H3C S6850 Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S6850 Series
  6. Configuration manual

H3C S6850 Series Configuration Manual

Layer 2, lan switching
Hide thumbs Also See for S6850 Series:
Table of Contents

Advertisement

Quick Links

H3C S6850 & S9850 Switch Series
Layer 2—LAN Switching Configuration Guide
New H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 6555 and later
Document version: 6W100-20190510

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S6850 Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S6850 Series

Summary of Contents for H3C S6850 Series

  • Page 1 H3C S6850 & S9850 Switch Series Layer 2—LAN Switching Configuration Guide New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 6555 and later Document version: 6W100-20190510...
  • Page 2 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 3 Preface This configuration guide describes LAN switching features and tasks for Layer 2 network configuration, including: • Flow control and load sharing. • Isolating users within the same VLAN and configuring VLANs. • Eliminating Layer 2 loops. • Transmitting packets of the customer network over the service provider network. •...
  • Page 4 GUI conventions Convention Description Window names, button names, field names, and menu items are in Boldface. For Boldface example, the New User window opens; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > > Folder.
  • Page 5 It is normal that the port numbers, sample output, screenshots, and other information in the examples differ from what you have on your device. Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 6: Table Of Contents

    Contents Configuring the MAC address table ······················································ 1     About the MAC address table ······································································································· 1   How a MAC address entry is created ······················································································· 1   Types of MAC address entries ······························································································· 1   MAC address table tasks at a glance ····························································································· 2  ...

  • Page 7: Configuring The Mac Address Table

    Configuring the MAC address table About the MAC address table An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table.

  • Page 8: Mac Address Table Tasks At A Glance

    • Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface.

  • Page 9: Configuring Mac Address Entries

    Configuring MAC address entries About MAC address entry-based frame forwarding A frame whose source MAC address matches different types of MAC address entries is processed differently. Type Description Forwards the frame according to the destination MAC address regardless of Static MAC address entry whether the frame's ingress interface is the same as that in the entry.

  • Page 10: Adding Or Modifying A Blackhole Mac Address Entry

    By default, no MAC address entry is configured globally. Make sure you have assigned the interface to the VLAN. Adding or modifying a static or dynamic MAC address entry on an interface Enter system view. system-view Enter interface view. Enter Layer 2 Ethernet interface view. interface interface-type interface-number Enter Layer 2 aggregate interface view.

  • Page 11: Setting The Aging Timer For Dynamic Mac Address Entries

    Figure 1 NLB cluster You can configure a multiport unicast MAC address entry globally or on an interface. Configuring a multiport unicast MAC address entry globally Enter system view. system-view Add or modify a multiport unicast MAC address entry. mac - address multiport mac - address interface interface-list vlan vlan - id By default, no multiport unicast MAC address entry is configured globally.

  • Page 12: Disabling Mac Address Learning

    An aging interval that is too long might cause the MAC address table to retain outdated entries. As a result, the MAC address table resources might be exhausted, and the MAC address table might fail to update its entries to accommodate the latest network changes. An interval that is too short might result in removal of valid entries, which would cause unnecessary floods and possibly affect the device performance.

  • Page 13: Disabling Mac Address Learning On An Interface

    Disabling MAC address learning on an interface About disabling MAC address learning on an interface When global MAC address learning is enabled, you can disable MAC address learning on a single interface. Procedure Enter system view. system-view Enter interface view. Enter Layer 2 Ethernet interface view.

  • Page 14: Configuring The Unknown Frame Forwarding Rule After The Mac Learning Limit Is Reached

    interface interface-type interface-number Set the MAC learning limit on the interface. mac-address max-mac-count count By default, no MAC learning limit is configured on a port. Configuring the unknown frame forwarding rule after the MAC learning limit is reached In this document, unknown frames refer to frames whose source MAC addresses are not in the MAC address table.

  • Page 15: Enabling Mac Address Synchronization

    mac-address mac-learning priority { high | low } By default, low MAC learning priority is used. Enabling MAC address synchronization About MAC address synchronization To avoid unnecessary floods and improve forwarding speed, make sure all member devices have the same MAC address table. After you enable MAC address synchronization, each member device advertises learned MAC address entries to other member devices.

  • Page 16: Configuring Mac Address Move Notifications And Suppression

    Figure 3 MAC address tables of devices when Client A roams to AP D Procedure Enter system view. system-view Enable MAC address synchronization. mac-address mac-roaming enable By default, MAC address synchronization is disabled. Configuring MAC address move notifications and suppression About MAC address move notifications and suppression The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist:...

  • Page 17: Enabling Arp Fast Update For Mac Address Moves

    If the system detects that MAC address moves occur frequently on an interface, you can configure MAC address move suppression to shut the interface down. The interface automatically goes up after a suppression interval. Or, you can manually bring up the interface. Restrictions and guidelines After you configure MAC address move notifications, the system sends only log messages to the information center module.

  • Page 18: Disabling Static Source Check

    Figure 4 ARP fast update application scenario Device Port A Port B AP 1 AP 2 Laptop Procedure Enter system view. system-view Enable ARP fast update for MAC address moves. mac-address mac-move fast-update By default, ARP fast update for MAC address moves is disabled. Disabling static source check About static source check By default, the static source check feature is enabled on an interface.

  • Page 19: Enabling Snmp Notifications For The Mac Address Table

    interface interface-type interface-number Enter Layer 3 aggregate interface/subinterface view. interface route-aggregation { interface-number | interface-number.subnumber } Enter IRF physical interface view. interface interface-type interface-number Disable the static source check feature. undo mac-address static source-check enable By default, the static source check feature is enabled. Enabling SNMP notifications for the MAC address table About SNMP notifications for the MAC address table...

  • Page 20: Mac Address Table Configuration Examples

    Task Command display mac-address mac-learning Display the system or interface MAC address learning state. [ interface interface type interface number ] display mac-address mac-move [ slot Display the MAC address move records. slot-number] display mac-address statistics Display MAC address statistics. MAC address table configuration examples Example: Configuring the MAC address table Network configuration...
  • Page 21 [Device] display mac-address blackhole MAC Address VLAN ID State Port/Nickname Aging 000f-e235-abcd Blackhole # Display the aging time of dynamic MAC address entries. [Device] display mac-address aging-time MAC address aging time: 500s.

  • Page 22: Configuring Mac Information

    Configuring MAC Information About MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor user's leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.

  • Page 23: Setting The Mac Change Notification Interval

    Procedure Enter system view. system-view Configure the MAC Information mode. mac-address information mode { syslog | trap } The default setting is trap. Setting the MAC change notification interval About the MAC change notification interval To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value.

  • Page 24: Mac Information Configuration Examples

    MAC Information configuration examples Example: Configuring MAC Information Network configuration Enable MAC Information on Twenty-FiveGigE 1/0/1 on Device in Figure 6 to send MAC address changes in syslog messages to the log host, Host B, through interface Twenty-FiveGigE 1/0/2. Figure 6 Network diagram Restrictions and guidelines When you edit file /etc/syslog.conf, follow these restrictions and guidelines: •...
  • Page 25 # mkdir /var/log/Device c. Create file info.log in the Device directory to save logs from Device. # touch /var/log/Device/info.log d. Edit the file syslog.conf in directory /etc/ and add the following contents: # Device configuration messages local4.info /var/log/Device/info.log In this configuration, local4 is the name of the logging facility that the log host uses to receive logs, and info is the informational level.
  • Page 26 Contents Bulk configuring interfaces ································································· 1     About interface bulk configuration ·································································································· 1   Restrictions and guidelines: Bulk interface configuration ····································································· 1   Procedure ································································································································ 2   Display and maintenance commands for bulk interface configuration ···················································· 2...
  • Page 27 Bulk configuring interfaces About interface bulk configuration You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces. To configure interfaces in bulk, you must configure an interface range and enter its view by using the interface range or interface range name command.
  • Page 28 You can use the display this command to verify the configuration in interface view of each member interface. In addition, if the configuration in system view is not needed, use the undo form of the command to remove the configuration. Procedure Enter system view.
  • Page 29 Contents Configuring Ethernet interfaces ··························································· 1     About Ethernet interface ·············································································································· 1   Configuring a management Ethernet interface ·················································································· 1   Ethernet interface naming conventions ··························································································· 2   Restrictions and guidelines for 25-GE interfaces ··············································································· 2   Configuring common Ethernet interface settings ··············································································· 5  ...

  • Page 30: Configuring Ethernet Interfaces

    Configuring Ethernet interfaces About Ethernet interface The Switch Series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide. This chapter describes how to configure management Ethernet interfaces and Ethernet interfaces. Configuring a management Ethernet interface About a management interface A management interface uses an RJ-45/LC connector.

  • Page 31: Ethernet Interface Naming Conventions

    By default, the management Ethernet interface is up. Ethernet interface naming conventions The Ethernet interfaces are named in the format of interface type A/B/C. The letters that follow the interface type represent the following elements: • A—IRF member ID. If the switch is not in an IRF fabric, A is 1 by default. •...
  • Page 32 Table 1 States of a local 25-GE interface on an S6850-56HF or S9850-32H switch Local interface state and operations for bringing the Peer device interface up By default, the local interface is down. • When the local interface is connected to the peer by using a cable, perform the following operations: Configure the local interface to operate in the same speed and duplex mode as the peer interface.
  • Page 33 autonegotiation settings) for both ends and set the media type as needed. You do not need to configure FEC or link compensation. Table 2 States of a local 25-GE interface on an S9850-4C or S6850-2C switch Local interface state and operations for bringing the Peer device interface up By default, the local interface is down.

  • Page 34: Configuring Common Ethernet Interface Settings

    Local interface state and operations for bringing the Peer device interface up using a transceiver module. Configuring common Ethernet interface settings This section describes the settings common to Layer 2 Ethernet interfaces, Layer 3 Ethernet interfaces, and Layer 3 Ethernet subinterfaces. For more information about the settings specific to Layer 2 Ethernet interfaces, see "Configuring a Layer 2 Ethernet interface."...

  • Page 35: Splitting A 100-Ge Interface And Combining 10-Ge Breakout Interfaces

    Enter 40-GE interface view. interface interface-type interface-number Split the 40-GE interface into four 10-GE breakout interfaces. using tengige By default, a 40-GE interface is not split and operates as a single interface. Combining four 10-GE breakout interfaces into a 40-GE interface Enter system view.

  • Page 36: Splitting A 100-Ge Interface And Combining 25-Ge Breakout Interfaces

    Splitting a 100-GE interface into four 10-GE breakout interfaces Enter system view. system-view Enter 100-GE interface view. interface interface-type interface-number Split the 100-GE interface into four 10-GE breakout interfaces. using tengige By default, a 100-GE interface is not split and operates as a single interface. Combining four 10-GE breakout interfaces into a 100-GE interface Enter system view.

  • Page 37: Configuring Basic Settings Of An Ethernet Interface

    • Reflector port for mirroring. • Forcibly bringing up a fiber port. Splitting a 100-GE interface into four 25-GE breakout interfaces Enter system view. system-view Enter 100-GE interface view. interface interface-type interface-number Split the 100-GE interface into four 25-GE breakout interfaces. using twenty-fivegige By default, a 100-GE interface is not split and operates as a single interface.

  • Page 38: Configuring Basic Settings Of An Ethernet Subinterface

    By default, the duplex mode is auto for Ethernet interfaces. Fiber ports do not support the half keyword. Set the speed for the Ethernet interface. speed { 10 | 100 | 1000 | 10000 | 25000 | 40000 | 100000 | auto } By default, an Ethernet interface negotiates a speed with its peer.

  • Page 39: Configuring Jumbo Frame Support

    Enter Ethernet interface view. interface interface-type interface-number Configure the link mode of the Ethernet interface. port link-mode { bridge | route } By default, all Ethernet interfaces on the device operate in bridge mode. Configuring jumbo frame support About jumbo frame Jumbo frames are frames larger than 1536 bytes and are typically received by an Ethernet interface during high-throughput data exchanges, such as file transfers.

  • Page 40: Configuring Dampening On An Ethernet Interface

    You can configure different suppression intervals for link-up and link-down events. If you execute the link-delay command multiple times on an interface, the following rules apply: • You can configure the suppression intervals for link-up and link-down events separately. • If you configure the suppression interval multiple times for link-up or link-down events, the most recent configuration takes effect.

  • Page 41: Enabling Link Flapping Protection On An Interface

    • The ceiling is lower than or equal to the maximum suppress limit supported. Figure 1 shows the change rule of the penalty value. The lines t and t indicate the start time and end time of the suppression, respectively. The period from t to t indicates the suppression period, t to t...

  • Page 42: Configuring Fec

    between UP and DOWN, traffic switches between active and standby links. To solve this problem, configure this feature on the interface. With this feature enabled on an interface, when the interface goes down, the system enables link flapping detection. During the link flapping detection interval, if the number of detected flaps reaches or exceeds the link flapping detection threshold, the system shuts down the interface.

  • Page 43: Configuring Link Compensation

    By default, the FEC mode of an Ethernet interface is autonegotiation. Configuring link compensation About link compensation As the signal transmission rate or frequency increases, high frequency components in signals attenuate more severely. For signal transmission performance, common signal compensation technologies such as pre-emphasis and equalization are introduced.

  • Page 44: Configuring Generic Flow Control On An Ethernet Interface

    If the configured value is greater than 64 but not an integer multiple of 64, the integer multiple of 64 that is greater than and closest to the configured value takes effect. For the suppression threshold that takes effect, see the prompt on the device. •...

