Page 1 H3C S5560S-EI & S5130S-HI[EI] & S5110V2 & S3100V3-EI Switch Series Layer 2—LAN Switching Configuration Guide H3C S5560S-EI Switch Series H3C S5130S-HI Switch Series H3C S5130S-EI Switch Series H3C S5110V2 Switch Series H3C S3100V3-EI Switch Series New H3C Technologies Co., Ltd.
Page 2 , H3CS, H3CIE, H3CNE, Aolynk, Care, , IRF, NetPilot, Netflow, SecEngine, SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of New H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
Page 3 Preface This configuration guide describes the Layer 2—LAN switching fundamentals and configuration procedures. It covers the following items: • Flow control and load sharing. • Isolating users within a VLAN and configuring VLANs. • Eliminating Layer 2 loops. • Transmitting packets of the customer network over the service provider network. •...
Page 4 GUI conventions Convention Description Window names, button names, field names, and menu items are in Boldface. For Boldface example, the New User window opens; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > > Folder.
Page 5 Obtaining documentation To access the most up-to-date H3C product documentation, go to the H3C website at http://www.h3c.com.hk To obtain information about installation, configuration, and maintenance, click http://www.h3c.com.hk/Technical_Documents...
Page 6: Table Of Contents
Contents Configuring Ethernet interfaces ··························································· 1 Ethernet interface naming conventions ··························································································· 1 Configuring a management Ethernet interface ·················································································· 1 Configuring common Ethernet interface settings ··············································································· 1 Configuring a combo interface (single combo interface) ······························································· 1 Configuring basic settings of an Ethernet interface ·····································································...
Page 7 MAC address table configuration example ····················································································· 30 Network requirements ········································································································ 30 Configuration procedure ····································································································· 30 Verifying the configuration ··································································································· 31 Configuring MAC Information ···························································· 32 Enabling MAC Information ········································································································· 32 Configuring the MAC Information mode ························································································ 32 ...
Page 8 Basic concepts in RSTP ····································································································· 69 How RSTP works ·············································································································· 69 RSTP BPDU processing ····································································································· 70 PVST ···································································································································· 70 PVST protocol frames ········································································································ 70 Basic concepts in PVST ······································································································ 71 How PVST works ·············································································································· 71 ...
Page 9 Configuring TC Snooping ········································································································· 102 Configuration restrictions and guidelines ·············································································· 103 Configuration procedure ··································································································· 103 Configuring protection features ································································································· 103 Configuring BPDU guard ··································································································· 104 Enabling root guard ········································································································· 105 Enabling loop guard ········································································································· 105 ...
Page 10 Displaying and maintaining VLANs ···························································································· 137 VLAN configuration examples ··································································································· 138 Port-based VLAN configuration example ·············································································· 138 MAC-based VLAN configuration example ············································································· 139 Protocol-based VLAN configuration example ········································································· 141 Configuring voice VLANs ······························································· 145 Overview ······························································································································...
Page 11 Protocols and standards ··································································································· 175 Restrictions and guidelines ······································································································ 176 Enabling QinQ ······················································································································· 176 Configuring transparent transmission for VLANs ··········································································· 176 Displaying and maintaining QinQ ······························································································· 177 QinQ configuration examples ···································································································· 177 Basic QinQ configuration example ······················································································ 177 ...
Page 12: Configuring Ethernet Interfaces
Configuring Ethernet interfaces The Switch Series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide. This chapter describes how to configure management Ethernet interfaces and Ethernet interfaces. Ethernet interface naming conventions The Ethernet interfaces are named in the format of interface type A/B/C.
Page 13: Configuring Basic Settings Of An Ethernet Interface
• Use the display interface command to determine which port (fiber or copper) of each combo interface is active: If the copper port is active, the output includes "Media type is twisted pair, Port hardware type is 1000_BASE_T." If the fiber port is active, the output does not include this information. Also, you can use the display this command in the view of each combo interface to display the combo interface configuration: If the fiber port is active, the combo enable fiber command exists in the output.
Page 14: Configuring Jumbo Frame Support
Step Command Remarks The default setting is auto for Ethernet interfaces. Set the speed for the speed { 10 | 100 | 1000 | Support for the keywords depends on the Ethernet interface. 10000 | auto } interface type. For more information, use the speed ? command in interface view.
Page 15: Configuring Dampening On An Ethernet Interface
The physical link state of an Ethernet interface is either up or down. Each time the physical link of an interface comes up or goes down, the interface immediately reports the change to the CPU. The CPU then performs the following operations: •...
Page 16 • Reuse-limit—When the accumulated penalty decreases to this reuse threshold, the interface is not dampened. Interface state changes are reported to the upper layers. For each state change, the system also generates an SNMP trap and log message. • Decay—The amount of time (in seconds) after which a penalty is decreased. •...
Page 17: Enabling Loopback Testing On An Ethernet Interface
Step Command Remarks Enter Ethernet interface interface-type interface view. interface-number Enable dampening on dampening [ half-life reuse By default, interface dampening is the interface. suppress max-suppress-time ] disabled on Ethernet interfaces. Enabling loopback testing on an Ethernet interface CAUTION: After you enable this feature on an Ethernet interface, the interface cannot forward data traffic correctly.
Page 18: Enabling Auto Power-Down On An Ethernet Interface
• TxRx-mode generic flow control—Enabled by using the flow-control command. With TxRx-mode generic flow control enabled, an interface can both send and receive flow control frames: When congestion occurs, the interface sends a flow control frame to its peer. When the interface receives a flow control frame from its peer, it suspends sending packets to its peer.
Page 19: Setting The Statistics Polling Interval
Step Command Remarks Enter Ethernet interface interface interface-type view. interface-number Enable auto power-down on By default, auto power-down is port auto-power-down the Ethernet interface. disabled on an Ethernet interface. Setting the statistics polling interval Step Command Remarks Enter system view. system-view Enter Ethernet interface interface interface-type...
Page 20: Configuring A Layer 2 Ethernet Interface
• For the traffic suppression result to be determined, do not configure storm control together with storm suppression for the same type of traffic. For more information about storm control, see "Configuring storm control on an Ethernet interface." • When you configure the suppression threshold in kbps, the actual suppression threshold might be different from the configured one as follows: If the configured value is smaller than 64, the value of 64 takes effect.
Page 21: Configuring Storm Control On An Ethernet Interface
Figure 2 Speed autonegotiation application scenario As shown in Figure • All interfaces on the device are operating in speed autonegotiation mode, with the highest speed of 1000 Mbps. • GigabitEthernet 1/0/4 provides access to the Internet for the servers. If the transmission rate of each server in the server cluster is 1000 Mbps, their total transmission rate exceeds the capability of GigabitEthernet 1/0/4.
