Page 3
Preface The H3C S5500-SI/EI documentation set includes 10 configuration guides, which describe the software features for the H3C S5500-SI and S5500-EI Series Ethernet Switches, Release2208, and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 4
Configuration guide Added and modified features Loopback and null interface — configuration MAC address table — configuration MAC Information configuration — Added features: • Setting the LACP timeout interval Ethernet link aggregation configuration • Enabling local-first load sharing for link aggregation •...
Page 5
Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, { x | y | ... } from which you select one. Square brackets enclose a set of optional syntax choices separated by vertical [ x | y | ...
Page 6
About the H3C S5500-SI/EI documentation set The H3C S5500-SI/EI documentation set includes: Category Documents Purposes Marketing brochures Describe product specifications and benefits. Provide an in-depth description of software Technology white papers features and technologies. Describes the appearances, features, PSR150-A [ PSR150-D ] Power...
Page 7
Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents] –...
Contents Ethernet interface configuration ·································································································································· 1 Ethernet interface overview ··············································································································································1 Ethernet interface naming conventions ··················································································································1 Configuring a Combo interface······························································································································1 Switchable link mode of Ethernet interfaces (available only on the S5500-EI) ·················································2 General Ethernet interface configuration························································································································2 Configuring basic settings of an Ethernet interface ······························································································2 Configuring the link mode of an Ethernet interface (available only on the S5500-EI) ·····································3 Configuring generic flow control on an Ethernet interface ··················································································4 Configuring link change suppression on an Ethernet interface···········································································4...
Page 9
MAC Information configuration ································································································································29 Overview········································································································································································· 29 Introduction to MAC Information ························································································································· 29 How MAC Information works ······························································································································ 29 Configuring MAC Information ······································································································································ 29 Enabling MAC Information globally ··················································································································· 29 Enabling MAC Information on an interface ······································································································· 30 Configuring MAC Information mode ·················································································································· 30 Configuring the interval for sending Syslog or trap messages·········································································...
Page 10
Protocols and standards ······································································································································· 72 MSTP configuration task list ·········································································································································· 72 Configuring MSTP ·························································································································································· 73 Configuring an MST region ································································································································· 73 Configuring the root bridge or a secondary root bridge·················································································· 74 Configuring the work mode of an MSTP device ································································································ 75 Configuring the priority of a device ····················································································································...
Page 11
Protocol-based VLAN configuration ···························································································································123 Introduction to protocol-based VLAN ················································································································123 Configuring a protocol-based VLAN·················································································································123 Protocol-based VLAN configuration example···································································································125 IP Subnet-based VLAN configuration ·························································································································127 Introduction ··························································································································································127 Configuring an IP subnet-based VLAN··············································································································128 Displaying and maintaining VLAN ····························································································································129 Super VLAN configuration (available only on the S5500-EI) ·············································································· 130 Overview·······································································································································································130 Configuring a super VLAN··········································································································································130 Displaying and maintaining super VLAN ··················································································································132...
Page 12
QinQ frame structure ··········································································································································171 Implementations of QinQ ···································································································································172 Modifying the TPID in a VLAN tag ····················································································································172 Protocols and standards ·····································································································································173 QinQ configuration task list········································································································································174 Configuring basic QinQ ·············································································································································174 Enabling basic QinQ··········································································································································174 Configuring VLAN transparent transmission ····································································································174 Configuring selective QinQ ········································································································································175 Configuring an outer VLAN tagging policy ·····································································································175 Configuring an inner-outer VLAN 802.1p priority mapping··········································································177 Configuring inner VLAN ID substitution (available only on the S5500-EI)····················································179...
Page 13
LLDP configuration examples ······································································································································223 Basic LLDP configuration example ·····················································································································223 CDP-compatible LLDP configuration example···································································································226 Service loopback group configuration (available only on the S5500-EI)··························································· 228 Overview·······································································································································································228 Functions of service loopback groups ···············································································································228 Service types of service loopback groups ········································································································228 Requirements on service loopback ports···········································································································228 States of service loopback ports ························································································································229 Configuring a service loopback group······················································································································230 Displaying and maintaining service loopback groups·····························································································230...
• Ethernet interface overview Ethernet interface naming conventions The GE and 10-GE interfaces on the S5500-SI&S5500-EI series Ethernet switches are named in the format of interface-type A/B/C, where the following definitions apply: • If the switch does not support Intelligent Resilient Framework (IRF), A takes 1. If the switch support IRF, A represents the ID of the switch in an IRF virtual device.
Use the display interface command to find out, of the two physical ports that comprise a Combo • interface, which is the optical port and which is the electrical port. If the output includes “Media type is twisted pair, Port hardware type is 1000_BASE_T”, the current port is the electrical port; if the output includes “Media type is not sure, Port hardware type is No connector”, the current port is the optical port.
To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Optional By default, the description of an Change the description of the interface is the interface name description text interface followed by the “Interface” string, GigabitEthernet1/0/1 Interface for example.
CAUTION: After you change the link mode of an Ethernet interface, all the settings of the Ethernet interface are • restored to their defaults under the new link mode. If you set the link mode of the active port of a Combo interface to Layer 3, you cannot activate the other •...
Page 18
To prevent physical link flapping from affecting system performance, configure link change suppression to delay the reporting of physical link state changes. When the delay expires, the interface reports any detected change. Link change suppression does not suppress administrative up or down events. When you shut down or bring up an interface with the shutdown or undo shutdown command, the interface reports the event to the upper layers immediately.
Configuring loopback testing on an Ethernet interface You can perform loopback testing on an Ethernet interface to check whether the interface functions properly. The Ethernet interface cannot forward data packets during the testing. Loopback testing falls into the following categories: Internal loopback testing, which tests all on-chip functions related to Ethernet interfaces.
Setting the statistics polling interval Follow these steps to set the statistics polling interval on an Ethernet interface: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Optional Set the statistics polling interval on flow-interval interval The default interface statistics the Ethernet interface...
To do… Use the command… Remarks interface interface-type Enter Ethernet interface view — interface-number Required Enable the interface to accept jumboframe enable By default, an Ethernet interface accepts jumbo frames jumbo frames (up to 9216 bytes). Configuring a Layer 2 Ethernet interface Layer 2 Ethernet interface configuration task list Complete these tasks to configure an Ethernet interface operating in bridge mode: Task...
To do… Use the command… Remarks port group Optional By default, all Ethernet interfaces in a port group are up. To bring up all Shut down all Ethernet interfaces in shutdown Ethernet interfaces shut down the port group manually in a port group, use the undo shutdown command in port group view.
As shown in 4, speed auto negotiation enables an Ethernet interface to negotiate with its peer for Figure the highest speed supported by both ends by default. You can narrow down the speed option list for negotiation. Figure 4 Speed auto negotiation application scenario All interfaces on the switch are operating in speed auto negotiation mode, with the highest speed of 1000 Mbps.
Page 24
Storm control, which enables you to shut down Ethernet interfaces or block traffic when monitored • traffic exceeds the traffic threshold. It also enables an interface to send trap or log messages when monitored traffic reaches a certain traffic threshold, depending on your configuration. For a particular type of traffic, configure either storm suppression or storm control, but not both.
Page 25
Configuring storm control on an Ethernet interface Storm control compares broadcast, multicast, and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet interface. For each type of traffic, storm control provides a lower threshold and a higher threshold. For management purposes, you can configure the interface to send threshold event traps and log messages when monitored traffic exceeds the upper threshold or falls below the lower threshold from the upper threshold.
NOTE: For network stability, use the default or set a higher traffic polling interval. • Storm control uses a complete polling cycle to collect traffic data, and analyzes the data in the next cycle. • It takes an interface at least one polling interval and at most two polling interval to take a storm control action.
To do… Use the command… Remarks Use either command. Enter Ethernet interface interface-type interface view interface-number Enter To configure loopback detection Ethernet on one interface, enter Ethernet interface interface view. Enter port group port-group manual view or port To configure loopback detection view port-group-name group view...
receives packets sent out Port 2, a multi-port loop occurs between the two interfaces, and Port 1 (the interface that receives the looped packets) is the looped interface. Multi-port loops may also cause broadcast storms. Figure 5 Network diagram for multi-port loopback detection Switch A Port 1 Port 2...