  • Page 45: Configuring Pfc

    interface interface-type interface-number Enable generic flow control. Enable TxRx-mode generic flow control. flow-control Enable Rx-mode generic flow control. flow-control receive enable By default, generic flow control is disabled on an Ethernet interface. Configuring PFC About PFC When congestion occurs in the network, the local device notifies the peer to stop sending packets carrying the specified 802.1p priority if all of the following conditions exist: •...

  • Page 46: Setting Pfc Thresholds

    By default, PFC is disabled on all Ethernet interfaces. Enable PFC for 802.1p priorities on all Ethernet interfaces. priority-flow-control no-drop dot1p dot1p-list By default, PFC is disabled for all 802.1p priorities on all Ethernet interfaces. Configuring PFC in Ethernet interface view Enter system view.

  • Page 47: Configuring Pfc Deadlock Detection

    Restrictions and guidelines WARNING! After PFC is enabled for 802.1p priorities, the PFC thresholds use the default values, which are adequate in typical network environments. As a practice, change the thresholds only when necessary. You must enable PFC for 802.1p priorities before setting the PFC thresholds. If you cancel PFC threshold settings on an interface, the PFC thresholds are restored to the state when only the priority-flow-control no-drop dot1p command is executed.
  • Page 48 This feature periodically detects whether the device is in the PFC deadlock state. If an interface is always in the PFC XOFF state within the PFC deadlock detection interval, the device enters the PFC deadlock state. If PFC deadlock detection is recovered in automatic mode, the device automatically releases the deadlock state and recovers PFC and PFC deadlock detection after the delay timer expires.

  • Page 49: Configuring The Early Warning Thresholds For Pfc Packets

    Enter Ethernet interface view. interface interface-type interface-number Set the recovery mode for PFC deadlock detection on the Ethernet interface. priority-flow-control deadlock recover-mode { auto | manual } By default, PFC deadlock detection recovers in automatic mode. Enable PFC deadlock detection on the Ethernet interface. priority-flow-control deadlock enable By default, PFC deadlock detection is disabled.

  • Page 50: Enabling Energy Saving Features On An Ethernet Interface

    Enabling energy saving features on an Ethernet interface About energy saving features on an Ethernet interface With Energy Efficient Ethernet (EEE) enabled, a link-up interface enters low power state if it has not received any packet for a period of time. The time period depends on the chip specifications and is not configurable.

  • Page 51: Forcibly Bringing Up A Fiber Port

    Restrictions and guidelines • After you enable this feature on an Ethernet interface, the interface does not forward data traffic. • You cannot perform a loopback test on the following Ethernet interfaces: Ethernet interfaces manually brought down (displayed as in ADM or Administratively DOWN state).
  • Page 52 Figure 2 Forcibly bring up a fiber port When Ethernet interfaces Correct fiber When Ethernet interfaces cannot be or are not forcibly connection are forcibly brought up brought up Device A Device A Device A Device B Device B Device B Fiber port Tx end Rx end...

  • Page 53: Setting The Media Type For An Ethernet Interface

    Setting the media type for an Ethernet interface Restrictions and guidelines For 25-GE interfaces on an LSWM124TG2H interface module, you must set the media type. Set the media type to fiber for an interface that uses a transceiver module or fiber cable. Set the media type to copper for an interface that uses a copper cable.

  • Page 54: Restoring The Default Settings For An Interface

    interface interface-type interface-number Configure CRC error packet alarm parameters for the interface. port ifmonitor crc-error [ ratio ] high-threshold high-value low-threshold low-value interval interval [ shutdown ] By default, the upper threshold is 1000, the lower threshold is 100, and the statistics collection and comparison interval is 10 seconds for CRC error packets.

  • Page 55: Configuring A Layer 2 Ethernet Interface

    default Configuring a Layer 2 Ethernet interface Configuring storm control on an Ethernet interface About storm control Storm control compares broadcast, multicast and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet interface. For each type of traffic, storm control provides a lower threshold and an upper threshold.

  • Page 56: Changing A Layer 2 Ethernet Interface To An Fc Interface

    Set the control action to take when monitored traffic exceeds the upper threshold. storm-constrain control { block | shutdown } By default, storm control is disabled. Enable the Ethernet interface to output log messages when it detects storm control threshold events.

  • Page 57: Configuring A Layer 3 Ethernet Interface Or Subinterface

    system-view Enter Ethernet interface view. interface interface-type interface-number Enable bridging on the Ethernet interface. port bridge enable By default, bridging is disabled on an Ethernet interface. Configuring a Layer 3 Ethernet interface or subinterface Setting the MTU for an Ethernet interface or subinterface Restrictions and guidelines The maximum transmission unit (MTU) of an Ethernet interface affects the fragmentation and reassembly of IP packets on the interface.

  • Page 58: Display And Maintenance Commands For Ethernet Interfaces

    As a best practice, do not set a MAC address in the VRRP-reserved MAC address range for a Layer 3 Ethernet subinterface. Display and maintenance commands for Ethernet interfaces Execute display commands in any view and reset commands in user view. Task Command display counters { inbound | outbound }...
  • Page 59 Contents Configuring Ethernet link aggregation ··················································· 1     About Ethernet link aggregation ···································································································· 1   Ethernet link aggregation application scenario ··········································································· 1   Aggregate interface, aggregation group, and member port ··························································· 1   Operational key ··················································································································· 2   Configuration types ·············································································································· 2  ...
  • Page 60   Example: Configuring Layer 2 aggregation load sharing ···························································· 37   Example: Configuring a Layer 2 edge aggregate interface ·························································· 39   Example: Configuring a Layer 3 static aggregation group ··························································· 41   Example: Configuring a Layer 3 dynamic aggregation group ······················································· 42  ...

  • Page 61: Configuring Ethernet Link Aggregation

    Configuring Ethernet link aggregation About Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link (called an aggregate link). Link aggregation provides the following benefits: • Increased bandwidth beyond the limits of a single individual link. In an aggregate link, traffic is distributed across the member ports.

  • Page 62: Operational Key

    • Individual—An Individual port can forward traffic as a normal physical port. This state is peculiar to the member ports of edge aggregate interfaces. A port is placed in the Individual state when the following conditions exist: Its aggregate interface is configured as an edge aggregate interface. The port has not received link aggregation control protocol data units (LACPDUs) from its peer port when the LACP timeout timer expires.

  • Page 63: Link Aggregation Modes

    Link aggregation modes An aggregation group operates in one of the following modes: • Static—Static aggregation is stable. An aggregation group in static mode is called a static aggregation group. The aggregation states of the member ports in a static aggregation group are not affected by the peer ports.

  • Page 64: Dynamic Link Aggregation

    Figure 2 Setting the aggregation state of a member port in a static aggregation group After the limit on Selected ports is reached, the aggregation state of a new member port varies by following conditions: • The port is placed in Unselected state if the port and the Selected ports have the same port priority.
  • Page 65 on the other member ports. In this way, the two systems reach an agreement on which ports are placed in Selected state. LACP functions LACP offers basic LACP functions and extended LACP functions, as described in Table Table 2 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the LACP system...
  • Page 66 • Manual assignment—Manually assign interfaces to the dynamic link aggregation group. • Automatic assignment—Enable automatic assignment on interfaces to have them automatically join a dynamic link aggregation group depending on the peer information in the received LACPDUs. NOTE: When you use automatic assignment on one end, you must use manual assignment on the other end.

  • Page 67: How Dynamic Link Aggregation Works

    After you enable automatic link aggregation and LLDP on two connected devices, they automatically establish a dynamic link aggregation based on the information in incoming LLDP frames. The devices each automatically create a dynamic aggregate interface and assign the redundant ports connected to the peer to the aggregation group of that interface.
  • Page 68 Figure 4 Setting the state of a member port in a dynamic aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Operational key/attribute configuration same as the reference port? Operational key/attribute configuration of the peer port same as the peer port of the reference port?

  • Page 69: Edge Aggregate Interface

    Edge aggregate interface Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device. The device forwards traffic by using only one of the physical ports that are connected to the server. To improve link reliability, configure the aggregate interface as an edge aggregate interface.

  • Page 70: Restrictions And Guidelines: Mixed Use Of Manual And Automatic Link Aggregation Configuration

    Figure 5 S-MLAG application scenario Restrictions and guidelines: Mixed use of manual and automatic link aggregation configuration To avoid unexpected aggregation issues, do not use manual assignment, automatic assignment, and automatic link aggregation in any combination. If you use any two of these features in combination, an automatically assigned member port might move between aggregation groups or undesirably change from Selected to Unselected in some situations.

  • Page 71: Configuring A Manual Link Aggregation

    Configuring a dynamic aggregation group to use port speed as the prioritized criterion for reference port selection Specifying ignored VLANs for a Layer 2 aggregate interface To have the system ignore the permit state and tagging mode of a VLAN when it decides Selected ports, perform this task.

  • Page 72: Configuring A Layer 2 Aggregation Group

    Aggregation member port restrictions Deleting an aggregate interface also deletes its aggregation group and causes all member ports to leave the aggregation group. An interface cannot join an aggregation group if it has different attribute configurations from the aggregate interface. After joining an aggregation group, an interface inherits the attribute configurations on the aggregate interface.
  • Page 73 To synchronize the attribute configurations from the aggregate interface when the current interface joins the aggregation group, specify the force keyword. (Optional.) Set the port priority of the interface. link-aggregation port-priority priority The default port priority of an interface is 32768. Configuring a Layer 2 dynamic aggregation group Enter system view.

  • Page 74: Configuring A Layer 3 Aggregation Group

    By default, the long LACP timeout interval (90 seconds) is used by the interface. To avoid traffic interruption during an ISSU, do not set the short LACP timeout interval before performing the ISSU. For more information about ISSU, see Fundamentals Configuration Guide.

  • Page 75: Configuring Automatic Link Aggregation

    b. Assign the interface to the Layer 3 aggregation group or enable automatic assignment on that interface. port link-aggregation group { group-id | auto [ group-id ] } Repeat these two substeps to assign more Layer 3 Ethernet interfaces to the aggregation group.

  • Page 76: Configuring S-Mlag

    system-view Enable automatic link aggregation. link-aggregation auto-aggregation enable By default, automatic link aggregation is disabled. Configuring S-MLAG Restrictions and guidelines S-MLAG is intended for a non-IRF environment. Do not configure it on an IRF fabric. For more formation about IRF, see Virtual Technologies Configuration Guide. Each S-MLAG group can contain only one aggregate interface on each device.

  • Page 77: Configuring An Aggregate Interface

    Assign the aggregate interface to an S-MLAG group. port s-mlag group group-id By default, an aggregate interface is not assigned to any S-MLAG group. Configuring an aggregate interface Most settings that can be made on Layer 2 or Layer 3 Ethernet interfaces can also be made on Layer 2 or Layer 3 aggregate interfaces.

  • Page 78: Configuring Jumbo Frame Support

    By default, all Layer 3 aggregate interfaces and subinterfaces on the device use the same default MAC address. Configuring jumbo frame support About jumbo frames An aggregate interface might receive frames larger than 1536 bytes during high-throughput data exchanges, such as file transfers. These frames are called jumbo frames. How an aggregate interface processes jumbo frames depends on whether jumbo frame support is enabled on the interface.

  • Page 79: Setting The Expected Bandwidth For An Aggregate Interface

    Setting the expected bandwidth for an aggregate interface About expected bandwidth Expected bandwidth is an informational parameter used only by higher-layer protocols for calculation. You cannot adjust the actual bandwidth of an interface by performing this task. Procedure Enter system view. system-view Enter aggregate interface view.

  • Page 80: Configuring Physical State Change Suppression On An Aggregate Interface

    Configuring physical state change suppression on an aggregate interface About physical state change suppression The physical link state of an aggregate interface is either up or down. Each time the physical link of an interface comes up or goes down, the system immediately reports the change to the CPU. The CPU then performs the following operations: •...

  • Page 81: Restoring The Default Settings For An Aggregate Interface

    Procedure Enter system view. system-view Enter aggregate interface view. Enter Layer 2 aggregate interface view. interface bridge-aggregation interface-number Enter Layer 3 aggregate interface view. interface route-aggregation interface-number Enter Layer 3 aggregate subinterface view. interface route-aggregation interface-number.subnumber } Shut down the interface. shutdown Restoring the default settings for an aggregate interface Restrictions and guidelines...

  • Page 82: Setting The Minimum And Maximum Numbers Of Selected Ports For An Aggregation Group

    Setting the minimum and maximum numbers of Selected ports for an aggregation group About the minimum and maximum numbers of Selected ports for an aggregation group The bandwidth of an aggregate link increases as the number of Selected member ports increases. To avoid congestion, you can set the minimum number of Selected ports required for bringing up an aggregate interface.

  • Page 83: Lacpdus

    interface bridge-aggregation interface-number Enter Layer 3 aggregate interface view. interface route-aggregation interface-number Set the minimum number of Selected ports for the aggregation group. Choose one of the following methods: Set the minimum number of Selected ports. link-aggregation selected-port minimum min-number Set the minimum percentage of Selected ports.

  • Page 84: Specifying Ignored Vlans For A Layer 2 Aggregate Interface

    You must perform this task at both ends of the aggregate link so the peer aggregation systems use the same criteria for reference port selection. As a best practice, shut down the peer aggregate interfaces before you execute this command and bring up the interfaces after this command is executed on both of them.

