Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...
Contents MAC address table configuration ······························································································································ 1 How a MAC address table entry is created ·········································································································· 1 Types of MAC address table entries ······················································································································ 2 MAC address table-based frame forwarding ······································································································· 2 Configuring the MAC address table ······························································································································· 2 ...
Page 4
Port isolation configuration ········································································································································ 39 Configuring an isolation group ···································································································································· 39 Assigning a port to the isolation group ·············································································································· 39 Displaying and maintaining isolation groups ············································································································· 39 Port isolation configuration example ··························································································································· 40 MSTP configuration ···················································································································································· 41 ...
Page 5
Configuring basic settings of a VLAN interface ········································································································· 90 Port-based VLAN configuration ···································································································································· 91 Assigning an access port to a VLAN ·················································································································· 93 Assigning a trunk port to a VLAN ······················································································································· 94 Assigning a hybrid port to a VLAN ····················································································································· 95 ...
Page 6
QinQ frame structure ·········································································································································· 144 Implementations of QinQ ··································································································································· 145 Modifying the TPID in a VLAN tag ···················································································································· 145 Protocols and standards ····································································································································· 146 QinQ configuration task list ········································································································································ 146 Configuring basic QinQ ············································································································································· 147 ...
Page 7
Basic LLDP configuration example ····················································································································· 211 CDP-compatible LLDP configuration example ··································································································· 214 Support and other resources ·································································································································· 216 Contacting HP ······························································································································································ 216 Subscription service ············································································································································ 216 Related information ······················································································································································ 216 Documents ···························································································································································· 216 ...
MAC address table configuration The MAC address table configuration applies only to Layer 2 interfaces, including Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces. This document covers only the configuration of unicast MAC address table entries, including static, dynamic, and blackhole MAC address table entries. For more information about configuring static multicast MAC address table entries, see IP Multicast Configuration Guide.
Types of MAC address table entries A MAC address table can contain the following types of entries: Static entries, which are manually added and never age out. • Dynamic entries, which can be manually added or dynamically learned and may age out. •...
Add or modify a static, dynamic, or blackhole MAC address table entry globally To add or modify a static, dynamic, or blackhole MAC address table entry in system view: To do… Use the command… Remarks Enter system view system-view — Add or modify a mac-address { dynamic | static } mac-address Required.
To disable MAC address learning on an interface or a port group: To do… Use the command… Remarks Enter system view system-view — Optional. Enable global MAC address undo mac-address learning mac-learning disable Enabled by default. Required. Enter Layer 2 interface interface-type Use either command.
To configure the aging timer for dynamic MAC address entries: To do… Use the command… Remarks Enter system view system-view — Optional Configure the aging timer for mac-address timer { aging dynamic MAC address entries seconds | no-aging } 300 seconds by default Reduce broadcasts on a stable network by disabling the aging timer to prevent dynamic entries from aging out unnecessarily.
To do… Use the command… Remarks Display the aging timer for display mac-address aging-time [ | { begin | dynamic MAC address Available in any view exclude | include } regular-expression ] entries Display the system or display mac-address mac-learning [ interface-type interface MAC address interface-number ] [ | { begin | exclude | include } Available in any view...
Page 14
# Display the MAC address entry for port GigabitEthernet 4/0/1. [Router] display mac-address interface gigabitethernet 4/0/1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s) 000f-e235-dc71 Config static GigabitEthernet 4/0/1 NOAGED 1 mac address(es) found # Display information about the blackhole MAC address table. [Router] display mac-address blackhole MAC ADDR VLAN ID...
MAC information configuration The SAP cards support this feature only when they work in Layer 2 mode. To monitor a network, you need to monitor users joining and leaving the network. Because a MAC address uniquely identifies a network user, monitor those users joining and leaving a network by monitoring their MAC addresses.
Configuring MAC information mode To configure MAC information mode: To do… Use the command… Remarks Enter system view system-view — Optional Configure MAC information mac-address information mode mode { syslog | trap } trap by default Configuring the interval for sending Syslog or trap messages To prevent Syslog or trap messages from being sent too frequently, set the interval for sending Syslog or trap messages.
Page 17
Figure 2 Network diagram for MAC information configuration Configuration procedure Configure Router to send Syslog messages to Host B. For more information, see Network Management and Monitoring Configuration Guide. Enable MAC information. # Enable MAC information on Router. <Router> system-view [Router] mac-address information enable # Configure MAC information mode as Syslog.
Ethernet link aggregation configuration The SAP cards support the feature only when they work in Layer 2 mode. The SAP cards can be installed on distributed routers only. Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an aggregate link.
Page 19
Aggregation states of member ports in an aggregation group A member port in an aggregation group can be in either of the following aggregation states: Selected: A selected port can forward user traffic. • Unselected: An unselected port cannot forward user traffic. •...
Page 20
Reference port When setting the aggregation state of the ports in an aggregation group, the system automatically picks a member port as the reference port. A selected port must have the same port attributes and class-two configurations as the reference port. LACP The IEEE 802.3ad LACP enables dynamic aggregation of physical links.
Link aggregation modes Link aggregation has the following modes: dynamic and static. Dynamic link aggregation uses LACP and static link aggregation does not. Table 4 compares the two aggregation modes. Table 4 A comparison between static and dynamic aggregation modes Aggregatio LACP status on Pros...
Figure 4 Set the aggregation state of a member port in a static aggregation group To ensure stable aggregation state and service continuity, do not change port attributes or class-two configurations on any member port. If a static aggregation group has reached the limit on selected ports, any port joins the group is placed in the unselected state to avoid traffic interruption on the current selected ports.
Page 23
aggregation priority value wins out. If two ports have the same aggregation priority, the system compares their port numbers. The port with the smaller port number wins. Setting the aggregation state of each member port After the reference port is selected, the system with the lower system ID sets the state of each member port in the dynamic aggregation group on its side as shown in Figure Figure 5 Set the state of a member port in a dynamic aggregation group...
Load sharing criteria for link aggregation groups In a link aggregation group, traffic may be load-shared across the selected member ports based on a set of criteria, depending on your configuration. Choose one of the following criteria or any combination for load sharing: MAC addresses •...
Table 5 Features incompatible with Layer 2 aggregation groups Feature Reference RRPP RRPP in the High Availability Configuration Guide MAC authentication MAC authentication in the Security Configuration Guide Port security Port security in the Security Configuration Guide Packet filtering Firewall in the Security Configuration Guide Ethernet frame filtering Firewall in the Security Configuration Guide IP source guard...
To do... Use the command... Remarks Enter Layer 2 Ethernet interface interface-type Required. interface view interface-number Repeat these two steps to assign Assign the Ethernet interface more Layer 2 Ethernet interfaces to port link-aggregation group the aggregation group. to the aggregation group number Configuring a Layer 3 static aggregation group To configure a Layer 3 static aggregation group:...
Page 27
To do... Use the command... Remarks Required. When you create a Layer 2 Create a Layer 2 aggregate interface bridge-aggregation aggregate interface, the system interface and enter Layer 2 interface-number automatically creates a Layer 2 aggregate interface view static aggregation group numbered the same.
To do... Use the command... Remarks Configure the Required. aggregation group to link-aggregation mode dynamic By default, an aggregation group works work in dynamic in static aggregation mode. aggregation mode Exit to system view quit — Enter Layer 3 Ethernet interface interface-type Required.
To do... Use the command... Remarks Enter Layer 2 interface bridge-aggregation aggregate interface-number interface view Enter aggregate Enter Layer 3 Use either command. interface aggregate interface route-aggregation view interface or { interface-number | subinterface interface-number.subnumber } view Optional. Configure the description By default, the description of an of the aggregate interface description text...
To specify a card to process or forward traffic for a Layer 3 aggregate interface: To do... Use the command... Remarks Enter system view system-view — Enter Layer 3 aggregate interface route-aggregation — interface view interface-number Required. By default, traffic on a Layer 3 aggregate interface whose member ports are located on the same card is Specify a card to process or...
• When an aggregate interface is brought up, the aggregation state of ports in the corresponding aggregation group is recalculated and their link state becomes up. To shut down an aggregate interface: To do... Use the command... Remarks Enter system view system-view —...
Configuring group-specific load sharing criteria To configure load sharing criteria for a link aggregation group: To do… Use the command… Remarks Enter system view system-view — Enter Layer interface bridge-aggregation aggregate interface-number interface Enter view aggregate Use either command. interface Enter Layer view interface route-aggregation...
To do... Use the command... Remarks display link-aggregation verbose Display detailed information [ { bridge-aggregation | route-aggregation } Available in any about a specific or all [ interface-number ] ] [ | { begin | exclude | view aggregation groups include } regular-expression ] Clear LACP statistics for a specific Available in user...
