Page 1 H3C SR8800 10G Core Routers Layer 2—LAN Switching Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: SR8800-CMW520-R3347 Document version: 6W103-20120224...
Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
Page 3 The H3C SR8800 documentation set includes 13 configuration guides, which describe the software features for the H3C SR8800 10G Core Routers and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 4 Layer 2 forwarding and other Layer 2 features. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your router. About the H3C SR8800 documentation set The H3C SR8800 documentation set includes: Category...
Page 5 Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents] –...
Page 6 Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
Page 7: Table Of Contents
Contents Configuring VLANs ······················································································································································ 1 Introduction to VLAN ························································································································································ 1 VLAN overview ························································································································································· 1 VLAN fundamentals·················································································································································· 2 VLAN types ······························································································································································· 3 Protocols and standards ·········································································································································· 3 Configuring basic VLAN settings····································································································································· 3 Configure basic settings of a VLAN interface ················································································································ 4 ...
Page 8 Configuring the spanning tree ······································································································································ 41 Setting the spanning tree mode ··························································································································· 41 Configuring an MST region ································································································································· 42 Configuring the root bridge or a secondary root bridge ·················································································· 43 Configuring the device priority ···························································································································· 44 ...
Page 9 Displaying and maintaining isolation groups ············································································································· 93 Port isolation configuration example···························································································································· 93 Configuring QinQ ······················································································································································ 95 Introduction to QinQ ······················································································································································ 95 Background and benefits ······································································································································ 95 How QinQ works ·················································································································································· 95 QinQ frame structure ············································································································································ 96 ...
Page 10 Configuration example for QinQ termination supporting DHCP relay ························································· 130 Configuring LLDP ····················································································································································· 133 Overview ······································································································································································· 133 Background ·························································································································································· 133 Basic concepts ····················································································································································· 133 How LLDP works ·················································································································································· 137 Protocols and standards ····································································································································· 137 ...
Page 11: Configuring Vlans
Configuring VLANs Introduction to VLAN VLAN overview Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) mechanism. As the medium is shared in an Ethernet, network performance may degrade as the number of hosts on the network is increasing. If the number of the hosts in the network reaches a certain level, problems caused by collisions, broadcasts, and so on emerge, which may cause the network to malfunction.
Page 12: Vlan Fundamentals
VLAN fundamentals To enable a network device to identify frames of different VLANs, a VLAN tag field is inserted into the data link layer encapsulation. The format of VLAN-tagged frames is defined in IEEE 802.1Q issued by the Institute of Electrical and Electronics Engineers (IEEE) in 1999.
Page 13: Vlan Types
NOTE: The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, other • encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw, are also supported by Ethernet. The VLAN tag fields are also added to frames encapsulated in these formats for VLAN identification.
Page 14: Configure Basic Settings Of A Vlan Interface
Configure basic settings of a VLAN interface VLAN interface overview For hosts of different VLANs to communicate, you must use a router or Layer 3 switch to perform layer 3 forwarding. To achieve this, VLAN interfaces are used. VLAN interfaces are Layer 3 virtual interfaces used for Layer 3 interoperability between different VLANs. Each VLAN corresponds to one VLAN interface.
Page 15: Vlan Interface Configuration Example
VLAN interface configuration example Network requirements As shown in Figure 4, PC A is assigned to VLAN 5. PC B is assigned to VLAN 10. The PCs belong to different IP subnets and cannot communicate with each other. Configure VLAN interfaces on Router A and configure the PCs to enable Layer 3 communication between the PCs.
Page 16: Configuring Port-Based Vlans
<RouterA> display ip interface brief *down: administratively down (s): spoofing Interface Physical Protocol IP Address Description Vlan5 192.168.0.10 Vlan-inte... Vlan10 192.168.1.20 Vlan-inte... Configuring port-based VLANs Introduction to port-based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN.
Page 17 Figure 5 Port link types PVID You can configure a port VLAN (PVID) for a port. By default, VLAN 1 is the PVID for all ports. An access port can join only one VLAN. The VLAN to which the access port belongs is the PVID of •...
Page 18: Assigning An Access Port To A Vlan
Actions (in the inbound direction) Actions (in the outbound Port type direction) Untagged frame Tagged frame • Remove the tag and send the frame if the frame carries the PVID tag and the port belongs to the PVID. Trunk • Send the frame without removing the tag if its VLAN Check whether the PVID...
Page 19: Assigning A Trunk Port To A Vlan
Step Command Remarks • Enter Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter interface view or port Use any one of the commands. group view. • Enter Layer 2 virtual Ethernet interface view: interface ve-bridge interface-number...
Page 20: Assigning A Hybrid Port To A Vlan
Step Command Remarks • Enter Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter interface view or port Use any one of the commands. group view. • Enter Layer 2 virtual Ethernet interface view: interface ve-bridge interface-number...
Page 21: Port-Based Vlan Configuration Example
Step Command Remarks • Enter Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Enter interface view or port Use any one of the commands. group view. • Enter Layer 2 virtual Ethernet interface view: interface ve-bridge interface-number...
Page 22 Figure 6 Network diagram Configuration procedure Configure Device A: # Create VLAN 100, and assign port GigabitEthernet 3/1/1 to VLAN 100. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] port gigabitEthernet 3/1/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign port GigabitEthernet 3/1/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port gigabitEthernet 3/1/2 [DeviceA-vlan200] quit...
Page 23: Mac-Based Vlan Configuration
Tagged Ports: GigabitEthernet3/1/3 Untagged Ports: GigabitEthernet3/1/1 [DeviceA-GigabitEthernet3/1/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not configured Description: VLAN 0200 Name: VLAN 0200 Broadcast MAX-ratio: 100% Tagged Ports: GigabitEthernet3/1/3 Untagged Ports: GigabitEthernet3/1/2 MAC-based VLAN configuration Introduction to MAC-based VLAN The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses.
Page 24: Configuring A Mac-Based Vlan
MAC-based VLAN on the router, you must configure the MAC address-to-VLAN entries on the access authentication server. When a user passes authentication of the access authentication server, the router obtains VLAN information from the server, generates a MAC address-to-VLAN entry by using the source MAC address of the user packet and the VLAN information, and assigns the port to the MAC-based VLAN.