  • Page 85: Configuring Load Sharing For Link Aggregation Groups

    Configuring load sharing for link aggregation groups Setting static load sharing modes for link aggregation groups About static load sharing modes You can set the static global or group-specific load sharing mode. A link aggregation group preferentially uses the group-specific load sharing mode. If the group-specific load sharing mode is not available, the group uses the global load sharing mode.

  • Page 86: Enabling Local-First Load Sharing For Link Aggregation

    link-aggregation load-sharing ignore { destination-ip | destination-mac | destination-port | ethernet-type | ingress-port | ip-protocol | mpls-label1 | mpls-label2 | mpls-label3 | source-ip | source-mac | source-port | vlan-id } * By default, no ignored packet fields are specified for default link-aggregation load sharing. Enabling local-first load sharing for link aggregation About local-first load sharing for link aggregation Use local-first load sharing in a multidevice link aggregation scenario to distribute traffic preferentially...

  • Page 87: Configuring Link Aggregation Load Sharing Algorithm And Hash Seed Settings

    Configuring link aggregation load sharing algorithm and hash seed settings About link aggregation load sharing algorithms Use the link aggregation load sharing algorithm and hash seed features to optimize traffic distribution on aggregate links when the default load sharing mode is used. Each algorithm represents a CRC calculation method and the hash seed is used in hashing.

  • Page 88: Setting The Load Sharing Mode For Tunneled Traffic

    Setting the load sharing mode for tunneled traffic About the load sharing mode for tunneled traffic Perform this task to set the criterion used by aggregation groups to distribute tunneled traffic for load sharing. The device can use one of the following modes to distribute tunneled traffic on a link aggregation: •...
  • Page 89 When an aggregate interface receives an ARP packet from the management subnet, the device looks up the sender IP address in the ARP table for a matching entry. • If no matching entry exists, the device creates an ARP entry on the aggregation member port from which the packet came in.

  • Page 90: Enabling A Layer 2 Aggregate Interface To Reflect Incoming Packets Back

    Enabling a Layer 2 aggregate interface to reflect incoming packets back About reflecting incoming packets on a Layer 2 aggregate interface By default, the device drops a packet if its outgoing interface is the incoming interface where the packet arrived. To have a Layer 2 aggregate interface reflect a packet back when it is both the incoming and outgoing interfaces of that packet, perform this task.

  • Page 91: Enabling Link-Aggregation Traffic Redirection Globally

    To prevent traffic interruption, enable link-aggregation traffic redirection at both ends of the aggregate link. To prevent packet loss that might occur at a reboot, do not enable the spanning tree feature together with link-aggregation traffic redirection. Link-aggregation traffic redirection does not operate correctly on an edge aggregate interface. Enabling link-aggregation traffic redirection globally Enter system view.

  • Page 92: Display And Maintenance Commands For Ethernet Link Aggregation

    For more information about BFD, see High Availability Configuration Guide. Restrictions and guidelines When you enable BFD for an aggregation group, follow these restrictions and guidelines: • Make sure the source and destination IP addresses are reversed between the two ends of an aggregate link.

  • Page 93: Ethernet Link Aggregation Configuration Examples

    Task Command link-aggregation load sharing modes. mode [ interface [ { bridge-aggregation | route-aggregation } interface-number ] ] display link-aggregation load-sharing path interface { bridge-aggregation | route-aggregation } interface-number ingress-port interface-type interface-number [ route ] { { destination-ip ip-address | destination-ipv6 ipv6-address } | Display the outgoing physical interface selected for a traffic flow.
  • Page 94 Figure 8 Network diagram Procedure Configure Device A: # Create VLAN 10, and assign port Twenty-FiveGigE 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port twenty-fivegige 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign port Twenty-FiveGigE 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port twenty-fivegige 1/0/5 [DeviceA-vlan20] quit...

  • Page 95: Example: Configuring A Layer 2 Dynamic Aggregation Group

    Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Port: A -- Auto port, M -- Management port, R -- Reference port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing,...
  • Page 96 # Create VLAN 10, and assign the port Twenty-FiveGigE 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port twenty-fivegige 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Twenty-FiveGigE 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port twenty-fivegige 1/0/5 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode...
  • Page 97 Local: Port Status Priority Index Oper-Key Flag WGE1/0/1(R) 32768 {ACDEF} WGE1/0/2 32768 {ACDEF} WGE1/0/3 32768 {ACDEF} Remote: Actor Priority Index Oper-Key SystemID Flag WGE1/0/1 32768 0x8000, 000f-e267-57ad {ACDEF} WGE1/0/2 32768 0x8000, 000f-e267-57ad {ACDEF} WGE1/0/3 32768 0x8000, 000f-e267-57ad {ACDEF} The output shows that link aggregation group 1 is a Layer 2 dynamic aggregation group that contains three Selected ports.
  • Page 98 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Twenty-FiveGigE 1/0/6 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port twenty-fivegige 1/0/6 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1. [DeviceA] interface bridge-aggregation 1 # Configure Layer 2 aggregation group 1 to load share packets based on source MAC addresses.

  • Page 99: Example: Configuring A Layer 2 Edge Aggregate Interface

    Port Status: S -- Selected, U -- Unselected, I -- Individual Port: A -- Auto port, M -- Management port, R -- Reference port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Bridge-Aggregation1 Aggregation Mode: Static...
  • Page 100 Figure 11 Network diagram Procedure # Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic. <Device> system-view [Device] interface bridge-aggregation 1 [Device-Bridge-Aggregation1] link-aggregation mode dynamic # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface. [Device-Bridge-Aggregation1] lacp edge-port [Device-Bridge-Aggregation1] quit # Assign ports Twenty-FiveGigE 1/0/1 and Twenty-FiveGigE 1/0/2 to link aggregation group 1.

  • Page 101: Example: Configuring A Layer 3 Static Aggregation Group

    WGE1/0/2 32768 0x8000, 0000-0000-0000 {DEF} The output shows that Twenty-FiveGigE 1/0/1 and Twenty-FiveGigE 1/0/2 are in Individual state when they do not receive LACPDUs from the server. Both Twenty-FiveGigE 1/0/1 and Twenty-FiveGigE 1/0/2 can forward traffic. When one port fails, its traffic is automatically switched to the other port.

  • Page 102: Example: Configuring A Layer 3 Dynamic Aggregation Group

    Aggregate Interface: Route-Aggregation1 Aggregation Mode: Static Loadsharing Type: Shar Management VLANs: None Port Status Priority Oper-Key WGE1/0/1(R) 32768 WGE1/0/2 32768 WGE1/0/3 32768 The output shows that link aggregation group 1 is a Layer 3 static aggregation group that contains three Selected ports. Example: Configuring a Layer 3 dynamic aggregation group Network configuration On the network shown in...

  • Page 103: Example: Configuring Layer 3 Aggregation Load Sharing

    Verifying the configuration # Display detailed information about all aggregation groups on Device A. [DeviceA] display link-aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Port Status: S -- Selected, U -- Unselected, I -- Individual Port: A -- Auto port, M -- Management port, R -- Reference port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing,...
  • Page 104 # Create Layer 3 aggregate interface Route-Aggregation 1. <DeviceA> system-view [DeviceA] interface route-aggregation 1 # Configure Layer 3 aggregation group 1 to load share packets based on source IP addresses. [DeviceA-Route-Aggregation1] link-aggregation load-sharing mode source-ip # Configure an IP address and subnet mask for Layer 3 aggregate interface Route-Aggregation [DeviceA-Route-Aggregation1] ip address 192.168.1.1 24 [DeviceA-Route-Aggregation1] quit # Assign Layer 3 Ethernet interfaces Twenty-FiveGigE 1/0/1 and Twenty-FiveGigE 1/0/2 to...

  • Page 105: Example: Configuring S-Mlag

    Management VLANs: None Port Status Priority Oper-Key WGE1/0/1(R) 32768 WGE1/0/2 32768 Aggregate Interface: Route-Aggregation2 Aggregation Mode: Static Loadsharing Type: Shar Management VLANs: None Port Status Priority Oper-Key WGE1/0/3(R) 32768 WGE1/0/4 32768 The output shows that: • Link aggregation groups 1 and 2 are both load-shared Layer 3 static aggregation groups. •...
  • Page 106 # Create Layer 2 aggregate interface Bridge-Aggregation 10, and set the link aggregation mode to dynamic. <DeviceA> system-view [DeviceA] interface bridge-aggregation 10 [DeviceA-Bridge-Aggregation10] link-aggregation mode dynamic [DeviceA-Bridge-Aggregation10] quit # Assign Twenty-FiveGigE 1/0/1 through Twenty-FiveGigE 1/0/3 to aggregation group 10. [DeviceA] interface twenty-fivegige 1/0/1 [DeviceA-Twenty-FiveGigE1/0/1] port link-aggregation group 10 [DeviceA-Twenty-FiveGigE1/0/1] quit [DeviceA] interface twenty-fivegige 1/0/2...
  • Page 107 # Assign Twenty-FiveGigE 1/0/1 to aggregation group 3. [DeviceC] interface twenty-fivegige 1/0/1 [DeviceC-Twenty-FiveGigE1/0/1] port link-aggregation group 3 [DeviceC-Twenty-FiveGigE1/0/1] quit Configure Device D: # Set the LACP system MAC address to 0001-0001-0001. <DeviceD> system-view [DeviceD] lacp system-mac 1-1-1 # Set the LACP system priority to 123. [DeviceD] lacp system-priority 123 # Set the LACP system number to 3.
  • Page 108 WGE1/0/3 32768 49153 50100 0x7b , 0001-0001-0001 {ACDEF}...
  • Page 109 Contents Configuring DRNI ············································································· 1     About DRNI ······························································································································ 1   DRNI network model ············································································································ 1   DRCP ······························································································································· 2   Keepalive and failover mechanism ·························································································· 2   MAD mechanism ················································································································· 3   DR system setup process ····································································································· 3  ...

  • Page 110: Configuring Drni

    Configuring DRNI About DRNI Distributed Resilient Network Interconnect (DRNI) virtualizes two physical devices into one system through multichassis link aggregation. DRNI network model As shown in Figure 1, DRNI virtualizes two devices into a distributed-relay (DR) system, which connects to the remote aggregation system through a multichassis aggregate link. To the remote aggregation system, the DR system is one device.

  • Page 111: Drcp

    packets and data packets through the intra-portal link (IPL) established between them. A DR system has only one IPL. DR member devices use a keepalive link to monitor each other's state. For more information about the keepalive mechanism, see "Keepalive and failover mechanism."...

  • Page 112: Mad Mechanism

    MAD mechanism A multi-active collision occurs if the IPL goes down while the keepalive link is up. To avoid network issues, the secondary DR device sets all network interfaces to DRNI MAD DOWN state, except for the following interfaces: • Interfaces excluded from the MAD shutdown action by IRF.

  • Page 113: Configuration Consistency Check

    Figure 2 DR system setup process Configuration consistency check During DR system setup, DR member devices exchange the configuration and perform configuration consistency check to verify their consistency in the following configurations: • Type 1 configuration—Settings that affect traffic forwarding of the DR system. If an inconsistency in type 1 configuration is detected, the secondary DR device shuts down its DR interfaces.

  • Page 114: Drni Failure Handling Mechanisms

    Setting Details PVID on the IPP PVID on the IPP. • Global spanning tree state. Spanning tree state • VLAN-specific spanning tree state. Spanning tree mode Spanning tree mode, including STP, RSTP, PVST, and MSTP. • MST region name. • MST region revision level.
  • Page 115 After the faulty DR interface comes up, Device B forwards traffic to Device C through the DR interface. Figure 3 DR interface failure handling mechanism IPL failure handling mechanism As shown in Figure 4, multi-active collision occurs if the IPL goes down while the keepalive link is up. To avoid network issues, the secondary DR device sets all network interfaces to DRNI MAD DOWN state, except for the following interfaces: •...

  • Page 116: Protocols And Standards

    Figure 5 Device failure handling mechanism Uplink failure handling mechanism Uplink failure does not interrupt traffic forwarding of the DR system. As shown in Figure 6, when the uplink of Device A fails, Device A passes traffic destined for the IP network to Device B for forwarding.

  • Page 117: Drni Tasks At A Glance

    For DRNI to operate correctly, follow these guidelines: • Do not configure automatic link aggregation on a DR system. • Do not assign DR interfaces or IPPs to a port isolation group. For more information about port isolation, see "Configuring port isolation." When you configure a DR interface, follow these restrictions and guidelines: •...

  • Page 118: Configuring Dr System Settings

    Configuring DR system settings Configuring the DR system MAC address Restrictions and guidelines Changing the DR system MAC address causes DR system split. When you perform this task on a live network, make sure you are fully aware of its impact. The DR system MAC address uniquely identifies the DR system on the network.

  • Page 119: Setting The Dr Role Priority Of The Device

    Set the DR system priority. drni system-priority system-priority By default, the DR system priority is 32768. Setting the DR role priority of the device About the DR role priority DRNI assigns the primary or secondary role to a DR member device based on its DR role priority. The smaller the priority value, the higher the priority.