Normal mode • • Auto mode A copper Ethernet interface uses an RJ-45 connector, which comprises eight pins, each playing a dedicated role. For example, pins 1 and 2 transmit signals, and pins 3 and 6 receive signals. The pin role varies by the following MDI modes: In normal mode, pins 1 and 2 are transmit pins, and pins 3 and 6 are receive pins.
Testing the cable connection of an Ethernet interface NOTE: Optical interfaces do not support this feature. • If the link of an Ethernet interface is up, testing its cable connection will cause the link to come down and • then go up. You can test the cable connection of an Ethernet interface for a short or open circuit.
Page 31
To do… Use the command… Remarks display interface [ interface-type [ interface-number ] ] brief [ | { begin | exclude | include } regular-expression ] Display the summary of an Available in any view interface display interface [ interface-type ] brief down [ | { begin | exclude | include } regular-expression ] Display the statistics on the packets...
Loopback and null interface configuration This chapter includes these sections: Loopback interface • Null interface • Displaying and maintaining loopback and null interfaces • Loopback interface Introduction to loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits. The physical layer state and link layer protocols of a loopback interface are always up unless the •...
To do… Use the command… Remarks enter Loopback interface view interface-number Optional Set a description for the loopback By default, the description of an description text interface interface is the interface name followed by the “Interface” string. Optional Shut down the loopback interface shutdown By default, a loopback interface is up once created.
Displaying and maintaining loopback and null interfaces To do… Use the command… Remarks display interface loopback [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about Available in any view loopback interfaces display interface loopback interface-number [ brief ] [ | { begin | exclude | include } regular-expression ]...
MAC address table configuration This chapter includes these sections: Overview • Configuring the MAC address table • Displaying and maintaining MAC address tables • MAC address table configuration example • Overview Every Ethernet switch maintains a MAC address table for forwarding frames through unicast instead of broadcast.
higher priority than dynamically learned ones, you can prevent hackers from stealing data using forged MAC addresses. Types of MAC address table entries A MAC address table can contain the following types of entries: Static entries, which are manually added and never age out. •...
Manually configuring MAC address table entries To fence off MAC address spoofing attacks and improve port security, you can manually add MAC address table entries to bind ports with MAC addresses. You can also configure blackhole MAC address entries to filter out packets with certain source or destination MAC addresses.
Page 38
NOTE: Whether the learned MAC addresses will be removed after MAC address learning is disabled depends on the device model. Disabling MAC address learning on ports After enabling global MAC address learning, you may disable the function on a single port, or on all ports in a port group as needed.
NOTE: When MAC address learning is disabled, the learned MAC addresses remain valid until they age out. Configuring the aging timer for dynamic MAC address entries The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient use of table space.
NOTE: Layer 2 aggregate interfaces do not support the mac-address max-mac-count command. • Do not configure the MAC learning limit on any member ports of an aggregation group. Otherwise, the • member ports cannot be selected. Displaying and maintaining MAC address tables To do…...
Page 41
000f-e235-dc71 Config static GigabitEthernet 1/0/1 NOAGED 1 mac address(es) found # Display information about the destination blackhole MAC address table. [Sysname] display mac-address blackhole MAC ADDR VLAN ID STATE PORT INDEX AGING TIME 000f-e235-abcd Blackhole NOAGED 1 mac address(es) found # View the aging time of dynamic MAC address entries.
MAC Information configuration This chapter includes these sections: Overview • Configuring MAC Information • MAC Information configuration example • Overview Introduction to MAC Information To monitor a network, you need to monitor users joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users joining and leaving a network by monitoring their MAC addresses.
Enabling MAC Information on an interface Follow these steps to enable MAC Information on an interface: To do… Use the command… Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface interface-type — view interface-number Required Enable MAC Information on the mac-address information enable interface { added | deleted }...
MAC Information configuration example Network requirements Host A is connected to a remote server (Server) through Device. • Enable MAC Information on GigabitEthernet 1/0/1 on Device. Device sends MAC address • changes in Syslog messages to Host B through GigabitEthernet 1/0/3. Host B analyzes and displays the Syslog messages.
Ethernet link aggregation configuration This chapter includes these sections: Overview • Ethernet link aggregation configuration task list • Displaying and maintaining Ethernet link aggregation • Ethernet link aggregation configuration examples • Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an aggregate link.
Page 46
NOTE: The rate of an aggregate interface equals the total rate of its member ports in the Selected state, and its duplex mode is the same as the selected member ports. For more information about the states of member ports in an aggregation group, see “Aggregation states of member ports in an aggregation group.”...
Page 47
This is how the LACP multi-active detection (MAD) mechanism of the Intelligent Extended LACP Resilient Framework (IRF) feature is implemented. An S5500-SI or S5500-EI series functions Ethernet switch can participate in LACP MAD either as an IRF member device or an intermediate device.
Page 48
Selected state. NOTE: The S5500-SI&S5500-EI series Ethernet switches support returning Marker Response PDUs only after dynamic link aggregation member ports receive Marker PDUs. Link aggregation modes Link aggregation has two modes: dynamic and static.
Aggregating links in static mode LACP is disabled on the member ports in a static aggregation group. You must manually maintain the aggregation state of the member ports. The static link aggregation procedure comprises: Selecting a reference port • Setting the aggregation state of each member port •...
NOTE: To ensure stable aggregation state and service continuity, do not change port attributes or class-two • configurations on any member port. If a static aggregation group has reached the limit on Selected ports, any port joins the group is placed •...
Page 51
Figure 9 Set the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the remote system, sets the aggregation state of local member ports the same as their peer ports. NOTE: To ensure stable aggregation state and service continuity, do not change port attributes or class-two •...
Load sharing criteria for link aggregation groups In a link aggregation group, traffic may be load-shared across the selected member ports based on a set of criteria, depending on your configuration. You can choose one of the following criteria or any combination of them for load sharing: MAC addresses •...
NOTE: If a port is used as a reflector port for port mirroring, do not assign it to any aggregation group. For • Network Management and Monitoring Configuration more information about reflector ports, see the Guide To achieve better load sharing results for data traffic among the member ports of a link aggregation •...
To do... Use the command... Remarks Optional By default, the system LACP priority is 32768. Set the system LACP priority lacp system-priority system-priority Changing the system LACP priority may affect the aggregation state of the ports in a dynamic aggregation group.
NOTE: In addition to the configurations listed above, most of the configurations that can be performed on Layer 2 Ethernet interfaces can also be performed on Layer 2 aggregate interfaces. Configuring the description of an aggregate interface You can configure the description of an aggregate interface for administration purposes such as describing the purpose of the interface.
Configuring a MAC address for an aggregate interface does not affect the normal forwarding of service packets. Follow these steps to configure a MAC Address for an aggregate interface: To do… Use the command… Remarks Enter system view system-view — interface bridge-aggregation Enter aggregate interface view —...
Configuring load sharing for link aggregation groups Configuring load sharing criteria for link aggregation groups You can determine how traffic is load-shared across a link aggregation group by configuring load sharing criteria. The criteria can be service port numbers, IP addresses, MAC addresses, receiving ports, or any combination.
To do… Use the command… Remarks Enter aggregate interface interface bridge-aggregation — view interface-number Required Configure the load sharing link-aggregation load-sharing mode By default, an aggregation group uses criteria for the aggregation { destination-ip | destination-mac | the global link-aggregation load group source-ip | source-mac } * sharing criteria.
Figure 10 Local-first link-aggregation load sharing Follow these steps to enable local-first load sharing for link aggregation: To do... Use the command... Remarks Enter system view system-view — Optional Enable local-first load-sharing for link-aggregation load-sharing link aggregation mode local-first Enabled by default. Enabling link-aggregation traffic redirection The link-aggregation traffic redirection function is available on IRF member devices.
CAUTION: Link-aggregation traffic redirection applies only to dynamic link aggregation groups. • To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of the • aggregate link. To prevent packet loss that might occur at a reboot, disable both MSTP and link-aggregation traffic •...
NOTE: In an aggregation group, only ports that have the same port attributes and class-two configurations (see ”Configuration classes”) as the reference port (see “Reference port”) can operate as Selected ports. You must ensure that all member ports have the same port attributes and class-two configurations as the reference port.