Page 22 • Blocks this type of traffic and forwards other types of traffic—Even though the interface does not forward the blocked traffic, it still counts the traffic. When the blocked traffic drops below the lower threshold, the interface begins to forward the traffic. •...
Page 23: Setting The Mdix Mode Of An Ethernet Interface
Setting the MDIX mode of an Ethernet interface IMPORTANT: Fiber ports do not support the MDIX mode setting. A physical Ethernet interface has eight pins, each of which plays a dedicated role. For example, pins 1 and 2 transmit signals, and pins 3 and 6 receive signals. You can use both crossover and straight-through Ethernet cables to connect copper Ethernet interfaces.
Page 24: Enabling Bridging On An Ethernet Interface
This feature tests the cable connection of an Ethernet interface and displays cable test result within 5 seconds. The test result includes the cable's status and some physical parameters. If any fault is detected, the test result shows the length from the local port to the faulty point. The test result is not precise for an Ethernet interface that is in up state and operates in 1000 Mbps.
Page 25 Task Command reset packet-drop interface [ interface-type Clear the statistics of dropped packets on the specified interfaces. [ interface-number ] ] reset ethernet statistics [ slot slot-number ] Clear the Ethernet module statistics.
Page 26: Configuring Loopback, Null, And Inloopback Interfaces
Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.
Page 27: Configuring An Inloopback Interface
applying an ACL. For example, if you specify a null interface as the next hop of a static route to a network segment, any packets routed to the network segment are dropped. To configure a null interface: Step Command Remarks Enter system view.
Page 28: Bulk Configuring Interfaces
Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces. Configuration restrictions and guidelines When you bulk configure interfaces in interface range view, follow these restrictions and guidelines: •...
Page 29: Displaying And Maintaining Bulk Interface Configuration
Step Command Remarks • interface range interface-type interface-number By using the interface range name interface-type command, you assign a name to an interface-number ] } &<1-24> Enter interface range interface range and can specify this view. interface range name name •...
Page 30: Configuring The Mac Address Table
Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table. •...
Page 31: Mac Address Table Configuration Task List
• Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.
Page 32: Configuring Mac Address Entries
Configuring MAC address entries Configuration guidelines • You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address. • The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive a reboot if you do not save the configuration.
Page 33: Adding Or Modifying A Blackhole Mac Address Entry
Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number By default, no MAC address entry is configured on the interface. Add or modify a static or mac-address { dynamic | static } Make sure you have created the dynamic MAC address entry.
Page 34: Disabling Mac Address Learning
You can configure a multiport unicast MAC address entry globally or on an interface. Configuring a multiport unicast MAC address entry globally Step Command Remarks system-view Enter system view. By default, no multiport unicast MAC address entry is configured mac-address multiport globally.
Page 35: Disabling Mac Address Learning On Interfaces
Disabling MAC address learning on interfaces When global MAC address learning is enabled, you can disable MAC address learning on a single interface. To disable MAC address learning on an interface: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number...
Page 36: Setting The Mac Learning Limit
An interval that is too short might result in removal of valid entries, which would cause unnecessary floods and possibly affect the device performance. To reduce floods on a stable network, set a long aging timer or disable the timer to prevent dynamic entries from unnecessarily aging out.
Page 37: Enabling Mac Address Synchronization
Enabling MAC address synchronization To avoid unnecessary floods and improve forwarding speed, make sure all member devices have the same MAC address table. After you enable MAC address synchronization, each member device advertises learned MAC address entries to other member devices. As shown in Figure •...
Page 38: Configuring Mac Address Move Notifications And Suppression
Figure 5 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization: Step Command Remarks Enter system view. system-view Enable MAC address mac-address mac-roaming By default, MAC address enable synchronization. synchronization is disabled. Configuring MAC address move notifications and suppression The outgoing interface for a MAC address entry learned on interface A is changed to interface B...
Page 39: Enabling Arp Fast Update For Mac Address Moves
To configure MAC address move notifications and MAC address move suppression: Step Command Remarks Enter system view. system-view By default, MAC address move notifications are disabled. If you do not specify a detection interval, the default setting of 1 minute is used. Enable MAC address move mac-address notification After you execute this command, the...
Page 40: Enabling Snmp Notifications For The Mac Address Table
Figure 6 ARP fast update application scenario To enable ARP fast update for MAC address moves: Step Command Remarks Enter system view. system-view mac-address mac-move Enable ARP fast update for By default, ARP fast update for MAC address moves. fast-update MAC address moves is disabled.
Page 41: Displaying And Maintaining The Mac Address Table
Displaying and maintaining the MAC address table Execute display commands in any view. Task Command display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | Display MAC address table static ] [ interface interface-type interface-number ] | blackhole | information.
Page 42: Verifying The Configuration
[Device] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer to 500 seconds for dynamic MAC address entries. [Device] mac-address timer aging 500 Verifying the configuration # Display the static MAC address entries for GigabitEthernet 1/0/1. [Device] display mac-address static interface gigabitethernet 1/0/1 MAC Address VLAN ID State...
Page 43: Configuring Mac Information
Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor user's leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.
Page 44: Setting The Mac Change Notification Interval
Setting the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value. To set the MAC change notification interval: Step Command Remarks Enter system view.
Page 45: Configuration Procedure
correctly to the log host. The logging facility name and the severity level are configured by using the info-center loghost and info-center source commands, respectively. Configuration procedure Configure Device to send syslog messages to Host B: # Enable the information center. <Device>...
Page 46 Learns a new MAC address. Deletes an existing MAC address. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] mac-address information enable added [Device-GigabitEthernet1/0/1] mac-address information enable deleted [Device-GigabitEthernet1/0/1] quit # Set the MAC Information queue length to 100. [Device] mac-address information queue-length 100 # Set the MAC change notification interval to 20 seconds.
Page 47: Configuring Ethernet Link Aggregation
Configuring Ethernet link aggregation Overview Ethernet link aggregation bundles multiple physical Ethernet links into one logical link called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
Page 48: Operational Key
Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key. In an aggregation group, all Selected ports have the same operational key. Configuration types Port configurations include attribute configurations and protocol configurations.
Page 49: How Static Link Aggregation Works
• Static—Static aggregation is stable. An aggregation group in static mode is called a static aggregation group. The aggregation states of the member ports in a static aggregation group are not affected by the peer ports. • Dynamic—An aggregation group in dynamic mode is called a dynamic aggregation group. The local system and the peer system automatically maintain the aggregation states of the member ports.
Page 50: Lacp
Figure 10 Setting the aggregation state of a member port in a static aggregation group After the limit on Selected ports is reached, the aggregation state of a new member port varies by following conditions: • The port is placed in Unselected state if the port and the Selected ports have the same port priority.
Page 51 on the other member ports. In this way, the two systems reach an agreement on which ports are placed in Selected state. LACP functions LACP offers basic LACP functions and extended LACP functions, as described in Table Table 2 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP...
Page 52: How Dynamic Link Aggregation Works
How dynamic link aggregation works Choosing a reference port The system chooses a reference port from the member ports in up state. A Selected port must have the same operational key and attribute configurations as the reference port. The local system (the actor) and the peer system (the partner) negotiate a reference port by using the following workflow: The two systems determine the system with the smaller system ID.
Page 53 Figure 11 Setting the state of a member port in a dynamic aggregation group The system with the greater system ID can detect the aggregation state changes on the peer system. The system with the greater system ID sets the aggregation state of local member ports the same as their peer ports.
Page 54: Edge Aggregate Interface
Edge aggregate interface Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device. The device forwards traffic by using only one of the physical ports that are connected to the server. To improve link reliability, configure the aggregate interface as an edge aggregate interface.
Page 55: Configuration Restrictions And Guidelines
Configuration restrictions and guidelines The following information describes restrictions and guidelines that you must follow when you configure link aggregations. Aggregation member interface restrictions • You cannot assign an interface to a Layer 2 aggregation group if any features in Table 4 configured on that interface.