Page 25: Mac-Based Vlan Configuration Example
Step Command Remarks • Enter Ethernet interface view: interface interface-type interface-number Enter Ethernet interface view Use either command. or port group view. • Enter port group view: port-group manual port-group-name Configure the link type of the port link-type hybrid port(s) as hybrid. Configure the hybrid port(s) to By default, a hybrid port only permit packets from specific...
Page 26 Figure 7 Network diagram Configuration consideration • Create VLANs 100 and 200. Configure the uplink ports of Device A and Device C as trunk ports, and assign them to VLANs 100 • and 200. • Configure the downlink ports of Device B as trunk ports, and assign them to VLANs 100 and 200. Assign the uplink ports of Device B to VLANs 100 and 200.
Page 27 Please wait... Done. [DeviceA-GigabitEthernet3/1/1] mac-vlan enable [DeviceA-GigabitEthernet3/1/1] quit # Configure the uplink port GigabitEthernet 3/1/2 as a trunk port, and assign it to VLANs 100 and 200, so that the laptops can access Server 1 and Server 2. [DeviceA] interface GigabitEthernet 3/1/2 [DeviceA-GigabitEthernet3/1/2] port link-type trunk [DeviceA-GigabitEthernet3/1/2] port trunk permit vlan 100 200 [DeviceA-GigabitEthernet3/1/2] quit...
Page 28: Displaying And Maintaining Vlans
Configuration guidelines MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is typically configured on the downlink ports of access layer devices, and hence cannot be configured together with the link aggregation function. Displaying and maintaining VLANs Task Command Remarks display vlan [ vlan-id1 [ to vlan-id2 ] | all |...
Page 29: Mac Address Table Configuration
MAC address table configuration NOTE: MAC address table configuration applies only to Layer 2 Ethernet ports, Layer 2 virtual Ethernet (VE) • interfaces, and Layer 2 aggregate interfaces. This document covers only the configuration of unicast MAC address table entries, including static, •...
Page 30: Types Of Mac Address Table Entries
Manually configuring MAC address entries With dynamic MAC address learning, a router does not distinguish illegitimate frames from legitimate frames. This causes security hazards. For example, if a hacker sends frames with a forged source MAC address to a port different from the one where the real MAC address is connected, the router will create an entry for the forged MAC address, and will forward frames destined for the legal user to the hacker instead.
Page 31: Disabling Mac Address Learning
Add or modify a static, dynamic, or blackhole MAC address table entry globally To add or modify a static, dynamic, or blackhole MAC address table entry in system view: Step Command Remarks Enter system view. system-view mac-address { dynamic | static } Add or modify a dynamic or mac-address interface Use either command.
Page 32: Configuring The Aging Timer For Dynamic Mac Address Entries
Step Command Remarks • Enter Layer 2 Ethernet interface Use any command. view, Layer 2 VE interface view, The configuration you make in or Layer 2 aggregate interface Layer 2 Ethernet interface view, view: Layer 2 VE interface view, or Layer Enter interface view or port interface interface-type 2 aggregate interface view takes...
Page 33: Configuring The Mac Learning Limit
NOTE: The MAC address aging timer takes effect globally only on dynamic MAC address entries (learned or • administratively configured). You can reduce broadcasts on a stable network by disabling the aging timer to prevent dynamic entries • from unnecessarily aging out. By reducing broadcasts, you improve not only network performance, but also security, because the chances for a data packet to reach unintended destinations are reduced.
Page 34: Displaying And Maintaining Mac Address Tables
Step Command Remarks Configure the MAC leaning limit on the VLAN, and specify whether or not By default, the maximum number of mac-address frames with unknown source MAC source MAC addresses that can be max-mac-count { count | addresses can be forwarded in the learned on a VLAN is not disable-forwarding } VLAN when the MAC learning limit is...
Page 35 Figure 8 Network diagram Configuration procedure # Add a static MAC address entry. <Sysname> system-view [Sysname] mac-address static 000f-e235-dc71 interface GigabitEthernet 3/1/10 vlan 1 # Add a destination blackhole MAC address entry. [Sysname] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer for dynamic MAC address entries to 500 seconds. [Sysname] mac-address timer aging 500 # Display the MAC address entry for port GigabitEthernet 3/1/10.
Page 36: Configuring The Spanning Tree
Configuring the spanning tree As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the mean time, allows for link redundancy. STP evolves as the network grows. The later versions of STP are the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP).
Page 37: Basic Concepts In Stp
Basic concepts in STP Root bridge A tree network must have a root bridge. There is only one root bridge in the entire network. The root bridge is not fixed, but can change along with changes of the network topology. Upon initialization of a network, each router generates and sends out configuration BPDUs periodically with itself as the root bridge.
Page 38: Calculation Process Of The Stp Algorithm
Calculation process of the STP algorithm The STP algorithm uses the following calculation process: Initial state Upon initialization of a router, each port generates a BPDU with the router as the root bridge, in which the root path cost is 0, designated bridge ID is the device ID, and the designated port is the port itself.
Page 39 Step Actions The router compares the configuration BPDUs of all the ports and chooses the optimum configuration BPDU. NOTE: The following are the principles of configuration BPDU comparison: The configuration BPDU that has the lowest root bridge ID has the highest priority. •...
Page 40 NOTE: Table 4, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID. Comparison process and result on each device Table 5 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison...
Page 41 Configuration BPDU on Device Comparison process ports after comparison • Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}, finds that the received configuration BPDU is superior to its • existing configuration BPDU {2, 0, 2, Port C1}, and updates its Port C1: {0, 0, 0, Port configuration BPDU.
Page 42 Figure 11 Topology of the final calculated spanning tree NOTE: The spanning tree calculation process in this example is only simplified process. The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded following these guidelines: Upon network initiation, every router regards itself as the root bridge, generates configuration •...
Page 43: Rstp
The router sends hello packets at the hello time interval to the neighboring routers to make sure that the paths are fault-free. Max age • The router uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded.
Page 44: Mstp Basic Concepts
MSTP basic concepts Figure 12 shows a switched network that comprises four MST regions, each MST region comprising four MSTP devices. Figure 13 shows the networking topology of MST region 3. This section describes some basic concepts of MSTP. Figure 12 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1...
Page 45 MST region A multiple spanning tree region (MST region) consists of multiple routers in a switched network and the network segments among them. All these routers have the following characteristics: • A spanning tree protocol enabled Same region name • Same VLAN-to-instance mapping configuration •...