  • Page 120: Setting The Dr Keepalive Interval And Timeout Timer

    drni keepalive { ip | ipv6 } destination { ipv4-address | ipv6-address } [ source { ipv4-address | ipv6-address } | udp-port udp-number | vpn-instance vpn-instance-name ] * By default, the DR keepalive packet parameters are not configured. If you do not specify a source IP address or destination UDP port when you execute this command, the IP address of the outgoing interface and UDP port 6400 are used, respectively.

  • Page 121: Configuring A Dr Interface

    drni mad exclude interface interface-type interface-number By default, DRNI MAD shuts down all network interfaces when detecting a multi-active collision, except for the network interfaces set by the system to not shut down. Configuring a DR interface Restrictions and guidelines The device can have multiple DR interfaces.

  • Page 122: Disabling Configuration Consistency Check

    Enter interface view. Enter Layer 2 aggregate interface view. interface bridge-aggregation interface-number Enter VXLAN tunnel interface view. interface tunnel number Specify the interface as the IPP. port drni intra-portal-port port-id Disabling configuration consistency check About disabling configuration consistency check To ensure that the DR system can operate correctly, DRNI by default performs configuration consistency check when the DR system is set up.

  • Page 123: Setting The Keepalive Hold Timer For Identifying The Cause Of Ipl Down Events

    Enable the short DRCP timeout timer. drni drcp period short By default, an interface uses the long DRCP timeout timer (90 seconds). Setting the keepalive hold timer for identifying the cause of IPL down events About the keepalive hold timer The keepalive hold timer starts when the IPL goes down.

  • Page 124: Setting The Data Restoration Interval

    To avoid incorrect role preemption, make sure the reload delay timer is longer than the amount of time required for the device to restart. Procedure Enter system view. system-view Configure DR system auto-recovery. drni auto-recovery reload-delay delay-value By default, DR system auto-recovery is not configured. The reload delay timer is not set. Setting the data restoration interval About the data restoration interval The data restoration interval specifies the maximum amount of time for the secondary DR device to...

  • Page 125: Drni Configuration Examples

    Task Command Display detailed DRNI MAD display drni mad verbose information. display drni role Display DR role information. Display brief information about the IPP display drni summary and DR interfaces. display drni system Display the DR system settings. display drni verbose [ interface Display detailed information about the IPP and DR interfaces.
  • Page 126 # Set the link mode of Twenty-FiveGigE 1/0/5 to Layer 3, and assign the interface an IP address. The IP address will be used as the source IP address of keepalive packets. [DeviceA] interface twenty-fivegige 1/0/5 [DeviceA-Twenty-FiveGigE1/0/5] port link-mode route [DeviceA-Twenty-FiveGigE1/0/5] ip address 1.1.1.2 24 [DeviceA-Twenty-FiveGigE1/0/5] quit # Exclude the interface used for DR keepalive detection (Twenty-FiveGigE 1/0/5) from the...
  • Page 127 # Set the link mode of Twenty-FiveGigE 1/0/5 to Layer 3, and assign the interface an IP address. The IP address will be used as the source IP address of keepalive packets. [DeviceB] interface twenty-fivegige 1/0/5 [DeviceB-Twenty-FiveGigE1/0/5] port link-mode route [DeviceB-Twenty-FiveGigE1/0/5] ip address 1.1.1.1 24 [DeviceB-Twenty-FiveGigE1/0/5] quit # Exclude the interface used for DR keepalive detection (Twenty-FiveGigE 1/0/5) from the...
  • Page 128 [DeviceC-if-range] quit Verifying the configuration # Verify that the keepalive link is working correctly on Device A. [DeviceA] display drni keepalive Neighbor keepalive link status: Up Neighbor is alive for: 104 s, 16 ms Last keepalive packet sending status: Successful Last keepalive packet sending time: 2017/03/09 10:12:09 620 ms Last keepalive packet receiving status: Successful Last keepalive packet receiving time: 2017/03/09 10:12:09 707 ms...
  • Page 129 Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregate Interface: Bridge-Aggregation4 Creation Mode: Manual Aggregation Mode: Dynamic Loadsharing Type: Shar Management VLANs: None System ID: 0x8000, 2e56-cbae-0600 Local: Port...
  • Page 130 Figure 8 Network diagram Procedure Configure Device A: # Configure DR system settings. <DeviceA> system-view [DeviceA] drni system-mac 1-1-1 [DeviceA] drni system-number 1 [DeviceA] drni system-priority 123 # Configure DR keepalive parameters. [DeviceA] drni keepalive ip destination 1.1.1.2 source 1.1.1.1 # Set the link mode of Twenty-FiveGigE 1/0/5 to Layer 3, and assign the interface an IP address.
  • Page 131 [DeviceA-Twenty-FiveGigE1/0/3] quit [DeviceA] interface Twenty-FiveGigE 1/0/4 [DeviceA-Twenty-FiveGigE1/0/4] port link-aggregation group 125 [DeviceA-Twenty-FiveGigE1/0/4] quit # Create Layer 2 dynamic aggregate interface Bridge-Aggregation 100, and assign it to DR group 1. [DeviceA] interface bridge-aggregation 100 [DeviceA-Bridge-Aggregation100] link-aggregation mode dynamic [DeviceA-Bridge-Aggregation100] port drni group 1 [DeviceA-Bridge-Aggregation100] quit # Assign Twenty-FiveGigE 1/0/1 to aggregation group 100.
  • Page 132 [DeviceA-vlan-interface100] quit [DeviceA] interface vlan-interface 101 [DeviceA-vlan-interface101] ip address 20.1.1.1 24 [DeviceA-vlan-interface101] quit # Exclude VLAN-interface 100 and VLAN-interface 101 from the shutdown action by DRNI MAD. [DeviceA] drni mad exclude interface vlan-interface 100 [DeviceA] drni mad exclude interface vlan-interface 101 # Configure OSPF.
  • Page 133 # Create Layer 2 dynamic aggregate interface Bridge-Aggregation 125, and specify it as the IPP. [DeviceB] interface bridge-aggregation 125 [DeviceB-Bridge-Aggregation125] link-aggregation mode dynamic [DeviceB-Bridge-Aggregation125] port drni intra-portal-port 1 [DeviceB-Bridge-Aggregation125] quit # Assign Twenty-FiveGigE 1/0/3 and Twenty-FiveGigE 1/0/4 to aggregation group 125. [DeviceB] interface twenty-fivegige 1/0/3 [DeviceB-Twenty-FiveGigE1/0/3] port link-aggregation group 125 [DeviceB-Twenty-FiveGigE1/0/3] quit...
  • Page 134 # Set the link type of Bridge-Aggregation 125 to trunk, and assign it to VLAN 100 and VLAN 101. [DeviceB] interface bridge-aggregation 125 [DeviceB-Bridge-Aggregation125] port link-type trunk [DeviceB-Bridge-Aggregation125] port trunk permit vlan 100 101 [DeviceB-Bridge-Aggregation125] quit # Create VLAN-interface 100 and VLAN-interface 101, and assign IP addresses to them. [DeviceB] interface vlan-interface 100 [DeviceB-vlan-interface100] ip address 10.1.1.2 24 [DeviceB-vlan-interface100] quit...
  • Page 135 [DeviceC-Bridge-Aggregation100] port link-type trunk [DeviceC-Bridge-Aggregation100] port trunk permit vlan 100 [DeviceC-Bridge-Aggregation100] quit # Set the link type of Twenty-FiveGigE 1/0/3 to trunk, and assign it to VLAN 100. [DeviceC] interface twenty-fivegige 1/0/3 [DeviceC-Twenty-FiveGigE1/0/3] port link-type trunk [DeviceC-Twenty-FiveGigE1/0/3] port trunk permit vlan 100 [DeviceC-Twenty-FiveGigE1/0/3] quit # Create VLAN-interface 100, and assign it an IP address.
  • Page 136 [DeviceD] ospf [DeviceD-ospf-1] import-route direct [DeviceD-ospf-1] area 0 [DeviceD-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [DeviceD-ospf-1-area-0.0.0.0] quit [DeviceD-ospf-1] quit Verifying the configuration # Verify that Device C has established OSPF neighbor relationships with Device A and Device B. [DeviceC] display ospf peer OSPF Process 1 with Router ID 10.1.1.3 Neighbor Brief Information Area: 0.0.0.0 Router ID...
  • Page 137 Contents Configuring port isolation ··································································· 1     About port isolation····················································································································· 1   Assigning a port to an isolation group ····························································································· 1   Display and maintenance commands for port isolation ······································································· 1   Port isolation configuration examples ····························································································· 2   Example: Configuring port isolation ·························································································...
  • Page 138 Configuring port isolation About port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group. Assigning a port to an isolation group About port assignment to an isolation group The device supports multiple isolation groups, which can be configured manually.
  • Page 139 Task Command display port-isolate group Display isolation group information. [ group-id ] Port isolation configuration examples Example: Configuring port isolation Network configuration As shown in Figure • LAN users Host A, Host B, and Host C are connected to Twenty-FiveGigE 1/0/1, Twenty-FiveGigE 1/0/2, and Twenty-FiveGigE 1/0/3 on the device, respectively.
  • Page 140 [Device-Twenty-FiveGigE1/0/3] quit Verifying the configuration # Display information about isolation group 2. [Device] display port-isolate group 2 Port isolation group information: Group ID: 2 Group members: Twenty-FiveGigE1/0/1 Twenty-FiveGigE1/0/2 Twenty-FiveGigE1/0/3 The output shows that Twenty-FiveGigE 1/0/1, Twenty-FiveGigE 1/0/2, and Twenty-FiveGigE 1/0/3 are assigned to isolation group 2.
  • Page 141 Contents Configuring VLANs ··········································································· 1     About VLANs ···························································································································· 1   VLAN frame encapsulation ···································································································· 1   VLAN types ························································································································ 2   Port-based VLANs ··············································································································· 2   MAC-based VLANs ·············································································································· 3   IP subnet-based VLANs ········································································································ 5   Protocol-based VLANs ········································································································· 6  ...
  • Page 142   Creating a primary VLAN ··········································································································· 32   Creating secondary VLANs ········································································································ 32   Associating the primary VLAN with secondary VLANs······································································ 33   Configuring the uplink port ········································································································· 33   Configuring a downlink port ········································································································ 33   Configuring Layer 3 communication for secondary VLANs ································································ 34  ...

  • Page 143: Configuring Vlans

    Configuring VLANs About VLANs The Virtual Local Area Network (VLAN) technology divides a physical LAN into multiple logical LANs. It has the following benefits: • Security—Hosts in the same VLAN can communicate with one another at Layer 2, but they are isolated from hosts in other VLANs at Layer 2.

  • Page 144: Vlan Types

    VLAN types The following VLAN types are available: • Port-based VLAN. • MAC-based VLAN. • IP subnet-based VLAN. • Protocol-based VLAN. If all these types of VLANs are configured on a port, the port processes packets in the following descending order of priority by default: •...

  • Page 145: Mac-Based Vlans

    Actions Access Trunk Hybrid the PVID. • Drops the frame if its VLAN ID is different from the PVID. • Removes the tag and sends the frame if the frame carries the PVID tag and the Sends the frame if its VLAN is port belongs to the permitted on the port.
  • Page 146 • For a tagged frame, the port determines whether the VLAN ID of the frame is permitted on the port. If the VLAN ID of the frame is permitted on the port, the port forwards the frame. If the VLAN ID of the frame is not permitted on the port, the port drops the frame. Dynamic MAC-based VLAN assignment When you cannot determine the target MAC-based VLANs of a port, use dynamic MAC-based VLAN assignment on the port.

  • Page 147: Ip Subnet-Based Vlans

    Figure 2 Flowchart for processing a frame in dynamic MAC-based VLAN assignment The port receives a frame Tagged frame ? Selects a VLAN for the Gets the source MAC frame Uses source MAC to match the MAC in MAC- to-VLAN entries MAC addresses VLAN ID match the Is the VLAN ID the primary VLAN ID and the...

  • Page 148: Protocol-Based Vlans

    Protocol-based VLANs The protocol-based VLAN feature assigns inbound packets to different VLANs based on their protocol types and encapsulation formats. The protocols available for VLAN assignment include IP, IPX, and AT. The encapsulation formats include Ethernet II, 802.3 raw, 802.2 LLC, and 802.2 SNAP. This feature associates the available network service types with VLANs and facilitates network management and maintenance.

  • Page 149: Enabling Packet Dropping In The Vlan

    (Optional.) Set a name for the VLAN. name text By default, the name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the name of VLAN 100 is VLAN 0100.

  • Page 150: Assigning A Trunk Port To A Vlan

    Assigning one or multiple access ports to a VLAN in VLAN view Enter system view. system-view Enter VLAN view. vlan vlan-id Assign one or multiple access ports to the VLAN. port interface-list By default, all ports belong to VLAN 1. Assigning an access port to a VLAN in interface view Enter system view.

  • Page 151: Assigning A Hybrid Port To A Vlan

    port trunk permit vlan { vlan-id-list | all } By default, a trunk port permits only VLAN 1. (Optional.) Set the PVID for the trunk port. port trunk pvid vlan vlan-id The default setting is VLAN 1. Assigning a hybrid port to a VLAN About assigning a hybrid port to a VLAN A hybrid port supports multiple VLANs.