Page 62
[DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit...
The output shows that link aggregation group 1 is a load shared Layer 2 static aggregation group and it contains three Selected ports. # Display the global link-aggregation load sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address The output shows that all link aggregation groups created on the device perform load sharing based on source and destination MAC addresses.
Page 64
[DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-aggregation 1, and configure the link aggregation mode as dynamic. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1 one at a time.
Interface Mode Ports Ports Type ------------------------------------------------------------------------------- BAGG1 0x8000, 000f-e2ff-0002 Shar The output shows that link aggregation group 1 is a load shared Layer 2 dynamic aggregation group and it contains three Selected ports. # Display the global link-aggregation load sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address...
Page 66
[DeviceA-vlan10] quit # Create VLAN 20, and assign port GigabitEthernet 1/0/6 to VLAN 20. <DeviceA> system-view [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/6 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1, and configure the load sharing criterion for the link aggregation group as the source MAC addresses of packets.
Page 67
[DeviceA-Bridge-Aggregation2] port link-type trunk [DeviceA-Bridge-Aggregation2] port trunk permit vlan 10 20 Please wait... Done. Configuring GigabitEthernet1/0/3... Done. Configuring GigabitEthernet1/0/4... Done. [DeviceA-Bridge-Aggregation2] quit Configure Device B Configure Device B as you configure Device A. Verify the configurations # Display the summary information about all aggregation groups on Device A. [DeviceA] display link-aggregation summary Aggregation Interface Type: BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation...
VLAN resource demanding. To isolate Layer 2 traffic without using VLANs, H3C introduced the port isolation feature. To use the feature, you assign ports to a port isolation group. Ports in an isolation group are called isolated ports.
To do… Use the command… Remarks Required Assign the port or ports to port-isolate enable The isolation group does not contain any the isolation group ports by default. NOTE: If the switch fails to apply the port-isolate enable command to a Layer 2 aggregate interface, it does not assign any member port of the aggregate interface to the isolation group.
MSTP configuration This chapter includes these sections: Introduction to STP • Introduction to RSTP • Introduction to MSTP • MSTP configuration task list • Displaying and maintaining MSTP • • MSTP configuration example As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the mean time, allows for link redundancy.
Root bridge ID: consisting of the priority and MAC address of the root bridge. • • Root path cost: the cost of the path to the root bridge denoted by the root identifier from the transmitting bridge. Designated bridge ID: consisting of the priority and MAC address of the designated bridge. •...
Figure 15 A schematic diagram of designated bridges and designated ports Path cost Path cost is a reference value used for link selection in STP. By calculating path costs, STP selects relatively robust links and blocks redundant links, and finally prunes the network into a loop-free tree. How STP works STP has the following workflow: Initial state...
Page 74
Step Description • If the calculated configuration BPDU is superior, the device considers this port as the designated port, replaces the configuration BPDU on the port with the calculated configuration BPDU, and periodically sends out the calculated configuration BPDU. • If the configuration BPDU on the port is superior, the device blocks this port without updating its configuration BPDU.
Page 75
Figure 16 Network diagram for the STP algorithm As shown in 16, the priority of Device A, Device B, and Device C is 0, 1, and 2 respectively, and Figure the path costs among these links are 5, 10, and 4 respectively. Initial state of each device Table 10 Initial state of each device Device...
Page 76
Table 11 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison • Port A1 receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}, finds that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU, and discards the received one.
Page 77
Configuration BPDU on Device Comparison process ports after comparison • Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}, finds that the received configuration BPDU is • Port C1: {0, 0, 0, Port superior to its existing configuration BPDU {2, 0, 2, Port C1}, and updates its configuration BPDU.
Page 78
NOTE: 11, each configuration BPDU contains the following fields: root bridge ID, root path cost, Table designated bridge ID, and designated port ID. After the comparison processes described in Table 1 1, a spanning tree with Device A as the root bridge is established, and the topology is shown in Figure Figure 17 Topology of the final calculated spanning tree...
is likely to occur. For this reason, as a mechanism for state transition in STP, the newly elected root ports or designated ports require twice the forward delay time before transiting to the forwarding state to ensure that the new configuration BPDU has propagated throughout the network. •...
MSTP divides a switched network into multiple regions, each containing multiple spanning trees • that are independent of one another. • MSTP prunes a loop network into a loop-free tree avoiding proliferation and endless cycling of packets in a loop network. In addition, it provides multiple redundant paths for data forwarding supporting load balancing of VLAN data.
Page 81
Figure 19 Network diagram and topology of MST region 3 As shown in 18, a switched network comprises four MST regions, and each MST region comprises Figure four devices running MSTP. Figure 19 shows the networking topology of MST region 3. This section describes some basic concepts of MSTP.
Page 82
The common spanning tree (CST) is a single spanning tree that connects all MST regions in a switched network. If you regard each MST region as a device, the CST is a spanning tree calculated by these devices through STP or RSTP. For example, the blue lines in Figure 18 represent the CST.
Page 83
Figure 20 Port roles MSTP calculation involves these port roles: Root port: Forwards data for a non-root bridge to the root bridge. The root bridge does not have any • root port. Designated port: Forwards data to the downstream network segment or device. •...
NOTE: When in different MSTIs, a port can be in different states. A port state is not exclusively associated with a port role. Table 12 lists the port state(s) supported by each port role (“√” indicates that the port supports this state, and “—” indicates that the port does not support this state).
Task Remarks Configuring path costs of ports Optional Configuring port priority Optional Configuring the link type of ports Optional Configuring the mode a port uses to recognize/send MSTP Optional packets Enabling the output of port state transition information Optional Enabling the MSTP feature Required Performing mCheck Optional...
To do... Use the command... Remarks Optional Configure the MST region name region-name name The MST region name is the MAC address by default. Optional instance instance-id vlan vlan-list Use either command. Configure the VLAN-to-instance All VLANs in an MST region are mapping table mapped to the CIST (or MSTI 0) by vlan-mapping modulo modulo...
When the root bridge of an instance fails or is shut down, the secondary root bridge (if you have • specified one) can take over the role of the primary root bridge. However, if you specify a new primary root bridge for the instance then, the secondary root bridge will not become the root bridge. If you have specified multiple secondary root bridges for an instance, when the root bridge fails, MSTP will select the secondary root bridge with the lowest MAC address as the new root bridge.
To do... Use the command... Remarks Enter system view system-view — Required Configure the work mode of MSTP stp mode { stp | rstp | mstp } MSTP mode by default. Configuring the priority of a device Device priorities participate in spanning tree calculation. The priority of a device determines whether it can be elected as the root bridge of a spanning tree.
Max age ƒ 2 × (hello time + 1 second) • H3C does not recommend you to manually set the timers. Instead, you can use the stp bridge-diameter command to set the network diameter, and let the network automatically adjust the three timers according to the network size.
If the max age is too long, the network may fail to timely detect link failures and fail to timely launch spanning tree calculations, reducing the auto-sensing capability of the network. H3C recommends that you use the default setting. Configuring the timeout factor The timeout factor is a parameter used to decide the timeout time in the following formula: Timeout time = timeout factor ×...
By setting an appropriate maximum port rate, you can limit the rate at which the port sends BPDUs and prevent MSTP from using excessive network resources when the network becomes instable. H3C recommends that you use the default setting. Configuring ports as edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.
To do... Use the command... Remarks Required Configure the current ports as edge ports stp edged-port enable All ports are non-edge ports by default. NOTE: With BPDU guard disabled, when a port set as an edge port receives a BPDU from another port, it will •...
Page 94
Table 13 Mappings between the link speed and the path cost Path cost Link speed Port type IEEE IEEE 802.1t Private standard 802.1d-1998 — 65535 200,000,000 200,000 Single Port 2,000,000 2,000 Aggregate interface 1,000,000 1,800 containing 2 selected ports 10 Mbps Aggregate interface 666,666 1,600...
To do... Use the command... Remarks Enter system view system-view — Enter Ethernet interface interface interface-type view or Layer 2 aggregate Enter interface interface-number Required interface view view or port Use either command. group view port-group manual Enter port group view port-group-name Required stp [ instance instance-id ]...