Page 56: Configuring An Aggregate Interface
Step Command Remarks (Optional.) Set the port link-aggregation port-priority The default port priority of an priority for the interface. interface is 32768. priority Configuring a Layer 2 dynamic aggregation group Step Command Remarks Enter system view. system-view By default, the system LACP priority is 32768.
Page 57: Configuring The Description Of An Aggregate Interface
Configuring the description of an aggregate interface You can configure the description of an aggregate interface for administration purposes, for example, describing the purpose of the interface. To configure the description of an aggregate interface: Step Command Remarks Enter system view. system-view Enter Layer 2 aggregate interface bridge-aggregation...
Page 58: Setting The Expected Bandwidth For An Aggregate Interface
Step Command Remarks Enter Layer 2 aggregate interface bridge-aggregation interface view. interface-number Set the minimum number of By default, the minimum number link-aggregation selected-port Selected ports for the of Selected ports is not specified minimum min-number aggregation group. for an aggregation group. Set the maximum number of By default, the maximum number link-aggregation selected-port...
Page 59: Shutting Down An Aggregate Interface
sending BFD packets. When the link is recovered and the local port is placed in Selected state again, the local port establishes a new session with the peer port. BFD notifies the Ethernet link aggregation module that the peer port is reachable. Because BFD provides fast failure detection, the local and peer systems of a dynamic aggregate link can negotiate the aggregation state of their member ports faster.
Page 60: Restoring The Default Settings For An Aggregate Interface
Step Command Shut down the aggregate interface. shutdown Restoring the default settings for an aggregate interface You can restore all configurations on an aggregate interface to the default settings. To restore the default settings for an aggregate interface: Step Command Enter system view.
Page 61: Displaying And Maintaining Ethernet Link Aggregation
Figure 12 Load sharing for multidevice link aggregation in an IRF fabric The egress port for a traffic flow is an aggregate interface that has Selected ports on different IRF member devices Local-first load sharing mechanism enabled? Any Selected ports on the ingress device? Packets are load-shared only Packets are load-shared across...
Page 62: Ethernet Link Aggregation Configuration Examples
Task Command reset counters interface [ bridge-aggregation Clear statistics for the specified aggregate interfaces. [ interface-number ] ] Ethernet link aggregation configuration examples Layer 2 static aggregation configuration example Network requirements On the network shown in Figure 13, perform the following tasks: •...
Page 63: Layer 2 Dynamic Aggregation Configuration Example
[DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.
Page 64 Figure 14 Network diagram Configuration procedure Configure Device A: # Create VLAN 10, and assign the port GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit...
Page 65: Layer 2 Edge Aggregate Interface Configuration Example
Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Port: A -- Auto port, M -- Management port, R -- Reference port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing,...
Page 66 # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface. [Device-Bridge-Aggregation1] lacp edge-port [Device-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to link aggregation group 1. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-aggregation group 1 [Device-GigabitEthernet1/0/1] quit [Device] interface gigabitethernet 1/0/2 [Device-GigabitEthernet1/0/2] port link-aggregation group 1...
Page 67: Configuring Port Isolation
Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group The device supports multiple isolation groups, which can be configured manually.
Page 68: Port Isolation Configuration Example
Port isolation configuration example Network requirements As shown in Figure • LAN users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 on the device, respectively. • The device connects to the Internet through GigabitEthernet 1/0/4. Configure the device to provide Internet access for the hosts, and isolate them from one another at Layer 2.
Page 69 Port isolation group information: Group ID: 1 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 The output shows that GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to isolation group 1. As a result, Host A, Host B, and Host C are isolated from one another at layer 2.
Page 70: Configuring Spanning Tree Protocols
Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
Page 71 • Protocol ID—Fixed at 0x0000, which represents IEEE 802.1d. Protocol version ID—Spanning tree protocol version ID. The protocol version ID for STP is • 0x00. • BPDU type—Type of the BPDU. The value is 0x00 for a configuration BPDU. • Flags—An 8-bit field indicates the purpose of the BPDU.
Page 72: Basic Concepts In Stp
Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called leaf nodes. The root bridge is not permanent, but can change with changes of the network topology.
Page 73: Calculation Process Of The Stp Algorithm
Table 5 STP port states State Receives/sends BPDUs Learns MAC addresses Forwards use data Disabled Listening Learning Forwarding Blocking Receive Path cost Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust.
Page 74 Step Description The device compares the calculated configuration BPDU with the configuration BPDU on the port whose port role will be determined. Then, the device acts depending on the result of the comparison: • If the calculated configuration BPDU is superior, the device performs the following operations: Considers this port as the designated port.
Page 75 Figure 20 The STP algorithm As shown in Figure 20, the priority values of Device A, Device B, and Device C are 0, 1, and 2, respectively. The path costs of links among the three devices are 5, 10, and 4. Device state initialization.
Page 76 Table 8 Comparison process and result on each device Configuration BPDU Device Comparison process on ports after comparison Port A1 performs the following operations: Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}. Determines that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU.
Page 77 Configuration BPDU Device Comparison process on ports after comparison Port C1 performs the following operations: Receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}. Determines that the received configuration BPDU is superior to its existing configuration BPDU {2, 0, 2, Port C1}.
Page 78 Configuration BPDU Device Comparison process on ports after comparison Device C determines that the root path cost of Port C1 is larger than that of Port C2. The root path cost of Port C1 is 10, root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10).
Page 79: Rstp
• If a path fails, the root port on this path no longer receives new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. The device generates a configuration BPDU with itself as the root and sends the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.
Page 80: Basic Concepts In Rstp
• BPDU type—The value is 0x02 for RSTP BPDUs. Flags—All 8 bits are used. • Version1 length—The value is 0x00, which means no version 1 protocol information is • present. RSTP does not use TCN BPDUs to advertise topology changes. RSTP floods BPDUs with the TC flag set in the network to advertise topology changes.
Page 81: Rstp Bpdu Processing
Because each VLAN runs RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled H3C device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled H3C device supports fast network convergence like RSTP when connected to PVST-enabled H3C devices or third-party devices enabled with Rapid PVST.
Page 82: Basic Concepts In Pvst
VLANs. In this way, loops in each VLAN are eliminated and traffic of different VLANs is load shared over links. PVST uses RSTP BPDUs in the default VLAN and PVST BPDUs in other VLANs for spanning tree calculation. H3C PVST implements per-VLAN spanning tree calculation by mapping each VLAN to an MSTI.
Page 83: Mstp Protocol Frames
MSTP provides the following features: • MSTP divides a switched network into multiple regions, each of which contains multiple spanning trees that are independent of one another. • MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance mapping table.
Page 84: Mstp Basic Concepts
• CIST IRPC—Internal root path cost (IRPC) from the originating bridge to the root of the MST region. • CIST bridge ID—ID of the bridge that sends the MSTP BPDU. CIST remaining ID—Remaining hop count. This field limits the scale of the MST region. The •...
Page 85 Figure 26 Network diagram and topology of MST region 3 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: •...
Page 86 The blue lines in Figure 25 represent the CST. An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 25, MSTI 0 is the IST in MST region 3.
Page 87: How Mstp Works
MSTP calculation involves the following port roles: • Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. • Designated port—Forwards data to the downstream network segment or device. • Alternate port—Acts as the backup port for a root port or master port.
Page 88: Mstp Implementation On Devices
Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent. CIST calculation During the CIST calculation, the following process takes place: •...
Page 89 Figure 28 Edge port rapid transition Root port rapid transition When a root port is blocked, the bridge will elect the alternate port with the highest priority as the new root port. If the new root port's peer is in the forwarding state, the new root port immediately transits to the forwarding state.
Page 90 a. Device A sends a proposal BPDU to Device B through Port A1. b. Device B receives the proposal BPDU on Port B2. Port B2 is elected as the root port. c. Device B blocks its designated port Port B1 and alternate port Port B3 to eliminate loops. d.
Page 91: Protocols And Standards
Protocols and standards MSTP is documented in the following protocols and standards: • IEEE 802.1d, Media Access Control (MAC) Bridges • IEEE 802.1w, Part 3: Media Access Control (MAC) Bridges—Amendment 2: Rapid Reconfiguration • IEEE 802.1s, Virtual Bridged Local Area Networks—Amendment 3: Multiple Spanning Trees •...