  • Page 152: Configuring Static Mac-Based Vlan Assignment

    Configuring static MAC-based VLAN assignment Enter system view. system-view Create a MAC-to-VLAN entry. mac-vlan mac-address mac-address [ mask mac-mask ] vlan vlan-id [ dot1p priority ] By default, no MAC-to-VLAN entries exist. Enter Layer 2 Ethernet interface view. interface interface-type interface-number Set the port link type to hybrid.
  • Page 153 forwards only packets exactly matching the MAC-to-VLAN entries and drops inexactly matching packets. • As a best practice, do not configure both dynamic MAC-based VLAN assignment and the MAC learning limit on a port. If the two features are configured together on a port and the port learns the configured maximum number of MAC address entries, the port processes packets as follows: Forwards only packets matching the MAC address entries learnt by the port.

  • Page 154: Configuring Server-Assigned Mac-Based Vlan

    Configuring server-assigned MAC-based VLAN Enter system view. system-view Enter Layer 2 Ethernet interface view. interface interface-type interface-number Set the port link type to hybrid. port link-type hybrid By default, all ports are access ports. Assign the hybrid port to the MAC-based VLANs. port hybrid vlan vlan-id-list { tagged | untagged } By default, a hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access .

  • Page 155: Configuring Protocol-Based Vlans

    port hybrid vlan vlan-id-list { tagged | untagged } By default, a hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access . Associate the hybrid port with the specified IP subnet-based VLAN. port hybrid ip-subnet-vlan vlan vlan-id By default, a hybrid port is not associated with a subnet-based VLAN.

  • Page 156: Configuring A Vlan Group

    Assign the hybrid port to the specified protocol-based VLANs. port hybrid vlan vlan-id-list { tagged | untagged } By default, a hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access . Associate the hybrid port with the specified protocol-based VLAN.

  • Page 157: Prerequisites

    (Optional.) Restoring the default settings for the VLAN interface Prerequisites Before you create a VLAN interface for a VLAN, create the VLAN first. Creating a VLAN interface Enter system view. system-view Create a VLAN interface and enter its view. interface vlan-interface interface-number Assign an IP address to the VLAN interface.

  • Page 158: Restoring The Default Settings For The Vlan Interface

    Restoring the default settings for the VLAN interface Restrictions and guidelines CAUTION: This feature might interrupt ongoing network services. Make sure you are fully aware of the impact of this feature when you use it on a live network. This feature might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions.

  • Page 159: Vlan Configuration Examples

    Task Command reset counters interface [ vlan-interface Clear statistics on a VLAN interface. [ interface-number ] ] display mac-vlan { all | dynamic | mac-address mac-address [ mask mac-mask ] Display MAC-to-VLAN entries. | static | vlan vlan-id } Display all ports that are enabled with the display mac-vlan interface MAC-based VLAN feature.

  • Page 160: Example: Configuring Mac-Based Vlans

    Please wait... Done. Configure Device B in the same way Device A is configured. (Details not shown.) Configure hosts: a. Configure Host A and Host C to be on the same IP subnet. For example, 192.168.100.0/24. b. Configure Host B and Host D to be on the same IP subnet. For example, 192.168.200.0/24. Verifying the configuration # Verify that Host A and Host C can ping each other, but they both fail to ping Host B and Host D.
  • Page 161 Figure 4 Network diagram Procedure Configure Device A: # Create VLANs 100 and 200. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] quit [DeviceA] vlan 200 [DeviceA-vlan200] quit # Associate the MAC addresses of Laptop 1 and Laptop 2 with VLANs 100 and 200, respectively.

  • Page 162: Example: Configuring Ip Subnet-Based Vlans

    # Create VLAN 100, and assign Twenty-FiveGigE 1/0/3 to VLAN 100. <DeviceB> system-view [DeviceB] vlan 100 [DeviceB-vlan100] port twenty-fivegige 1/0/3 [DeviceB-vlan100] quit # Create VLAN 200 and assign Twenty-FiveGigE 1/0/4 to VLAN 200. [DeviceB] vlan 200 [DeviceB-vlan200] port twenty-fivegige 1/0/4 [DeviceB-vlan200] quit # Configure Twenty-FiveGigE 1/0/1 as a trunk port, and assign the port to VLANs 100 and 200.
  • Page 163 Figure 5 Network diagram Device A Device B VLAN 100 VLAN 200 WGE1/0/2 WGE1/0/3 Device C WGE1/0/1 192.168.5.0/24 192.168.50.0/24 Office Procedure Configure Device C: # Associate IP subnet 192.168.5.0/24 with VLAN 100. <DeviceC> system-view [DeviceC] vlan 100 [DeviceC-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0 [DeviceC-vlan100] quit # Associate IP subnet 192.168.50.0/24 with VLAN 200.

  • Page 164: Example: Configuring Protocol-Based Vlans

    [DeviceC] interface twenty-fivegige 1/0/1 [DeviceC-Twenty-FiveGigE1/0/1] port link-type hybrid [DeviceC-Twenty-FiveGigE1/0/1] port hybrid vlan 100 200 untagged # Associate Twenty-FiveGigE 1/0/1 with the IP subnet-based VLANs 100 and 200. [DeviceC-Twenty-FiveGigE1/0/1] port hybrid ip-subnet-vlan vlan 100 [DeviceC-Twenty-FiveGigE1/0/1] port hybrid ip-subnet-vlan vlan 200 [DeviceC-Twenty-FiveGigE1/0/1] quit Configure Device A and Device B to forward packets from VLANs 100 and 200, respectively.
  • Page 165 Figure 6 Network diagram VLAN 100 VLAN 200 IPv4 server IPv6 server WGE1/0/3 WGE1/0/4 WGE1/0/1 WGE1/0/2 Device L2 switch A L2 switch B IPv4 host A IPv6 host A IPv4 host B IPv6 host B VLAN 100 VLAN 200 VLAN 100 VLAN 200 Procedure In this example, L2 Switch A and L2 Switch B use the factory configuration.
  • Page 166 # Configure Twenty-FiveGigE 1/0/1 as a hybrid port, and assign it to VLANs 100 and 200 as an untagged VLAN member. [Device] interface twenty-fivegige 1/0/1 [Device-Twenty-FiveGigE1/0/1] port link-type hybrid [Device-Twenty-FiveGigE1/0/1] port hybrid vlan 100 200 untagged # Associate Twenty-FiveGigE 1/0/1 with the IPv4 and ARP protocol templates of VLAN 100 and the IPv6 protocol template of VLAN 200.
  • Page 167 IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active Interface: Twenty-FiveGigE 1/0/2 VLAN ID Protocol index Protocol type Status IPv4 Active Ethernet II Etype 0x0806 Active IPv6 Active...

  • Page 168: Configuring Super Vlans

    Configuring super VLANs About super VLANs Hosts in a VLAN typically use IP addresses in the same subnet. For Layer 3 interoperability with other VLANs, you can create a VLAN interface for the VLAN and assign an IP address to it. This requires a large number of IP addresses.

  • Page 169: Configuring A Super Vlan

    vlan vlan-id-list By default, only the system default VLAN (VLAN 1) exists. Configuring a super VLAN Enter system view. system-view Enter VLAN view. vlan vlan-id Configure the VLAN as a super VLAN. supervlan By default, a VLAN is not a super VLAN. Associate the super VLAN with the sub-VLANs.

  • Page 170: Display And Maintenance Commands For Super Vlans

    Sub-VLANs cannot communicate with each other at Layer 3. Local proxy ND is disabled. For more information about local proxy ND, see Layer 3—IP Services Configuration Guide. Display and maintenance commands for super VLANs Execute display commands in any view. Task Command Display information about super VLANs and their...
  • Page 171 [DeviceA-vlan10] quit # Create VLAN-interface 10, and assign IP address 10.1.1.1/24 to it. [DeviceA] interface vlan-interface 10 [DeviceA-Vlan-interface10] ip address 10.1.1.1 255.255.255.0 # Enable local proxy ARP. [DeviceA-Vlan-interface10] local-proxy-arp enable [DeviceA-Vlan-interface10] quit # Create VLAN 2, and assign Twenty-FiveGigE 1/0/1 and Twenty-FiveGigE 1/0/2 to the VLAN. [DeviceA] vlan 2 [DeviceA-vlan2] port twenty-fivegige 1/0/1 twenty-fivegige 1/0/2 [DeviceA-vlan2] quit...
  • Page 172 Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: Twenty-FiveGigE1/0/1 Twenty-FiveGigE1/0/2 VLAN ID: 3 VLAN type: Static It is a sub VLAN. Route interface: Configured Ipv4 address: 10.1.1.1 Ipv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports:...

  • Page 173: Configuring Private Vlan

    Configuring private VLAN About private VLAN VLAN technology provides a method for isolating traffic from customers. At the access layer of a network, customer traffic must be isolated for security or accounting purposes. If VLANs are assigned on a per-user basis, a large number of VLANs will be required. The private VLAN feature saves VLAN resources.

  • Page 174: Restrictions And Guidelines: Private Vlan Configuration

    Restrictions and guidelines: Private VLAN configuration • Make sure the following requirements are met: For a promiscuous port: − The primary VLAN is the PVID of the port. − The port is an untagged member of the primary VLAN and secondary VLANs. For a host port: −...

  • Page 175: Associating The Primary Vlan With Secondary Vlans

    Associating the primary VLAN with secondary VLANs Enter system view. system-view Create enter VLAN view of the primary VLAN. vlan vlan-id Associate the primary VLAN with the secondary VLANs. private-vlan secondary vlan-id-list By default, a primary VLAN is not associated with any secondary VLANs. Configuring the uplink port About the uplink port Configure the uplink port (for example, the port connecting L2 Device B to L3 Device A in...

  • Page 176: Configuring Layer 3 Communication For Secondary Vlans

    Procedure Enter system view. system-view Enter interface view of the downlink port. interface interface-type interface-number Assign the downlink port to secondary VLANs. a. Set the link type of the port. port link-type { access | hybrid | trunk } b. Assign the access port to the specified VLAN. port access vlan vlan-id c.

  • Page 177: Display And Maintenance Commands For The Private Vlan

    IPv4: ip address ip-address { mask-length | mask } [ sub ] IPv6: ipv6 address { ipv6-address prefix-length | ipv6-address / prefix-length } By default, no IP address is configured for a VLAN interface. Enable local proxy ARP or ND. IPv4: local-proxy-arp enable By default, local proxy ARP is disabled.
  • Page 178 Figure 9 Network diagram Procedure This example describes the configurations on Device B and Device C. Configure Device B: # Configure VLAN 5 as a primary VLAN. <DeviceB> system-view [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan primary [DeviceB-vlan5] quit # Create VLANs 2 and 3. [DeviceB] vlan 2 to 3 # Associate secondary VLANs 2 and 3 with primary VLAN 5.
  • Page 179 Configure Device C: # Configure VLAN 6 as a primary VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC–vlan6] private-vlan primary [DeviceC–vlan6] quit # Create VLANs 3 and 4. [DeviceC] vlan 3 to 4 # Associate secondary VLANs 3 and 4 with primary VLAN 6. [DeviceC] vlan 6 [DeviceC-vlan6] private-vlan secondary 3 to 4 [DeviceC-vlan6] quit...

  • Page 180: Example: Configuring Trunk Promiscuous Ports

    Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: Twenty-FiveGigE1/0/2 Twenty-FiveGigE1/0/5 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: None Untagged Ports: Twenty-FiveGigE1/0/3 Twenty-FiveGigE1/0/5...
  • Page 181 Figure 10 Network diagram Procedure Configure Device B: # Configure VLANs 5 and 10 as primary VLANs. <DeviceB> system-view [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan primary [DeviceB-vlan5] quit [DeviceB] vlan 10 [DeviceB-vlan10] private-vlan primary [DeviceB-vlan10] quit # Create VLANs 2, 3, 6, and 8. [DeviceB] vlan 2 to 3 [DeviceB] vlan 6 [DeviceB-vlan6] quit...
  • Page 182 # Assign downlink port Twenty-FiveGigE 1/0/2 to VLAN 2, and configure the port as a host port. [DeviceB] interface twenty-fivegige 1/0/2 [DeviceB-Twenty-FiveGigE1/0/2] port access vlan 2 [DeviceB-Twenty-FiveGigE1/0/2] port private-vlan host [DeviceB-Twenty-FiveGigE1/0/2] quit # Assign downlink port Twenty-FiveGigE 1/0/3 to VLAN 3, and configure the port as a host port. [DeviceB] interface twenty-fivegige 1/0/3 [DeviceB-Twenty-FiveGigE1/0/3] port access vlan 3 [DeviceB-Twenty-FiveGigE1/0/3] port private-vlan host...