Page 34
Configuration procedure Configure Router A # Create VLAN 10, and assign port GigabitEthernet 3/1/4 to VLAN 10. <RouterA> system-view [RouterA] vlan 10 [RouterA-vlan10] port gigabitethernet 3/1/4 [RouterA-vlan10] quit # Create VLAN 20, and assign port GigabitEthernet 3/1/5 to VLAN 20. [RouterA] vlan 20 [RouterA-vlan20] port gigabitethernet 3/1/5 [RouterA-vlan20] quit...
Aggregation Interface Type: BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation Aggregation Mode: S -- Static, D -- Dynamic Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Actor System ID: 0x8000, 000f-e2ff-0001 Partner ID Select Unselect Share Interface Mode Ports Ports Type ------------------------------------------------------------------------------- BAGG1 none...
Page 36
Configuration procedure Configure Router A # Create VLAN 10, and assign the port GigabitEthernet 3/1/4 to VLAN 10. <RouterA> system-view [RouterA] vlan 10 [RouterA-vlan10] port gigabitethernet 3/1/4 [RouterA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 3/1/5 to VLAN 20. [RouterA] vlan 20 [RouterA-vlan20] port gigabitethernet 3/1/5 [RouterA-vlan20] quit...
Verify the configurations # Display summary information about all aggregation groups on Router A. [RouterA] display link-aggregation summary Aggregation Interface Type: BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation Aggregation Mode: S -- Static, D -- Dynamic Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Actor System ID: 0x8000, 000f-e2ff-0001 Partner ID Select Unselect...
Page 38
Figure 8 Network diagram for Layer 2 aggregation load sharing configuration Configuration procedure Configure Router A # Create VLAN 10, and assign the port GigabitEthernet 3/1/5 to VLAN 10. <RouterA> system-view [RouterA] vlan 10 [RouterA-vlan10] port gigabitethernet 3/1/5 [RouterA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 3/1/6 to VLAN 20.
Page 39
Configuring GigabitEthernet3/1/2... Done. [RouterA-Bridge-Aggregation1] quit # Create Layer 2 aggregate interface Bridge-Aggregation 2, and configure the load sharing criterion for the link aggregation group as the destination MAC addresses of packets. [RouterA] interface bridge-aggregation 2 [RouterA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac [RouterA-Bridge-Aggregation2] quit # Assign ports GigabitEthernet 3/1/3 and GigabitEthernet 3/1/4 to link aggregation group 2.
Bridge-Aggregation1 Load-Sharing Mode: source-mac address Bridge-Aggregation2 Load-Sharing Mode: destination-mac address The output shows that the load sharing criterion for link aggregation group 1 is the source MAC addresses of packets and that for link aggregation group 2 is the destination MAC addresses of packets. Layer 3 static aggregation configuration example Network requirements As shown in...
# Configure the global link-aggregation load sharing criteria as the source and destination IP addresses of packets. [RouterA] link-aggregation load-sharing mode source-ip destination-ip Configure Router B Configure Router B using the same instructions that you used to configure Router A. Verify the configurations # Display summary information about all aggregation groups on Router A.
Page 42
Figure 10 Network diagram for Layer 3 dynamic aggregation Configuration procedure Configure Router A # Create Layer 3 aggregate interface Route-aggregation 1, configure the link aggregation mode as dynamic, and configure an IP address and subnet mask for the aggregate interface. <RouterA>...
The output shows that link aggregation group 1 is a load-shared Layer 3 dynamic aggregation group and it contains three selected ports. # Display the global link-aggregation load sharing criteria on Router A. [RouterA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-ip address, source-ip address The output shows that the global link-aggregation load sharing criteria are the source and destination IP...
Page 44
# Create Layer 3 aggregate interface Route-Aggregation 2, configure its link aggregation group to perform load sharing based on destination IP address, and configure an IP address and subnet mask for the aggregate interface. [RouterA] interface route-aggregation 2 [RouterA-Route-Aggregation2] link-aggregation load-sharing mode destination-ip [RouterA-Route-Aggregation2] ip address 192.168.2.1 24 [RouterA-Route-Aggregation2] quit # Assign Layer 3 Ethernet interfaces GigabitEthernet 4/1/3 and GigabitEthernet 4/1/4 to aggregation...
Page 45
Route-Aggregation2 Load-Sharing Mode: destination-ip address The output shows that the load sharing criterion for link aggregation group 1 is the source IP address and the load sharing criterion for link aggregation group 2 is the destination IP address.
Port isolation configuration This feature is available on only a SAP interface card working in bridge mode. Usually, Layer 2 traffic isolation is achieved by assigning ports to different VLANs. To save VLAN resources, port isolation is introduced to isolate ports within a VLAN, allowing for great flexibility and security.
Port isolation configuration example Network requirements As shown in Figure • Users Host A, Host B, and Host C are connected to GigabitEthernet 3/0/1, GigabitEthernet 3/0/2, and GigabitEthernet 3/0/3 of Router. Router is connected to the Internet through GigabitEthernet 3/0/4. •...
MSTP configuration The MSTP feature is available only on a SAP interface card in bridging mode. As a Layer 2 management protocol, the STP eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the meantime, allows for link redundancy. Like many other protocols, STP evolves as the network grows.
Page 49
Designated bridge and designated port Table 7 Description of designated bridges and designated ports Classification Designated bridge Designated port A device directly connected with the local The port through which the device and responsible for forwarding designated bridge forwards BPDUs For a device BPDUs to the local device to this device...
How STP works The devices on a network exchange BPDUs to identify the network topology. Configuration BPDUs contain sufficient information for the network devices to complete spanning tree calculation. Important fields in a configuration BPDU include: • Root bridge ID: consisting of the priority and MAC address of the root bridge. •...
Page 51
If all configuration BPDUs have the same ports value, their designated bridge IDs, designated port IDs, and the IDs of the receiving Selection of the root bridge • Initially, each STP-enabled device on the network assumes itself to be the root bridge, with the root bridge ID being its own device ID.
Page 52
Figure 14 Network diagram for the STP algorithm • Initial state of each device Table 10 Initial state of each device Device Port name Configuration BPDU on the port Port A1 {0, 0, 0, Port A1} Device A Port A2 {0, 0, 0, Port A2} Port B1 {1, 0, 1, Port B1}...
Page 53
Configuration BPDU on Device Comparison process ports after comparison • Port B1 receives the configuration BPDU of Port A1 {0, 0, 0, Port A1}, finds that the received configuration BPDU is superior to its existing • Port B1: {0, 0, 0, Port configuration BPDU {1, 0, 1, Port B1}, and updates its configuration BPDU.
Page 54
Configuration BPDU on Device Comparison process ports after comparison • Port C2 receives the updated configuration BPDU of Port B2 {0, 5, 1, Port B2}, finds that the received configuration BPDU is superior to its existing • Port C1: {0, 0, 0, Port configuration BPDU {0, 10, 2, Port C2}, and updates its configuration BPDU.
The BPDU forwarding mechanism in STP • Upon network initiation, every switch regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval. If it is the root port that received a configuration BPDU and the received configuration BPDU is •...
point-to-point link, it can enter the forwarding state immediately after the device undergoes handshake with the downstream device and gets a response. MSTP Why MSTP Limitations of STP and RSTP STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before transiting to the forwarding state, even if it is a port on a point-to-point link or an edge port.
Basic concepts in MSTP Figure 16 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2 MSTI 2 VLAN 2 MSTI 2 Other VLANs MSTI 0 Other VLANs MSTI 0 MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1...
Page 58
As shown in Figure 16, a switched network comprises four MST regions, and each MST region comprises four devices running MSTP. Figure 17 shows the networking topology of MST region 3. This section describes some basic concepts of MSTP. MST region An MST region consists of multiple devices in a switched network and the network segments among them.
Page 59
For example, in MST region 3 in Figure 17, the regional root of MSTI 1 is Device B, the regional root of MSTI 2 is Device C, and the regional root of MSTI 0 (also known as the IST) is Device A. Common root bridge The common root bridge is the root bridge of the CIST.
• Boundary port: Connects an MST region to another MST region or to an STP/RSTP-running device. In MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST. Port states In MSTP, a port may be in one of the following three states: •...
How STP works.” In MSTP, a VLAN packet is forwarded along the following paths: Within an MST region, the packet is forwarded along the corresponding MSTI. • Between two MST regions, the packet is forwarded along the CST. • Implementation of MSTP on devices MSTP is compatible with STP and RSTP.