Page 92: Stp Configuration Task List
STP configuration task list Tasks at a glance Configuring the root bridge: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the root bridge or a secondary root bridge • (Optional.) Configuring the device priority • (Optional.) Configuring the network diameter of a switched network •...
Page 93: Pvst Configuration Task List
Tasks at a glance Configuring the leaf nodes: • (Required.) Setting the spanning tree mode • (Optional.) Configuring the device priority • (Optional.) Setting the timeout factor • (Optional.) Configuring the BPDU transmission rate • (Optional.) Configuring edge ports • (Optional.) Configuring path costs of ports •...
Page 94: Mstp Configuration Task List
Tasks at a glance (Optional.) Enabling the device to log events of detecting or receiving TC BPDUs (Optional.) Enabling SNMP notifications for new-root election and topology change events MSTP configuration task list Tasks at a glance Configuring the root bridge: •...
Page 95: Configuring An Mst Region
• STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP. RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically • transits to the STP mode when it receives STP BPDUs from the peer device. A port in this mode does not transit to the MSTP mode when it receives MSTP BPDUs from the peer device.
Page 96: Configuring The Root Bridge Or A Secondary Root Bridge
Step Command Remarks Enter MST region view. stp region-configuration Configure the MST region The default setting is the MAC region-name name name. address. • instance instance-id vlan Use one of the commands. Configure the vlan-id-list By default, all VLANs in an MST VLAN-to-instance mapping •...
Page 97: Configuring The Device As A Secondary Root Bridge Of A Specific Spanning Tree
Step Command Remarks • In STP/RSTP mode: stp root primary • In PVST mode: Configure the device as By default, the device is not a stp vlan vlan-id-list root primary the root bridge. root bridge. • In MSTP mode: stp [ instance instance-list ] root primary Configuring the device as a secondary root bridge of a specific spanning tree...
Page 98: Configuring The Network Diameter Of A Switched Network
Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value. When a device receives this configuration BPDU, it decrements the hop count by one, and uses the new hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches zero, it is discarded by the device that received it.
Page 99: Configuration Restrictions And Guidelines
its state after a forward delay timer. This ensures that the state transition of the local port stays synchronized with the peer. • Hello time—Interval at which the device sends configuration BPDUs to detect link failures. If the device does not receive configuration BPDUs within the timeout period, it recalculates the spanning tree.
Page 100: Setting The Timeout Factor
Step Command Remarks • In STP/RSTP/MSTP mode: stp timer hello time Set the hello timer. • The default setting is 2 seconds. In PVST mode: stp vlan vlan-id-list timer hello time • In STP/RSTP/MSTP mode: stp timer max-age time Set the max age timer. •...
Page 101: Configuring Edge Ports
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. Configure the BPDU transmission rate of the stp transmit-limit limit The default setting is 10. ports. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.
Page 102: Specifying A Standard For The Device To Use When It Calculates The Default Path Cost
Specifying a standard for the device to use when it calculates the default path cost CAUTION: If you change the standard that the device uses to calculate the default path costs, you restore the path costs to the default. You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards: •...
Page 103 Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard Aggregate interface containing four Selected 500000 1400 ports Single port 200000 Aggregate interface containing two Selected 100000 ports Aggregate interface 100 Mbps containing three Selected 66666 ports Aggregate interface containing four Selected 50000 ports...
Page 104: Configuring Path Costs Of Ports
Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard Aggregate interface containing three Selected ports Aggregate interface containing four Selected ports Single port Aggregate interface containing two Selected ports Aggregate interface 100 Gbps containing three Selected ports Aggregate interface containing four Selected ports...
Page 105: Configuring The Port Priority
[Sysname] interface gigabitethernet 1/0/3 [Sysname-GigabitEthernet1/0/3] stp instance 2 cost 200 # In PVST mode, perform the following tasks: • Configure the device to calculate the default path costs of its ports by using IEEE 802.1d-1998. • Set the path cost of GigabitEthernet 1/0/3 to 2000 on VLAN 20 through VLAN 30. <Sysname>...
Page 106: Configuration Procedure
• You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that operates in full duplex mode. As a best practice, use the default setting and let the device automatically detect the port link type. •...
Page 107: Enabling Outputting Port State Transition Information
Enabling outputting port state transition information In a large-scale spanning tree network, you can enable devices to output the port state transition information. Then, you can monitor the port states in real time. To enable outputting port state transition information: Step Command Remarks...
Page 108: Performing Mcheck
Step Command Remarks Enable the spanning tree By default, the spanning tree stp global enable feature. feature is globally enabled. Enable the spanning tree By default, the spanning tree stp vlan vlan-id-list enable feature in VLANs. feature is enabled in VLANs. Enter Layer 2 Ethernet interface interface-type interface or Layer 2...
Page 109: Disabling Inconsistent Pvid Protection
The devices of different vendors in the same MST region cannot communicate with each other. To enable communication between an H3C device and a third-party device in the same MST region, enable Digest Snooping on the H3C device port connecting them.
Page 110: Configuration Restrictions And Guidelines
Digest Snooping when the network is already working well. Configuration procedure Use this feature on when your H3C device is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping:...
Page 111: Configuring No Agreement Check
Figure 32 Network diagram MST region Device C Root bridge Root port GE1/0/1 GE1/0/2 Designated port Blocked port Normal link GE1/0/1 GE1/0/1 Blocked link GE1/0/2 GE1/0/2 Device A Device B Configuration procedure # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device A and enable global Digest Snooping on Device A.
Page 112: Configuration Prerequisites
Figure 33 Rapid state transition of an MSTP designated port Upstream device Downstream device (1) Proposal for rapid transition The root port blocks non-edge ports. The root port changes to the (2) Agreement forwarding state and sends an Agreement to the upstream device.
Page 113: Configuration Procedure
Configuration procedure Enable the No Agreement Check feature on the root port. To configure No Agreement Check: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface or Layer 2 interface interface-type interface-number aggregate interface view. Enable No Agreement By default, No Agreement stp no-agreement-check Check.
Page 114: Configuration Restrictions And Guidelines
Figure 36 TC Snooping application scenario To avoid traffic interruption, you can enable TC Snooping on the IRF fabric. After receiving a TC-BPDU through a port, the IRF fabric updates MAC address table and ARP table entries associated with the port's VLAN. In this way, TC Snooping prevents topology change from interrupting traffic forwarding in the network.
Page 115: Configuring Bpdu Guard
• TC-BPDU transmission restriction • TC-BPDU guard • BPDU drop • PVST BPDU guard • Dispute guard Configuring BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers. The access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new spanning tree calculation process.
Page 116: Enabling Root Guard
Step Command Remarks By default, BPDU guard is not configured on a per-edge port stp port bpdu-protection Configure BPDU guard. basis. The status of BPDU guard on { enable | disable } an interface is the same as the global BPDU status. Enabling root guard The root bridge and secondary root bridge of a spanning tree should be located in the same MST region.
Page 117: Configuring Port Role Restriction
Do not enable loop guard on a port that connects user terminals. Otherwise, the port stays in the discarding state in all MSTIs because it cannot receive BPDUs. On a port, the loop guard feature is mutually exclusive with the root guard feature or the edge port setting.
Page 118: Enabling Tc-Bpdu Guard
To configure TC-BPDU transmission restriction: Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface or Layer 2 interface-number aggregate interface view. By default, TC-BPDU Enable TC-BPDU stp tc-restriction transmission restriction is transmission restriction. disabled. Enabling TC-BPDU guard When a device receives topology change (TC) BPDUs (the BPDUs that notify devices of topology changes), it flushes its forwarding address entries.
Page 119: Enabling Pvst Bpdu Guard
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view. interface-number Enable BPDU drop on the By default, BPDU drop is bpdu-drop any interface. disabled. Enabling PVST BPDU guard An MSTP-enabled device forwards PVST BPDUs as data traffic because it cannot recognize PVST BPDUs.
Page 120: Enabling The Device To Log Events Of Detecting Or Receiving Tc Bpdus
Figure 37 Dispute guard triggering scenario Dispute guard is Unidirectional link Normal condition triggered occurs Device A Device A Device A Root Root Root Port A1 Port A2 Port A1 Port A2 Port A1 Port A2 Port B1 Port B2 Port B1 Port B2 Port B1...
Page 121: Displaying And Maintaining The Spanning Tree
• In STP, MSTP, or RSTP mode, the snmp-agent trap enable stp command enables SNMP notifications for new-root election events. In PVST mode, the snmp-agent trap enable stp enables SNMP notifications for spanning tree • topology changes. To enable SNMP notifications for new-root election and topology change events: Step Command Remarks...
Page 122: Spanning Tree Configuration Example
Spanning tree configuration example MSTP configuration example Network requirements As shown in Figure 38, all devices on the network are in the same MST region. Device A and Device B work at the distribution layer. Device C and Device D work at the access layer. Configure MSTP so that frames of different VLANs are forwarded along different spanning trees.