  • Page 183: Example: Configuring Trunk Promiscuous And Trunk Secondary Ports

    Twenty-FiveGigE1/0/2 Twenty-FiveGigE1/0/3 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: Twenty-FiveGigE1/0/1 Untagged ports: Twenty-FiveGigE1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003 Name: VLAN 0003 Tagged ports:...
  • Page 184 Figure 11 Network diagram Procedure Configure Device A: # Configure VLANs 10 and 20 as primary VLANs. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] private-vlan primary [DeviceA-vlan10] quit [DeviceA] vlan 20 [DeviceA-vlan20] private-vlan primary [DeviceA-vlan20] quit # Create VLANs 11, 12, 21, and 22. [DeviceA] vlan 11 to 12 [DeviceA] vlan 21 to 22 # Associate secondary VLANs 11 and 12 with primary VLAN 10.
  • Page 185 [DeviceA] interface twenty-fivegige 1/0/5 [DeviceA-Twenty-FiveGigE1/0/5] port private-vlan 10 20 trunk promiscuous [DeviceA-Twenty-FiveGigE1/0/5] quit # Assign downlink port Twenty-FiveGigE 1/0/1 to VLAN 22 and configure the port as a host port. [DeviceA] interface twenty-fivegige 1/0/1 [DeviceA-Twenty-FiveGigE1/0/1] port access vlan 22 [DeviceA-Twenty-FiveGigE1/0/1] port private-vlan host [DeviceA-Twenty-FiveGigE1/0/1] quit # Assign downlink port Twenty-FiveGigE 1/0/3 to VLAN 12 and configure the port as a host port.
  • Page 186 [DeviceC] interface twenty-fivegige 1/0/5 [DeviceC-Twenty-FiveGigE1/0/5] port link-type hybrid [DeviceC-Twenty-FiveGigE1/0/5] port hybrid vlan 10 20 tagged [DeviceC-Twenty-FiveGigE1/0/5] quit Verifying the configuration # Verify the primary VLAN configurations on Device A. The following output uses primary VLAN 10 as an example. [DeviceA] display private-vlan 10 Primary VLAN ID: 10 Secondary VLAN ID: 11-12 VLAN ID: 10...

  • Page 187: Example: Configuring Layer 3 Communication For Secondary Vlans

    • The trunk secondary port (Twenty-FiveGigE 1/0/2) is a tagged member of primary VLAN 10 and secondary VLAN 11. • The host port (Twenty-FiveGigE 1/0/3) is an untagged member of primary VLAN 10 and secondary VLAN 12. Example: Configuring Layer 3 communication for secondary VLANs Network configuration As shown in...
  • Page 188 # Assign downlink port Twenty-FiveGigE 1/0/2 to VLAN 2, and configure the port as a host port. [DeviceA] interface twenty-fivegige 1/0/2 [DeviceA-Twenty-FiveGigE1/0/2] port access vlan 2 [DeviceA-Twenty-FiveGigE1/0/2] port private-vlan host [DeviceA-Twenty-FiveGigE1/0/2] quit # Assign downlink port Twenty-FiveGigE 1/0/3 to VLAN 3, and configure the port as a host port. [DeviceA] interface twenty-fivegige 1/0/3 [DeviceA-Twenty-FiveGigE1/0/3] port access vlan 3 [DeviceA-Twenty-FiveGigE1/0/3] port private-vlan host...
  • Page 189 Tagged ports: None Untagged ports: Twenty-FiveGigE1/0/1 Twenty-FiveGigE1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: Twenty-FiveGigE1/0/1 Twenty-FiveGigE1/0/3 The Route interface field in the output is Configured, indicating that secondary VLANs 2 and 3 are interoperable at Layer 3.

  • Page 190: Configuring Voice Vlans

    OUI address Vendor 0001-e300-0000 Siemens phone 0003-6b00-0000 Cisco phone 0004-0d00-0000 Avaya phone 000f-e200-0000 H3C Aolynk phone 0060-b900-0000 Philips/NEC phone 00d0-1e00-0000 Pingtel phone 00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone Typically, an OUI address refers to the first 24 bits of a MAC address (in binary notation) and is a globally unique identifier that IEEE assigns to a vendor.

  • Page 191: Advertising The Voice Vlan Information To Ip Phones

    Automatically identifying IP phones through LLDP If IP phones support LLDP, configure LLDP for automatic IP phone discovery on the device. The device can then automatically discover the peer through LLDP, and exchange LLDP TLVs with the peer. If the LLDP System Capabilities TLV received on a port indicates that the peer can act as a telephone, the device performs the following operations: Sends an LLDP TLV with the voice VLAN configuration to the peer.

  • Page 192: Voice Vlan Assignment Modes

    Figure 14 Connecting the host and IP phone in series Voice gateway Host IP phone Device Connecting the IP phone to the device As shown in Figure 15, IP phones are connected to the device without the presence of the host. Use this connection method when IP phones sends out untagged voice packets.

  • Page 193: Cooperation Of Voice Vlan Assignment Modes And Ip Phones

    Manual mode Use manual mode when only IP phones access the network through the device, as shown in Figure 15. In this mode, ports are assigned to a voice VLAN that transmits voice traffic exclusively. No data traffic affects the voice traffic transmission. You must manually assign the port that connects to the IP phone to a voice VLAN.

  • Page 194: Security Mode And Normal Mode Of Voice Vlans

    Port link Configuration requirements type The port must forward packets from the voice VLAN. The voice VLAN must be the PVID of the port. Hybrid The port must forward packets from the voice VLAN without VLAN tags. Security mode and normal mode of voice VLANs Depending on the filtering mechanisms to incoming packets, a voice VLAN-enabled port can operate in one of the following modes: •...

  • Page 195: Voice Vlan Tasks At A Glance

    aging timer for its dynamic MAC address entry. For more information about the aging timer for dynamic MAC address entries, see "Configuring the MAC address table." As a best practice, do not both configure voice VLAN and disable MAC address learning on a port. If the two features are configured together on a port, the port forwards only packets exactly matching the OUI addresses and drops inexactly matching packets.

  • Page 196: Configuring Voice Vlan Assignment Modes For A Port

    voice-vlan qos cos-value dscp-value By default, a port modifies the CoS and DSCP values for voice VLAN packets to 6 and 46, respectively. If a port trusts the QoS priority settings in incoming voice VLAN packets, the port does not modify their CoS and DSCP values.

  • Page 197: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode

    port link-type hybrid Configure the port to operate in automatic voice VLAN assignment mode. voice-vlan mode auto By default, the automatic voice VLAN assignment mode is enabled. Enable the voice VLAN feature on the port. voice-vlan vlan-id enable By default, the voice VLAN feature is disabled. Before you execute this command, make sure the specified VLAN already exists.

  • Page 198: Enabling Lldp For Automatic Ip Phone Discovery

    This step is required for untagged incoming voice traffic and prohibited for tagged incoming voice traffic. Enable the voice VLAN feature on the port. voice-vlan vlan-id enable By default, the voice VLAN feature is disabled. Before you execute this command, make sure the specified VLAN already exists. Enabling LLDP for automatic IP phone discovery Restrictions and guidelines •...

  • Page 199: Configuring Cdp To Advertise A Voice Vlan

    display lldp local-information For more information about the command, see Layer 2—LAN Switching Command Reference. Configuring CDP to advertise a voice VLAN About configuring CDP to advertise a voice VLAN If an IP phone supports CDP but does not support LLDP, it will send out CDP packets to the device to request the voice VLAN ID.

  • Page 200: Voice Vlan Configuration Examples

    Voice VLAN configuration examples Example: Configuring automatic voice VLAN assignment mode Network configuration As shown in Figure 16, Device A transmits traffic from IP phones and hosts. For correct voice traffic transmission, perform the following tasks on Device A: • Configure voice VLANs 2 and 3 to transmit voice packets from IP phone A and IP phone B, respectively.

  • Page 201: Example: Configuring Manual Voice Vlan Assignment Mode

    OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0011-1100-0000 ffff-ff00-0000 IP phone A 0011-2200-0000 ffff-ff00-0000 IP phone B 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000...
  • Page 202 To enable Twenty-FiveGigE 1/0/1 to transmit only voice packets, perform the following tasks on Device A: • Create VLAN 2. This VLAN will be used as a voice VLAN. • Configure Twenty-FiveGigE 1/0/1 to operate in manual voice VLAN assignment mode and add it to VLAN 2.
  • Page 203 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0011-2200-0000 ffff-ff00-0000 test 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3Com phone # Display the voice VLAN state. [DeviceA] display voice-vlan state Current voice VLANs: 1...
  • Page 204 Contents Configuring MVRP ············································································ 1     About MVRP ····························································································································· 1   MRP implementation ············································································································ 1   MRP messages ·················································································································· 1   MRP timers ························································································································ 3   MVRP registration modes ····································································································· 3   Protocols and standards ······································································································· 4   Restrictions and guidelines: MVRP configuration ·············································································· 4  ...

  • Page 205: Configuring Mvrp

    Configuring MVRP About MVRP Multiple Registration Protocol (MRP) is an attribute registration protocol used to transmit attribute values. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. It synchronizes VLAN information among devices and greatly reduces the workload of network administrators. MRP implementation An MRP-enabled port is called an MRP participant.
  • Page 206 • Propagates the Join message to all other participants on the device. After receiving the Join message, other participants send the Join message to their respective peer participants. Join messages sent from a local participant to its peer participant include the following types: •...

  • Page 207: Mrp Timers

    When the Leave timer expires, a participant deregisters all attributes that have not been re-registered to periodically clear useless attributes in the network. MRP timers MRP uses the following timers to control message transmission. Periodic timer The Periodic timer controls the transmission of MRP messages. An MRP participant starts its own Periodic timer upon startup, and stores MRP messages to be sent before the Periodic timer expires.

  • Page 208: Restrictions And Guidelines: Mvrp Configuration

    Based on how an MVRP participant handles registration of dynamic VLANs, MVRP has the following registration modes: • Normal—An MVRP participant in normal registration mode registers and deregisters dynamic VLANs. • Fixed—An MVRP participant in fixed registration mode disables deregistering dynamic VLANs and drops received MVRP frames.

  • Page 209: Enabling Mvrp

    Enabling MVRP Enter system view. system-view Enable MVRP globally. mvrp global enable By default, MVRP is globally disabled. For MVRP to take effect on a port, enable MVRP both on the port and globally. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. interface interface-type interface-number Configure the port as a trunk port.

  • Page 210: Enabling Gvrp Compatibility

    Table 1 Dependencies of the Join, Leave, and LeaveAll timers Timer Lower limit Upper limit Join 20 centiseconds Half the Leave timer Leave Twice the Join timer LeaveAll timer LeaveAll Leave timer on each port 32760 centiseconds • To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.

  • Page 211: Display And Maintenance Commands For Mvrp

    system-view Enable GVRP compatibility. mvrp gvrp-compliance enable By default, GVRP compatibility is disabled. Display and maintenance commands for MVRP Execute display commands in any view and reset commands in user view. Task Command display mvrp running-status [ interface Display MVRP running status. interface-list ] display mvrp state interface interface-type Display the MVRP state of a port in a...
  • Page 212 Figure 2 Network diagram Device A Device B Permit: all VLANs WGE1/0/3 WGE1/0/3 VLAN 20 VLAN 10 Permit: all VLANs Permit: VLANs 20, 40 VLAN 10 MSTI 1 VLAN 20 MSTI 2 Other VLANs MSTI 0 Device C Device D MSTI 0 MSTI 1 MSTI 2...
  • Page 213 # Configure Twenty-FiveGigE 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface twenty-fivegige 1/0/1 [DeviceA-Twenty-FiveGigE1/0/1] port link-type trunk [DeviceA-Twenty-FiveGigE1/0/1] port trunk permit vlan all # Enable MVRP on Twenty-FiveGigE 1/0/1. [DeviceA-Twenty-FiveGigE1/0/1] mvrp enable [DeviceA-Twenty-FiveGigE1/0/1] quit # Configure Twenty-FiveGigE 1/0/2 as a trunk port, and configure it to permit VLAN 40.
  • Page 214 [DeviceB-Twenty-FiveGigE1/0/1] mvrp enable [DeviceB-Twenty-FiveGigE1/0/1] quit # Configure Twenty-FiveGigE 1/0/2 as a trunk port, and configure it to permit all VLANs. [DeviceB] interface twenty-fivegige 1/0/2 [DeviceB-Twenty-FiveGigE1/0/2] port link-type trunk [DeviceB-Twenty-FiveGigE1/0/2] port trunk permit vlan all # Enable MVRP on Twenty-FiveGigE 1/0/2. [DeviceB-Twenty-FiveGigE1/0/2] mvrp enable [DeviceB-Twenty-FiveGigE1/0/2] quit # Configure Twenty-FiveGigE 1/0/3 as a trunk port, and configure it to permit all VLANs.
  • Page 215 [DeviceC-Twenty-FiveGigE1/0/2] port trunk permit vlan all # Enable MVRP on Twenty-FiveGigE 1/0/2. [DeviceC-Twenty-FiveGigE1/0/2] mvrp enable [DeviceC-Twenty-FiveGigE1/0/2] quit Configure Device D: # Enter MST region view. <DeviceD> system-view [DeviceD] stp region-configuration # Configure the MST region name, VLAN-to-instance mappings, and revision level. [DeviceD-mst-region] region-name example [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 2 vlan 20...
  • Page 216 Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default) Declared VLANs : 1(default), 10, 20 Propagated VLANs : 1(default) ----[Twenty-FiveGigE1/0/2]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer...
  • Page 217 Global Status : Enabled Compliance-GVRP : False ----[Twenty-FiveGigE1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default) Declared VLANs :...
  • Page 218 Twenty-FiveGigE 1/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP. Twenty-FiveGigE 1/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1. Twenty-FiveGigE 1/0/3 has registered VLAN 1 and VLAN 10, declared VLAN 20, and propagated VLAN 10 through MVRP.
  • Page 219 Global Status : Enabled Compliance-GVRP : False ----[Twenty-FiveGigE1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : 1(default), 20 Declared VLANs :...
  • Page 220 Compliance-GVRP : False ----[Twenty-FiveGigE1/0/3]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Fixed Registered VLANs : 1(default), 10 Declared VLANs : Propagated VLANs : The output shows that VLAN information on Twenty-FiveGigE 1/0/3 is not changed after you...
  • Page 221 Contents Configuring loopback, null, and inloopback interfaces ······························ 1     About loopback, null, and inloopback interfaces ················································································ 1   About loopback interfaces ····································································································· 1   About null interfaces ············································································································ 1   About inloopback interfaces ··································································································· 1   Configuring a loopback interface ··································································································· 1  ...