Page 62
Task Remarks Configuring the maximum port rate Optional Configuring ports as edge ports Optional Configuring the link type of ports Optional Configuring the mode a port uses to recognize/send MSTP Optional packets Enabling the output of port state transition information Optional Enabling the MSTP feature Required...
Though the member ports of an aggregation group do not participate in MSTP calculation, the ports still reserve its MSTP configurations for participating MSTP calculation after leaving the aggregation group. Configuring MSTP Configuring an MST region Make the following configurations on the root bridge and on the leaf nodes separately. To configure an MST region: To do...
Configuring the root bridge or a secondary root bridge MSTP can determine the root bridge of a spanning tree through MSTP calculation. Alternatively, specify the current device as the root bridge or a secondary root bridge using the commands provided by the system.
Configuring the work mode of an MSTP device Being mutually compatible, MSTP and RSTP can recognize each other’s protocol packets. However, STP is unable to recognize MSTP packets. For hybrid networking with legacy STP devices and for full interoperability with RSTP-enabled devices, MSTP supports three work modes: STP-compatible mode, RSTP mode, and MSTP mode.
Configuring the maximum hops of an MST region By setting the maximum hops of an MST region, you can restrict the region size. The maximum hops configured on the regional root bridge are used as the maximum hops of the MST region. The regional root bridge always sends a configuration BPDU with a hop count set to the maximum value.
Note that if the forward delay setting is too small, temporary redundant paths may be introduced. If the forward delay setting is too big, it may take a long time for the network to converge. HP recommends that you use the default setting.
Max age ƒ 2 × (hello time + 1 second) • HP recommends that you specify the network diameter with the stp bridge-diameter command and let MSTP automatically calculate optimal settings of these three timers based on the network diameter.
BPDUs and prevent MSTP from using excessive network resources when the network becomes instable. HP recommends that you use the default setting. Configuring ports as edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.
Page 70
• dot1t: The device calculates the default path cost for ports based on IEEE 802.1t. • legacy: The device calculates the default path cost for ports based on a private standard. To specify a standard for the device to use when calculating the default path cost: To do...
Page 71
Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 Aggregate interface containing 4 selected 5000 ports Single Port 2000 Aggregate interface containing 2 selected 1000 ports Aggregate interface 10 Gbps containing 3 selected ports Aggregate interface containing 4 selected ports When calculating path cost for an aggregate interface, IEEE 802.1d-1998 does not take into account the number of selected ports in its aggregation group as IEEE 802.1t does.
Configuring port priority The priority of a port is an important factor in determining whether the port can be elected as the root port of a device. If all other conditions are the same, the port with the highest priority is elected as the root port.
To do... Use the command... Remarks Required. stp point-to-point { auto | auto by default, namely, the Configure the link type of ports force-false | force-true } port automatically detects whether its link is point-to-point. A Layer 2 aggregate interface can be configured to connect to a point-to-point link. If a port works in auto-negotiation mode and the negotiation result is full duplex, this port can be configured as connecting to a point-to-point link.
To configure the MSTP packet format to be supported on a port or a group of ports: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet interface view, or Layer 2 interface interface-type Enter aggregate interface interface-number Required.
To do... Use the command... Remarks Enter Ethernet interface view, or interface interface-type Enter Layer 2 aggregate interface-number Required. interface interface view view or port Use either command. group view Enter port group port-group manual view port-group-name Optional. Enable the MSTP feature for the By default, MSTP is enabled for stp enable ports...
You must enable digest snooping both globally and on associated ports to make it take effect. HP recommends that you enable digest snooping on all associated ports first and then globally, thus making the configuration take effect on all configured ports and reducing impact on the network.
Digest snooping configuration example Network requirements As shown in Figure Router A and Router B connect to Router C, which is a third-party device. All these devices are in the • same region. • Enable digest snooping on Router A’s and Router B’s ports that connect Router C, so that the three devices can communicate with one another.
Page 78
Both RSTP and MSTP devices can perform rapid transition on a designated port only when the port receives an agreement packet from the downstream device. The differences between RSTP and MSTP devices are: For MSTP, the downstream device’s root port sends an agreement packet only after it receives an •...
Configuration Prerequisites • A device is connected to a third-party upstream device supporting MSTP via a point-to-point link. Configure the same region name, revision level and VLAN-to-instance mappings on the two devices, • thus assigning them to the same region. Configuring the no agreement check function To make the no agreement check feature take effect, enable it on the root port.
Page 80
• Root guard • Loop guard • TC-BPDU guard • BPDU drop Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU guard For access layer devices, the access ports generally connect directly with user terminals (such as PCs) or file servers.
Page 81
To enable root guard: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet interface interface interface-type Enter view, or Layer 2 interface-number Required. interface aggregate interface view view or port Use either command. port-group manual group view Enter port group view port-group-name Required.
Page 82
6 by default period after it receives the first TC-BPDU NOTE: HP recommends that you do not disable this feature. Table 14 Displaying and maintaining MSTP To do... Use the command... Remarks...
To do... Use the command... Remarks display stp [ instance instance-id ] Display the status and statistics of MSTP [ interface interface-list | slot Available in any (on a distributed device) slot-number ] [ brief ] [ | { begin | view exclude | include } regular-expression ] display stp region-configuration [ |...
Page 84
Configuration procedure VLAN and VLAN member port configuration Create VLAN 10, VLAN 20, and VLAN 30 on Router A and Router B, respectively, create VLAN 10, VLAN 20, and VLAN 40 on Router C, and create VLAN 20, VLAN 30, and VLAN 40 on Router D. Configure the ports on these routers as trunk ports and assign them to related VLANs.
Page 85
Configuration on Router C. # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively, and configure the revision level of the MST region as 0.
Page 86
GigabitEthernet4/1/3 DESI FORWARDING NONE GigabitEthernet4/1/2 DESI FORWARDING NONE GigabitEthernet4/1/3 ROOT FORWARDING NONE # Display brief spanning tree information on Router B. [RouterB] display stp brief MSTID Port Role STP State Protection GigabitEthernet4/1/1 DESI FORWARDING NONE GigabitEthernet4/1/2 DESI FORWARDING NONE GigabitEthernet4/1/3 DESI FORWARDING NONE...
Page 87
Figure 24 MSTIs mapped to different VLANs...
PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to CE 2. HP routers support BPDU tunneling for the following protocols: •...
• HGMP • LACP • LLDP • PAGP PVST • • UDLD • • BPDU tunneling implementation The BPDU tunneling implementations for different protocols are all similar. This section describes how BPDU tunneling is implemented by taking the STP as an example. The term STP in this document is in a broad sense.
As shown in Figure 26, the upper part is the service provider network (ISP network), and the lower part represents two geographically dispersed segments of a customer network: User A network 1 and User A network 2. Enabling the BPDU tunneling function on the edge devices (PE 1 and PE 2) in the service provider network allows BPDUs of User A network 1 and User A network 2 to be transparently transmitted in the service provider network, thus ensuring consistent spanning tree calculation throughout User A network, without affecting the spanning tree calculation of the service provider network.
Enabling BPDU tunneling for a protocol in Layer 2 Ethernet interface view or port group view To enable BPDU tunneling for a protocol in Ethernet interface view or port group view: To do... Use the command... Remarks Enter system view system-view —...
BPDU tunneling configuration examples BPDU tunneling for STP configuration example Network requirements As shown in Figure CE 1 and CE 2 are edges devices on the geographically dispersed network of User A. PE 1 and PE • 2 are edge devices on the service provider network. •...
[PE2] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Create VLAN 2 and assign GigabitEthernet 3/0/2 to VLAN 2. [PE2] vlan 2 [PE2-vlan2] quit [PE2] interface gigabitethernet 3/0/2 [PE2-GigabitEthernet3/0/2] port access vlan 2 # Disable STP on GigabitEthernet 3/0/2, and then enable BPDU tunneling for STP on it. [PE2-GigabitEthernet3/0/2] undo stp enable [PE2-GigabitEthernet3/0/2] bpdu-tunnel dot1q stp BPDU tunneling for PVST configuration example...
Page 94
[PE1-GigabitEthernet3/0/1] undo stp enable [PE1-GigabitEthernet3/0/1] bpdu-tunnel dot1q stp [PE1-GigabitEthernet3/0/1] bpdu-tunnel dot1q pvst Configuration on PE 2 # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE2> system-view [PE2] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure GigabitEthernet 3/0/2 as a trunk port and assign it to all VLANs. [PE2] interface gigabitethernet 3/0/2 [PE2-GigabitEthernet3/0/2] port link-type trunk [PE2-GigabitEthernet3/0/2] port trunk permit vlan all...
VLAN configuration This feature is available on only a SAP interface card working in bridge mode. Ethernet is a network technology based on the CSMA/CD mechanism. As the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, VLAN was introduced to break a LAN down into separate VLANs.
Figure 30 The format of a traditional Ethernet frame IEEE 802.1Q inserts a four-byte VLAN tag after the DA&SA field, as shown in Figure Figure 31 The position and format of VLAN tag A VLAN tag comprises the following fields: TPID, priority, CFI, and VLAN ID. The 16-bit TPID field with a value of 0x8100 indicates that the frame is VLAN-tagged.
Configure all four types of VLANs on a port at the same time. When determining to which VLAN a packet passing through the port should be assigned, the router looks up the VLANs in the default order of MAC-based VLAN, IP-based VLAN, protocol-based VLAN, and port-based VLAN. Configuring basic VLAN settings To configure basic VLAN settings: To do…...
To configure basic settings of a VLAN interface: To do… Use the command… Remarks Enter system view system-view — Required. Create a VLAN interface interface vlan-interface and enter VLAN interface If the VLAN interface already exists, you vlan-interface-id view enter its view directly. Optional.
Page 99
VLAN, see the chapter “Voice VLAN configuration.” HP recommends that you set the same default VLAN ID for the local and remote ports. Make sure that a port is assigned to its default VLAN. Otherwise, when the port receives frames tagged with the default VLAN ID or untagged frames (including protocol packets such as MSTP BPDUs), the port filters out these frames.
Actions (in the inbound direction) Actions (in the outbound Port type direction) Untagged frame Tagged frame • Remove the tag and send the frame if the frame carries the default VLAN tag and the port belongs to the default VLAN. Trunk Check whether the •...
Use the To do… Remarks command… port group view applies only to the current port. view • The configuration made in port group view applies to all ports in the port group. Enter Layer 2 interface • The configuration made in Layer 2 aggregate bridge-aggregation aggregate interface view applies to the...
To do… Use the command… Remarks system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports. If the Enter port port-group manual system fails to apply the configuration group view port-group-name to an aggregation member port, it skips the port and moves to the next member port.
To do… Use the command… Remarks system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation Enter port port-group manual member ports. If the system fails to group view port-group-name apply the configuration to an aggregation member port, it skips the port and moves to the next member port.
Page 104
Figure 33 Network diagram for port-based VLAN configuration Configuration procedure Configuration on Router A # Create VLAN 100, and assign port GigabitEthernet 4/1/1 to VLAN 100. <RouterA> system-view [RouterA] vlan 100 [RouterA-vlan100] port gigabitEthernet 4/1/1 [RouterA-vlan100] quit # Create VLAN 200, and assign port GigabitEthernet 4/1/2 to VLAN 200. [RouterA] vlan 200 [RouterA-vlan200] port gigabitEthernet 4/1/2 [RouterA-vlan200] quit...
GigabitEthernet4/1/1 [RouterA-GigabitEthernet4/1/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not configured Description: VLAN 0200 Name: VLAN 0200 Broadcast MAX-ratio: 100% Tagged Ports: GigabitEthernet4/1/3 Untagged Ports: GigabitEthernet4/1/2 MAC-based VLAN configuration The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is usually used in conjunction with security technologies such as 802.1X to provide secure, flexible network access for terminal devices.
removed automatically. Automatic configuration requires MAC address-to–VLAN mapping be configured on the authentication server. For more information, see 802.1X in the Security Configuration Guide. The two configuration approaches can be used at the same time, that is, you can configure a MAC address-to-VLAN entry on both the local router and the authentication server at the same time.
To do... Use the command... Remarks Required. Enable the MAC-based mac-vlan enable By default, the MAC-based VLAN VLAN feature feature is disabled. Optional. Configure VLAN matching vlan precedence { mac-vlan | By default, VLANs are preferably precedence ip-subnet-vlan } matched based on MAC addresses. MAC-based VLAN configuration example Network requirements As shown in...
Page 108
Configuration procedure Configuration on Router A # Create VLANs 100 and 200. <RouterA> system-view [RouterA] vlan 100 [RouterA-vlan100] quit [RouterA] vlan 200 [RouterA-vlan200] quit # Associate the MAC address of Laptop 1 with VLAN 100, and the MAC address of Laptop 2 with VLAN 200.
[RouterB-GigabitEthernet4/1/4] port trunk permit vlan 100 200 [RouterB-GigabitEthernet4/1/4] quit Configuration on Router C Configure Router C as you configure Router A. Verification Laptop 1 can access Server 1 only, and Laptop 2 can access Server 2 only. On Router A and Router C, you can see that VLAN 100 is associated with the MAC address of Laptop 1, and VLAN 200 is associated with the MAC address of Laptop 2.
• If not, it drops the packet. This feature is mainly used to assign packets of the specific service type to a specific VLAN. Configuring a protocol-based VLAN Do not configure both the dsap-id and ssap-id parameters in the protocol-vlan command as 0xE0 or 0xFF when configuring the user-defined template for llc encapsulation.
To do… Use the command… Remarks Associate the hybrid ports with port hybrid protocol-vlan vlan the specified protocol-based vlan-id { protocol-index [ to Required. VLAN protocol-end ] | all } Protocol-based VLAN configuration example Network requirements In a lab environment, as shown in Figure 35, most hosts run the IPv4 protocol, and the rest of the hosts run the IPv6 protocol for teaching purpose.
Page 112
[Router-vlan200] description protocol VLAN for IPv6 [Router-vlan200] port gigabitEthernet 4/1/12 # Create an IPv6 protocol template in the view of VLAN 200, and an IPv4 protocol template in the view of VLAN 100. [Router-vlan200] protocol-vlan 1 ipv6 [Router-vlan200] quit [Router] vlan 100 [Router-vlan100] protocol-vlan 1 ipv4 [Router-vlan100] quit # Configure port GigabitEthernet 4/1/1 as a hybrid port that forwards packets of VLANs 100 and 200...
Page 113
Verification The hosts and the server in VLAN 100 can ping one another successfully. The hosts and the server in VLAN 200 can ping one another successfully. The hosts or server in VLAN 100 cannot ping the hosts or server in VLAN 200, and vice versa. Display protocol-based VLAN information on Router to check whether the configurations have become valid.
IP subnet-based VLAN configuration In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet. This feature is used to assign packets from the specified IP subnet or IP address to a specific VLAN.
To do… Use the command… Remarks Associate the hybrid ports with port hybrid the specified IP subnet-based ip-subnet-vlan vlan Required. VLAN vlan-id Displaying and maintaining VLAN To do... Use the command… Remarks display vlan [ vlan-id1 [ to vlan-id2 ] | all | Display VLAN information dynamic | reserved | static ] [ | { begin | Available in any view...
Super VLAN configuration This feature is available on only a SAP interface card working in bridge mode. Super VLAN, also called VLAN aggregation, was introduced to save the IP address space. A super VLAN is associated with multiple sub-VLANs. Create a VLAN interface for a super VLAN and assign an IP address for the VLAN interface.
Page 117
Configure DHCP, Layer 3 multicast, dynamic routing, and NAT for the VLAN interface of a super VLAN. However, only DHCP takes effect. Configuring VRRP for the VLAN interface of a super VLAN affects network performance. HP does not recommend you to configure this function in normal cases. For more information about VRRP, see High Availability Configuration Guide.
Displaying and maintaining super VLAN To do… Use the command… Remarks Display the mapping between a display supervlan [ supervlan-id ] [ | { begin Available in any super VLAN and its sub-VLANs | exclude | include } regular-expression ] view Super VLAN configuration example Network requirements...
Page 119
[Sysname-vlan3] port gigabitEthernet 4/1/3 gigabitEthernet 1/4 [Sysname-vlan3] quit # Create VLAN 5, and assign GigabitEthernet 4/1/5 and GigabitEthernet 4/1/6 to it. [Sysname] vlan 5 [Sysname-vlan5] port gigabitEthernet 4/1/5 gigabitEthernet 4/1/6 [Sysname-vlan5] quit # Configure VLAN 10 as the super VLAN, and configure VLAN 2, VLAN 3, and VLAN 5 as its sub-VLANs.
Page 120
VLAN ID: 5 VLAN Type: static It is a Sub VLAN. Route Interface: not configured Description: VLAN 0005 Name: VLAN 0005 Tagged Ports: none Untagged Ports: GigabitEthernet4/1/5 GigabitEthernet4/1/6...
Isolate-user-VLAN configuration This feature is available on only a SAP interface card working in bridge mode. An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, two types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same router. The following are the characteristics of the isolate-user-VLAN implementation: •...
To configure an isolate-user-VLAN: To do... Use the command Remarks Enter system view system-view — Create a VLAN and enter VLAN vlan vlan-id — view Configure the VLAN as an isolate-user-vlan enable Required. isolate-user-VLAN Return to system view quit — Assign access or hybrid ports to the isolate-user-VLAN and ensure For the configuration...
Isolate-user-VLAN configuration example Network requirements As shown in Figure • Connect Router A to downstream routers Router B and Router C. Configure VLAN 5 on Router B as an isolate-user-VLAN, assign the uplink port GigabitEthernet • 4/1/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3. Assign GigabitEthernet 4/1/2 to VLAN 2 and GigabitEthernet 4/1/1 to VLAN 3.
Page 124
Configure Router C # Configure the isolate-user-VLAN. <RouterC> system-view [RouterC] vlan 6 [RouterC-vlan6] isolate-user-vlan enable [RouterC-vlan6] port gigabitEthernet 4/1/5 [RouterC-vlan6] quit # Configure the secondary VLANs. [RouterC] vlan 3 [RouterC-vlan3] port gigabitEthernet 4/1/3 [RouterC-vlan3] quit [RouterC] vlan 4 [RouterC-vlan4] port gigabitEthernet 1/4 # Associate the isolate-user-VLAN with the secondary VLANs.
Voice VLAN configuration This feature is available on only a SAP interface card working in bridge mode. As voice communication technologies grow more mature, voice devices are more and more widely deployed, especially on broadband networks, where voice traffic and data traffic often co-exist. Usually, compared to data traffic, voice traffic is given a higher transmission priority for the purpose of reducing transmission delay and packet loss.
Voice VLAN assignment modes CAUTION: • If an IP phone sends tagged voice traffic and its accessing port is configured with 802.1X authentication and guest VLAN, you should assign different VLAN IDs for the voice VLAN, the default VLAN of the connecting port, and the 802.1X guest VLAN.
Page 128
Figure 40 Only IP phones access the network Both modes forward tagged packets according to their tags. Table 16 Table 17 list the required configurations on ports of different link types in order for these ports to support tagged or untagged voice traffic sent from IP phones when different voice VLAN assignment modes are configured.
In a safe network, configure the voice VLANs to operate in normal mode, reducing the consumption of system resources due to source MAC addresses checking. TIP: HP does not recommend you transmit both voice traffic and non-voice traffic in a voice VLAN. If you have to, ensure that the voice VLAN security mode is disabled.
Table 18 How a voice VLAN-enabled port processes packets in security/normal mode Voice VLAN Packet type Packet processing mode mode Untagged packets If the source MAC address of a packet matches an OUI address configured for the router, it is forwarded in the voice Packets carrying the VLAN.
To configure QoS priority settings for voice traffic: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Configure the interface to trust Required. the QoS priority settings in Use either command. incoming voice traffic, but not voice vlan qos trust By default, an interface modifies the...
To do... Use the command... Remarks Optional. By default, automatic voice VLAN Configure the port to operate assignment mode is enabled. in automatic voice VLAN voice vlan mode auto The voice VLAN assignment assignment mode modes on different ports are independent of one another.
To do... Use the command... Remarks Enable voice VLAN on the voice vlan vlan-id enable Required. port Configure different voice VLANs on different ports at the same time. However, one port can be configured with only one voice VLAN, and this voice VLAN must be a static VLAN that already exists on the router.
Page 134
Figure 41 Network diagram for automatic voice VLAN assignment mode configuration Configuration procedure # Create VLAN 2 and VLAN 3. <RouterA> system-view [RouterA] vlan 2 to 3 Please wait... Done. # Set the voice VLAN aging time to 30 minutes. [RouterA] voice vlan aging 30 # Since GigabitEthernet 4/1/1 may receive both voice traffic and data traffic at the same time, to ensure the quality of voice packets and effective bandwidth use, configure voice VLANs to work in security mode.
Page 136
Figure 42 Network diagram for manual voice VLAN assignment mode configuration Router A Router B Internet GE4/1/1 GE4/2/1 VLAN 2 0755-2002 010-1001 OUI: 0011-2200-0000 Mask: ffff-ff00-0000 Configuration procedure # Configure the voice VLAN to operate in security mode. A voice VLAN operates in security mode by default (optional).
Page 137
# Display the current voice VLAN state. <RouterA> display voice vlan state Maximum of Voice VLANs: 16 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE -----------------------------------------------...
GVRP configuration This feature is available on only a SAP interface card working in bridge mode. The GARP provides a generic framework for devices in a switched LAN, such as end stations and switches, to register and deregister attribute values. The GVRP is a GARP application that registers and deregisters VLAN attributes.
Page 139
Join message. GARP timers HP's implementation of GARP uses four timers to control GARP message transmission: The settings of GARP timers apply to all GARP applications, such as GVRP, on a LAN.
Page 140
LeaveAll timer When a GARP application is enabled, a LeaveAll timer starts. The GARP participant sends a LeaveAll message when the timer expires. Then, the LeaveAll timer restarts to begin a new cycle. The LeaveAll timer and all other GARP timers also restart when the GARP participant receives a LeaveAll message. Set the LeaveAll timer greater than the Leave timer.
Field Description Value Length of an attribute, inclusive of Attribute length 2 to 255 (in bytes) the attribute length field • 0x00: LeaveAll event • 0x01: JoinEmpty event • 0x02: JoinIn event Attribute event Event described by the attribute • 0x03: LeaveEmpty event •...
GVRP configuration task list Complete these tasks to configure GVRP: Task Remarks Configuring GVRP functions Required Configuring the garp timers Optional GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes effect on the current interface only. GVRP configuration made in port group view takes effect on all member ports in the group.
GVRP can run on only the MSTP CIST, and the blocked ports on the CIST cannot receive/send GVRP packets. Do not enable both GVRP and remote port mirroring. Otherwise, GVRP may register the remote probe VLAN to unexpected ports, resulting in undesired duplicates to be received by the monitor port. For more information about port mirroring, see Network Management and Monitoring Configuration Guide.
Table 20 Dependencies of the GARP timers Timer Lower limit Upper limit No greater than half of the Join Hold 10 centiseconds timer No less than two times the Hold Join Less than half of the Leave timer timer Greater than two times the Join Leave Less than the LeaveAll timer timer...
GVRP configuration examples GVRP normal registration mode configuration example Network requirements As shown in Figure Router A and Router B are connected through their GigabitEthernet 3/0/1 ports. • Enable GVRP and configure the normal registration mode on ports to enable the registration and •...
[RouterB-vlan3] quit Verify the configuration Use the display gvrp local-vlan command to display the local VLAN information maintained by GVRP on ports. For example: # Display the local VLAN information maintained by GVRP on port GigabitEthernet 3/0/1 of Router A. [RouterA] display gvrp local-vlan interface gigabitEthernet 3/0/1 Following VLANs exist in GVRP local database: 1(default),2-3...
[RouterA] vlan 2 [RouterA-vlan2] quit Configure Router B # Enable GVRP globally. <RouterB> system-view [RouterB] gvrp # Configure port GigabitEthernet 3/0/1 as a trunk port, and assign it to all VLANs. [RouterB] interface gigabitEthernet 3/0/1 [RouterB-GigabitEthernet3/0/1] port link-type trunk [RouterB-GigabitEthernet3/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 3/0/1, and set the GVRP registration mode to fixed on the port.
Page 148
Figure 47 Network diagram for GVRP forbidden registration mode configuration Configuration procedure Configure Router A # Enable GVRP globally. <RouterA> system-view [RouterA] gvrp # Configure port GigabitEthernet 3/0/1 as a trunk port, and assign it to all VLANs. [RouterA] interface gigabitEthernet 3/0/1 [RouterA-GigabitEthernet3/0/1] port link-type trunk [RouterA-GigabitEthernet3/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 3/0/1, and set the GVRP registration mode to forbidden on the port.
Page 149
According to the output, information about VLAN 1 is registered through GVRP, but static VLAN information of VLAN 2 on the local router and dynamic VLAN information of VLAN 3 on Router B are not. # Display the local VLAN information maintained by GVRP on port GigabitEthernet 3/0/1 of Router B. [RouterB] display gvrp local-vlan interface gigabitEthernet 3/0/1 Following VLANs exist in GVRP local database: 1(default)
QinQ configuration The SAP cards support the feature only when they work in Layer 2 mode. Throughout this document, CVLANs, also called inner VLANs, refer to the VLANs that a customer uses on the private network; and SVLANs, also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.
VLAN tag The default MTU of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. HP recommends you to increase the MTU of each interface on the service provider network to at least 1504 bytes. For...
Implementations of QinQ HP provides the following QinQ implementations: basic QinQ and selective QinQ. Basic QinQ Basic QinQ enables a port to tag any incoming frames with its default VLAN tag, regardless of whether they have been tagged or not. If an incoming frame has been tagged, it becomes a double-tagged frame.
Table 21 Reserved protocol type values Protocol type Value 0x0806 0x0200 RARP 0x8035 0x0800 IPv6 0x86DD PPPoE 0x8863/0x8864 MPLS 0x8847/0x8848 IPX/SPX 0x8137 IS-IS 0x8000 LACP 0x8809 802.1X 0x888E Cluster 0x88A7 Reserved 0xFFFD/0xFFFE/0xFFFF Protocols and standards IEEE 802.1Q: IEEE standard for local and metropolitan area networks: Virtual Bridged Local Area Networks QinQ configuration task list Complete the follows tasks to configure QinQ:...
Do not configure QinQ on a reflector port. For more information about reflector ports, see Network Management and Monitoring Configuration Guide. Configuring basic QinQ Enabling basic QinQ A basic QinQ-enabled port tags an incoming packet with its default VLAN tag. To enable basic QinQ: To do...
VLAN tags based on different inner VLAN tags. The selective QinQ feature of the A6600 routers is achieved through QoS policies. To enable the router to tag tagged packets based on inner VLAN tags, follow these steps: Configure a class to match packets with certain tags.
Configuring an inner-outer VLAN 802.1p priority mapping The A6600 routers can mark the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p priorities in the inner VLAN tags through QoS policies: To mark the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p priorities in the inner VLAN tags: To do...
To do... Use the command... Remarks Associate the traffic class with classifier classifier-name behavior the traffic behavior defined Required. behavior-name earlier Return to system view quit — Enter Enter Ethernet interface interface-type Ethernet interface view interface-number interface view or port Required.
To do... Use the command... Remarks Enter Ethernet interface view Enter Ethernet interface interface-type or port group interface view interface-number Required. view of the Use either command. customer Enter port group port-group manual network-side view port-group-name port Apply the QoS policy to the qos apply policy policy-name Required.
QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure • The two branches of Company A, Site 1 and Site 2, are connected through the service provider network and use CVLANs 10 through 70. The two branches of Company B, Site 3 and Site 4, are connected through the service provider network and use CVLANs 30 through 90.
Page 160
# Configure VLAN 100 as the default VLAN ID for the port. [PE1-GigabitEthernet4/1/1] port trunk pvid vlan 100 # Enable basic QinQ on the port. [PE1-GigabitEthernet4/1/1] qinq enable [PE1-GigabitEthernet4/1/1] quit • Configure GigabitEthernet 4/1/2. # Configure GigabitEthernet 4/1/2 as a trunk port and assign it to VLAN 100 and VLAN 200. [PE1] interface gigabitethernet 4/1/2 [PE1-GigabitEthernet4/1/2] port link-type trunk [PE1-GigabitEthernet4/1/2] port trunk permit vlan 100 200...
[PE2-GigabitEthernet4/1/2] qinq ethernet-type 8200 [PE2-GigabitEthernet4/1/2] quit Configure GigabitEthernet 4/1/3. • # Configure GigabitEthernet 4/1/3 as a trunk port and assign it to VLAN 100 and VLANs 10 through [PE2] interface gigabitethernet 4/1/3 [PE2-GigabitEthernet4/1/3] port link-type trunk [PE2-GigabitEthernet4/1/3] port trunk permit vlan 100 10 to 70 # Configure VLAN 100 as the default VLAN ID for the port.
Page 162
Figure 52 Network diagram for selective QinQ configuration Configuration procedure Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configuration on PE A # Enter system view. <PEA> system-view •...
Page 163
# Create a class A20 to match frames of VLAN 20 of CE A. [PEA] traffic classifier A20 [PEA-classifier-A20] if-match customer-vlan-id 20 [PEA-classifier-A20] quit # Create a traffic behavior P2000 and configure the action of tagging frames with the outer VLAN tag 2000 for the traffic behavior.
# To enable interoperability with the third-party devices in the public network, set the TPID of the service provider network VLAN tags to 0x8200. The port tags the received frames with the outer VLAN tag whose TPID is 0x8200. [PEB-GigabitEthernet2/0/1] qinq ethernet-type service-tag 8200 [PEB-GigabitEthernet2/0/1] quit Configuration on GigabitEthernet 2/0/2 •...
Page 165
Figure 53 Network diagram for VLAN transparent transmission configuration Configuration procedure Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configuration on PE 1 Configure GigabitEthernet 4/1/1. • # Configure GigabitEthernet 4/1/1 as a trunk port and assign it to VLANs 10 through 50. <PE1>...
Page 166
[PE2-GigabitEthernet4/1/1] port trunk permit vlan 10 to 50 # Enable basic QinQ on the port. [PE2-GigabitEthernet4/1/1] qinq enable # Configure the port to transparently transmit frames from VLANs 10 through 50. [PE2-GigabitEthernet4/1/1] qinq transparent-vlan 10 to 50 [PE2-GigabitEthernet4/1/1] quit Configure GigabitEthernet 4/1/2. •...
VLAN termination configuration The SAP cards support the feature only when they work in Layer 2 mode. VLAN termination refers to the following packet processing procedure: A port receives a VLAN-tagged packet, removes its VLAN tags and then forwards it via Layer 3 or •...
Page 168
Figure 54 VLAN termination for inter-VLAN communication (through VLAN interfaces) Figure 55 VLAN termination for inter-VLAN communication (through Layer 3 Ethernet subinterfaces) Router GE4/1/1.2: 1.1.1.1/24 GE4/1/2.3: 1.1.2.1/24 Layer 3 Ethernet interface Layer 3 Ethernet interface GE 4/1/1 GE 4/1/2 VLAN 3 VLAN 2 L2 Switch A L2 Switch B...
Figure 58 Compare the structure of a Dot1q packet and that of a QinQ packet 6 bytes 6 bytes 4 bytes 2 bytes 46-1500 bytes 4 bytes User Type DATA VLAN Tag Dot1q packet structure 6 bytes 6 bytes 4 bytes 4 bytes 2 bytes 46-1500 bytes...
To configure VLAN termination on Layer 3 Ethernet/aggregate subinterfaces, set the TPID value in the outer VLAN tag with the following steps: To do… Use the command… Remarks Enter system view system-view — Enter Layer Required. 3 Ethernet interface interface-type interface interface-number Use either command.
To do… Use the command… Remarks Required. By default, an ambiguous Enable the ambiguous Dot1q/QinQ Dot1q/QinQ termination-enabled Layer 3 vlan-termination broadcast termination-enabled Layer 3 Ethernet/aggregate subinterface to enable Ethernet/aggregate transmit broadcasts and multicasts subinterface does not transmit broadcasts and multicasts. Configuring Dot1q termination Based on the range of VLAN IDs in the VLAN-tagged packets that can be terminated by a Layer 3 Ethernet subinterface, Dot1q termination falls into two categories:...
Page 173
• The IP addresses of subinterfaces GigabitEthernet 4/2/1.10, GigabitEthernet 4/2/1.20, GigabitEthernet 4/1/1.10, GigabitEthernet 4/1/1.20 are 1.0.0.1/8, 2.0.0.1/8, 3.0.0.1/8 and 4.0.0.1/8, respectively. Host A can communicate with Host B, and Host C can communicate with Host D. The hosts that are •...
[L2_SwitchA-Ethernet1/1] port link-type trunk [L2_SwitchA-Ethernet1/1] port trunk permit vlan 10 20 Please wait... Done. Configure Layer 2 Switch B as you configure Layer 2 Switch A. Configure the router. # Create GigabitEthernet 4/2/1.10, GigabitEthernet 4/2/1.20, GigabitEthernet 4/1/1.10, GigabitEthernet 4/1/1.20 and enter subinterface view, and then assign IP addresses for them. Configure GigabitEthernet 4/2/1.10 and GigabitEthernet 4/1/1.10 to terminate packets tagged with VLAN 10, and configure GigabitEthernet 4/2/1.20 and GigabitEthernet 4/1/1.20 to terminate packets tagged with VLAN 20.
Ambiguous Dot1q termination configuration examples Network requirements As shown in Figure 60, Host A, Host B, and Host C are connected to Switch A, and the server group is connected to Switch B. Host A, Host B, and Host C belong to VLAN 11, VLAN 12 and VLAN 13, respectively.
Configure the router. # Create GigabitEthernet 4/0/1.10 and enter subinterface view. Assign an IP address to GigabitEthernet 4/0/1.10. Enable Dot1q termination on GigabitEthernet 4/0/1.10, and configure GigabitEthernet 4/0/1.10 to terminate dot1q packets tagged with a VLAN ID 11, 12, or 13. <Router>...
Configuring QinQ termination Based on the range of VLAN IDs in the VLAN-tagged packets that can be terminated by a subinterface, QinQ termination falls into the following two categories: Unambiguous QinQ termination, which terminates QinQ packets with the specified inner VLAN ID •...
Page 178
Figure 62 Network diagram for unambiguous QinQ termination configuration Configuration procedure Configure Host A and Host B. Configure Host A’s IP address as 1.1.1.1/24, and gateway IP address as 1.1.1.11/24. • Configure Host B’s IP address as 1.1.2.1/24, and gateway IP address as 1.1.2.11/24. •...
Configure the router. # Create GigabitEthernet 1/0/1.10 and enter subinterface view. Assign an IP address to GigabitEthernet 1/0/1.10. Enable QinQ termination on GigabitEthernet 1/0/1.10, and configure GigabitEthernet 1/0/1.10 to terminate the QinQ packets whose inner VLAN ID is 11 and outer VLAN ID is 100.
Ambiguous QinQ termination configuration example Network requirements As shown in Figure 63, Host A, Host B and Host C are connected to Switch A and they belong to VLAN 11, VLAN 12, and VLAN 13, respectively. The server group is connected to Switch C. QinQ is enabled on Switch B.
Configuration example for QinQ termination supporting PPPoE server Network requirements As shown in Figure 64, Host A, Host B, and Host C are connected to Switch A and they belong to VLAN 11, VLAN 12, and VLAN 13, respectively. QinQ is enabled on Switch B. Host A, Host B, and Host C need to dial up to the Internet.
Page 182
The expected results after the configuration are: • DHCP relay agent Provider A receives double-tagged packets sent from DHCP clients, terminates these QinQ packets by removing their inner and outer VLAN tags, and forwards the packets to DHCP server Provider B via the service provider network. DHCP client A and client B can apply for IP addresses and related network configuration parameters •...
Page 183
# Assign an IP address to GigabitEthernet 1/0/1.100. [ProviderA-GigabitEthernet1/0/1.100] ip address 192.168.1.1 24 [ProviderA-GigabitEthernet1/0/1.100] quit # Assign an IP address to the interface connecting to the DHCP server. [ProviderA] interface serial 2/0/1 [ProviderA-Serial2/0/1] ip address 10.1.1.1 24 Configure DHCP server Provider B. # Assign an IP address to the DHCP server.
Page 184
Configure Switch B. # Add Ethernet 1/2 to VLAN 20. <SwitchB> system-view [SwitchB] vlan 20 [SwitchB-vlan20] port ethernet 1/2 [SwitchB-vlan20] quit # Configure Ethernet 1/1 as a trunk port and assign it to VLAN 20. [SwitchB] interface ethernet 1/1 [SwitchB-Ethernet1/1] port link-type trunk [SwitchB-Ethernet1/1] port trunk permit vlan 20 Configure Switch C.
VLAN mapping configuration The SAP cards support the feature only when they work in Layer 2 mode. VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP provides the following types of VLAN mapping: One-to-one VLAN mapping—Replaces one VLAN tag with another. Use one-to-one VLAN mapping •...
Application scenario of one-to-one VLAN mapping Figure 66 shows a typical application scenario in which each department gateway uses different VLANs to transmit the PC, VoD, and VoIP services. Figure 66 Application scenario of one-to-one VLAN mapping To further sub-classify each type of traffic, configure one-to-one VLAN mappings on the wiring-closet routers, assigning a separate VLAN for each type of traffic from different departments.
Application scenario of one-to-two and two-to-two VLAN mapping Figure 67 shows a typical application scenario in which two remote sites of VPN A, Site 1 and Site 2, must communicate across two SP networks, SP 1 and SP 2. Figure 67 Application scenario of one-to-two and two-to-two VLAN mapping One-to-two VLAN One-to-two VLAN Two-to-two VLAN...
Concepts and terms Figure 68 shows a simplified network to help explain the concepts and terms that you may encounter when working with VLAN mapping. Figure 68 Basic concepts of VLAN mapping Network-side port Customer-side port Uplink traffic Downlink traffic Uplink traffic: Traffic transmitted from the customer network to the service provider network.
VLAN mapping implementations One-to-one VLAN mapping Implement one-to-one VLAN mapping on the customer-side port through the following configurations, as shown in Figure Apply an uplink policy to the incoming traffic, mapping each CVLAN ID to a unique SVLAN ID. • When a packet arrives, the switch replaces its CVLAN ID with the matching SVLAN ID.
Two-to-two VLAN mapping Implement two-to-two VLAN mapping through the following configurations, as shown in Figure For uplink traffic, apply an inbound policy on the customer-side port to replace the SVLAN with a • new SVLAN, and apply an outbound policy on the network-side port to replace the CVLAN with a new CVLAN.
Page 191
Configuration prerequisites Create CVLANs and SVLANs, and plan CVLAN-SVLAN mappings. Configuring an uplink policy To configure an uplink policy to map each CVLAN to a unique SVLAN: To do... Use the command... Remarks Enter system view system-view — Create a class and enter class traffic classifier tcl-name [ operator { and | Required.
Page 192
To do... Use the command... Remarks Required. Associate the class with the Repeat these steps to behavior to map the SVLAN classifier tcl-name behavior behavior-name create other to the CVLAN CVLAN-to-SVLAN mappings. Configuring the customer-side port To configure the customer-side port: To do...
Configuring one-to-two VLAN mapping Perform one-to-two VLAN mapping on the edge devices from which customer traffic enters SP networks, on PE 1 and PE 4 in Figure 67 for example. One-to-two VLAN mapping enables the edge devices to insert an outer VLAN tag to each incoming packet. Perform these tasks to configure one-to-two VLAN mapping: Task Description...
Configuring the customer-side port To configure the customer-side port: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Required. Configure the port as a hybrid port port link-type hybrid The default link type of an Ethernet port is access.
Page 195
Perform these tasks to configure two-to-two VLAN mapping: Task Description Configuring an uplink policy for the Replaces foreign SVLANs with local SVLANs for uplink traffic customer-side port (required). Configuring an uplink policy for the Replaces foreign CVLANs with local CVLANs for uplink traffic network-side port (required).
Page 196
Configuring an uplink policy for the network-side port The uplink policy on the network-side port modifies the CVLAN ID of incoming traffic. To configure an uplink policy for the network-side port: To do... Use the command... Remarks Enter system view system-view —...
Page 197
To do... Use the command... Remarks CVLAN and SVLAN pair. Configure an SVLAN marking action to replace the local SVLAN remark service-vlan-id vlan-id ID with a foreign SVLAN ID Return to system view quit Create a QoS policy and enter qos policy policy-name Required.
To do... Use the command... Remarks Apply the uplink policy for the qos apply policy policy-name network-side port to the outgoing Required. outbound traffic VLAN mapping configuration examples One-to-one VLAN mapping configuration example Network requirements As shown in Figure An enterprise offers each department with PC, VoD, and VoIP services. Each department connects to •...
Page 199
Figure 72 Network diagram for one-to-one VLAN mapping configuration Configuration procedure Configuring Router A # Create the CVLANs and the SVLANs. <RouterA> system-view [RouterA] vlan 2 to 3 [RouterA] vlan 101 to 102 [RouterA] vlan 201 to 202 [RouterA] vlan 301 to 302 # Configure uplink policies p1 and p2 to enable one SVLAN to transmit one service for one customer.
Configuring Router B Configure Router B in the same procedure as on Router A. One-to-two and two-to-two VLAN mapping configuration example Network requirements As shown in Figure Two VPN A branches, Site 1 and Site 2, are in VLAN 10 and VLAN 30, respectively. The two site •...
Page 203
[PE1-GigabitEthernet4/1/1] port link-type hybrid [PE1-GigabitEthernet4/1/1] port hybrid vlan 100 untagged [PE1-GigabitEthernet4/1/1] qinq enable [PE1-GigabitEthernet4/1/1] qos apply policy test inbound [PE1-GigabitEthernet4/1/1] quit # Configure network-side port GigabitEthernet 4/1/2 as a trunk port, and assign it to VLAN 100. [PE1] interface gigabitethernet 4/1/2 [PE1-GigabitEthernet4/1/2] port link-type trunk [PE1-GigabitEthernet4/1/2] port trunk permit vlan 100 Configuring PE 2...
Page 204
[PE3-qospolicy-down_downlink] quit # Configure an uplink policy up_uplink for network-side port GigabitEthernet 4/1/2 to substitute CVLAN 30 for the CVLAN ID of the outgoing traffic tagged with CVLAN 10 and SVLAN 200. [PE3] traffic classifier up_uplink [PE3-classifier-up_uplink] if-match customer-vlan-id 10 [PE3-classifier-up_uplink] if-match service-vlan-id 200 [PE3-classifier-up_uplink] quit [PE3] traffic behavior up_uplink...
Page 205
# Configure port GigabitEthernet 4/1/2 as a hybrid port, and assign it to VLAN 200 as un untagged member, so the port forwards VLAN 200 traffic with the VLAN tag removed. Enable basic QinQ, and apply uplink policy test to the incoming traffic on the port. [PE4] interface gigabitethernet 4/1/2 [PE4-GigabitEthernet4/1/2] port link-type hybrid [PE4-GigabitEthernet4/1/2] port hybrid vlan 200 untagged...
LLDP configuration In a heterogeneous network, it is important that different types of network devices from different vendors can discover one another and exchange configuration for interoperability and management sake. A standard configuration exchange platform was created. The IETF drafted the LLDP in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 207
Field Description Frame check sequence, a 32-bit CRC value used to determine the validity of the received Ethernet frame SNAP-encapsulated LLDPDU format Figure 75 SNAP-encapsulated LLDPDU format Destination MAC address Source MAC address Type Data = LLDPU (n bytes) The fields in the frame are described in Table Table 24 Description of the fields in a SNAP-encapsulated LLDPDU Field...
Page 208
Textual name of any VLAN to which the port belongs. An LLDPDU can carry VLAN Name multiple different TLVs of this type. Indicates protocols supported on the port. An LLDPDU can carry multiple Protocol Identity different TLVs of this type. HP routers only support receiving protocol identity TLVs.
Page 209
The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. HP routers send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for VoIP, such as basic configuration, network policy configuration, and address and directory management.
Type Description Allows a network device to advertise the appropriate location Location Identification identifier information for a terminal device to use in the context of location-based applications. Management address The management address of a router is used by the network management system to identify and manage the router for topology maintenance and network management.
Protocols and standards IEEE 802.1AB-2005, Station and Media Access Control Connectivity Discovery • ANSI/TIA-1057, Link Layer Discovery Protocol for Media Endpoint Devices • DCB Capability Exchange Protocol Specification Rev 1.0 • DCB Capability Exchange Protocol Base Specification Rev 1.01 • LLDP configuration task list Complete these tasks to configure LLDP: Task...
To do… Use the command… Remarks view or port port-group manual Enter port group view group port-group-name view Optional. Enable LLDP lldp enable By default, LLDP is enabled on a port. Setting the LLDP operating mode LLDP can operate in one of the following modes. •...
Enabling LLDP polling With LLDP polling enabled, a router checks for local configuration changes periodically. Upon detecting a configuration change, the router sends LLDPDUs to inform the neighboring devices of the change. To enable LLDP polling: To do… Use the command… Remarks Enter system view system-view...
To do… Use the command… Remarks Optional. lldp tlv-enable { basic-tlv { all | port-description | system-capability | By default, all types of system-description | system-name } | LLDP TLVs, except IEEE dot3-tlv { all | link-aggregation | 802.1 organizationally Configure the advertisable mac-physic | max-frame-size | power } | specific TLVs, network...
To do… Use the command… Remarks Optional. Configure the encoding format of lldp By default, the management the management address as management-address-format address is encapsulated in the character string string numeric format. Setting other LLDP parameters The Time To Live TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device.
To set the encapsulation format for LLDPDUs to SNAP: To do… Use the command… Remarks Enter system view system-view — Enter Enter Layer interface interface-type Ethernet 2/Layer 3 Ethernet interface-number Required. interface interface view view or Use either command. Enter port group port group port-group manual port-group-name view...
To enable LLDP to be compatible with CDP: To do… Use the command… Remarks Enter system view system-view — Required. Enable CDP compatibility lldp compliance cdp globally Disabled by default. Enter Enter Layer Ethernet 2/Layer 3 interface interface-type interface-number interface Ethernet interface Required.
To do… Use the command… Remarks display lldp neighbor-information [ brief | Display the information contained interface interface-type interface-number in the LLDP TLVs sent from [ brief ] | list [ system-name system-name ] ] Available in any view neighboring devices [ | { begin | exclude | include } regular-expression ] display lldp statistics [ global | interface...
Page 219
[RouterA-GigabitEthernet4/1/1] lldp enable [RouterA-GigabitEthernet4/1/1] lldp admin-status rx [RouterA-GigabitEthernet4/1/1] quit [RouterA] interface gigabitethernet 4/1/2 [RouterA-GigabitEthernet4/1/2] lldp enable [RouterA-GigabitEthernet4/1/2] lldp admin-status rx [RouterA-GigabitEthernet4/1/2] quit Configure Router B # Enable LLDP globally. <RouterB> system-view [RouterB] lldp enable # Enable LLDP on GigabitEthernet 4/1/1 (skip this step because LLDP is enabled on ports by default), and set the LLDP operating mode to Tx.
Page 220
Polling interval : 0s Number of neighbors: Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 3 As the sample output shows, GigabitEthernet 4/1/1 of Router A connects to a MED device, and GigabitEthernet 4/1/2 of Router A connects to a non-MED device.
As the sample output shows, GigabitEthernet 4/1/2 of Router A does not connect to any neighboring devices. CDP-compatible LLDP configuration example Network requirements As shown in Figure GigabitEthernet 4/1/1 and GigabitEthernet 4/1/2 of Router A are each connected to a Cisco IP •...
Page 222
[RouterA-GigabitEthernet4/1/1] quit [RouterA] interface gigabitethernet 4/1/2 [RouterA-GigabitEthernet4/1/2] lldp enable [RouterA-GigabitEthernet4/1/2] lldp admin-status txrx [RouterA-GigabitEthernet4/1/2] lldp compliance admin-status cdp txrx [RouterA-GigabitEthernet4/1/2] quit Verify the configuration # Display the neighbor information on Router A. [RouterA] display lldp neighbor-information CDP neighbor-information of port 1[GigabitEthernet4/1/1]: CDP neighbor index : 1 Chassis ID : SEP00141CBCDBFE...
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 225
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Index protocol in Layer 2 Ethernet interface view or port add a static or dynamic MAC address table entry on an interface, 3 group view, 84 add a static, dynamic, or blackhole MAC address PVST example, 86 table entry globally, 3 STP example, 85 BPDU tunneling configuration, 81 advertisable TLVs, 206...
Page 227
MTU of a Layer 3 aggregate interface or designated bridge and designated port, 42 destination multicast MAC address for BPDUs, 84 subinterface, 22 digest snooping, 69 network requirements, 26, 28, 30, 33, 34, 36 operational key, 12 digest snooping example, 70 reference port, 13 digest snooping feature, 69 disabling global MAC address learning, 3...
Page 228
displaying and maintaining, 210 GVRP registration modes, 134 GVRP task list, 135 enabling, 204 how a MAC address table entry is created, 1 enabling polling, 206 examples, 211 how GARP works, 131 how LLDP works, 203 how LLDP works, 203 how MAC information works, 8 LLDPDUs, 199, 200 how MSTP works, 53...
Page 229
MSTI calculation, 53 MAC address table-based frame forwarding, 2 MAC learning limit on ports, 5 MSTP, 49 manually configuring MAC address entries, 1 basic concepts, 50 basic concepts in STP, 41 modify a static or dynamic MAC address table BPDU forwarding mechanism in STP, 48 entry on an interface, 3 modify a static, dynamic, or blackhole MAC BPDU guard, 73...
Page 230
performing basic LLDP configuration, 204 ports as edge ports, 62 priority of a device, 58 performing mCheck, 68 protection functions, 72 performing mCheck globally, 68 performing mCheck in interface view, 68 protocol packets of STP, 41 port isolation protocols and standards, 54 regional root, 51 assigning a port to the isolation group, 39 roles of ports, 52...
Page 231
TLVs, 201 QinQ implementations, 145 QinQ task list, 146 TPID for VLAN-tagged packets, 162 QinQ termination, 170 TPID introduction, 162 TPID on Layer 3 Ethernet/aggregate subinterfaces, QoS priority settings for voice traffic on an interface, receiving LLDPDUs, 203 TPID value in VLAN tags, 151 reference port, 13 transmitting LLDPDUs, 203 two-to-two VLAN mapping, 183, 187...