Page 123 [DeviceA-mst-region] instance 3 vlan 30 [DeviceA-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceA-mst-region] revision-level 0 # Activate MST region configuration. [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Configure the Device A as the root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Enable the spanning tree feature globally.
Page 124 Configure Device D: # Enter MST region view, and configure the MST region name as example. <DeviceD> system-view [DeviceD] stp region-configuration [DeviceD-mst-region] region-name example # Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively. [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 3 vlan 30 [DeviceD-mst-region] instance 4 vlan 40...
Page 125: Pvst Configuration Example
GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief MST ID Port Role STP State Protection GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ALTE DISCARDING...
Page 126 Figure 40 Network diagram Configuration procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
Page 127 [DeviceC] stp vlan 10 20 40 enable Configure Device D: # Set the spanning tree mode to PVST. <DeviceD> system-view [DeviceD] stp mode pvst # Enable the spanning tree feature globally and in VLAN 20, VLAN 30, and VLAN 40. [DeviceD] stp global enable [DeviceD] stp vlan 20 30 40 enable Verifying the configuration...
Page 128 GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw a topology for each VLAN spanning tree, as shown in Figure Figure 41 VLAN spanning tree topologies...
Page 129: Configuring Loop Detection
Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmissions can waste network resources and can paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations.
Page 130: Loop Detection Interval
The inner frame header for loop detection contains the following fields: • Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header.
Page 131: Loop Detection Configuration Task List
The device automatically sets the port to the forwarding state after the detection timer set by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.
Page 132: Setting The Loop Protection Action
Setting the loop protection action You can set the loop protection action globally or on a per-port basis. The global setting applies to all ports. The per-port setting applies to the individual ports. The per-port setting takes precedence over the global setting. Setting the global loop protection action Step Command...
Page 133: Displaying And Maintaining Loop Detection
Step Command Remarks Enter system view. system-view Set the loop detection loopback-detection The default setting is 30 seconds. interval. interval-time interval Displaying and maintaining loop detection Execute display commands in any view. Task Command display loopback-detection Display the loop detection configuration and status. Loop detection configuration example Network requirements As shown in...
Page 134: Verifying The Configuration
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100. [DeviceA] interface GigabitEthernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 100 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100 [DeviceA-GigabitEthernet1/0/2] quit # Set the global loop protection action to shutdown.
Page 135 [DeviceA] %Feb 15:04:29:663 2013 DeviceA LPDT/4/LPDT LOOPED: Loopback exists GigabitEthernet1/0/1. %Feb 15:04:29:667 2013 DeviceA LPDT/4/LPDT LOOPED: Loopback exists GigabitEthernet1/0/2. %Feb 24 15:04:44:243 2013 DeviceA LPDT/5/LPDT RECOVERED: Loopback on GigabitEthernet1/0/1 recovered. %Feb 24 15:04:44:248 2013 DeviceA LPDT/5/LPDT RECOVERED: Loopback on GigabitEthernet1/0/2 recovered.
Page 136: Configuring Vlans
Configuring VLANs Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN.
Page 137: Protocols And Standards
TPID to a different value. For compatibility with a neighbor device, set the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide.
Page 138: Configuring Vlan Interfaces
Step Command Remarks By default, the description of a VLAN is VLAN vlan-id. The vlan-id argument Configure the specifies the VLAN ID in a four-digit description for the description text format. If the VLAN ID has fewer than four VLAN. digits, leading zeros are added.
Page 139 Port link type You can set the link type of a port to access, trunk, or hybrid. The port link type determines whether the port can be assigned to multiple VLANs. The link types use the following VLAN tag handling methods: Access—An access port can forward packets only from one VLAN and send these packets •...
Page 140: Assigning An Access Port To A Vlan
Actions Access Trunk Hybrid • Removes the tag and sends the frame if the frame carries the PVID tag and the Sends the frame if its VLAN is port belongs to the permitted on the port. The PVID. In the outbound Removes the VLAN tag tagging status of the frame •...
Page 141: Assigning A Trunk Port To A Vlan
Assigning a trunk port to a VLAN A trunk port supports multiple VLANs. You can assign it to a VLAN in interface view. When you assign a trunk port to a VLAN, follow these restrictions and guidelines: • To change the link type of a port from trunk to hybrid, set the link type to access first. •...
Page 142: Configuring Mac-Based Vlans
Step Command Remarks By default, the PVID of a (Optional.) Set the hybrid port is the ID of the PVID for the hybrid port hybrid pvid vlan vlan-id VLAN to which the port port. belongs when its link type is access.
Page 143 Enable the MAC-based VLAN feature on the port. Enable dynamic MAC-based VLAN assignment on the port. Dynamic MAC-based VLAN assignment uses the following workflow, as shown in Figure When a port receives a frame, it first determines whether the frame is tagged. If the frame is tagged, the port gets the source MAC address of the frame.
Page 144 Figure 47 Flowchart for processing a frame in dynamic MAC-based VLAN assignment The port receives a frame Tagged frame ? Selects a VLAN for Gets the source MAC the frame Uses source MAC to match the MAC in MAC-to-VLAN entries MAC addresses VLAN ID match match?
Page 145: General Configuration Restrictions And Guidelines
Generates a MAC-to-VLAN entry by using the source MAC address of the user packet and the authorization VLAN information. The authorization VLAN is a MAC-based VLAN. The generated MAC-to-VLAN entry cannot conflict with the existing static MAC-to-VLAN entries. If a confliction exists, the dynamic MAC-to-VLAN entry cannot be generated. Assigns the port that connects the user to the MAC-based VLAN.
Page 146: Configuring Server-Assigned Mac-Based Vlan
The port drops the received packets instead of delivering them to the CPU. As a result, the port will not be dynamically assigned to the target VLAN. • As a best practice, do not configure both dynamic MAC-based VLAN assignment and automatic voice VLAN assignment mode on a port.
Page 147: Configuring Protocol-Based Vlans
Configuring protocol-based VLANs The protocol-based VLAN feature assigns inbound packets to different VLANs based on their protocol types and encapsulation formats. The protocols available for VLAN assignment include IP, IPX, and AT. The encapsulation formats include Ethernet II, 802.3 raw, 802.2 LLC, and 802.2 SNAP. This feature is available only on hybrid ports, and it processes only untagged packets.
Page 148: Configuring A Vlan Group
Step Command Remarks Associate the hybrid By default, a hybrid port is not port hybrid protocol-vlan vlan vlan-id port with the specified associated with a { protocol-index [ to protocol-end ] | all } protocol-based VLAN. protocol-based VLAN. Configuring a VLAN group A VLAN group includes a set of VLANs.
Page 149: Vlan Configuration Examples
VLAN configuration examples Port-based VLAN configuration example Network requirements As shown in Figure • Host A and Host C belong to Department A. VLAN 100 is assigned to Department A. • Host B and Host D belong to Department B. VLAN 200 is assigned to Department B. Configure port-based VLANs so that only hosts in the same department can communicate with each other.
Page 150: Mac-Based Vlan Configuration Example
# Verify that VLANs 100 and 200 are correctly configured on Device A. [DeviceA-GigabitEthernet1/0/3] display vlan 100 VLAN ID: 100 VLAN type: Static Route interface: Not configured Description: VLAN 0100 Name: VLAN 0100 Tagged ports: GigabitEthernet1/0/3 Untagged ports: GigabitEthernet1/0/1 [DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN type: Static Route interface: Not configured...
Page 151 Figure 49 Network diagram Configuration procedure Configure Device A: # Create VLANs 100 and 200. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] quit [DeviceA] vlan 200 [DeviceA-vlan200] quit # Associate the MAC addresses of Laptop 1 and Laptop 2 with VLANs 100 and 200, respectively.
Page 152: Protocol-Based Vlan Configuration Example
<DeviceB> system-view [DeviceB] vlan 100 [DeviceB-vlan100] port gigabitethernet 1/0/3 [DeviceB-vlan100] quit # Create VLAN 200 and assign GigabitEthernet 1/0/4 to VLAN 200. [DeviceB] vlan 200 [DeviceB-vlan200] port gigabitethernet 1/0/4 [DeviceB-vlan200] quit # Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLANs 100 and 200. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 100 200...
Page 153 Figure 50 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server GE1/0/3 GE1/0/4 GE1/0/1 GE1/0/2 Device L2 switch A L2 switch B IPv4 host A IPv6 host A IPv4 host B IPv6 host B VLAN 100 VLAN 200 VLAN 100 VLAN 200 Configuration procedure In this example, L2 Switch A and L2 Switch B use the factory configuration.
Page 154 # Configure GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Associate GigabitEthernet 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
Page 155 IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: GigabitEthernet 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...
Page 156: Configuring Voice Vlans
OUI address Vendor 0001-e300-0000 Siemens phone 0003-6b00-0000 Cisco phone 0004-0d00-0000 Avaya phone 000f-e200-0000 H3C Aolynk phone 0060-b900-0000 Philips/NEC phone 00d0-1e00-0000 Pingtel phone 00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone Typically, an OUI address refers to the first 24 bits of a MAC address (in binary notation) and is a globally unique identifier that IEEE assigns to a vendor.
Page 157: Automatically Identifying Ip Phones Through Lldp