  • Page 222: Configuring Loopback, Null, And Inloopback Interfaces

    Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. About loopback, null, and inloopback interfaces About loopback interfaces A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.

  • Page 223: Configuring A Null Interface

    interface loopback interface-number Configure the interface description. description text The default setting is interface name Interface (for example, LoopBack1 Interface). Configure the expected bandwidth of the loopback interface. bandwidth bandwidth-value By default, the expected bandwidth of a loopback interface is 0 kbps. Bring up the loopback interface.

  • Page 224: Display And Maintenance Commands For Loopback, Null, And Inloopback Interfaces

    Display and maintenance commands for loopback, null, and inloopback interfaces Execute display commands in any view and reset commands in user view. Task Command display interface [ inloopback [ 0 ] ] Display information about the inloopback interface. [ brief [ description | down ] ] display interface [ loopback Display information about the specified or all [ interface-number ] ] [ brief...
  • Page 225 Contents Configuring QinQ ············································································· 1     About QinQ ······························································································································ 1   QinQ benefits ····················································································································· 1   How QinQ works ················································································································· 1   QinQ implementations ·········································································································· 2   Protocols and standards ······································································································· 3   Restrictions and guidelines: QinQ configuration ················································································ 3  ...

  • Page 226: Configuring Qinq

    Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.

  • Page 227: Qinq Implementations

    As shown in Figure 2, customer A has remote sites CE 1 and CE 4. Customer B has remote sites CE 2 and CE 3. The CVLANs of the two customers overlap. The service provider assigns SVLANs 3 and 4 to customers A and B, respectively. When a tagged Ethernet frame from CE 1 arrives at PE 1, the PE tags the frame with SVLAN 3.

  • Page 228: Protocols And Standards

    Protocols and standards • IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks • IEEE 802.1ad, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks-Amendment 4: Provider Bridges Restrictions and guidelines: QinQ configuration When you configure QinQ, follow these restrictions and guidelines: •...

  • Page 229: Configuring Transmission For Transparent Vlans

    Configure trunk port to allow packets from its PVID to pass through. port trunk permit vlan { vlan-id-list | all } By default, a trunk port allows packets only from VLAN 1 to pass through. Enable QinQ on the port. qinq enable By default, QinQ is disabled on the port.

  • Page 230: Configuring The Tpid For Vlan Tags

    Configuring the TPID for VLAN tags About TPID TPID identifies a frame as an 802.1Q tagged frame. The TPID value varies by vendor. On an H3C device, the TPID in the 802.1Q tag added on a QinQ-enabled port is 0x8100 by default, in compliance with IEEE 802.1Q.

  • Page 231: Configuring The Tpid For Cvlan Tags

    Configuring the TPID for CVLAN tags Enter system view. system-view Set the TPID for CVLAN tags. qinq ethernet-type customer-tag hex-value By default, the TPID is 0x8100 for CVLAN tags. Configuring the TPID for SVLAN tags Enter system view. system-view Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. interface interface-type interface-number Set the TPID for SVLAN tags.

  • Page 232: Tasks At A Glance

    Tasks at a glance To use QoS policies to set the 802.1p priority in SVLAN tags, perform the following tasks: Creating a traffic class and configuring CVLAN match criteria Creating a traffic behavior and configuring a priority marking action for SVLAN tags Creating a QoS policy Applying the QoS policy Creating a traffic class and configuring CVLAN match criteria...

  • Page 233: Applying The Qos Policy

    Applying the QoS policy Enter system view. system-view Enter Layer 2 Ethernet interface view. interface interface-type interface-number Apply the QoS policy to the inbound direction of the port. qos apply policy policy-name inbound Display and maintenance commands for QinQ Execute display commands in any view. Task Command display qinq [ interface...
  • Page 234 Figure 3 Network diagram Procedure Configure PE 1: # Configure Twenty-FiveGigE 1/0/1 as a trunk port, and assign it to VLAN 100. <PE1> system-view [PE1] interface twenty-fivegige 1/0/1 [PE1-Twenty-FiveGigE1/0/1] port link-type trunk [PE1-Twenty-FiveGigE1/0/1] port trunk permit vlan 100 # Set the PVID of Twenty-FiveGigE 1/0/1 to VLAN 100. [PE1-Twenty-FiveGigE1/0/1] port trunk pvid vlan 100 # Enable QinQ on Twenty-FiveGigE 1/0/1.

  • Page 235: Example: Configuring Vlan Transparent Transmission

    [PE1-Twenty-FiveGigE1/0/3] quit Configure PE 2: # Configure Twenty-FiveGigE 1/0/1 as a trunk port, and assign it to VLAN 200. <PE2> system-view [PE2] interface twenty-fivegige 1/0/1 [PE2-Twenty-FiveGigE1/0/1] port link-type trunk [PE2-Twenty-FiveGigE1/0/1] port trunk permit vlan 200 # Set the PVID of Twenty-FiveGigE 1/0/1 to VLAN 200. [PE2-Twenty-FiveGigE1/0/1] port trunk pvid vlan 200 # Enable QinQ on Twenty-FiveGigE 1/0/1.
  • Page 236 Figure 4 Network diagram Procedure Configure PE 1: # Configure Twenty-FiveGigE 1/0/1 as a trunk port, and assign it to VLAN 100 and VLAN 3000. <PE1> system-view [PE1] interface twenty-fivegige 1/0/1 [PE1-Twenty-FiveGigE1/0/1] port link-type trunk [PE1-Twenty-FiveGigE1/0/1] port trunk permit vlan 100 3000 # Set the PVID of Twenty-FiveGigE 1/0/1 to VLAN 100.
  • Page 237 # Configure Twenty-FiveGigE 1/0/2 as a trunk port, and assign it to VLANs 100 and 3000. [PE2] interface twenty-fivegige 1/0/2 [PE2-Twenty-FiveGigE1/0/2] port link-type trunk [PE2-Twenty-FiveGigE1/0/2] port trunk permit vlan 100 3000 Configure the devices between PE 1 and PE 2: # Set the MTU to a minimum of 1504 bytes for each port on the path of QinQ frames.
  • Page 238 Contents Configuring VLAN mapping ································································ 1     About VLAN mapping ················································································································· 1   VLAN mapping types ··········································································································· 1   VLAN mapping application scenarios ······················································································· 1   VLAN mapping implementations ····························································································· 3   Restrictions and guidelines: VLAN mapping configuration ··································································· 6  ...

  • Page 239: Configuring Vlan Mapping

    Configuring VLAN mapping About VLAN mapping VLAN mapping re-marks VLAN traffic with new VLAN IDs. VLAN mapping types H3C provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag.
  • Page 240 Figure 1 Application scenario of one-to-one and many-to-one VLAN mapping DHCP client VLAN 1 Home gateway VLAN 2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 VoIP VLAN 3 -> VLAN 301 Wiring-closet switch DHCP server VLAN 1 VLAN 1 ->...

  • Page 241: Vlan Mapping Implementations

    Figure 2 Application scenario of one-to-two and two-to-two VLAN mapping As shown in Figure 2, Site 1 and Site 2 of VPN A are in VLAN 2 and VLAN 3, respectively. The SP 1 network assigns SVLAN 10 to Site 1. The SP 2 network assigns SVLAN 20 to Site 2. When the packet from Site 1 arrives at PE 1, PE 1 tags the packet with SVLAN 10 by using one-to-two VLAN mapping.
  • Page 242 Figure 3 Basic VLAN mapping terms Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping As shown in Figure 4, one-to-one VLAN mapping is implemented on the customer-side port and replaces VLAN tags as follows: • Replaces the CVLAN with the SVLAN for the uplink traffic. •...
  • Page 243 Figure 5 Many-to-one VLAN mapping implementation One-to-two VLAN mapping As shown in Figure 6, one-to-two VLAN mapping is implemented on the customer-side port to add the SVLAN tag for the uplink traffic. For the downlink traffic to be correctly sent to the customer network, make sure the SVLAN tag is removed on the customer-side port before transmission.

  • Page 244: Restrictions And Guidelines: Vlan Mapping Configuration

    Figure 7 Two-to-two VLAN mapping implementation Restrictions and guidelines: VLAN mapping configuration To add VLAN tags to packets, you can configure both VLAN mapping and QinQ. VLAN mapping takes effect if a configuration conflict occurs. For more information about QinQ, see "Configuring QinQ."...

  • Page 245: Configuring One-To-One Vlan Mapping

    Configuring one-to-one VLAN mapping About one-to-one VLAN mapping Configure one-to-one VLAN mapping on the customer-side ports of wiring-closet switches (see Figure 1) to isolate traffic of the same service type from different homes. Procedure Enter system view. system-view Enter interface view. Enter Layer 2 Ethernet interface view.
  • Page 246 Restrictions and guidelines for many-to-one VLAN mapping in dynamic IP address assignment environment To ensure correct traffic forwarding from the service provider network to the customer network, do not configure many-to-one VLAN mapping together with uRPF. For more information about uRPF, see Security Configuration Guide.
  • Page 247 port trunk permit vlan vlan-id-list By default, a trunk port is assigned to VLAN 1. Assign the hybrid port to the original VLANs and the translated VLAN as a tagged member. port hybrid vlan vlan-id-list tagged By default, a hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.

  • Page 248: Configuring Many-To-One Vlan Mapping In Static Ip Address Assignment Environment

    Configuring many-to-one VLAN mapping in static IP address assignment environment About many-to-one VLAN mapping in static IP address assignment environment In a network that uses static IP addresses, configure many-to-one VLAN mapping with ARP snooping. The switch replaces the SVLAN tag of the downlink traffic with the associated CVLAN tag based on the ARP snooping entry lookup.
  • Page 249 Set the link type of the port. port link-type { hybrid | trunk } By default, the link type of a port is access. Assign the port to the original VLANs and the translated VLAN. Assign the trunk port to the original VLANs and the translated VLAN. port trunk permit vlan vlan-id-list By default, a trunk port is assigned to VLAN 1.

  • Page 250: Configuring One-To-Two Vlan Mapping

    Configuring one-to-two VLAN mapping About one-to-two VLAN mapping Configure one-to-two VLAN mapping on the customer-side ports of edge devices from which customer traffic enters SP networks, for example, on PEs 1 and 4 in Figure 2. One-to-two VLAN mapping enables the edge devices to add an SVLAN tag to each incoming packet. Restrictions and guidelines Only one SVLAN tag can be added to packets from the same CVLAN.

  • Page 251: Display And Maintenance Commands For Vlan Mapping

    system-view Enter interface view. Enter Layer 2 Ethernet interface view. interface interface-type interface-number Enter Layer 2 aggregate interface view. interface bridge-aggregation interface-number Set the link type of the port. port link-type { hybrid | trunk } By default, the link type of a port is access. Assign the port to the original VLANs and the translated VLANs.
  • Page 252 To isolate traffic of the same service type from different households, configure one-to-one VLAN mappings on the wiring-closet switches. This feature assigns one VLAN to each type of traffic from each household. To save VLAN resources, configure many-to-one VLAN mappings on the campus switch (Switch C). This feature transmits the same type of traffic from different households in one VLAN.
  • Page 253 Procedure Configure Switch A: # Create the original VLANs. <SwitchA> system-view [SwitchA] vlan 2 to 3 # Create the translated VLANs. [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure customer-side port Twenty-FiveGigE 1/0/1 as a trunk port. <SwitchA>...
  • Page 254 [SwitchC-vlan101] vlan 201 [SwitchC-vlan201] arp detection enable [SwitchC-vlan201] vlan 301 [SwitchC-vlan301] arp detection enable [SwitchC-vlan301] vlan 102 [SwitchC-vlan102] arp detection enable [SwitchC-vlan102] vlan 202 [SwitchC-vlan202] arp detection enable [SwitchC-vlan202] vlan 302 [SwitchC-vlan302] arp detection enable [SwitchC-vlan302] vlan 103 [SwitchC-vlan103] arp detection enable [SwitchC-vlan103] vlan 203 [SwitchC-vlan203] arp detection enable [SwitchC-vlan203] vlan 303...
  • Page 255 [SwitchC-Twenty-FiveGigE1/0/2] port trunk permit vlan 103 104 203 204 303 304 501 to # Configure many-to-one VLAN mappings on Twenty-FiveGigE 1/0/2 to map VLANs for PC, VoD, and VoIP traffic to VLANs 501, 502, and 503, respectively. [SwitchC-Twenty-FiveGigE1/0/2] vlan mapping uni range 103 to 104 translated-vlan 501 [SwitchC-Twenty-FiveGigE1/0/2] vlan mapping uni range 203 to 204 translated-vlan 502 [SwitchC-Twenty-FiveGigE1/0/2] vlan mapping uni range 303 to 304 translated-vlan 503 # Enable recording of client information in DHCP snooping entries on Twenty-FiveGigE 1/0/2.