If the current port is a Layer 2 aggregate interface or if it works in full duplex mode, you can configure the link to which the current port connects as a point-to-point link. H3C recommends that you use the default setting, and let MSTP detect the link status automatically.
Configuring the mode a port uses to recognize/send MSTP packets A port can receive/send MSTP packets in the following formats: dot1s: 802.1s-compliant standard format, and • • legacy: Compatible format By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets it will send based on the recognized format.
To do... Use the command... Remarks Enter system view system-view — Required Enable output of port state stp port-log { all | instance transition information instance-id } Enabled by default. Enabling the MSTP feature You must enable MSTP for the device before any other MSTP-related configurations can take effect. Make this configuration on the root bridge and on the leaf nodes separately.
You can perform mCheck on a port through the following two approaches, which lead to the same result. Performing mCheck globally Follow these steps to perform global mCheck: To do... Use the command... Remarks Enter system view system-view — Perform mCheck stp mcheck Required Performing mCheck in interface view...
Page 100
You can only modify the region name and revision level. You must enable Digest Snooping both globally and on associated ports to make it take effect. H3C •...
Figure 21 Digest Snooping configuration Configuration procedure # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device A and enable global Digest Snooping on Device A. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] stp config-digest-snooping # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device B and enable global Digest Snooping on Device B.
Page 102
Figure 22 Rapid state transition of an MSTP designated port Upstream device Downstream device (1) Proposal for rapid transition The root port blocks non-edge ports. The root port changes to the (2) Agreement forwarding state and sends an Agreement to the upstream device.
To do... Use the command... Remarks Enter system view system-view — Enter Ethernet interface view or Layer 2 interface interface-type Enter interface aggregate interface interface-number Required or port group view Use either command. view port-group manual Enter port group view port-group-name Required Enable No Agreement Check...
Page 104
Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers. The access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system will automatically set these ports as non-edge ports and start a new spanning tree calculation process.
Page 105
To do... Use the command... Remarks Enter Ethernet interface interface interface-type view or Layer 2 aggregate Enter interface interface-number Required interface view view or port Use either command. group view port-group manual Enter port group view port-group-name Required Enable the root guard function for the port(s) stp root-protection Disabled by default.
6 by default. period after it receives the first TC-BPDU NOTE: H3C does not recommend you to disable this feature. Enabling BPDU drop In an STP-enabled network, after receiving BPDUs, a device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious attackers to forge BPDUs to attack the network: By continuously sending forged BPDUs, they can make all the devices in the network perform STP calculations all the time.
To do... Use the command... Remarks display stp bpdu-statistics [ interface interface-type interface-number [ instance Available in any view Display BPDU statistics on ports instance-id ] ] [ | { begin | exclude | include } regular-expression ] Display information about ports blocked display stp down-port [ | { begin | Available in any view by STP protection functions...
Page 108
Figure 25 Network diagram for MSTP configuration Configuration procedure VLAN and VLAN member port configuration Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, create VLAN 10, VLAN 20, and VLAN 40 on Device C, and create VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.
Page 109
[DeviceB] stp region-configuration [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable MSTP globally.
Page 110
# Enable MSTP globally. [DeviceD] stp enable Verifying the configurations You can use the display stp brief command to display brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A. [DeviceA] display stp brief MSTID Port...
Page 111
Figure 26 MSTIs mapped to different VLANs...
BPDU tunneling configuration This chapter includes these sections: Introduction to BPDU tunneling • Configuring BPDU tunneling • BPDU tunneling configuration examples • Introduction to BPDU tunneling As a Layer 2 tunneling technology, BPDU tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific tunnels across a service provider network.
NOTE: Depending on the device models, H3C devices support BPDU tunneling for the following protocols: Cisco Discovery Protocol (CDP) • Device Link Detection Protocol (DLDP) • Ethernet Operation, Administration and Maintenance (EOAM) • GARP VLAN Registration Protocol (GVRP) • HW Group Management Protocol (HGMP) •...
Figure 28 Network diagram for BPDU tunneling implementation PE 1 PE 2 ISP network BPDU tunnel CE 1 CE 2 User A network 1 User A network 2 As shown in 28, the upper part is the service provider network (ISP network), and the lower part Figure represents two geographically dispersed segments of a customer network: User A network 1 and User A network 2.
Enabling BPDU tunneling You can enable BPDU tunneling for different protocols in different views. NOTE: Settings made in Ethernet interface view or Layer 2 aggregate interface view take effect only on the • current port. Settings made in port group view take effect on all ports in the port group. Before enabling BPDU tunneling for DLDP, EOAM, GVRP, HGMP, LLDP, or STP on a port, disable the •...
To do… Use the command… Remarks Optional Configure the destination multicast bpdu-tunnel tunnel-dmac MAC address for BPDUs mac-address 0x010F-E200-0003 by default. NOTE: For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network. BPDU tunneling configuration examples BPDU tunneling for STP configuration example Network requirements...
[PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port access vlan 2 # Disable STP on GigabitEthernet 1/0/1, and then enable BPDU tunneling for STP on it. [PE1-GigabitEthernet1/0/1] undo stp enable [PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q stp Configuration on PE 2 # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE2>...
Page 118
<PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure GigabitEthernet 1/0/1 as a trunk port and assign it to all VLANs. [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type trunk [PE1-GigabitEthernet1/0/1] port trunk permit vlan all # Disable STP on GigabitEthernet 1/0/1, and then enable BPDU tunneling for STP and PVST on it. [PE1-GigabitEthernet1/0/1] undo stp enable [PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q stp [PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q pvst...
Improving LAN security. By assigning user groups to different VLANs, you can isolate them at Layer • 2. To enable communication between VLANs, routers or Layer 3 switches are required. • Flexible virtual workgroup creation. As users from the same workgroup can be assigned to the same VLAN regardless of their physical locations, network construction and maintenance is much easier and more flexible.
Types of VLAN You can implement VLAN based on the following criteria: Port • MAC address • Protocol • IP subnet • • Policy Other criteria • NOTE: • Ethernet Switches support port-based VLAN, MAC-based VLAN, protocol-based VLAN, and IP-based VLAN.
NOTE: As the default VLAN, VLAN 1 cannot be created or removed. • You cannot manually create or remove VLANs reserved for special purposes. • Dynamic VLANs cannot be removed with the undo vlan command. • A VLAN with a QoS policy applied cannot be removed. •...
VLAN, see the chapter “Voice VLAN configuration.” • H3C recommends that you set the same default VLAN ID for the local and remote ports. Make sure that a port is assigned to its default VLAN. Otherwise, when the port receives frames tagged •...
Actions (in the inbound direction) Actions (in the outbound Port type direction) Untagged frame Tagged frame • Receive the frame if its VLAN ID is the same as the default VLAN ID. Tag the frame with the Remove the VLAN tag and send Access default VLAN tag.
To do… Use the command… Remarks Required Enter Ethernet interface interface-type Use either command. interface view interface-number • In Ethernet interface view, the subsequent configurations Enter interface apply to the current port. view (including • In port group view, the Ethernet interface Enter Layer 2 interface bridge-aggregation...
To do… Use the command… Remarks Required Enter Ethernet interface interface-type Use either command. interface view interface-number Enter interface • In Ethernet interface view, the view (including subsequent configurations apply Ethernet to the current port. Enter Layer 2 interface view, •...
To do… Use the command… Remarks Required Enter Ethernet interface interface-type Use either command. Enter interface view interface-number interface • In Ethernet interface view, the view subsequent configurations apply (including to the current port. Enter Layer 2 Ethernet interface bridge-aggregation •...
Page 128
To ensure communication security and avoid broadcast storms, VLANs are configured in the • enterprise network to isolate Layer 2 traffic of different departments. VLAN 100 is assigned to Department A, and VLAN 200 is assigned to Department B. • Ensure that hosts within the same VLAN can communicate with each other.
from its other ports, it cannot assign these ports to the corresponding VLAN. Approach 2 can solve this problem. In this approach, you must manually create MAC-to-VLAN mappings, enable MAC-based VLAN, and enable MAC-based dynamic port assignment. After that, the device can dynamically assign ports to static MAC-based VLANs based on the MAC addresses of received packets.
Page 131
NOTE: MAC-based VLANs are available only on hybrid ports. • Because MAC-based dynamic port assignment is mainly configured on the downlink ports of the user • access devices, do not enable this function together with link aggregation. After associate MAC addresses with a VLAN, if you specify the 802.1p priority value corresponding to •...
Page 132
NOTE: With MAC-based dynamic port assignment enabled, packets with unknown source MAC addresses are • sent to the CPU for processing. Because this packet processing mode has the highest priority, the configuration of MAC learning limit and disabling MAC address learning becomes invalid. When MAC-based dynamic port assignment is enabled, do not configure the two features.
Configuring dynamic MAC-based VLAN issuing To configure dynamic MAC-based VLAN issuing, first configure both the switch and the access authentication server. This subsection describes the configuration needed on the switch only. NOTE: After enabling MAC-based VLAN on the switch, you must configure related authentication settings on the Security access authentication server.
Page 135
[DeviceA-GigabitEthernet1/0/1] port link-type hybrid [DeviceA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceA-GigabitEthernet1/0/1] mac-vlan enable [DeviceA-GigabitEthernet1/0/1] quit # To enable the laptops to access Server 1 and Server 2, configure the uplink port GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200. [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 200...
Total MAC VLAN address count:2 Configuration guidelines MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is typically configured on the downlink ports of access layer devices, and cannot be configured together with the link aggregation function. Protocol-based VLAN configuration Introduction to protocol-based VLAN NOTE: Protocol-based VLAN configuration applies to hybrid ports only.
Page 137
To do… Use the command… Remarks protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode Create a protocol template for the { ethernetii etype etype-id | llc Required VLAN { dsap dsap-id [ ssap ssap-id ] |...
CAUTION: dsap-id ssap-id Do not configure both the arguments in the protocol-vlan command as 0xe0 or • 0xff when configuring the user-defined template for llc encapsulation. Otherwise, the encapsulation format of the matching packets will be the same as that of the ipx llc or ipx raw packets respectively. etype-id When you use the mode keyword to configure a user-defined protocol template, do not set •...
Page 139
Configuration consideration Create VLANs 100 and 200. Associate VLAN 100 with IPv4, and VLAN 200 with IPv6. Configure protocol-based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2. Configuration procedure Configuration on Device # Create VLAN 100, and assign port GigabitEthernet 1/0/1 1 to VLAN 100. <Device>...
Configure IPv4 Host A, IPv4 Host B, and IPv4 Server to be on the same network segment, 192.168.100.0/24 for example, and configure IPv6 Host A, IPv6 Host B, and IPv6 Server to be on the same network segment, 192.168.200.0/24 for example. Verification The hosts and the server in VLAN 100 can ping one another successfully.
Configuring an IP subnet-based VLAN NOTE: This feature is only applicable on hybrid ports. Follow these steps to configure an IP subnet-based VLAN: To do… Use the command… Remarks Enter system view system-view — Enter VLAN view vlan vlan-id — Required The IP network segment or IP Associate an IP subnet with the current...
Displaying and maintaining VLAN To do... Use the command… Remarks display vlan [ vlan-id1 [ to vlan-id2 ] | all | Display VLAN information dynamic | reserved | static ] [ | { begin | Available in any view exclude | include } regular-expression ] display interface vlan-interface Display VLAN interface [ vlan-interface-id ] [ | { begin | exclude |...
Super VLAN configuration (available only on the S5500-EI) This chapter includes these sections: • Overview Configuring a super VLAN • Displaying and maintaining super VLAN • Super VLAN configuration example • Overview Super VLAN, also called “VLAN aggregation”, was introduced to save the IP address space. A super VLAN is associated with multiple sub-VLANs.
Page 144
NOTE: To configure more sub-VLANs, repeat these steps. Configuring a super VLAN Follow these steps to configure a super VLAN: To do… Use the command… Remarks Enter system view system-view — Required If the specified VLAN does not Enter VLAN view vlan vlan-id exist, this command creates the VLAN first, and then enters VLAN...
• VLAN. However, only DHCP takes effect. Configuring VRRP for the VLAN interface of a super VLAN affects network performance. H3C does not • recommend you to configure this function in normal cases. For more information about VRRP, see the...
Page 146
Configuration procedure # Create VLAN 10, and configure its VLAN interface IP address as 10.0.0.1/24. <Sysname> system-view [Sysname] vlan 10 [Sysname-vlan10] interface vlan-interface 10 [Sysname-Vlan-interface10] ip address 10.0.0.1 255.255.255.0 # Enable local proxy ARP. [Sysname-Vlan-interface10] local-proxy-arp enable [Sysname-Vlan-interface10] quit # Create VLAN 2, and assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to it. [Sysname] vlan 2 [Sysname-vlan2] port gigabitethernet 1/0/1 gigabitethernet 1/0/2 [Sysname-vlan2] quit...
Page 147
VLAN ID: 2 VLAN Type: static It is a Sub VLAN. Route Interface: configured Ip Address: 10.0.0.1 Subnet Mask: 255.255.255.0 Description: VLAN 0002 Name: VLAN 0002 Tagged Ports: none Untagged Ports: GigabitEthernet1/0/1 GigabitEthernet1/0/2 VLAN ID: 3 VLAN Type: static It is a Sub VLAN. Route Interface: configured Ip Address: 10.0.0.1 Subnet Mask: 255.255.255.0...
Isolate-user-VLAN configuration This chapter includes these sections: Overview • Configuring isolate-user-VLAN • Displaying and maintaining isolate-user-VLAN • Isolate-user-VLAN configuration example • Overview An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, two types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device. The following are the characteristics of the isolate-user-VLAN implementation: •...
Configure the isolate-user-VLAN. Configure the secondary VLANs. Assign non-trunk ports to the isolate-user-VLAN and configure these ports as upstream ports. Assign non-trunk ports to each secondary VLAN and configure these ports as downstream ports. Associate the isolate-user-VLAN with the specified secondary VLANs. To enable users in the isolate-user-VLAN to communicate with other networks at Layer 3, configure VLAN interfaces for the isolate-user-VLAN and its secondary VLANs, and configure the gateway IP address for the isolate-user-VLAN interface.
To do... Use the command Remarks • This configuration is optional when the isolate-user-VLAN operates at Layer 2. • This configuration is required Configure an IP address for the ip address ip-address { mask | when the isolate-user-VLAN isolate-user-VLAN interface mask-length } [ sub ] operates at Layer 3.
To do… Use the command… Remarks • This configuration is optional when the isolate-user-VLAN operates at Layer 2. • This configuration is required Create a secondary VLAN interface interface vlan-interface when the isolate-user-VLAN and enter secondary VLAN interface vlan-interface-id operates at Layer 3. view The vlan-interface-id argument must take the secondary VLAN...
Page 152
Create isolate-user-VLAN 2 on Switch A and Switch B, and configure the IP addresses of the • isolate-user-VLAN interfaces as 202.38.160.1/24 and 202.38.160.2/24 respectively. • Configure GigabitEthernet 1/0/10 as an upstream port and GigabitEthernet 1/0/1 1 as a downstream port on Switch A and Switch B. Create secondary VLANs 20 and 40 on Switch A, Switch B, Switch C, and Switch D.
Page 153
# Configure port GigabitEthernet 1/0/1 as an upstream port. [SwitchA] interface GigabitEthernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port isolate-user-vlan promiscuous [SwitchA-GigabitEthernet1/0/1] quit # Create isolate-user-VLAN interface 2, and configure it with an IP address. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0 # Enable local proxy ARP on isolate-user-VLAN interface 2.
Page 154
[SwitchA-GigabitEthernet1/0/11] port hybrid pvid vlan 20 # Configure port GigabitEthernet 1/0/1 1 as a downstream port. [SwitchA-GigabitEthernet1/0/11] port isolate-user-vlan host [SwitchA-GigabitEthernet1/0/11] quit # Associate secondary VLANs 20 and 40 with isolate-user-VLAN 2. [SwitchA] isolate-user-vlan 2 secondary 20 40 Configuration on Switch B # Create isolate-user-VLAN 2.
Page 155
[SwitchB-GigabitEthernet1/0/10] port link-type hybrid [SwitchB-GigabitEthernet1/0/10] port hybrid vlan 2 20 40 tagged [SwitchB-GigabitEthernet1/0/10] port hybrid pvid vlan 2 [SwitchB-GigabitEthernet1/0/10] quit # Configure GigabitEthernet 1/0/1 1 as a hybrid port, and configure it to send the packets from VLANs 2, 20, and 40 with VLAN tags kept. [SwitchB] interface GigabitEthernet 1/0/11 [SwitchB-GigabitEthernet1/0/11] port link-type hybrid [SwitchB-GigabitEthernet1/0/11] port hybrid vlan 2 20 40 tagged...
Page 156
# Configure GigabitEthernet 1/0/1 1 as a hybrid port, and configure it to send the packets from VLANs 2, 20, and 40 with VLAN tags kept. [SwitchC] interface GigabitEthernet 1/0/11 [SwitchC-GigabitEthernet1/0/11] port link-type hybrid [SwitchC-GigabitEthernet1/0/11] port hybrid vlan 2 20 40 tagged [SwitchC-GigabitEthernet1/0/11] quit Configuration on Switch D # Configure Switch D using the same instructions that you used to configure Switch C.
Page 157
GigabitEthernet1/0/1 # Display detailed information about VRRP group 1 on Switch A. [SwitchA-Vlan-interface2] display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlan-interface2 VRID Adver Timer Admin Status : Up State...
Page 158
Virtual IP : 202.38.160.111 Virtual MAC : 0000-5e00-0101 Master IP : 202.38.160.2 The output shows that Switch B is the master router in VRRP group 1, and Switch B forwards the packets from Host A to Host E after Switch A fails.
Voice VLAN configuration This chapter includes these sections: Overview • Configuring a voice VLAN • Displaying and maintaining voice VLAN • Voice VLAN configuration examples • Overview As voice communication technologies grow more mature, voice devices are more and more widely deployed, especially on broadband networks, where voice traffic and data traffic often co-exist.
NOTE: In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique • identifier assigned to a vendor by IEEE. OUI addresses mentioned in this document, however, are different from those in common sense. OUI addresses in this document are used by the system to determine whether a received packet is a voice packet.
Page 161
Figure 42 Only IP phones access the network Both modes forward tagged packets according to their tags. Table 15 Table 16 list the required configurations on ports of different link types in order for these ports to support tagged or untagged voice traffic sent from IP phones when different voice VLAN assignment modes are configured.
Table 16 Required configurations on ports of different links types in order for the ports to support tagged voice traffic Voice VLAN Support for Port link type assignment untagged voice Configuration requirements mode traffic Automatic — Access Configure the default VLAN of the port as the Manual voice VLAN.
MAC addresses checking. TIP: H3C does not recommend that you transmit both voice traffic and non-voice traffic in a voice VLAN. If you have to, ensure that the voice VLAN security mode is disabled.
Configuring QoS priority settings for voice traffic on an interface In voice VLAN applications, you can improve the quality of voice traffic by configuring the appropriate QoS priority settings, including the Class of Service (CoS) and Differentiated Services Code Point (DSCP) values, for voice traffic.
To do... Use the command... Remarks For the default OUI addresses of different vendors, see Table interface interface-type Enter Ethernet interface view — interface-number Optional Automatic voice VLAN assignment Configure the port to operate in mode is enabled by default. automatic voice VLAN assignment voice vlan mode auto The voice VLAN assignment modes...
To do... Use the command... Remarks For how to assign an access port to Access port a VLAN, see the chapter “VLAN Assign the port configuration.” Use one of the three approaches. in manual voice For how to assign a trunk port to a After you assign an access port to VLAN Trunk port...
Page 167
The MAC address of IP phone B is 001 1-2200-0001. The phone connects to a downstream device • named PC B whose MAC address is 0022-2200-0002 and to GigabitEthernet 1/0/2 on Device A. • Device A uses voice VLAN 2 to transmit voice packets for IP phone A, and voice VLAN 3 to transmit voice packets for IP phone B.
Page 169
Figure 44 Network diagram for manual voice VLAN assignment mode configuration Configuration procedure # Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.) <DeviceA> system-view [DeviceA] voice vlan security enable # Add a recognizable OUI address 001 1-2200-0000.
Page 170
# Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 8 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE DSCP...
GVRP configuration The Generic Attribute Registration Protocol (GARP) provides a generic framework for devices in a bridged LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes. GVRP is based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network.
Page 172
When a port receives a declaration for a VLAN attribute, it registers the VLAN attribute carried in • the declaration and joins the VLAN. • When a port receives a withdrawal for a VLAN attribute, it deregisters the VLAN attribute carried in the withdrawal and leaves the VLAN.
Page 173
A GARP participant may declare an attribute twice to ensure reliable transmission. The Join timer sets the interval between the two declarations. A GARP participant starts a Join timer when it declares an attribute value or receives a JoinIn message for the attribute value.
Table 18 Description on the GARP message fields Field Description Value GARP Protocol Data Unit –– GARP PDU Protocol identifier for GARP PDU 0x0001 Protocol ID One or multiple messages, each containing an attribute type and an –– Message attribute list Indicates the end of a GARP PDU 0x00 End mark...
Fixed––Allows manual creation and registration of VLANs, prevents VLAN deregistration, and • registers all known VLANs on other ports on the trunk port. • Forbidden––Deregisters all VLANs (except VLAN 1) and prevents any further VLAN creation or registration on the trunk port. Protocols and standards IEEE 802.1Q, Virtual Bridged Local Area Networks •...
To do… Use the command… Remarks Required By default, a trunk port is Assign the trunk ports to all VLANs port trunk permit vlan all assigned to VLAN 1 only. Required Enable GVRP on the ports gvrp Disabled by default Optional Configure the GVRP registration mode on the gvrp registration { fixed |...
To do… Use the command… Remarks Optional garp timer hold timer-value Configure the Hold timer 10 centiseconds by default Optional garp timer join timer-value Configure the Join timer 20 centiseconds by default Optional garp timer leave timer-value Configure the Leave timer 60 centiseconds by default As shown in 19, the value ranges for GARP timers are dependent on one another:...
GVRP configuration examples GVRP normal registration mode configuration example Network requirements As shown in Figure Device A and Device B are connected through their GigabitEthernet 1/0/1 ports. • Enable GVRP and configure the normal registration mode on ports to enable the registration and •...
[DeviceB-vlan3] quit Verify the configuration Use the display gvrp local-vlan command to display the local VLAN information maintained by GVRP on ports. For example: # Display the local VLAN information maintained by GVRP on port GigabitEthernet 1/0/1 of Device A. [DeviceA] display gvrp local-vlan interface gigabitethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default),2-3...
[DeviceA] vlan 2 [DeviceA-vlan2] quit Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1, and set the GVRP registration mode to fixed on the port.
Page 181
Figure 49 Network diagram for GVRP forbidden registration mode configuration Configuration procedure Configure Device A # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1, and set the GVRP registration mode to forbidden on the port.
Page 182
According to the output, information about VLAN 1 is registered through GVRP, but static VLAN information of VLAN 2 on the local device and dynamic VLAN information of VLAN 3 on Device B are not. # Display the local VLAN information maintained by GVRP on port GigabitEthernet 1/0/1 of Device B. [DeviceB] display gvrp local-vlan interface gigabitethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default)
QinQ configuration This chapter includes these sections: Introduction to QinQ • QinQ configuration task list • Configuring basic QinQ • Configuring selective QinQ • Configuring the TPID value in VLAN tags • • QinQ configuration examples NOTE: inner VLANs” Throughout this document, customer network VLANs (CVLANs), also called “ , refer to the VLANs that a customer uses on the private network;...
Figure 50 Typical QinQ application scenario Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in 50, customer network A has CVLANs 1 through 10, and customer network B has Figure CVLANs 1 through 20.
QinQ packet is 1508 bytes, which comprises two four-byte VLAN tags and one 1500-byte standard Ethernet frame. Implementations of QinQ H3C provides the following QinQ implementations: basic QinQ and selective QinQ. Basic QinQ Basic QinQ enables a port to tag any incoming frames with its default VLAN tag, regardless of whether they have been tagged or not.
Figure 52 VLAN tag structure of an Ethernet frame The switch determines whether a received frame carries a SVLAN or CVLAN tag by checking the TPID value. For example, if a frame carries a SVLAN tag with TPID value 0x9100 and a CVLAN tag with TPID value 0x8100, and the configured TPID value of the SVLAN tag is 0x9100 and that of the CVLAN tag is 0x8200, the switch considers that the frame carries only the SVLAN tag but not the CVLAN tag.
Configuring an outer VLAN tagging policy in the port-based approach The S5500-SI and S5500-EI series switches support the configuration of basic QinQ and selective QinQ at the same time on a port and when the two features are both enabled on the port, frames that meet the selective QinQ condition are handled with selective QinQ on this port first, and the left frames are handled with basic QinQ.
Page 189
Configuring an outer VLAN tagging policy in the QoS policy-based approach (available only on the S5500-EI) You can configure an outer VLAN tagging policy on the S5500-EI series switches in the QoS policy-based approach. Configure an outer VLAN tagging policy in the QoS policy-based approach in the following workflow: Configure a class to match packets with certain tags.
• NOTE: On the S5500-EI series switches, if you set the trusted packet priority type to 802.1p priority on a port with basic QinQ or selective QinQ enabled, the port automatically copies the 802.1p priority from the inner VLAN tag to the outer VLAN tag when adding the outer VLAN tag to each packet. The S5500-SI series switches do not process packets in this way.
Page 191
Follow these steps to mark the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p priorities in the inner VLAN tags: To do... Use the command... Remarks Enter system view system-view — Required traffic classifier classifier-name Create a class and enter class view By default, the operator of a class [ operator { and | or } ]...
To do... Use the command... Remarks Apply the QoS policy to the qos apply policy policy-name Required incoming traffic inbound Configuring inner VLAN ID substitution (available only on the S5500-EI) Basic QinQ does not change the inner VLAN ID when tagging the customer VLAN frame with an outer VLAN tag.
Configuring the TPID value in VLAN tags Configuring the TPID value on the S5500-EI Follow these steps to configure the TPID value: To do... Use the command... Remarks Enter system view system-view — Optional qinq ethernet-type By default, the TPID value is Configure the TPID value { customer-tag | service-tag } 0x8100.
Page 194
Customer A1, Customer A2, Customer B1 and Customer B2 are edge switches on the customer • network. • Third-party switches with a TPID value of 0x8200 are deployed between Provider A and Provider B. Make configuration to satisfy the following requirements: •...
Page 195
# Set the TPID value in the outer tag to 0x8200. [ProviderA-GigabitEthernet1/0/3] quit [ProviderA] qinq ethernet-type service-tag 8200 NOTE: The previous command is available only on the S5500-EI series switches. For how to configure the TPID value on the S5500-SI series switches, see “Configuring the TPID value on the S5500-SI.”...
NOTE: The previous command is available only on the S5500-EI series switches. For how to configure the TPID value on the S5500-SI series switches, see “Configuring the TPID value on the S5500-SI.” Configuration on third-party switches Configure the third-party switches between Provider A and Provider B as follows: configure the port connecting GigabitEthernet 1/0/3 of Provider A and that connecting GigabitEthernet 1/0/3 of Provider B to allow tagged frames of VLAN 10 and 50 to pass through.
Page 197
# Set the TPID value in the outer tag to 0x8200. [ProviderA-GigabitEthernet1/0/3] quit [ProviderA] qinq ethernet-type service-tag 8200 NOTE: The previous command is available only on the S5500-EI series switches. For how to configure the TPID value on the S5500-SI series switches, see “Configuring the TPID value on the S5500-SI.”...
# Set the TPID value in the outer tag to 0x8200. [ProviderA-GigabitEthernet1/0/3] quit [ProviderA] qinq ethernet-type service-tag 8200 NOTE: The previous command is available only on the S5500-EI series switches. For how to configure the TPID value on the S5500-SI series switches, see “Configuring the TPID value on the S5500-SI.”...
Page 199
Frames of the VLANs other than VLAN 10 and VLAN 20 of Customer A can be forwarded to • Customer D across VLAN 3000 on the public network. Figure 55 Network diagram Configuration procedure NOTE: Make sure that the switches in the service provider network have been configured to allow QinQ packets to pass through.
Page 200
# Create a traffic behavior P1000 and configure the action of tagging frames with the outer VLAN tag 1000 for the traffic behavior. [ProviderA] traffic behavior P1000 [ProviderA-behavior-P1000] nest top-most vlan-id 1000 [ProviderA-behavior-P1000] quit # Create a class A20 to match frames of VLAN 20 of Customer A. [ProviderA] traffic classifier A20 [ProviderA-classifier-A20] if-match customer-vlan-id 20 [ProviderA-classifier-A20] quit...
Page 201
[ProviderB] interface gigabitethernet 1/0/1 [ProviderB-GigabitEthernet1/0/1] port link-type trunk [ProviderB-GigabitEthernet1/0/1] port trunk permit vlan 1000 2000 3000 # To enable interoperability with the third-party switches in the public network, set the TPID of the service provider network VLAN tags to 0x8200. The port tags the received frames with the outer VLAN tag whose TPID is 0x8200.
VLAN mapping configuration examples • VLAN mapping overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. The S5500-EI series switches provide the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN mapping to sub-classify traffic from a particular VLAN for granular QoS control.
Figure 57 Application scenario of two-to-two VLAN mapping Site 1 and Site 2 are respectively in VLAN 2 and VLAN 3. The VLAN assigned for VPN A is VLAN 10 in the SP 1 network and VLAN 20 in the SP 2 network. If Site 1 sends a packet to Site 2, the packet is processed on the way to its destination using the following workflow: When the packet tagged with VLAN 2 arrives at the edge of network SP 1, PE 1 tags the packet...
Figure 58 Basic concepts of VLAN mapping Uplink traffic: Traffic transmitted from the customer network to the service provider network. • Downlink traffic: Traffic transmitted from the service provider network to the customer network. • • Network-side port: A port connected to the service provider network. Customer-side port: A port connected to the customer network.
Page 206
Figure 59 One-to-one VLAN mapping implementation Inbound uplink policy CVLAN Data SVLAN Data User network SP network CVLAN Data SVLAN Data Outbound downlink policy Network-side port Customer-side port Uplink traffic Downlink traffic Many-to-one VLAN mapping Implement many-to-one VLAN mapping through the following configurations, as shown in Figure Apply an uplink policy to the incoming traffic on the customer-side port to map different CVLAN IDs •...
Figure 57 NOTE: When you are configuring VLAN mappings, H3C recommends that you configure the related ports to dynamically generate IP-MAC-port binding entries. The ports will filter packets according to the source IP and MAC addresses of the received packets to block illegal access and improve network security. For...
Page 208
Configuration prerequisites Create CVLANs and SVLANs, and plan CVLAN-SVLAN mappings. Configuring an uplink policy Follow these steps to configure an uplink policy to map each CVLAN to a unique SVLAN: To do... Use the command... Remarks Enter system view system-view —...
Configuring the customer-side port Follow these steps to configure the customer-side port: To do... Use the command... Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface interface-type — view interface-number Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access.
Page 210
Task Description Configures VLAN and other settings required for many-to-one Configuring the customer-side port VLAN mapping (required). Configures VLAN and other settings required for many-to-one Configuring the network-side port VLAN mapping (required). Configuration prerequisites Before you configure many-to-one VLAN mapping, complete the following tasks: Make sure that all home users use DHCP to get IP addresses.
Page 211
To do... Use the command... Remarks Enter system view system-view — Create a class and enter class traffic classifier tcl-name operator view Required Configure multiple CVLANs as if-match customer-vlan-id Repeat these steps to configure one match criteria { vlan-id-list | vlan-id1 to vlan-id2 } class for each group of CVLANs.
To do... Use the command... Remarks Enter system view system-view — Enter Layer 2 Ethernet interface interface interface-type — view interface-number Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access. Required port trunk permit vlan { vlan-id-list Assign the port to SVLANs...