Automatically identifying IP phones through LLDP If IP phones support LLDP, configure LLDP for automatic IP phone discovery on the device. The device can then automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device performs the following operations: Sends an LLDP TLV with the voice VLAN configuration to the peer.
Page 158: Connecting The Ip Phone To The Device
Figure 52 Connecting the host and IP phone in series Voice gateway Host IP phone Device Connecting the IP phone to the device As shown in Figure 53, IP phones are connected to the device without the presence of the host. Use this connection method when IP phones sends out untagged voice packets.
Page 159: Manual Mode
When the IP phone reboots, the port is reassigned to the voice VLAN to ensure the correct operation of the existing voice connections. The reassignment occurs automatically without being triggered by voice traffic as long as the voice VLAN operates correctly. Manual mode Use manual mode when only IP phones access the network through the device, as shown in Figure...
Page 160: Security Mode And Normal Mode Of Voice Vlans
If an IP phone sends out tagged voice traffic, and its access port is configured with 802.1X authentication, guest VLAN, Auth-Fail VLAN, or critical VLAN, VLAN IDs must be different for the following VLANs: • Voice VLAN. • PVID of the access port. •...
Page 161: Configuring The Qos Priority Settings For Voice Traffic
Tasks at a glance (Required.) Use one of the following methods: • Configuring a port to operate in automatic voice VLAN assignment mode • Configuring a port to operate in manual voice VLAN assignment mode (Optional.) Enabling LLDP for automatic IP phone discovery (Optional.) Use one of the following methods: •...
Page 162: Configuration Procedure
• As a best practice, do not use this mode with MSTP. In MSTP mode, if a port is blocked in the MSTI of the target voice VLAN, the port drops the received packets instead of delivering them to the CPU. As a result, the port will not be dynamically assigned to the voice VLAN. •...
Page 163: Configuration Procedure
• You can configure different voice VLANs for different ports on the same device. Make sure the following requirements are met: One port can be configured with only one voice VLAN. Voice VLANs must be existing static VLANs. • Do not enable voice VLAN on the member ports of a link aggregation group. For more information about link aggregation, see "Configuring Ethernet link aggregation."...
Page 164: Configuration Procedure
• Use this feature only with the automatic voice VLAN assignment mode. • Do not use this feature together with CDP compatibility. • After you enable this feature on the device, each port of the device can be connected to a maximum of five IP phones.
Page 165: Displaying And Maintaining Voice Vlans
LLDP packets sent from the device carry the priority information. CDP packets sent from the device do not carry the priority information. Before you configure this feature, enable LLDP globally and on access ports. To configure CDP to advertise a voice VLAN: Step Command Remarks...
Page 166 Figure 54 Network diagram Configuration procedure Configure voice VLANs: # Create VLANs 2 and 3. <DeviceA> system-view [DeviceA] vlan 2 to 3 # Set the voice VLAN aging timer to 30 minutes. [DeviceA] voice-vlan aging 30 # Enable security mode for voice VLANs. [DeviceA] voice-vlan security enable # Add MAC addresses of IP phones A and B to the device with mask FFFF-FF00-0000.
Page 167: Manual Voice Vlan Assignment Mode Configuration Example
OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0011-1100-0000 ffff-ff00-0000 IP phone A 0011-2200-0000 ffff-ff00-0000 IP phone B 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000...
Page 168 [DeviceA] display voice-vlan mac-address OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0011-2200-0000 ffff-ff00-0000 test 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3Com phone # Display the voice VLAN state.
Page 169: Configuring Mvrp
Configuring MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices. MVRP propagates local VLAN information to other devices, receives VLAN information from other devices, and dynamically updates local VLAN information.
Page 170 Join message An MRP participant sends a Join message to request the peer participant to register attributes in the Join message. When receiving a Join message from the peer participant, an MRP participant performs the following tasks: • Registers the attributes in the Join message. •...
Page 171: Mrp Timers
LeaveAll message Each MRP participant starts its LeaveAll timer when starting up. When the timer expires, the MRP participant sends LeaveAll messages to the peer participant. Upon sending or receiving a LeaveAll message, the local participant starts the Leave timer. The local participant determines whether to send a Join message depending on its attribute status.
Page 172: Mvrp Registration Modes
• Effectively reduces the number of LeaveAll messages in the network. • Prevents the LeaveAll timer of a particular participant from always expiring first. MVRP registration modes VLAN information propagated by MVRP includes dynamic VLAN information from other devices and local static VLAN information.
Page 173: Configuration Prerequisites
• MVRP takes effect only on trunk ports. For more information about trunk ports, see "Configuring VLANs." • Enabling MVRP on a Layer 2 aggregate interface takes effect on the aggregate interface and all Selected member ports in the link aggregation group. •...
Page 174: Setting Mrp Timers
Step Command Remarks Optional. mvrp registration { fixed | Set an MVRP registration The default setting is normal mode for the port. forbidden | normal } registration mode. Setting MRP timers To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.
Page 175: Enabling Gvrp Compatibility
Enabling GVRP compatibility Enable GVRP compatibility for MVRP when the peer device supports GVRP. Then, the local end can receive and send both MVRP and GVRP frames. When you enable GVRP compatibility, follow these restrictions and guidelines: • GVRP compatibility enables MVRP to work with STP or RSTP, but not MSTP. •...
Page 176: Configuration Procedure
Figure 57 Network diagram Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 MSTI 1 VLAN 20 MSTI 2 Other VLANs MSTI 0 Device C Device D MSTI 0 MSTI 1 MSTI 2...
Page 177 [DeviceA] mvrp global enable # Configure GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port GigabitEthernet 1/0/1. [DeviceA-GigabitEthernet1/0/1] mvrp enable [DeviceA-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit VLAN 40.
Page 178 # Enable MVRP on GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] mvrp enable [DeviceB-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on GigabitEthernet 1/0/2.
Page 179: Verifying The Configuration
[DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan all # Enable MVRP on GigabitEthernet 1/0/2. [DeviceC-GigabitEthernet1/0/2] mvrp enable [DeviceC-GigabitEthernet1/0/2] quit Configure Device D: # Enter MST region view. <DeviceD> system-view [DeviceD] stp region-configuration # Configure the MST region name, VLAN-to-instance mappings, and revision level. [DeviceD-mst-region] region-name example [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 2 vlan 20...
Page 180 Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default) Declared VLANs : 1(default), 10, 20 Propagated VLANs : 1(default) ----[GigabitEthernet1/0/2]---- Config...
Page 181 # Display local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer...
Page 182 Propagated VLANs : The output shows that the following events have occurred: • GigabitEthernet 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.
Page 183 • GigabitEthernet 1/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP. # Display local VLAN information on Device D. [DeviceD] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP...
Page 184 [DeviceB-GigabitEthernet1/0/3] quit # Display local MVRP VLAN information on GigabitEthernet 1/0/3. [DeviceB] display mvrp running-status interface gigabitethernet 1/0/3 -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/3]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer...
Page 185: Configuring Qinq
Configuring QinQ This document uses the following terms: CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer • uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.
Page 186: Qinq Implementations
When a tagged Ethernet frame from CE 1 arrives at PE 1, the PE tags the frame with SVLAN 3. The double-tagged Ethernet frame travels over the service provider network until it arrives at PE 2. PE 2 removes the SVLAN tag of the frame, and then sends the frame to CE 4. Figure 59 Typical QinQ application scenario VLANs 1 to 20 VLANs 1 to 10...
Page 187: Restrictions And Guidelines
Restrictions and guidelines When you configure QinQ, follow these restrictions and guidelines: • The inner 802.1Q tag of QinQ frames is treated as part of the payload. As a best practice to ensure correct transmission of QinQ frames, set the MTU to a minimum of 1504 bytes for each port on their forwarding path.
Page 188: Displaying And Maintaining Qinq
Step Command Remarks By default, the link type of a port is Set the port link type. port link-type { hybrid | trunk } access. • For the hybrid port: By default, a trunk port allows port hybrid vlan vlan-id-list Configure the port to allow packets only from VLAN 1 to pass { tagged | untagged }...
Page 189 Figure 60 Network diagram Configuration procedure Configure PE 1: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign it to VLAN 100. <PE1> system-view [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type trunk [PE1-GigabitEthernet1/0/1] port trunk permit vlan 100 # Set the PVID of GigabitEthernet 1/0/1 to VLAN 100. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable QinQ on GigabitEthernet 1/0/1.
Page 190: Vlan Transparent Transmission Configuration Example
<PE2> system-view [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] port link-type trunk [PE2-GigabitEthernet1/0/1] port trunk permit vlan 200 # Set the PVID of GigabitEthernet 1/0/1 to VLAN 200. [PE2-GigabitEthernet1/0/1] port trunk pvid vlan 200 # Enable QinQ on GigabitEthernet 1/0/1. [PE2-GigabitEthernet1/0/1] qinq enable [PE2-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 200.
Page 191 Figure 61 Network diagram PE 1 PE 2 GE1/0/2 GE1/0/2 VLANs 100 and 3000 GE1/0/1 GE1/0/1 Service provider network Site 1 Site 2 CE 2 CE 1 VLANs 10 to 50, 3000 VLANs 10 to 50, 3000 Configuration procedure Configure PE 1: # Configure GigabitEthernet 1/0/1 as a trunk port, and assign it to VLANs 100 and 3000.
Page 192 # Configure GigabitEthernet 1/0/2 as a trunk port, and assign it to VLANs 100 and 3000. [PE2] interface gigabitethernet 1/0/2 [PE2-GigabitEthernet1/0/2] port link-type trunk [PE2-GigabitEthernet1/0/2] port trunk permit vlan 100 3000 Configure the devices between PE 1 and PE 2: # Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames.
Page 193: Configuring Vlan Mapping
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. H3C provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • One-to-two VLAN mapping—Tags single-tagged packets with an outer VLAN tag.
Page 194 Figure 62 Application scenario of one-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 Wiring-closet switch DHCP server VLAN 1 VLAN 1 ->...
Page 195: Vlan Mapping Implementations
Figure 63 Application scenario of one-to-two VLAN mapping PE 1 PE 2 GE1/0/2 GE1/0/2 VLANs 100 and 200 GE1/0/1 GE1/0/1 Public network Site 1 Site 2 CE 2 CE 1 VLAN 10 VLAN 20 VLAN 10 VLAN 20 The public network assigns SVLAN 100 and SVLAN 200 to VLAN 10 and VLAN 20, respectively. When a packet from Site 1 arrives at PE 1, PE 1 tags the packet with SVLAN 100 or SVLAN 200 by using one-to-two VLAN mapping.
Page 196 Figure 64 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 65, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
Page 197: Vlan Mapping Configuration Task List
Figure 66 One-to-two VLAN mapping implementation VLAN mapping configuration task list When you configure VLAN mapping, follow these guidelines: • To add VLAN tags to packets, you can configure both VLAN mapping and QinQ. VLAN mapping takes effect if a configuration conflict occurs. For more information about QinQ, see "Configuring QinQ."...
Page 198: Configuring One-To-Two Vlan Mapping
Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number • Set the port link type to trunk: port link-type trunk By default, the link type of a...
Page 199: Displaying And Maintaining Vlan Mapping
Step Command Remarks • For the trunk port: port trunk permit vlan Assign the port to the vlan-id-list CVLANs. • For the hybrid port: port hybrid vlan vlan-id-list { tagged | untagged } • For the trunk port: a. Configure the SVLAN as the PVID of the trunk port: port trunk pvid vlan vlan-id Configure the port to allow...
Page 200 Figure 67 Network diagram DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 GE1/0/1 GE1/0/3 Wiring-closet switch Switch A VLAN 1 GE1/0/2 VLAN 1 -> VLAN 102 DHCP server VLAN 2 ->...
Page 201: One-To-Two Vlan Mapping Configuration Example
[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3 101 201 301 # Configure one-to-one VLAN mappings on GigabitEthernet 1/0/1 to map VLANs 1, 2, and 3 to VLANs 101, 201, and 301, respectively. [SwitchA-GigabitEthernet1/0/1] vlan mapping 1 translated-vlan 101 [SwitchA-GigabitEthernet1/0/1] vlan mapping 2 translated-vlan 201 [SwitchA-GigabitEthernet1/0/1] vlan mapping 3 translated-vlan 301 [SwitchA-GigabitEthernet1/0/1] quit # Configure customer-side port GigabitEthernet 1/0/2 as a trunk port.
Page 202 Configure one-to-two VLAN mappings to enable the two branches to communicate across the public network. Figure 68 Network diagram Configuration procedure Configure PE 1: # Create VLANs 10, 20, 100, and 200. <PE1> system-view [PE1] vlan 10 [PE1-vlan10] quit [PE1] vlan 20 [PE1-vlan20] quit [PE1] vlan 100 [PE1-vlan100] quit...
Page 203 [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200 [PE1-GigabitEthernet1/0/2] quit Configure PE 2 in the same way you configure PE 1. (Details not shown.) Verifying the configuration # Verify VLAN mapping information on PE 1. [PE1] display vlan mapping Interface GigabitEthernet1/0/1: Outer VLAN Inner VLAN Translated Outer VLAN...
Page 204: Configuring Lldp
Configuring LLDP Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 205 LLDP frame formats LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or Subnetwork Access Protocol (SNAP) frames. • LLDP frame encapsulated in Ethernet II Figure 70 Ethernet II-encapsulated LLDP frame Table 18 Fields in an Ethernet II-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised.
Page 206 Figure 71 SNAP-encapsulated LLDP frame Table 19 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as Destination MAC address that for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.
Page 207 Table 20 Basic management TLVs Type Description Remarks Chassis ID Specifies the bridge MAC address of the sending device. Specifies the ID of the sending port: • If the LLDPDU carries LLDP-MED TLVs, the port ID Port ID TLV carries the MAC address of the sending port. Mandatory.
Page 208 Indicates Energy Efficient Ethernet (EEE). NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0 and is not supported in later versions. H3C devices send this type of TLVs only after receiving them. • LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.
Page 209: Working Mechanism
Type Description Allows a network device or terminal device to advertise the Network Policy VLAN ID of a port, the VLAN type, and the Layer 2 and Layer 3 priorities for specific applications. Allows a network device or terminal device to advertise power Extended Power-via-MDI supply capability.
Page 210: Protocols And Standards
the token bucket mechanism to rate limit LLDP frames. For more information about the token bucket mechanism, see ACL and QoS Configuration Guide. LLDP automatically enables the fast LLDP frame transmission mechanism in either of the following cases: • A new LLDP frame is received and carries device information new to the local device. •...
Page 211: Performing Basic Lldp Configurations
Performing basic LLDP configurations Enabling LLDP To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports. To enable LLDP: Step Command Remarks Enter system view. system-view Enable LLDP globally. lldp global enable By default, LLDP is disabled globally.
Page 212: Setting The Lldp Reinitialization Delay
Step Command Remarks By default: • The nearest bridge agent • In Layer 2 Ethernet interface operates in txrx mode. view or management Ethernet • The nearest customer interface view: bridge agent and nearest lldp [ agent { nearest-customer non-TPMR bridge agent | nearest-nontpmr } ] operate in disable mode.
Page 213: Configuring The Advertisable Tlvs
Step Command Remarks • In Layer 2 Ethernet interface view or management Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] Enable LLDP polling and set By default, LLDP polling is check-change-interval interval the polling interval. disabled. •...
Page 214: Configuring The Management Address And Its Encoding Format
Step Command Remarks • lldp tlv-enable { basic-tlv { all | port-description | By default: system-capability | system-description | • Nearest bridge agents system-name | can advertise all types management-address-tlv [ ipv6 ] of LLDP TLVs (only [ ip-address ] } | dot1-tlv { all | link aggregation TLV link-aggregation } | dot3-tlv { all | is supported in 802.1...
Page 215: Setting Other Lldp Parameters
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface view, management interface interface-type Ethernet interface view, or interface-number Layer 2 aggregate interface view. • In Layer 2 Ethernet interface By default: view or management Ethernet • Nearest bridge agents interface view: and nearest customer lldp [ agent...
Page 216: Setting An Encapsulation Format For Lldp Frames
Step Command Remarks Set the token bucket size for lldp max-credit credit-value The default setting is 5. sending LLDP frames. Set the number of LLDP frames sent each time fast lldp fast-count count The default setting is 4. LLDP frame transmission is triggered.
Page 217: Configuring Cdp Compatibility
Step Command Remarks By default, LLDP PVID Disable LLDP PVID lldp ignore-pvid-inconsistency inconsistency check is inconsistency check. enabled. Configuring CDP compatibility To enable your device to exchange information with a directly connected Cisco device that supports only CDP, you must enable CDP compatibility. CDP compatibility enables your device to receive and recognize CDP packets from the neighboring CDP device and send CDP packets to the neighboring device.
Page 218: Configuration Procedure
Configuration procedure CDP-compatible LLDP operates in one of the following modes: TxRx—CDP packets can be transmitted and received. • • Rx—CDP packets can be received but cannot be transmitted. • Disable—CDP packets cannot be transmitted or received. To make CDP-compatible LLDP take effect on a port, follow these steps: Enable CDP-compatible LLDP globally.
Page 219: Setting The Source Mac Address Of Lldp Frames To The Mac Address Of A Vlan Interface
Step Command Remarks • In Layer 2 Ethernet interface view or management Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] notification By default, LLDP trapping remote-change enable Enable LLDP trapping. is disabled. • In Layer 2 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr } notification remote-change enable...
Page 220: Displaying And Maintaining Lldp
Enter Layer 2 Ethernet interface interface-type interface view. interface-number By default, the device does not generate an ARP or ND entry when receiving a management Enable the device to address LLDP TLV. lldp management-address generate an ARP or ND entry for a management { arp-learning | nd-learning } Do not specify the same VLAN for address LLDP TLV received...
Page 221 Figure 73 Network diagram GE1/0/1 GE1/0/2 GE1/0/1 Switch A Switch B Configuration procedure Configure Switch A: # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp global enable # Enable LLDP on GigabitEthernet 1/0/1. By default, LLDP is enabled on ports. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable # Set the LLDP operating mode to Rx on GigabitEthernet 1/0/1.
Page 222 Bridge mode of LLDP: customer-bridge The current number of LLDP neighbors: 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days, 0 hours, 4 minutes, 40 seconds Transmit interval : 30s Fast transmit interval : 1s Transmit max credit Hold multiplier...
Page 223 Number of received unknown TLV : 3 LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0...
Page 224 Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 5 LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s...
Page 225: Cdp-Compatible Lldp Configuration Example
Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 16 Number of received unknown TLV : 0 CDP-compatible LLDP configuration example Network requirements As shown in Figure 74, GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A are each connected to a Cisco IP phone, which sends tagged voice traffic.
Page 226 # Configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 1/0/1. [SwitchA-GigabitEthernet1/0/1] lldp compliance admin-status cdp txrx [SwitchA-GigabitEthernet1/0/1] quit # Enable LLDP on GigabitEthernet 1/0/2. By default, LLDP is enabled on ports. [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] lldp enable # Configure LLDP to operate in TxRx mode on GigabitEthernet 1/0/2.
Page 227: Index
Index STP calculation, Numerics alternate port (MST), 1:1 VLAN mapping application scenario, 182, 182 LLDP ARP entry generation, configuration, 186, 188 MAC address table ARP fast update, implementation, 184, 185 assigning 1:2 VLAN mapping MAC-based VLAN assignment (dynamic), application scenario, 182, 183 MAC-based VLAN assignment configuration,...
Page 228 MAC address table entry, spanning tree port path cost calculation standard, block action (loop detection), spanning tree timeout factor, boundary port (MST), STP algorithm, BPDU configuration BPDUs, LLDP CDP compatibility, MST region max hops, LLDP CDP-compatible configuration, MSTP BPDU protocol frames, voice VLAN advertisement, PVST BPDU guard, voice VLAN information advertisement to IP...
Page 229 Ethernet link aggregation group (Layer 2 spanning tree BPDU guard, dynamic), spanning tree BPDU transmission rate, Ethernet link aggregation group (Layer 2 spanning tree device priority, static), spanning tree Digest Snooping, 98, 99 Ethernet link aggregation group BFD, spanning tree edge port, Ethernet link aggregation group load spanning tree No Agreement Check, 100, 102...
Page 230 spanning tree TC BPDU event logging (PVST mode), MST region connection, spanning tree TC Snooping, customer spanning tree TC-BPDU guard, LLDP customer bridge mode, spanning tree TC-BPDU transmission CVLAN restriction, QinQ basic configuration, voice VLAN IP phone+device connection, QinQ configuration, 174, 177 diameter QinQ VLAN transparent transmission...
Page 231 MAC address table dynamic aging timer, LLDP frame encapsulation (Ethernet II), MAC address table entry, LLDP frame encapsulation (SNAP), MAC address table entry configuration LLDP frame encapsulation format, (global), VLAN frame encapsulation, MAC address table entry configuration (on Ethernet interface), ARP entry generation, MAC-based VLAN assignment, 131, 134...
Page 232 loopback test restrictions, Ethernet subinterface, See also Ethernet interface, loopback testing, Layer 2 Ethernet subinterface, Layer 3 Ethernet subinterface maintain, external management interface configuration, Ethernet interface external loopback testing, MDIX mode (Layer 2), naming conventions, PFC configuration restrictions, fast physical state change suppression, MAC address table ARP fast update, single combo interface configuration, flow control...
Page 233 VLAN Registration Protocol. Use GVRP 1:2 VLAN mapping, 184, 185 generic flow control (Ethernet interface), MSTP device, Generic VLAN Registration Protocol. Use GVRP QinQ, global inloopback interface Ethernet link aggregation load sharing mode configuration, set, display, loop detection enable, maintain, loop detection protection action, interface MAC address learning disable,...
Page 234 Ethernet link aggregation, loop detection configuration, 118, 120, 122 MAC address table configuration, 19, 20, 30 Virtual Local Area Network. Use VLAN MAC address table display, LAN switching MAC Information configuration, 32, 33 1:1 VLAN mapping configuration, 186, 188 MAC-based VLAN assignment (dynamic), 1:2 VLAN mapping configuration, 187, 190 MAC-based VLAN assignment (static),...
Page 235 VLAN configuration restrictions, 126, 134 Layer 3 VLAN display, Ethernet interface configuration, VLAN group configuration, Ethernet link aggregate interface default settings, VLAN interface, Ethernet link aggregate interface shutdown, VLAN interface basics, Ethernet link aggregation edge aggregate VLAN maintain, interface, VLAN mapping configuration, 182, 186, 188 LAN switching LAN switching VLAN VLAN mapping display,...
Page 236 configuration, 193, 199, 209 Ethernet link aggregation local-first load sharing, disabling PVID inconsistency check, Ethernet link aggregation packet type-based load display, sharing, enable, Ethernet link aggregation per-flow load frame encapsulation (Ethernet II), sharing, frame encapsulation (SNAP), Ethernet link aggregation per-packet load frame encapsulation format, sharing, frame format,...
Page 237 frame forwarding rule, voice VLAN port operation configuration, learning limit setting set, mapping MAC address learning disable, 1:1 VLAN mapping, MAC address move suppression, 1:2 VLAN mapping, manual entries, MSTP VLAN-to-instance mapping table, move notification, master multiport unicast entry, MSTP master port, SNMP notification enable, max age timer (STP), MAC addressing...
Page 238 spanning tree RSTP, VLAN-to-instance mapping table, spanning tree STP, multiple voice VLAN assignment automatic, Multiple Registration Protocol. Use voice VLAN assignment manual, Multiple VLAN Registration Protocol. Use MVRP voice VLAN port operation normal, Multiple Spanning Tree Protocol. Use MSTP voice VLAN port operation security, multiport unicast entry (MAC address table), 19, 22 modifying...
Page 239 Ethernet link aggregation configuration port isolation group assignment (multiple types, ports), Ethernet link aggregation edge aggregate port-based VLAN assignment (access port), interface, port-based VLAN assignment (hybrid port), Ethernet link aggregation LACP, port-based VLAN assignment (trunk port), Ethernet link aggregation member port port-based VLAN configuration, state, 38, 41...
Page 240 STP basic concepts, spanning tree configuration, 59, 80, 111 STP path cost, VLAN configuration, 125, 138 VLAN basic configuration, VLAN mapping configuration, 182, 186, 188 VLAN group configuration, voice VLAN configuration, 145, 149 VLAN interface, No Agreement Check (spanning tree), 100, 102 VLAN interface basics, no-learning action (loop detection),...
Page 241 port LLDP operating mode, Ethernet aggregate interface, LLDP polling, Ethernet aggregate interface (description), LLDP reinitialization delay, Ethernet link aggregate group Selected ports LLDP Rx operating mode, min/max, LLDP Tx operating mode, Ethernet link aggregate interface (expected LLDP TxRx operating mode, bandwidth), loop detection configuration, 118, 120, 122...
Page 242 VLAN port link type, configuring Ethernet aggregate interface (description), voice VLAN port operation configuration (automatic assignment), configuring Ethernet interface (Layer 2), voice VLAN port operation configuration configuring Ethernet interface (single combo), (manual assignment), configuring Ethernet interface auto voice VLAN port operation mode, power-down, port isolation configuring Ethernet interface basic settings,...
Page 243 configuring MAC address table frame configuring spanning tree secondary root bridge forwarding rule, (device), configuring MAC address table multiport configuring spanning tree switched network unicast entry (global), diameter, configuring MAC address table multiport configuring spanning tree TC Snooping, unicast entry (on interface), configuring spanning tree TC-BPDU transmission configuring MAC Information, restriction,...
Page 244 enabling Ethernet interface automatic modifying MAC address table entry (on negotiation, interface), enabling Ethernet interface loopback modifying MAC address table multiport unicast testing, entry, enabling Ethernet link aggregation local-first performing spanning tree mCheck, load sharing, performing spanning tree mCheck globally, enabling LLDP, performing spanning tree mCheck in interface enabling LLDP ARP entry generation,...
Page 245 spanning tree SNMP notification (new-root MAC Information queue length, election, topology change events), protocol-based VLAN Rapid Spanning Tree Protocol. Use RSTP configuration, 136, 141 rate protocols and standards spanning tree BPDU transmission rate, Ethernet link aggregation protocol receiving configuration, LLDP frames, LLDP, recovering MSTP,...
Page 246 voice VLAN port operation configuration voice VLAN host+IP phone connection (in (automatic assignment), series), voice VLAN port operation configuration server restrictions (manual assignment), MAC-based VLAN assignment root (server-assigned), MST common root bridge, MAC-based VLAN configuration (server-assigned), MST regional root, service MST root port role, LLDP service bridge mode, spanning tree root bridge,...
Page 247 spanning tree Digest Snooping, 98, 99 Ethernet interface state change suppression, spanning tree TC Snooping, Ethernet link aggregation member port state, 36, 38, 41 spanning tree, See also STP, RSTP, PVST, static MSTP BPDU drop, Ethernet link aggregation (Layer 2), BPDU guard configuration, Ethernet link aggregation (static mode), BPDU transmission rate configuration,...
Page 248 suppressing Ethernet link aggregation LACP long timeout interval, Ethernet interface physical state change, Ethernet link aggregation LACP short timeout Ethernet interface storm, interval, Ethernet interface storm control configuration spanning tree timeout factor, (Layer 2), timer MAC address move, LLDP reinitialization delay, SVLAN MAC address table dynamic aging, QinQ basic configuration,...
Page 249 MAC address table multiport unicast entry, QinQ VLAN transparent transmission configuration, spanning tree inconsistent PVID protection virtual disable, Virtual Local Area Network. Use VLAN voice VLAN advertisement (CDP), VLAN voice VLAN advertisement (LLDP), basic configuration, voice VLAN assignment mode, configuration, 125, 138 voice VLAN assignment mode configuration (automatic),...
Page 250 information advertisement to IP phone, IP phone access method, IP phone identification (LLDP), IP phone identification (OUI address), IP phone identification method, IP phone+device connection, LLDP automatic IP phone discovery enable, LLDP automatic IP phone discovery enable restrictions, port operation configuration (automatic assignment), port operation configuration (manual assignment),...

This manual is also suitable for:

S5130s-hi series S5130s-ei series S5110v2 series S3100v3-ei series

H3C S5560S-EI Series Configuration Manual

Configuring Ethernet Interfaces

Configuring Loopback, Null, and Inloopback Interfaces

Bulk Configuring Interfaces

Configuring the MAC Address Table

Configuring MAC Information

Configuring Ethernet Link Aggregation

Configuring Port Isolation

Configuring Spanning Tree Protocols

Configuring Loop Detection

Configuring Vlans

Configuring Voice Vlans

Configuring MVRP

Configuring Qinq

Quick Links

Related Manuals for H3C S5560S-EI Series

Summary of Contents for H3C S5560S-EI Series