  • Page 256: Example: Configuring One-To-Two And Two-To-Two Vlan Mapping

    [SwitchC] display vlan mapping Interface Twenty-FiveGigE1/0/1: Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN 101-102 201-202 301-302 Interface Twenty-FiveGigE1/0/2: Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN 103-104 203-204 303-304 Example: Configuring one-to-two and two-to-two VLAN mapping Network configuration As shown in...
  • Page 257 [PE1-vlan100] quit # Configure a one-to-two VLAN mapping on the customer-side port (Twenty-FiveGigE 1/0/1) to add SVLAN tag 100 to packets from VLAN 5. [PE1] interface twenty-fivegige 1/0/1 [PE1-Twenty-FiveGigE1/0/1] vlan mapping nest single 5 nested-vlan 100 # Configure Twenty-FiveGigE 1/0/1 as a hybrid port. [PE1-Twenty-FiveGigE1/0/1] port link-type hybrid # Assign Twenty-FiveGigE 1/0/1 to VLAN 100 as an untagged member.
  • Page 258 # Configure a two-to-two VLAN mapping on Twenty-FiveGigE 1/0/1 to map SVLAN 100 and CVLAN 5 to SVLAN 200 and CVLAN 6. [PE3-Twenty-FiveGigE1/0/1] vlan mapping tunnel 100 5 translated-vlan 200 6 [PE3-Twenty-FiveGigE1/0/1] quit # Configure Twenty-FiveGigE 1/0/2 as a trunk port. [PE3] interface twenty-fivegige 1/0/2 [PE3-Twenty-FiveGigE1/0/2] port link-type trunk # Assign Twenty-FiveGigE 1/0/2 to VLAN 200.
  • Page 260 Contents Configuring loop detection ·································································· 1     About loop detection ··················································································································· 1   Loop detection mechanism ···································································································· 1   Loop detection interval ········································································································· 2   Loop protection actions ········································································································· 2   Port status auto recovery ······································································································ 2   Loop detection tasks at a glance ··································································································· 3  ...

  • Page 261: Configuring Loop Detection

    Configuring loop detection About loop detection The loop detection mechanism performs periodic checking for Layer 2 loops. The mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations. You can configure loop detection to shut down the looped port. Logs are maintained in the information center.

  • Page 262: Loop Detection Interval

    • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. • Reserved—This field is reserved. Frames for loop detection are encapsulated as TLV triplets. Table 1 TLVs supported by loop detection Description Remarks End of PDU...

  • Page 263: Loop Detection Tasks At A Glance

    The device automatically sets the port to the forwarding state after the detection timer set by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.

  • Page 264: Setting The Loop Protection Action

    By default, loop detection is disabled on ports. Setting the loop protection action Restrictions and guidelines for loop protection action configuration You can set the loop protection action globally or on a per-port basis. The global action applies to all ports.

  • Page 265: Display And Maintenance Commands For Loop Detection

    Display and maintenance commands for loop detection Execute display commands in any view. Task Command display loopback-detection Display the loop detection configuration and status. Loop detection configuration examples Example: Configuring basic loop detection functions Network configuration As shown in Figure 3, configure loop detection on Device A to meet the following requirements: •...
  • Page 266 [DeviceA-Twenty-FiveGigE1/0/1] port link-type trunk [DeviceA-Twenty-FiveGigE1/0/1] port trunk permit vlan 100 [DeviceA-Twenty-FiveGigE1/0/1] quit [DeviceA] interface twenty-fivegige 1/0/2 [DeviceA-Twenty-FiveGigE1/0/2] port link-type trunk [DeviceA-Twenty-FiveGigE1/0/2] port trunk permit vlan 100 [DeviceA-Twenty-FiveGigE1/0/2] quit # Set the global loop protection action to shutdown. [DeviceA] loopback-detection global action shutdown # Set the loop detection interval to 35 seconds.
  • Page 267 %Feb 24 15:04:29:667 2013 DeviceA LPDT/4/LPDT_LOOPED: A loop was detected on Twenty-FiveGigE1/0/2. %Feb 24 15:04:29:668 2013 DeviceA LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on Twenty-FiveGigE1/0/2 in VLAN 100. %Feb 24 15:04:44:243 2013 DeviceA LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on Twenty-FiveGigE1/0/1 in VLAN 100. %Feb 24 15:04:44:243 2013 DeviceA LPDT/5/LPDT_RECOVERED: All loops were removed on Twenty-FiveGigE1/0/1.
  • Page 268 Contents Spanning tree protocol overview ·························································· 1   About STP ································································································································ 1   STP protocol frames ············································································································ 1   Basic concepts in STP ·········································································································· 3   Calculation process of the STP algorithm ················································································· 4   Example of STP calculation ··································································································· 5  ...
  • Page 269 Enabling outputting port state transition information ········································································· 41   Enabling the spanning tree feature ······························································································ 41   Restrictions and guidelines ·································································································· 41   Enabling the spanning tree feature in STP/RSTP/MSTP mode ···················································· 41   Enabling the spanning tree feature in PVST mode ···································································· 42  ...

  • Page 270: About Stp

    Spanning tree protocol overview Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
  • Page 271 • Protocol ID—Fixed at 0x0000, which represents IEEE 802.1d. • Protocol version ID—Spanning tree protocol version ID. The protocol version ID for STP is 0x00. • BPDU type—Type of the BPDU. The value is 0x00 for a configuration BPDU. • Flags—An 8-bit field indicates the purpose of the BPDU.

  • Page 272: Basic Concepts In Stp

    Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called leaf nodes. The root bridge is not permanent, but can change with changes of the network topology.

  • Page 273: Calculation Process Of The Stp Algorithm

    Table 1 STP port states State Receives/sends BPDUs Learns MAC addresses Forwards user data Disabled Listening Learning Forwarding Blocking Receive Path cost Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust.

  • Page 274: Example Of Stp Calculation

    Step Description Based on the configuration BPDU and the path cost of the root port, the device calculates a designated port configuration BPDU for each of the other ports. • The root bridge ID is replaced with that of the configuration BPDU of the root port. •...
  • Page 275 Figure 4 The STP algorithm As shown in Figure 4, the priority values of Device A, Device B, and Device C are 0, 1, and 2, respectively. The path costs of links among the three devices are 5, 10, and 4. Device state initialization Table 3, each configuration BPDU contains the following fields: root bridge ID, root path cost,...
  • Page 276 Table 4 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison Port A1 performs the following operations: Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}. Determines that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU.
  • Page 277 Configuration BPDU on Device Comparison process ports after comparison Port C1}. Updates its configuration BPDU. Port C2 performs the following operations: Receives the original configuration BPDU of Port B2 {1, 0, 1, Port B2}. Determines that the received configuration BPDU is superior to the existing configuration BPDU {2, 0, 2, Port C2}.

  • Page 278: The Configuration Bpdu Forwarding Mechanism Of Stp

    Configuration BPDU on Device Comparison process ports after comparison spanning tree calculation process: for example, the link between Device B and Device C is down. Final calculated spanning tree After the comparison processes described in Table 4, a spanning tree with Device A as the root bridge is established, as shown in Figure Figure 5 The final calculated spanning tree...

  • Page 279: About Rstp

    A path failure can cause spanning tree re-calculation to adapt the spanning tree structure to the change. However, the resulting new configuration BPDU cannot propagate throughout the network immediately. If the newly elected root ports and designated ports start to forward data immediately, a temporary loop will likely occur.

  • Page 280: How Rstp Works

    • Alternate port—Acts as the backup port for a root port. When the root port is blocked, the alternate port takes over. • Backup port—Acts as the backup port of a designated port. When the designated port is invalid, the backup port becomes the new designated port. A loop occurs when two ports of the same spanning tree device are connected, so the device blocks one of the ports.

  • Page 281: About Pvst

    Because each VLAN runs RSTP independently, a spanning tree only serves its VLAN. A PVST-enabled H3C device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled H3C device supports fast network convergence like RSTP when connected to PVST-enabled H3C devices or third-party devices enabled with Rapid PVST.

  • Page 282: How Pvst Works

    A port's link type determines the type of BPDUs the port sends. • An access port sends RSTP BPDUs. • A trunk or hybrid port sends RSTP BPDUs in the default VLAN and sends PVST BPDUs in other VLANs. How PVST works PVST implements per-VLAN spanning tree calculation by mapping each VLAN to an MSTI.
  • Page 283 Figure 8 MSTP BPDU format The first 13 fields of an MSTP BPDU are the same as an RSTP BPDU. The other six fields are unique to MSTP. • Protocol version ID—The value is 0x03 for MSTP. • BPDU type—The value is 0x02 for RSTP/MSTP BPDUs. •...

  • Page 284: Basic Concepts In Mstp

    Basic concepts in MSTP Figure 9 shows a switched network that contains four MST regions, each MST region containing four MSTP devices. Figure 10 shows the networking topology of MST region 3. Figure 9 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1...
  • Page 285 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: • A spanning tree protocol enabled • Same region name •...
  • Page 286 • The regional root of MSTI 1 is Device B. • The regional root of MSTI 2 is Device C. • The regional root of MSTI 0 (also known as the IST) is Device A. Common root bridge The common root bridge is the root bridge of the CIST. Figure 9, the common root bridge is a device in MST region 1.

  • Page 287: How Mstp Works

    CIST. However, that is not true with master ports. A master port on MSTIs is a root port on the CIST. Port states In MSTP, a port can be in one of the following states: • Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user traffic.

  • Page 288: Mstp Implementation On Devices

    • Within an MST region, the frame is forwarded along the corresponding MSTI. • Between two MST regions, the frame is forwarded along the CST. MSTP implementation on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol frames.

  • Page 289: Root Port Rapid Transition

    Root port rapid transition When a root port is blocked, the bridge will elect the alternate port with the highest priority as the new root port. If the new root port's peer is in the forwarding state, the new root port immediately transits to the forwarding state.

  • Page 290: Protocols And Standards

    Figure 14 P/A transition for RSTP and PVST P/A transition for MSTP In MSTP, an upstream bridge sets both the proposal and agreement flags in its BPDU. If a downstream bridge receives the BPDU and its receiving port is elected as the root port, the bridge blocks all the other ports except edge ports.
  • Page 291 • IEEE 802.1Q-REV/D1.3, Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks —Clause 13: Spanning tree Protocols...

  • Page 292: Configuring Spanning Tree Protocols

    Configuring spanning tree protocols Restrictions and guidelines: spanning tree protocol configuration Restrictions: Compatibility with other features • When the spanning tree protocol is enabled for a DR system, make sure the DR member devices have the same spanning tree configuration, including: Global spanning tree configuration.

  • Page 293: Spanning Tree Protocol Tasks At A Glance

    Spanning tree protocol tasks at a glance STP tasks at a glance Configuring the root bridge To configure the root bridge in STP mode, perform the following tasks: Setting the spanning tree mode Set the spanning tree mode to STP. (Optional.) Configuring the root bridge or a secondary root bridge (Optional.)

  • Page 294: Rstp Tasks At A Glance

    RSTP tasks at a glance Configuring the root bridge To configure the root bridge in RSTP mode, perform the following tasks: Setting the spanning tree mode Set the spanning tree mode to RSTP. (Optional.) Configuring the root bridge or a secondary root bridge (Optional.) Configuring the device priority (Optional.) Configuring parameters that affects RSTP topology convergence...

  • Page 295: Pvst Tasks At A Glance

    Enabling BPDU transparent transmission on a port Enabling SNMP notifications for new-root election and topology change events PVST tasks at a glance Configuring the root bridge To configure the root bridge in PVST mode, perform the following tasks: Setting the spanning tree mode Set the spanning tree mode to PVST.

  • Page 296: Mstp Tasks At A Glance

    Disabling inconsistent PVID protection Configuring protection features Enabling the device to log events of detecting or receiving TC BPDUs Disabling the device from reactivating edge ports shut down by BPDU guard Enabling BPDU transparent transmission on a port Enabling SNMP notifications for new-root election and topology change events MSTP tasks at a glance Configuring the root bridge To configure the root bridge in MSTP mode, perform the following tasks:...

  • Page 297: Setting The Spanning Tree Mode

    Configuring the BPDU transmission rate Configuring edge ports Configuring path costs of ports Configuring the port priority Configuring the port link type (Optional.) Configuring the mode a port uses to recognize and send MSTP frames (Optional.) Enabling outputting port state transition information Enabling the spanning tree feature (Optional.) Configuring advanced spanning tree features Performing mCheck...

  • Page 298: Configuring An Mst Region

    Set the spanning tree mode. stp mode { mstp | pvst | rstp | stp } The default setting is the MSTP mode. Configuring an MST region About MST region Spanning tree devices belong to the same MST region if they are both connected through a physical link and configured with the following details: •...

  • Page 299: Configuring The Root Bridge Or A Secondary Root Bridge

    Configuring the root bridge or a secondary root bridge Restrictions and guidelines You can have the spanning tree protocol determine the root bridge of a spanning tree through calculation. You can also specify a device as the root bridge or as a secondary root bridge. When you specify a device as the root bridge or as a secondary root bridge, follow these restrictions and guidelines: •...

  • Page 300: Configuring The Device Priority

    Configuring the device priority About device priority Device priority is a factor in calculating the spanning tree. The priority of a device determines whether the device can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority.

  • Page 301: Configuring The Network Diameter Of A Switched Network

    Configuring the network diameter of a switched network About network diameter Any two terminal devices in a switched network can reach each other through a specific path, and there are a series of devices on the path. The switched network diameter is the maximum number of devices on the path for an edge device to reach another one in the switched network through the root bridge.
  • