • Do not configure a VLAN as both a voice VLAN and a protocol-based VLAN. A voice VLAN in automatic mode on a hybrid port processes only tagged incoming voice traffic.
Step Command Remarks • Configure the link type of port link-type trunk the port. • port link-type hybrid Configure the port to By default, the automatic operate in automatic voice voice VLAN assignment mode voice-vlan mode auto VLAN assignment mode. is enabled.
Step Command Remarks Configure the port to By default, a port operates in operate in manual voice automatic voice VLAN undo voice-vlan mode auto VLAN assignment assignment mode. mode. • For the access port, see "Assigning an access port to a VLAN."...
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default, no advertised voice VLAN ID is configured. Configure an advertised lldp tlv-enable med-tlv For more information about voice VLAN ID. network-policy vlan-id the command, see Layer 2—LAN Switching Command Reference.
Displaying and maintaining voice VLANs Execute display commands in any view. Task Command Display the voice VLAN state. display voice-vlan state Display OUI addresses on a device. display voice-vlan mac-address Voice VLAN configuration examples Automatic voice VLAN assignment mode configuration example Network requirements As shown in...
Page 213
[DeviceA] voice-vlan aging 30 # Enable security mode for voice VLANs. [DeviceA] voice-vlan security enable # Add MAC addresses of IP phones A and B to the device with mask FFFF-FF00-0000. [DeviceA] voice-vlan mac-address 0011-1100-0001 mask ffff-ff00-0000 description IP phone A [DeviceA] voice-vlan mac-address 0011-2200-0001 mask ffff-ff00-0000 description IP phone B Configure Ten-GigabitEthernet 1/0/1:...
Voice VLAN enabled ports and their modes: Port VLAN Mode DSCP XGE1/0/1 Auto XGE1/0/2 Auto Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure 67, IP phone A send untagged voice traffic. To enable Ten-GigabitEthernet 1/0/1 to transmit only voice packets, perform the following tasks on Device A: •...
Page 215
# Enable voice VLAN and configure VLAN 2 as the voice VLAN on Ten-GigabitEthernet 1/0/1. [DeviceA-Ten-GigabitEthernet1/0/1] voice-vlan 2 enable [DeviceA-Ten-GigabitEthernet1/0/1] quit Verifying the configuration # Display the OUI addresses supported on Device A. [DeviceA] display voice-vlan mac-address OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000...
Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
Page 217
Join message An MRP participant sends a Join message to request the peer participant to register attributes in the Join message. When receiving a Join message from the peer participant, an MRP participant performs the following tasks: • Registers the attributes in the Join message. •...
LeaveAll message Each MRP participant starts its LeaveAll timer when starting up. When the timer expires, the MRP participant sends LeaveAll messages to the peer participant. Upon sending or receiving a LeaveAll message, the local participant starts the Leave timer. The local participant determines whether to send a Join message depending on its attribute status.
• Effectively reduces the number of LeaveAll messages in the network. • Prevents the LeaveAll timer of a particular participant from always expiring first. MVRP registration modes VLAN information propagated by MVRP includes dynamic VLAN information from other devices and local static VLAN information.
receive undesired copies. For more information about port mirroring, see Network Management and Monitoring Configuration Guide. • MVRP takes effect only on trunk ports. For more information about trunk ports, see "Configuring VLANs." • Enabling MVRP on a Layer 2 aggregate interface takes effect on the aggregate interface and all Selected member ports in the link aggregation group.
Step Command Remarks Optional. Set an MVRP registration mvrp registration { fixed | The default setting is normal mode for the port. forbidden | normal } registration mode. Setting MRP timers To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.
Enabling GVRP compatibility Enable GVRP compatibility for MVRP when the peer device supports GVRP. Then, the local end can receive and send both MVRP and GVRP frames. When you enable GVRP compatibility, follow these restrictions and guidelines: • GVRP compatibility enables MVRP to work with STP or RSTP, but not MSTP. •...
Figure 69 Network diagram Device A Device B Permit: all VLANs XGE1/0/3 XGE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 MSTI 1 VLAN 20 MSTI 2 Other VLANs MSTI 0 Device C Device D MSTI 0 MSTI 1 MSTI 2...
Page 224
[DeviceA] mvrp global enable # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port link-type trunk [DeviceA-Ten-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port Ten-GigabitEthernet 1/0/1. [DeviceA-Ten-GigabitEthernet1/0/1] mvrp enable [DeviceA-Ten-GigabitEthernet1/0/1] quit # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and configure it to permit VLAN 40.
Page 225
[DeviceB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 20 40 # Enable MVRP on Ten-GigabitEthernet 1/0/1. [DeviceB-Ten-GigabitEthernet1/0/1] mvrp enable [DeviceB-Ten-GigabitEthernet1/0/1] quit # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port link-type trunk [DeviceB-Ten-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on Ten-GigabitEthernet 1/0/2.
Page 228
• Ten-GigabitEthernet 1/0/3 has registered VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 20 through MVRP. # Display local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[Ten-GigabitEthernet1/0/1]---- Config Status...
Page 229
Declared VLANs : Propagated VLANs : The output shows that the following events have occurred: • Ten-GigabitEthernet 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. • Ten-GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.
Page 230
• Ten-GigabitEthernet 1/0/1 has registered VLAN 1, VLAN 10, and VLAN 20, declared VLAN 1, and propagated VLAN 1 and VLAN 10 through MVRP. • Ten-GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP.
Page 231
[DeviceB] interface ten-gigabitethernet 1/0/3 [DeviceB-Ten-GigabitEthernet1/0/3] mvrp registration fixed [DeviceB-Ten-GigabitEthernet1/0/3] quit # Display local MVRP VLAN information on Ten-GigabitEthernet 1/0/3. [DeviceB] display mvrp running-status interface ten-gigabitethernet 1/0/3 -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[Ten-GigabitEthernet1/0/3]---- Config Status : Enabled Running Status : Enabled Join Timer...
Page 232
The output shows that dynamic VLAN information on Ten-GigabitEthernet 1/0/3 is not changed after you set its MVRP registration mode to fixed.
Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.
When a tagged Ethernet frame from CE 1 arrives at PE 1, the PE tags the frame with SVLAN 3. The double-tagged Ethernet frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4. Figure 71 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10...
Protocols and standards • IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks • IEEE 802.1ad, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks-Amendment 4: Provider Bridges Restrictions and guidelines When you configure QinQ, follow these restrictions and guidelines: •...
Configuring the TPID for VLAN tags TPID identifies a frame as an 802.1Q tagged frame. The TPID value varies by vendor. On an HPE device, the TPID in the 802.1Q tag added on a QinQ-enabled port is 0x8100 by default, in compliance with IEEE 802.1Q.
Protocol type Value IPX/SPX 0x8137 IS-IS 0x8000 LACP 0x8809 LLDP 0x88cc 802.1X 0x888e 802.1ag 0x8902 Cluster 0x88a7 Reserved 0xfffd/0xfffe/0xffff Configuring the TPID for CVLAN tags Perform this task on the PE device. To configure the TPID value for CVLAN tags: Step Command Remarks...
Step Command Remarks Enter system view. system-view Create a traffic class and traffic classifier classifier-name [ operator By default, no traffic enter its view. { and | or } ] classes exist. • Match CVLAN IDs: if-match customer-vlan-id vlan-id-list Configure CVLAN match •...
Task Command display qinq [ interface interface-type Display QinQ-enabled ports. interface-number ] QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure • The service provider assigns VLAN 100 to Company A's VLANs 10 through 70. • The service provider assigns VLAN 200 to Company B's VLANs 30 through 90.
Page 240
# Set the PVID of Ten-GigabitEthernet 1/0/1 to VLAN 100. [PE1-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on Ten-GigabitEthernet 1/0/1. [PE1-Ten-GigabitEthernet1/0/1] qinq enable [PE1-Ten-GigabitEthernet1/0/1] quit # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [PE1] interface ten-gigabitethernet 1/0/2 [PE1-Ten-GigabitEthernet1/0/2] port link-type trunk [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200...
# Enable QinQ on Ten-GigabitEthernet 1/0/3. [PE2-Ten-GigabitEthernet1/0/3] qinq enable [PE2-Ten-GigabitEthernet1/0/3] quit Configure the devices between PE 1 and PE 2: # Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames. (Details not shown.) # Configure all ports on the forwarding path to allow frames from VLANs 100 and 200 to pass through without removing the VLAN tag.
Page 242
[PE1-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 3000 [PE1-Ten-GigabitEthernet1/0/1] quit # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 3000. [PE1] interface ten-gigabitethernet 1/0/2 [PE1-Ten-GigabitEthernet1/0/2] port link-type trunk [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 3000 [PE1-Ten-GigabitEthernet1/0/2] quit Configure PE 2: # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 10 through 50, 100, and 3000.
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. Hewlett Packard Enterprise provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag. •...
Page 244
Figure 74 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 Wiring-closet switch DHCP server VLAN 1 VLAN 1 ->...
Figure 75 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively. The SP 1 network assigns SVLAN 10 to Site 1. The SP 2 network assigns SVLAN 20 to Site 2. When the packet from Site 1 arrives at PE 1, PE 1 tags the packet with SVLAN 10 by using one-to-two VLAN mapping.
Page 246
Figure 76 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 77, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
Page 247
Figure 78 Many-to-one VLAN mapping implementation One-to-two VLAN mapping As shown in Figure 79, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic. For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission.
Figure 80 Two-to-two VLAN mapping implementation VLAN mapping configuration task list When you configure VLAN mapping, follow these guidelines: • To add VLAN tags to packets, you can configure both VLAN mapping and QinQ. VLAN mapping takes effect if a configuration conflict occurs. For more information about QinQ, see "Configuring QinQ."...
Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number • Set the port link type to trunk: port link-type trunk By default, the link type of a...
Page 250
Many-to-one VLAN mapping configuration task list Tasks at a glance Enabling DHCP snooping Enabling ARP detection Configuring the customer-side port Configuring the network-side port Enabling DHCP snooping Step Command Remarks Enter system view. system-view By default, DHCP snooping is disabled. Enable DHCP For more information about DHCP snooping dhcp snooping enable...
Page 251
Step Command Remarks • For the trunk port: port trunk permit vlan Assign the port to the original vlan-id-list VLANs and the translated • For the hybrid port: VLANs. port hybrid vlan vlan-id-list tagged vlan mapping uni { range Configure a many-to-one By default, no VLAN mapping vlan-range-list | single vlan-id-list } VLAN mapping.
Configuring many-to-one VLAN mapping in a network with static IP address assignment In a network that uses static IP addresses, configure many-to-one VLAN mapping with ARP snooping. The switch replaces the SVLAN tag of the downlink traffic with the associated CVLAN tag based on the ARP snooping entry lookup.
Page 253
Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number • Set the port link type to trunk: port link-type trunk By default, the link type of a port is Set the link type of the port.
Configuring one-to-two VLAN mapping Configure one-to-two VLAN mapping on the customer-side ports of edge devices from which customer traffic enters SP networks, for example, on PEs 1 and 4 in Figure 75. One-to-two VLAN mapping enables the edge devices to add an SVLAN tag to each incoming packet. Before you configure one-to-two VLAN mapping, create the CVLAN and the SVLAN.
Configuring two-to-two VLAN mapping Configure two-to-two VLAN mapping on the customer-side port of an edge device that connects two SP networks, for example, on PE 3 in Figure 75. Two-to-two VLAN mapping enables two sites in different VLANs to communicate at Layer 2 across two service provider networks that use different VLAN assignment schemes.
Page 256
• Each household subscribes to PC, VoD, and VoIP services, and obtains the IP address through DHCP. • On the home gateways, VLANs 1, 2, and 3 are assigned to PC, VoD, and VoIP traffic, respectively. To isolate traffic of the same service type from different households, configure one-to-one VLAN mappings on the wiring-closet switches.
Page 260
[SwitchC-Ten-GigabitEthernet1/0/2] quit # Configure the network-side port (Ten-GigabitEthernet 1/0/3) to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destined for the user network. [SwitchC] interface ten-gigabitethernet 1/0/3 [SwitchC-Ten-GigabitEthernet1/0/3] vlan mapping nni # Configure Ten-GigabitEthernet 1/0/3 as a trunk port.
103-104 203-204 303-304 One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure • Two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively. • The two sites use different VPN access services from different service providers, SP 1 and SP •...
Page 262
# Assign Ten-GigabitEthernet 1/0/1 to VLAN 100 as an untagged member. [PE1-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged [PE1-Ten-GigabitEthernet1/0/1] quit # Configure the network-side port (Ten-GigabitEthernet 1/0/2) as a trunk port. [PE1] interface ten-gigabitethernet 1/0/2 [PE1-Ten-GigabitEthernet1/0/2] port link-type trunk # Assign Ten-GigabitEthernet 1/0/2 to VLAN 100. [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-Ten-GigabitEthernet1/0/2] quit Configure PE 2:...
Page 263
[PE3-Ten-GigabitEthernet1/0/2] port trunk permit vlan 200 [PE3-Ten-GigabitEthernet1/0/2] quit Configure PE 4: # Create VLANs 6 and 200. <PE4> system-view [PE4] vlan 6 [PE4-vlan6] quit [PE4] vlan 200 [PE4-vlan200] quit # Configure the network-side port (Ten-GigabitEthernet 1/0/1) as a trunk port. [PE4] interface ten-gigabitethernet 1/0/1 [PE4-Ten-GigabitEthernet1/0/1] port link-type trunk # Assign Ten-GigabitEthernet 1/0/1 to VLAN 200.
Configuring LLDP Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 265
LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or Subnetwork Access Protocol (SNAP) frames. • LLDP frame encapsulated in Ethernet II Figure 84 Ethernet II-encapsulated LLDP frame Table 21 Fields in an Ethernet II-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised.
Page 266
Figure 85 SNAP-encapsulated LLDP frame Table 22 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as Destination MAC address that for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.
Page 267
Table 23 Basic management TLVs Type Description Remarks Chassis ID Specifies the bridge MAC address of the sending device. Specifies the ID of the sending port: • If the LLDPDU carries LLDP-MED TLVs, the port ID Port ID TLV carries the MAC address of the sending port. Mandatory.
Page 268
Type Description Quantized Congestion Notification. NOTE: • HPE devices support only receiving protocol identity TLVs and VID usage digest TLVs. • Layer 3 Ethernet ports support only link aggregation TLVs. • IEEE 802.3 organizationally specific TLVs Table 25 IEEE 802.3 organizationally specific TLVs...
Type Description Allows a network device or terminal device to advertise the Network Policy VLAN ID of a port, the VLAN type, and the Layer 2 and Layer 3 priorities for specific applications. Allows a network device or terminal device to advertise power Extended Power-via-MDI supply capability.
the token bucket mechanism to rate limit LLDP frames. For more information about the token bucket mechanism, see ACL and QoS Configuration Guide. LLDP automatically enables the fast LLDP frame transmission mechanism in either of the following cases: • A new LLDP frame is received and carries device information new to the local device. •...
Performing basic LLDP configurations Enabling LLDP To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports. To use LLDP together with OpenFlow, you must enable LLDP globally on OpenFlow switches. To prevent LLDP from affecting topology discovery of OpenFlow controllers, disable LLDP on ports of OpenFlow instances.
Step Command Remarks Enter system view. system-view Set the TTL multiplier. The default setting is 4. lldp hold-multiplier value Set the LLDP frame The default setting is 30 lldp timer tx-interval interval transmission interval. seconds. Set the token bucket size for The default setting is 5.
Disabling LLDP PVID inconsistency check By default, when the system receives an LLDP packet, it compares the PVID value contained in packet with the PVID configured on the receiving interface. If the two PVIDs do not match, a log message will be printed to notify the user. You can disable PVID inconsistency check if different PVIDs are required on a link.
Configuration prerequisites Before you configure CDP compatibility, complete the following tasks: • Globally enable LLDP. • Enable LLDP on the port connecting to a CDP device. • Configure LLDP to operate in TxRx mode on the port. Configuration procedure CDP-compatible LLDP operates in one of the following modes: •...
LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure 87, enable LLDP globally on Switch A and Switch B to perform the following tasks: • Monitor the link between Switch A and Switch B on the NMS. •...
Page 283
[SwitchB-Ten-GigabitEthernet1/0/1] quit Verifying the configuration # Verify the following items: • Ten-GigabitEthernet 1/0/1 of Switch A connects to a MED device. • Ten-GigabitEthernet 1/0/2 of Switch A connects to a non-MED device. • Both ports operate in Rx mode, and they can receive LLDP frames but cannot send LLDP frames.
Page 284
Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 21 Number of received unknown TLV : 3 LLDP agent nearest-nontpmr:...
Page 285
LLDP status information of port 1 [Ten-GigabitEthernet1/0/1]: LLDP agent nearest-bridge: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 5...
Number of sent optional TLV Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV...
Page 287
# Enable LLDP globally, and enable CDP compatibility globally. [SwitchA] lldp global enable [SwitchA] lldp compliance cdp # Enable LLDP on Ten-GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] lldp enable # Configure LLDP to operate in TxRx mode on Ten-GigabitEthernet 1/0/1. [SwitchA-Ten-GigabitEthernet1/0/1] lldp admin-status txrx # Configure CDP-compatible LLDP to operate in TxRx mode on Ten-GigabitEthernet 1/0/1.
Layer 2 protocol calculation, which is transparent to the service provider network. • Isolates Layer 2 protocol packets from different customer networks through different VLANs. HPE devices support L2PT for the following protocols: • CDP. •...
• PVST. • STP (including STP, RSTP, and MSTP). • UDLD. • VTP. L2PT operating mechanism As shown in Figure 90, L2PT operates as follows: • When a port of PE 1 receives a Layer 2 protocol packet from the customer network in a VLAN, it performs the following operations: Multicasts the packet out of all customer-facing ports in the VLAN except the receiving port.
Figure 91 L2PT network diagram L2PT configuration task list Tasks at a glance (Required.) Enabling L2PT (Optional.) Setting the destination multicast MAC address for tunneled packets Enabling L2PT Restrictions and guidelines • Before you enable L2PT for a Layer 2 protocol on a port, perform the following tasks: Enable the protocol on the connected CE, and disable the protocol on the port.
L2PT configuration examples Configuring L2PT for STP Network requirements As shown in Figure 92, the MAC addresses of CE 1 and CE 2 are 00e0-fc02-5800 and 00e0-fc02-5802, respectively. MSTP is enabled in Customer A's network, and default MSTP settings are used. Perform the following tasks on the PEs: •...
[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan all [PE1-Ten-GigabitEthernet1/0/2] quit Configure PE 2 in the same way PE 1 is configured. (Details not shown.) Verifying the configuration # Verify that the root bridge of Customer A's network is CE 1. <CE2> display stp root MST ID Root Bridge ID ExtPathCost IntPathCost Root Port...
• For packets from any VLAN to be transmitted, configure all ports in the service provider network as trunk ports. Configuration procedures Configure CE 1: # Configure Layer 2 aggregation group Bridge-Aggregation 1 to operate in dynamic aggregation mode. <CE1> system-view [CE1] interface bridge-aggregation 1 [CE1-Bridge-Aggregation1] port link-type access [CE1-Bridge-Aggregation1] link-aggregation mode dynamic...
Page 295
# Enable L2PT for LACP on Ten-GigabitEthernet 1/0/2. [PE1-Ten-GigabitEthernet1/0/2] l2protocol lacp tunnel dot1q [PE1-Ten-GigabitEthernet1/0/2] quit Configure PE 2 in the same way PE 1 is configured. (Details not shown.) Verifying the configuration # Verify that CE 1 and CE 2 have completed Ethernet link aggregation successfully. [CE1] display link-aggregation member-port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing,...
Page 296
Ten-GigabitEthernet1/0/1: Aggregate Interface: Bridge-Aggregation1 Local: Port Number: 3 Port Priority: 32768 Oper-Key: 1 Flag: {ACDEF} Remote: System ID: 0x8000, 0001-0000-0000 Port Number: 3 Port Priority: 32768 Oper-Key: 1 Flag: {ACDEF} Received LACP Packets: 23 packet(s) Illegal: 0 packet(s) Sent LACP Packets: 26 packet(s) Ten-GigabitEthernet1/0/2: Aggregate Interface: Bridge-Aggregation1 Local:...
Configuring cut-through forwarding A cut-through forwarding-enabled device forwards a frame after it receives the first 64 bytes of the frame. This feature reduces the transmission time of a frame and enhances forwarding performance. To configure cut-through forwarding: Step Command Remarks Enter system view.
Configuring service loopback groups A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: •...