Page 46 For example, in MST region 3 in Figure 13, the regional root of MSTI 1 is Device B, the regional root of MSTI 2 is Device C, and the regional root of MSTI 0 (also known as the IST) is Device A. Common root bridge The common root bridge is the root bridge of the CIST.
Page 47: How Mstp Works
Boundary port—Connects an MST region to another MST region or to an STP/RSTP-running router. • In MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST. Port states In MSTP, a port may be in one of the following states: Forwarding—the port receives and sends BPDUs, learns MAC addresses, and forwards user traffic.
Page 48: Implementation Of Mstp On Routers
In MSTP, a VLAN packet is forwarded along the following paths: • Within an MST region, the packet is forwarded along the corresponding MSTI. Between two MST regions, the packet is forwarded along the CST. • Implementation of MSTP on routers MSTP is compatible with STP and RSTP.
Page 49 Task Remarks Configuring the maximum port rate Optional Configuring the mode a port uses to recognize/send Optional MSTP packets Enabling the spanning tree feature Required Required Setting the spanning tree mode Configure the router to work in STP-compatible mode. Configuring the device priority Optional Configuring the timeout factor Optional...
Page 50 Task Remarks Configuring the device priority Optional Configuring the timeout factor Optional Configuring the maximum port rate Optional Configuring edge ports Optional Configuring path costs of ports Optional Configuring the port priority Optional Configuring the port link type Optional Configuring the mode a port uses to recognize/send Optional MSTP packets Enabling the spanning tree feature...
Page 51: Configuring The Spanning Tree
Task Remarks Configuring the device priority Optional Configuring the timeout factor Optional Configuring the maximum port rate Optional Configuring edge ports Optional Configuring path costs of ports Optional Configuring the port priority Optional Configuring the port link type Optional Configuring the mode a port uses to recognize/send Optional MSTP packets Enabling the spanning tree feature...
Page 52: Configuring An Mst Region
STP-compatible mode—The router sends out STP BPDUs through all ports. • RSTP mode—The router sends out RSTP BPDUs through all ports, and ports that connect to STP • devices automatically transitions to the STP-compatible mode. MSTP mode—The router sends out MSTP BPDUs through all ports, and ports that connect to STP •...
Page 53: Configuring The Root Bridge Or A Secondary Root Bridge
NOTE: Two or more spanning tree devices belong to the same MST region only if they are configured to have • the same format selector (0 by default, not configurable), MST region name, MST region revision level, and the same VLAN-to-instance mapping entries in the MST region, and they are interconnected via a physical link.
Page 54: Configuring The Device Priority
Step Command Remarks • In STP/RSTP mode: Use one of the commands. stp root secondary Configure the current router as a By default, a router does not • In MSTP mode: secondary root bridge. function as a secondary root stp [ instance instance-id ] root bridge.
Page 55: Configuring The Network Diameter Of A Switched Network
Make this configuration on the root bridge only. All the routers other than the root bridge in the MST region use the maximum hop value set for the root bridge. To configure the maximum number of hops of an MST region: Step Command Remarks...
Page 56: Configuring The Timeout Factor
Max age ƒ 2 × (hello time + 1 second) H3C does not recommend you to manually set the spanning tree timers. Instead, you can specify the network diameter and let spanning tree protocols automatically calculate the timers based on the network diameter.
Page 57: Configuring The Maximum Port Rate
By setting an appropriate maximum port rate, you can limit the rate at which the port sends BPDUs and prevent spanning tree protocols from using excessive network resources when the network becomes instable. H3C recommends you to use the default setting. Configuring edge ports If a port directly connects to a user terminal rather than another router or a shared LAN segment, this port is regarded as an edge port.
Page 58: Configuring Path Costs Of Ports
Step Command Remarks • Enter Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use one of the commands. interface-number group view. • Enter port group view: port-group manual port-group-name Configure the current ports By default, all ports are stp edged-port enable as edge ports.
Page 59 Table 7 Mappings between the link speed and the path cost Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 65535 200,000,000 200,000 Single Port 2,000,000 2,000 Aggregate interface 1,000,000 1,800 containing 2 selected ports 10 Mbps Aggregate interface 666,666 1,600...
Page 60: Configuring The Port Priority
Step Command Remarks Enter system view. system-view • Enter Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use one of the commands. interface-number group view. • Enter port group view: port-group manual port-group-name •...
Page 61: Configuring The Port Link Type
You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that works • in full duplex mode. H3C recommends you to use the default setting and let the router to automatically detect the port link type.
Page 62: Configuring The Mode A Port Uses To Recognize/Send Mstp Packets
Configuring the mode a port uses to recognize/send MSTP packets A port can receive/send MSTP packets in the following formats: dot1s—802.1s-compliant standard format • legacy—Compatible format • By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets it will send based on the recognized format.
Page 63: Performing Mcheck
Step Command Remarks Enter system view. system-view By default, the spanning tree Enable the spanning tree feature stp enable globally. feature is disabled. • Enter Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port group Use either command.
Page 64: Configuring The Vlan Ignore Feature
Step Command Enter Ethernet interface view or Layer 2 aggregate interface interface-type interface-number interface view. Perform mCheck. stp mcheck NOTE: An mCheck operation takes effect on a router that operates in MSTP or RSTP mode. Configuring the VLAN Ignore feature Traffic of a VLAN on a complex network may be blocked by the spanning tree.
Page 65: Configuring Digest Snooping
To enable communication between an H3C router and a third-party device, enable the Digest Snooping feature on the port connecting the H3C router to the third-party device in the same MST region. NOTE: Before enabling Digest Snooping, make sure that associated devices of different vendors are connected...
Page 66 Configuring the Digest Snooping feature You can enable Digest Snooping only on the H3C router that is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping: Step Command Remarks Enter system view.
Page 67: Configuring No Agreement Check
Figure 17 Network diagram MST region Device C (Root bridge) Root port GE3/1/1 GE3/1/2 Designated port Blocked port Normal link GE3/1/1 GE3/1/1 Blocked link GE3/1/2 GE3/1/2 Device A Device B Configuration procedure # Enable Digest Snooping on GigabitEthernet 3/1/1 of Device A and enable global Digest Snooping on Device A.
Page 68 Figure 18 Rapid state transition of an MSTP designated port Figure 19 shows rapid state transition of an RSTP designated port. Figure 19 Rapid state transition of an RSTP designated port Upstream device Downstream device The root port blocks non-edge (1) Proposal for rapid transition ports, changes to the forwarding state, and sends an Agreement to...
Page 69: Configuring Protection Functions
Step Command Remarks Enter system view. system-view • Enter Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port group interface-number Use either command. view. • Enter port group view: port-group manual port-group-name By default, No Agreement Enable No Agreement Check.
Page 70 Enabling root guard NOTE: H3C recommends you to enable root guard. The root bridge and secondary root bridge of a spanning tree should be located in the same MST region. Especially for the CIST, the root bridge and secondary root bridge are put in a high-bandwidth core region during network design.
Page 71 Step Command Remarks Enter system view. system-view • Enter Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port group Use either command. interface-number view. • Enter port group view: port-group manual port-group-name By default, root guard is Enable the root guard function for stp root-protection the port(s).
Page 72: Displaying And Maintaining The Spanning Tree
The default setting is 6. router can perform every 10 seconds. NOTE: H3C does not recommend you disable this feature. Displaying and maintaining the spanning tree Task Command Remarks Display information about ports blocked...
Page 73: Mstp Configuration Example
Task Command Remarks Display the statistics of TC/TCN BPDUs display stp [ instance instance-id ] tc [ slot sent and received by all ports in the slot-number ] [ | { begin | exclude | Available in any view specified MSTI or all MSTIs. include } regular-expression ] display stp [ instance instance-id ] Display the spanning tree status and...
Page 74 Configuration procedure Configure VLANs and VLAN member ports. (Details not shown) Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, VLAN 10, VLAN 20, and VLAN 40 on Device C, and VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.
Page 75 <DeviceC> system-view [DeviceC] stp region-configuration [DeviceC-mst-region] region-name example [DeviceC-mst-region] instance 1 vlan 10 [DeviceC-mst-region] instance 3 vlan 30 [DeviceC-mst-region] instance 4 vlan 40 [DeviceC-mst-region] revision-level 0 # Activate MST region configuration. [DeviceC-mst-region] active region-configuration [DeviceC-mst-region] quit # Specify the current device as the root bridge of MSTI 4. [DeviceC] stp instance 4 root primary # Enable the spanning tree feature globally.
Page 76 GigabitEthernet4/1/1 DESI FORWARDING NONE GigabitEthernet4/1/2 DESI FORWARDING NONE GigabitEthernet4/1/3 DESI FORWARDING NONE GigabitEthernet4/1/2 DESI FORWARDING NONE GigabitEthernet4/1/3 ROOT FORWARDING NONE GigabitEthernet4/1/1 DESI FORWARDING NONE GigabitEthernet4/1/3 DESI FORWARDING NONE # Display brief spanning tree information on Device C. [DeviceC] display stp brief MSTID Port Role...
Page 77: Configuring Ethernet Link Aggregation
Configuring Ethernet link aggregation NOTE: In this documentation, SPC cards refer to the cards prefixed with SPC, for example, SPC-GT48L. SPE cards refer to the cards prefixed with SPE, for example, SPE-1020-E. Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an aggregate link.
Page 78 NOTE: The router supports up to 240 aggregation groups. • On a Layer 3 aggregate interface, you can create subinterfaces. These subinterfaces are logical • interfaces that operate at the network layer. They can receive VLAN tagged packets for their Layer 3 aggregate interface.
Page 79 MAD either as an IRF member device or an intermediate device. • If a device supports LACP extensions but not IRF, it can participate in LACP MAD only as an intermediate device. NOTE: The SR8800 routers do not support IRF.
Page 80: Aggregating Links In Static Mode
LACP priorities LACP priorities have the following types: system LACP priority and port aggregation priority, as described in Table Table 10 LACP priorities Type Description Remarks Used by two peer devices (or systems) to determine which one is superior in link aggregation. System LACP The smaller the In dynamic link aggregation, the system that has higher system LACP...
Page 81 The static link aggregation procedure comprises: • Selecting a reference port Setting the aggregation state of each member port • Selecting a reference port The system selects a reference port from the member ports that are in the up state and have the same class-two configurations as the aggregate interface.
Page 82: Aggregating Links In Dynamic Mode
Aggregating links in dynamic mode LACP is automatically enabled on all member ports in a dynamic aggregation group. The protocol automatically maintains the aggregation state of ports. The dynamic link aggregation procedure comprises: • Selecting a reference port Setting the aggregation state of each member port •...
Page 83 Figure 25 Setting the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the remote system, sets the aggregation state of local member ports the same as their peer ports. NOTE: A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports, and will set •...
Page 84: Load Sharing Criteria For Link Aggregation Groups
Load sharing criteria for link aggregation groups In a link aggregation group, traffic may be load-shared across the selected member ports based on a set of criteria, depending on your configuration. You can choose one of the following criteria or any combination for load sharing: •...
Page 85: Configuring A Static Aggregation Group
Table 12 Features incompatible with Layer 2 aggregation groups Feature Reference Packet filtering Packet-filter firewall in Security Configuration Guide Ethernet frame filtering Packet-filter firewall in Security Configuration Guide IP source guard IP source guard in Security Configuration Guide 802.1X 802.1X in Security Configuration Guide Ports specified as source interfaces Portal in Security Configuration Guide in portal-free rules...
Page 86 Configuring a Layer 2 static aggregation group To configure a Layer 2 static aggregation group: Step Command Remarks Enter system view. system-view When you create a Layer 2 Create a Layer 2 aggregate aggregate interface, the system interface bridge-aggregation interface and enter Layer 2 automatically creates a Layer 2 interface-number aggregate interface view.
Page 87: Configuring A Dynamic Aggregation Group
Step Command Remarks Optional. By default, the aggregation priority of a port is 32768. Assign the port an link-aggregation port-priority Changing the aggregation priority aggregation priority. port-priority of a port may affect the aggregation state of the ports in the static aggregation group. Configuring a dynamic aggregation group NOTE: To guarantee a successful dynamic aggregation, make sure that the peer ports of the ports aggregated at...
Page 88 Step Command Remarks Optional. By default, the aggregation priority of a port is 32768. Assign the port an link-aggregation port-priority Changing the aggregation priority aggregation priority. port-priority of a port may affect the aggregation state of the ports in the dynamic aggregation group. Optional.
Page 89: Configuring An Aggregate Interface
Step Command Remarks Optional. By default, the aggregation priority of a port is 32768. Assign the port an link-aggregation port-priority Changing the aggregation priority aggregation priority. port-priority of a port may affect the aggregation state of ports in the dynamic aggregation group. Optional.
Page 90: Configuring The Mtu Of A Layer 3 Aggregate Interface Or Subinterface
Step Command Remarks Optional. Configure the description By default, the description of an of the aggregate interface description text interface is in the format of or subinterface. interface-name Interface, such as Bridge-Aggregation1 Interface. Configuring the MTU of a Layer 3 aggregate interface or subinterface The maximum transmission unit (MTU) of an interface affects IP packets fragmentation and reassembly on the interface.
Page 91: Setting The Minimum Number Of Selected Ports For An Aggregation Group
Step Command Remarks Optional. Enable link state trapping for the aggregate enable snmp trap updown By default, link state trapping is interface. enabled. Setting the minimum number of Selected ports for an aggregation group The bandwidth of an aggregate link increases along with the number of selected member ports. To avoid congestion caused by insufficient Selected ports on an aggregate link, you can set the minimum number of Selected ports required for bringing up the specific aggregate interface.
Page 92: Shutting Down An Aggregate Interface
Shutting down an aggregate interface Shutting down or bringing up an aggregate interface affects the aggregation state and link state of ports in the corresponding aggregation group in the following ways: When an aggregate interface is shut down, all Selected ports in the corresponding aggregation •...
Page 93: Configuring Load Sharing Criteria For Link Aggregation Groups
Configuring load sharing criteria for link aggregation groups You can determine how traffic is load-shared in a link aggregation group by configuring load sharing criteria. The criteria can be MPLS labels, service port numbers, IP addresses, MAC addresses, or receiving ports carried in packets, or any combination. To configure the global link-aggregation load sharing criteria: Step Command...
Page 94: Ethernet Link Aggregation Configuration Examples
Task Command Remarks display link-aggregation verbose Display detailed information about [ { bridge-aggregation | route-aggregation } a specific or all aggregation Available in any view [ interface-number ] ] [ | { begin | exclude | groups. include } regular-expression ] Clear LACP statistics for a specific Available in user or all link aggregation member...
Page 95 # Create VLAN 10, and assign port GigabitEthernet 4/1/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 4/1/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign port GigabitEthernet 4/1/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 4/1/5 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1.
Page 96: Layer 2 Dynamic Aggregation Configuration Example
Partner ID Select Unselect Share Interface Mode Ports Ports Type ------------------------------------------------------------------------------- BAGG1 none Shar The output shows that link aggregation group 1 is a load shared Layer 2 static aggregation group and it contains three Selected ports. # Display the global link-aggregation load sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address...
Page 97 # Create VLAN 20, and assign the port GigabitEthernet 4/1/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 4/1/5 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1, and configure the link aggregation mode as dynamic. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic # Assign ports GigabitEthernet 4/1/1 through GigabitEthernet 4/1/3 to link aggregation group 1 one at a time.
Page 98: Layer 3 Static Aggregation Configuration Example
BAGG1 0x8000, 000f-e2ff-0002 Shar The output shows that link aggregation group 1 is a load shared Layer 2 dynamic aggregation group and it contains three Selected ports. # Display the global link-aggregation load sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address The output shows that all link aggregation groups created on the device perform load sharing...
Page 99: Layer 3 Dynamic Aggregation Configuration Example
[DeviceA] link-aggregation load-sharing mode source-ip destination-ip Configure Device B: Configure Device B using the same instructions that you used to configure Device A. Verify the configurations: # Display summary information about all aggregation groups on Device A. [DeviceA] display link-aggregation summary Aggregation Interface Type: BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation Aggregation Mode: S -- Static, D -- Dynamic...
Page 100 <DeviceA> system-view [DeviceA] interface route-aggregation 1 [DeviceA-Route-Aggregation1] link-aggregation mode dynamic [DeviceA-Route-Aggregation1] ip address 192.168.1.1 24 [DeviceA-Route-Aggregation1] quit # Assign Layer 3 Ethernet interfaces GigabitEthernet 4/1/1 through GigabitEthernet 4/1/3 to aggregation group 1. [DeviceA] interface gigabitethernet 4/1/1 [DeviceA-GigabitEthernet4/1/1] port link-aggregation group 1 [DeviceA-GigabitEthernet4/1/1] quit [DeviceA] interface gigabitethernet 4/1/2 [DeviceA-GigabitEthernet4/1/2] port link-aggregation group 1...
Page 101: Configuring Port Isolation
H3C does not recommend that you configure Layer 2 protocols (such as GVRP) or Layer 3 protocols • (such as multicast and routing) on isolated ports. Doing so can cause forwarding anomaly or protocol flapping.
Page 102: Configuring An Isolation Group
NOTE: The arrows in the above figure indicate the move directions of Layer 2 traffic. Configuring an isolation group Assigning ports to an isolation group To assign ports to an isolation group: Step Command Remarks Enter system view. system-view Create an isolation group. port-isolate group group-number Use one of the commands.
Page 103: Displaying And Maintaining Isolation Groups
Step Command Remarks Use either command. • The configuration in Ethernet interface view applies only to the • Enter Ethernet interface view: port. interface interface-type • In Layer 2 aggregate interface interface-number view, only the Layer 2 aggregate • Enter Layer 2 aggregate interface is configured as the Enter interface view.
Page 104 Configure that Host A, Host B, and Host C cannot exchange Layer 2 traffic with each other, but can access the external network. Figure 31 Networking diagram Configuration procedure # Create isolation group 2. <Device> system-view [Device] port-isolate group 2 # Add GigabitEthernet 3/1/1, GigabitEthernet 3/1/2, and GigabitEthernet 3/1/3 to isolation group 2 as isolated ports.
Page 105: Configuring Qinq
Configuring QinQ NOTE: In this documentation, SPC cards refer to the cards prefixed with SPC, for example, SPC-GT48L, and SPE cards refer to the cards prefixed with SPE, for example, SPE-1020-E-II. Introduction to QinQ 802.1Q in 802.1Q (QinQ) is a flexible, easy-to-implement Layer 2 VPN technology based on IEEE 802.1Q.
Page 106: Qinq Frame Structure
The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. H3C recommends you to increase the MTU of each interface on the service provider network to Interface Configuration at least 1504 bytes.
Page 107: Implementations Of Qinq
Implementations of QinQ The router supports basic QinQ only. Basic QinQ enables a port to tag any incoming frames with its port VLAN (PVID) tag, regardless of whether they have been tagged or not. If an incoming frame has been tagged, it becomes a double-tagged frame.
Page 108: Protocols And Standards
Protocol type Value IPX/SPX 0x8137 IS-IS 0x8000 LACP 0x8809 802.1x 0x888E Cluster 0x88A7 Reserved 0xFFFD/0xFFFE/0xFFFF Protocols and standards IEEE 802.1Q: IEEE standard for local and metropolitan area networks: Virtual Bridged Local Area Networks QinQ configuration task list Complete the follows tasks to configure QinQ: Task Remarks Configuring basic QinQ...
Page 109: Setting The Tpid Value In Vlan Tags
Setting the TPID value in VLAN tags To set the TPID value in outer VLAN tags: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view： Enter interface view or interface interface-type interface-number Use either command.
Page 110 Figure 35 Network diagram Configuration procedure NOTE: Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configure PE 1: # Configure GigabitEthernet 3/1/1 as a trunk port and assign it to VLAN 100 and VLANs 10 through 70.
Page 111 [PE1] interface GigabitEthernet 3/1/3 [PE1-GigabitEthernet3/1/3] port link-type trunk [PE1-GigabitEthernet3/1/3] port trunk permit vlan 200 30 to 90 # Configure VLAN 200 as the PVID for the port. [PE1-GigabitEthernet3/1/3] port trunk pvid vlan 200 # Enable basic QinQ on the port. [PE1-GigabitEthernet3/1/3] qinq enable [PE1-GigabitEthernet3/1/3] quit Configure PE 2:...
Page 112: Configuring Bpdu Tunneling
Configuring BPDU tunneling Introduction to BPDU tunneling As a Layer 2 tunneling technology, BPDU tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific tunnels across a service provider network. Background Dedicated lines are used in a service provider network to build user-specific Layer 2 networks. As a result, a user network is broken down into parts located at different sides of the service provider network.
Page 113: Bpdu Tunneling Implementation
BPDU Tunneling implementation NOTE: The term in this document is in a broad sense. It includes STP, RSTP, and MSTP. • STP calculates the topology of a network by transmitting BPDUs among bridges in the network. For • details, see the chapter “Configuring the spanning tree.” To avoid loops in your network, you can enable STP on your routers.
Page 114: Configuring Bpdu Tunneling
default multicast MAC address) for example. In the service provider network, the modified BPDU is forwarded as a data packet in the VLAN assigned to User A. At the egress of the service provider network, PE 2 recognizes the BPDU with the destination MAC address 0x010F-E200-0003, restores its original destination MAC address 0x0180-C200-0000, and then sends the BPDU to CE 2.
Page 115: Configuring Destination Multicast Mac Address For Bpdus
Configuring destination multicast MAC address for BPDUs By default, the destination multicast MAC address for BPDUs is 0x010F-E200-0003. You can change it to 0x0100-0CCD-CDD0, 0x0100-0CCD-CDD1 or 0x0100-0CCD-CDD2 through the following configuration. To configure the destination multicast MAC address for BPDUs: Step Command Remarks...
Page 116 # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <Sysname> system-view [Sysname] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Create VLAN 2 and assign GigabitEthernet 3/1/1 to VLAN 2. [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] interface GigabitEthernet 3/1/1 [Sysname-GigabitEthernet3/1/1] port access vlan 2 # Disable STP on GigabitEthernet 3/1/1, and then enable BPDU tunneling for STP on it.
Page 117: Configuring Gvrp
Configuring GVRP The Generic Attribute Registration Protocol (GARP) provides a generic framework whereby network devices in a bridged LAN, such as end stations and switches, can register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes.
Page 118 Join messages A GARP participant sends Join messages when it wants to register its attributes (including manually configured attributes) on other participants, and when it receives Join messages from other participants. There are two types of Join messages: JoinEmpty and JoinIn. A GARP participant sends a JoinEmpty message to declare an attribute not registered on it.
Page 119 Do not set the LeaveAll timer too short, because a LeaveAll message deregisters all attributes in the entire • network. The LeaveAll timer must be greater than Leave timers on all ports. H3C recommends that you set a LeaveAll timer no less than the default value (1000 centiseconds).
Page 120: Gvrp
Field Description Value One or multiple messages, each Message containing an attribute type and an attribute list End mark Indicates the end of a GARP PDU 0x00 0x01 for GVRP, indicating the Attribute type Defined by the GARP application VLAN ID attribute Attribute list Contains one or multiple attributes Consists of an Attribute Length, an...
Page 121: Protocols And Standards
Forbidden—Deregisters all VLANs (except VLAN 1) and prevents any further VLAN creation or • registration on the trunk port. Protocols and standards • IEEE 802.1Q, Virtual Bridged Local Area Networks GVRP configuration task list Complete these tasks to configure GVRP: Task Remarks Configuring GVRP functions...
Page 122: Configuring Garp Timers
Step Command Remarks By default, GVRP is disabled Enable GVRP on the ports. gvrp on a port. Optional. Configure the GVRP registration mode on gvrp registration { fixed | the ports. forbidden | normal } The default setting is normal. NOTE: •...
Page 123: Displaying And Maintaining Gvrp
Step Command Remarks Optional. Configure the Join timer. garp timer join timer-value The default setting is 20 centiseconds. Optional. Configure the Leave timer. garp timer leave timer-value The default setting is 60 centiseconds. As shown in Table 16, the value ranges for GARP timers are dependent on one another: If you want to set a value beyond the value range for a timer, you may change the value range by •...
Page 124: Gvrp Configuration Examples
Task Command Remarks display gvrp status [ | { begin | exclude | Display the global GVRP state. Available in any view include } regular-expression ] display gvrp vlan-operation interface Display the information about interface-type interface-number [ | { begin Available in any view dynamic VLAN operations on ports.
Page 125: Gvrp Fixed Registration Mode Configuration Example
[DeviceB] interface GigabitEthernet 4/1/1 [DeviceB-GigabitEthernet4/1/1] port link-type trunk [DeviceB-GigabitEthernet4/1/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 4/1/1. [DeviceB-GigabitEthernet4/1/1] gvrp [DeviceB-GigabitEthernet4/1/1] quit # Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration: Use the display gvrp local-vlan command to display the local VLAN information maintained by GVRP on ports.
Page 126 # Configure port GigabitEthernet 4/1/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface GigabitEthernet 4/1/1 [DeviceA-GigabitEthernet4/1/1] port link-type trunk [DeviceA-GigabitEthernet4/1/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 4/1/1 and set the GVRP registration mode to fixed on the port.
Page 127: Gvrp Forbidden Registration Mode Configuration Example
According to the output above, information about VLAN 1 and static VLAN information of VLAN 3 on the local router are registered through GVRP, but dynamic VLAN information of VLAN 2 on Device A is not. GVRP forbidden registration mode configuration example Network requirements As shown in Figure...
Page 128 [DeviceB-GigabitEthernet4/1/1] quit # Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration: Use the display gvrp local-vlan command to display the local VLAN information maintained by GVRP on ports. For example: # Display the local VLAN information maintained by GVRP on port GigabitEthernet 4/1/1 of Device A.
Page 129: Configuring Vlan Termination
Configuring VLAN termination NOTE: In this documentation, SPC cards refer to the cards prefixed with SPC, for example, SPC-GT48L, and SPE • cards refer to the cards prefixed with SPE, for example, SPE-1020-E-II. Only the SPE cards support VLAN termination. •...
Page 130 Inter-VLAN communication VLAN technology is widely used to isolate Layer 2 packets. It divides a LAN into multiple virtual LANs (VLANs) with each being a broadcast domain. Hosts within a VLAN can communicate with each other directly, whereas hosts in different VLANs are isolated at Layer 2. To allow different VLANs to communicate, Layer 3 routing must be used.
Page 131: Vlan Termination Configuration Task List
WAN, the sending port must record and remove the VLAN information of the packets. VLAN interfaces or Layer 3 Ethernet subinterfaces can be used for LAN-WAN communication. As shown in Figure 46, the VLANs of the customer network are called customer VLANs (CVLANs), and the VLANs of the service provider network are called service provider VLANs (SVLANs).
Page 132 Figure 48 Compare the structure of a Dot1q packet and that of a QinQ packet The VLAN tag field contains the following subfields: Tag Protocol Identifier (TPID), Priority, Canonical Format Indicator (CFI), and VLAN ID. Among these four subfields, TPID indicates whether an Ethernet packet carries a VLAN tag, or whether the packet is a VLAN-tagged packet.
Page 133: Configuring Tpid On A Layer 3 Ethernet/Aggregate Subinterface
Configuring TPID on a Layer 3 Ethernet/aggregate subinterface To configure VLAN termination on a Layer 3 Ethernet subinterface or Layer 3 aggregate subinterface, follow these steps to configure the TPID value in the outer VLAN tag of packets received and sent by the subinterface: Step Command...
Page 134: Enabling A Qinq Termination-Enabled Interface/Subinterface To Transmit Broadcast And Multicast Packets
Step Command Remarks Optional. By default, the TPID value in the Set the TPID value in outer VLAN tag is 0x8100. the outer VLAN tag of qinq ethernet-type [ service-tag ] If the interface receives and sends packets received and hex-value QinQ packets, the TPID value in sent by the interface.
Page 135: Configuring Qinq Termination
Configuring QinQ termination Based on the range of VLAN IDs in the VLAN-tagged packets that can be terminated by a subinterface, QinQ termination falls into the following two categories: Unambiguous QinQ termination—Terminates QinQ packets with the specified inner VLAN ID and •...
Page 136: Configuring Ambiguous Qinq Termination
Configuring ambiguous QinQ termination To configure ambiguous QinQ termination on a Layer 3 Ethernet/aggregate subinterface or VLAN interface: Step Command Remarks Enter system view. system-view • Enter Layer 3 Ethernet interface view: interface interface-type interface-number.subnumber • Enter Layer 3 aggregate Enter interface view.
Page 137 Figure 49 Network diagram Router L2 Switch B Eth1/1 Public network VLAN 100 Eth1/2 GE2/1/7.100 GE2/1/6 QinQ enabled 1.1.1.11/24 1.1.2.11/24 VLAN 100 Eth1/1 L2 Switch C L2 Switch A Eth1/2 VLAN 11 Host A Host B 1.1.1.1/24 1.1.2.1/24 Configuration procedure Configure Host A and Host B: Configure Host A’s IP address as 1.1.1.1/24, and gateway IP address as 1.1.1.1 1/24.
Page 138: Ambiguous Qinq Termination Configuration Example
# Create Ethernet subinterface GigabitEthernet 2/1/7.100 and enter subinterface view. Assign an IP address to the Ethernet subinterface, enable QinQ termination on it, and specify the inner VLAN ID of the QinQ packets that can be terminated by it. <Router> system-view [Router] interface GigabitEthernet2/1/7.100 [Router-GigabitEthernet2/1/7.100] ip address 1.1.1.11 255.255.255.0 [Router-GigabitEthernet2/1/7.100] second-dot1q 11...
Page 139 [SwitchA] vlan 11 [SwitchA-vlan11] port ethernet 1/1 [SwitchA-vlan11] quit [SwitchA] vlan 12 [SwitchA-vlan12] port ethernet 1/2 [SwitchA-vlan12] quit [SwitchA] vlan 13 [SwitchA-vlan13] port ethernet 1/3 [SwitchA-vlan13] quit [SwitchA] interface ethernet 1/7 [SwitchA-Ethernet1/7] port link-type trunk [SwitchA-Ethernet1/7] port trunk permit vlan 11 to 13 Please wait...
Page 140: Configuration Example For Qinq Termination Supporting Dhcp Relay
Configuration example for QinQ termination supporting DHCP relay Network requirements As shown in Figure Provider A and Provider B are routers on the service provider network. • • DHCP client A and DHCP client B are routers on the customer networks. Provider A is the DHCP relay agent and Provider B is the DHCP server.
Page 141 [ProviderA] interface GigabitEthernet2/1/7.100 # Configure subinterface GigabitEthernet 2/1/7.100 to terminate packets whose inner VLAN ID is 10 or 20. [ProviderA-GigabitEthernet2/1/7.100] second-dot1q 10 20 # Enable DHCP relay on subinterface GigabitEthernet 2/1/7.100 and select a DHCP server group. [ProviderA-GigabitEthernet2/1/7.100] dhcp select relay [ProviderA-GigabitEthernet2/1/7.100] dhcp relay server-select 1 # Assign an IP address to subinterface GigabitEthernet 2/1/7.100.
Page 142 [SwitchA-Ethernet1/2] qinq enable [SwitchA-Ethernet1/2] quit # Configure downlink port Ethernet 1/3. [SwitchA] interface Ethernet 1/3 [SwitchA-Ethernet1/3] qinq enable [SwitchA-Ethernet1/3] quit # Assign downlink ports Ethernet 1/2 and Ethernet 1/3 to VLAN 100. [SwitchA] vlan 100 [SwitchA-vlan100] port ethernet 1/2 [SwitchA-vlan100] port ethernet 1/3 Configure Switch B: # Assign port Ethernet 1/2 to VLAN 20.
Page 143: Configuring Lldp
Configuring LLDP Overview Background In a heterogeneous network, it is important that different types of devices from different vendors can discover one other and exchange configuration for interoperability and management sake. This calls for a standard configuration exchange platform. To address this need, the IETF drafted the Link Layer Discovery Protocol (LLDP) in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 144 Table 19 Fields in an Ethernet II-encapsulated LLDP frame Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address. The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used.
Page 145 An LLDPDU can carry up to 28 types of TLVs. The chassis ID TLV, port ID TLV, TTL TLV, and end of LLDPDU TLV (end TLV in the figure) are mandatory TLVs that must be carried. Other TLVs are optional. TLVs TLVs are type, length, and value sequences that carry information elements, where the type field identifies the type of information, the length field indicates the length of the information field in octets, and the...
Page 146 Type Description Protocol Identity Protocols supported on the port NOTE: H3C routers support receiving but not sending protocol identity TLVs. IEEE 802.3 organizationally specific TLVs Table 23 IEEE 802.3 organizationally specific TLVs Type Description Contains the rate and duplex capabilities of the sending port, support for auto...
Page 147: How Lldp Works
Management address The management address of a network device is used by the network management system to identify and manage the device for topology maintenance and network management. The management address is encapsulated in the management address TLV. How LLDP works Operating Modes of LLDP LLDP can operate in one of the following modes: TxRx mode—A port in this mode sends and receives LLDP frames.
Page 148: Performing Basic Lldp Configuration
Task Remarks Enabling LLDP Required Setting LLDP operating mode Optional Setting the LLDP re-initialization delay Optional Enable LLDP polling Optional Performing basic LLDP configuration Configuring the advertisable TLVs Optional Configuring the management address and its encoding format Optional Setting other LLDP parameters Optional Configuring the encapsulation format for LLDPDUs Optional...
Page 149: Setting The Lldp Re-Initialization Delay
Tx mode—A port in this mode only sends LLDPDUs. • Rx mode—A port in this mode only receives LLDPDUs. • Disable mode—A port in this mode does not send or receive LLDPDUs. • To set the LLDP operating mode: Step Command Remarks Enter system view.
Page 150: Configuring The Advertisable Tlvs
Step Command Remarks Enable LLDP polling and set By default, LLDP polling is lldp check-change-interval interval the polling interval. disabled. Configuring the advertisable TLVs To configure the advertisable LLDPDU TLVs on the specified port or ports: Step Command Remarks Enter system view. system-view •...
Page 151: Setting Other Lldp Parameters
To configure the management address to be advertised and its encoding format on a port or a group of ports: Step Command Remarks Enter system view. system-view • Enter Layer 2 or Layer 3 Ethernet interface view: interface interface-type Enter Ethernet interface view interface-number Use either command.
Page 152: Configuring The Encapsulation Format For Lldpdus
Both the LLDPDU transmit interval and delay must be smaller than the TTL to make sure that the LLDP neighbors can receive LLDPDUs to update information about the router you are configuring before it is aged out. H3C recommends that you set the LLDPDU transmit interval to be no smaller than four times the LLDPDU • transmit delay.
Page 153: Configuring Cdp Compatibility
Configuring CDP compatibility To make your router work with Cisco IP phones, you must enable CDP compatibility. With CDP compatibility enabled, your router can receive and recognize CDP packets from a Cisco IP phone and respond with CDP packets. Configuration prerequisites Before configuring CDP compatibility, perform the following configurations: Enable LLDP globally.
Page 154: Displaying And Maintaining Lldp
LLDP traps are sent periodically, and the trap transmit interval is configurable. In response to topology changes detected, the router sends LLDP traps according to the interval configured to inform the neighboring routers of the changes. To configure LLDP trapping: Step Command Remarks...
Page 155: Lldp Configuration Examples
LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure 55, the NMS and Router A are located in the same Ethernet. Enable LLDP on the ports of Router A and Router B to monitor the link between Router A and Router B and the link between Router A and the MED device on the NMS.
Page 156 Verify the configuration: # Display the global LLDP status and port LLDP status on Router A. [RouterA] display lldp status Global status of LLDP : Enable The current number of LLDP neighbors : 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days,0 hours,4 minutes,40 seconds Transmit interval : 30s...
Page 157: Cdp-Compatible Lldp Configuration Example
Hold multiplier Reinit delay : 2s Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [GigabitEthernet4/1/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV...
Page 158 # Enable LLDP (you can skip this step because LLDP is enabled on ports by default), configure LLDP to operate in TxRx mode, and configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 4/1/1 and GigabitEthernet 4/1/2. [RouterA] interface gigabitethernet 4/1/1 [RouterA-GigabitEthernet4/1/1] lldp enable [RouterA-GigabitEthernet4/1/1] lldp admin-status txrx [RouterA-GigabitEthernet4/1/1] lldp compliance admin-status cdp txrx...
Page 159: Index
Index B C D E G I L M O P R S V GVRP configuration task list,1 1 1 BPDU tunneling configuration example,105 Introduction to BPDU tunneling,102 Introduction to GVRP,107 Configure basic settings of a VLAN interface,4 Introduction to port isolation,91 Configuring an aggregate interface,79...

H3C SR8800 Configuration Manual

Quick Links

Related Manuals for H3C SR8800

Summary of Contents for H3C SR8800

Table of Contents