Page 213
Configuring an uplink policy for the customer-side port The uplink policy on the customer-side port modifies the SVLAN ID of incoming traffic. Follow these steps to configure an uplink policy for the customer-side port: To do... Use the command... Remarks Enter system view system-view —...
Page 214
To do... Use the command... Remarks CVLAN pair. Return to system view quit Create a QoS policy and enter QoS qos policy policy-name Required policy view Required classifier tcl-name behavior Repeat this step to create Associate the class with the behavior behavior-name other class-behavior associations.
To do... Use the command... Remarks interface interface-type Enter Ethernet interface view — interface-number Required Configure the port as a trunk port port link-type trunk The default link type of an Ethernet port is access. Required port trunk permit vlan { vlan-id-list Assign the port to the local SVLANs By default, a trunk port is in | all }...
Page 216
Because Switch C retains customer VLAN information, each type of traffic is still segregated by user, even though it appears to be transmitted in one VLAN. Figure 62 Network diagram for one-to-one and many-to-one VLAN mapping configuration DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 ->...
<SwitchD> system-view [SwitchD] dhcp-snooping # Assign port GigabitEthernet 1/0/1 to SVLANs 501 to 503. [SwitchD] interface gigabitethernet 1/0/1 [SwitchD-GigabitEthernet1/0/1] port link-type trunk [SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 501 502 503 Two-to-two VLAN mapping configuration example Network requirements As shown in 63, two VPN A users, Site 1 and Site 2, are in VLAN 10 and VLAN 30 respectively.
Page 222
[PE2-GigabitEthernet1/0/1] port trunk permit vlan 100 [PE2-GigabitEthernet1/0/1] quit # Set port GigabitEthernet 1/0/2 as a trunk port, and assign it to VLAN 100. [PE2] interface gigabitethernet 1/0/2 [PE2-GigabitEthernet1/0/2] port link-type trunk [PE2-GigabitEthernet1/0/2] port trunk permit vlan 100 Configuring PE 3 # Configure an uplink policy down_uplink for customer-side port GigabitEthernet 1/0/1 to substitute SVLAN ID 200 for the SVLAN ID in the incoming traffic tagged with CVLAN 10 and SVLAN 100.
Page 223
# Set customer-side port GigabitEthernet 1/0/1 as a trunk port, assign it to VLAN 200, and apply uplink policy down_uplink to the incoming traffic and downlink policy down_downlink to the outgoing traffic on the port. [PE3] interface gigabitethernet 1/0/1 [PE3-GigabitEthernet1/0/1] port link-type trunk [PE3-GigabitEthernet1/0/1] port trunk permit vlan 200 [PE3-GigabitEthernet1/0/1] qos apply policy down_uplink inbound [PE3-GigabitEthernet1/0/1] qos apply policy down_downlink outbound...
You can set an Ethernet port as a Layer 3 Ethernet interface by using the port link-mode route command (see the chapter “Ethernet interface configuration”). You can configure an Ethernet port as a Layer 3 Ethernet interface only on the S5500-EI series switches. •...
Page 225
Figure 64 Ethernet II-encapsulated LLDPDU format The fields in the frame are described in Table Table 21 Description of the fields in an Ethernet II-encapsulated LLDPDU Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address.
Page 226
Field Description The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used. The SNAP type for the upper layer protocol. It is 0xAAAA-0300-0000-88CC Type for LLDP.
Page 227
Indicates protocols supported on the port. An LLDPDU can carry multiple Protocol Identity different TLVs of this type. NOTE: H3C S5500-SI&S5500-EI series Ethernet switches only support receiving protocol identity TLVs. • Layer 3 Ethernet ports do not support IEEE 802.1 organizationally specific TLVs. •...
NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. H3C devices send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.
When the LLDP operating mode of a port changes, its LLDP protocol state machine re-initializes. To prevent LLDP from being initialized too frequently during times of frequent operating mode change, you can configure a re-initialization delay. With this delay configured, a port must wait for the specified interval before it can initialize LLDP after the LLDP operating mode changes.
NOTE: LLDP-related configurations made in Ethernet interface view take effect only on the current port, and • those made in port group view take effect on all ports in the current port group. The Layer 3 Ethernet interface is an Ethernet interface operating in route mode. You can set an Ethernet •...
To do… Use the command… Remarks or port group view Enter port group view port-group manual port-group-name Optional lldp admin-status { disable | rx | tx | Set the LLDP operating mode txrx } TxRx by default Setting the LLDP re-initialization delay When LLDP operating mode changes on a port, the port initializes the protocol state machines after a certain delay.
To do… Use the command… Remarks Optional By default, the management address is sent through LLDPDUs. • For a Layer 2 Ethernet port, the management address is the main IP address of the lowest-ID VLAN carried on the port. If Allow LLDP to advertise the none of the carried VLANs is management address in LLDPDUs and...
NOTE: To ensure that the LLDP neighbors can receive LLDPDUs to update information about the current device before it is aged out, configure both the LLDPDU transmit interval and delay to be less than the TTL. Setting an encapsulation format for LLDPDUs LLDPDUs can be encapsulated in the following formats: Ethernet II or SNAP frames.
Configuration prerequisites Before you configure CDP compatibility, complete the following tasks: Globally enable LLDP. • Enable LLDP on the port connecting to an IP phone and configure the port to operate in TxRx mode. • Configuring CDP compatibility CDP-compatible LLDP operates in one of the follows modes: TxRx: The CDP packets can be transmitted and received.
To do… Use the command… Remarks Enter Ethernet Enter Layer 2/Layer 3 interface interface-type interface-number Required interface view Ethernet interface view or port group Use either command. Enter port group view port-group manual port-group-name view Required Enable LLDP trapping lldp notification remote-change enable Disabled by default Quit to system view quit...
Page 237
Figure 67 Network diagram for basic LLDP configuration Configuration procedure Configure Switch A # Enable LLDP globally (you can skip this step because LLDP is enabled globally by default). <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 (you can skip this step because LLDP is enabled on ports by default), and set the LLDP operating mode to Rx.
Page 238
Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [GigabitEthernet1/0/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s Number of neighbors: Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0 Port 2 [GigabitEthernet1/0/2]:...
Polling interval : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s...
Page 240
[SwitchA-GigabitEthernet1/0/1] port link-type trunk [SwitchA-GigabitEthernet1/0/1] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-type trunk [SwitchA-GigabitEthernet1/0/2] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/2] quit Configure CDP-compatible LLDP on Switch A # Enable LLDP globally and enable LLDP to be compatible with CDP globally. [SwitchA] lldp enable [SwitchA] lldp compliance cdp # Enable LLDP (you can skip this step because LLDP is enabled on ports by default), configure LLDP to...
MPLS, supporting MPLS traffic • NOTE: The S5500-EI series switches only supports the service loopback group types of Tunnel. Requirements on service loopback ports Before assigning a port to a service loopback group, ensure the port meets the following requirements.
The port is configured with only QoS and ACL settings, or physical settings such as rate and duplex • mode. • The port is not configured with MSTP, NDP, LLDP, 802.1X, MAC address authentication, port security mode, or IP source guard, or as the member port of an isolation group. The link type of the port is access.
Configuring a service loopback group Follow these steps to configure a service loopback group: To do… Use the command… Remarks Enter system view system-view — Create a service loopback service-loopback group number type group and specify its service Required tunnel type Enter Layer 2 Ethernet interface interface-type interface-number...
Page 244
<SwitchA> system-view [SwitchA] service-loopback group 1 type tunnel # Disable MSTP, NDP and LLDP on GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 and then assign them to service loopback group 1. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] undo stp enable [SwitchA-GigabitEthernet1/0/1] undo ndp enable [SwitchA-GigabitEthernet1/0/1] undo lldp enable [SwitchA-GigabitEthernet1/0/1] port service-loopback group 1 [SwitchA-GigabitEthernet1/0/1] quit...
Index B C D E G I L M N O P Q S V Displaying and maintaining loopback and null interfaces,21 BPDU tunneling configuration examples,103 Displaying and maintaining MAC address tables,27 Displaying and maintaining MSTP,93 Displaying and maintaining service loopback Configuring a Layer 2 Ethernet interface,8 groups,230...
Need help?
Do you have a question about the S5500-EI Series and is the answer not in the manual?
Questions and answers