Displaying and maintaining service loopback groups Execute display commands in any view. Task Command Display information about service loopback groups. display service-loopback group [ group-id ] Service loopback group configuration example Network requirements All Ethernet ports on Device A support the tunnel service. Assign Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to a service loopback group to loop GRE packets sent out by the device back to the device.
Document conventions and icons Conventions This section describes the conventions used in the documentation. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values. Italic Square brackets enclose syntax choices (keywords or arguments) that are optional.
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...
For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
Page 304
part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Page 323
parameter Ethernet link aggregation group (Layer 2 static), 49, 50 spanning tree timeout factor, Ethernet link aggregation group (Layer 2), Ethernet link aggregation group (Layer 3 L2PT configuration, 278, 280, 282 dynamic), L2PT for LACP configuration, Ethernet link aggregation group (Layer 3 L2PT for STP configuration, static), per-flow load sharing,...
Page 324
loop detection protection action setting, STP rapid transition, loop detection protection actions, STP root port, loop detection status auto recovery, STP root port rapid transition, M:1 VLAN mapping customer-side port VLAN port link type, (dynamic IP address assignment), voice VLAN port operation configuration M:1 VLAN mapping customer-side port (static (automatic assignment), IP address assignment),...
Page 325
assigning MAC address table learning priority configuring Ethernet link aggregation (Layer 3 to interface, static), assigning port isolation group (multiple configuring Ethernet link aggregation edge ports), aggregate interface, assigning port-based VLAN access port, configuring Ethernet link aggregation group, assigning port-based VLAN access port configuring Ethernet link aggregation group (interface view), (Layer 2 dynamic),...
Page 326
configuring M:1 VLAN mapping customer-side configuring spanning tree BPDU transmission port (dynamic IP address assignment), rate, configuring M:1 VLAN mapping customer-side configuring spanning tree device priority, port (static IP address assignment), configuring spanning tree Digest configuring M:1 VLAN mapping network-side Snooping, 120, 121 port (dynamic IP address assignment),...
Page 327
disabling MAC address learning (global), enabling MAC address table ARP fast update, disabling MAC address learning (on enabling MAC address table move notification, interface), enabling MAC address table SNMP disabling MAC address learning (on notification, VLAN), enabling MAC Information, disabling MAC address table static source enabling MVRP, check, enabling MVRP GVRP compatibility,...
Page 328
setting Ethernet interface connection distance specifying link aggregation management (Layer 2), subnet, 62, 62 setting Ethernet interface MAC address specifying link aggregation management (Layer 3), VLAN+management port, 61, 61 setting Ethernet interface MDIX mode (Layer specifying spanning tree port path cost calculation standard, setting Ethernet interface MTU (Layer 3), splitting Ethernet interface (40-GE),...
Page 329
basic configuration, Ethernet interface storm suppression, configuration, 223, 229 Ethernet link aggregation BFD configuration, configuration restrictions, Ethernet link aggregation group, CVLAN tag, Ethernet link aggregation traffic redirection, display, L2PT enable, enable, Layer 2 Ethernet interface fiber port, how it works, Layer 2 Ethernet interface storm control configuration, implementation,...
Page 330
MAC-based VLAN configuration Ethernet link aggregate group Selected ports (server-assigned), min/max, protocol-based VLAN configuration, 160, 167 Ethernet link aggregate interface (expected bandwidth), voice VLAN configuration, 192, 196, 202 Ethernet link aggregation load sharing mode voice VLAN IP phone access method, (global), RSTP, See also...
Page 331
BPDU guard configuration, Ethernet interface state change suppression, BPDU transmission rate configuration, Ethernet link aggregation member port state, 41, 43, 46 BPDU transparent transmission (on port), static configuration, 81, 102, 133 Ethernet link aggregation (Layer 2), device priority configuration, Ethernet link aggregation (Layer 3), Digest Snooping, 120, 121 Ethernet link aggregation (static mode),...
Page 332
subinterface, Ethernet subinterface M:1 VLAN mapping configuration (dynamic IP See also address assignment), subnetting M:1 VLAN mapping configuration (static IP IP subnet-based VLAN address assignment), configuration, 159, 166 QinQ CVLAN, sub-VLAN QinQ SVLAN, creation, QinQ SVLAN tag 802.1p priority, super VLAN QinQ VLAN tag TPID value, configuration, 171, 171, 173...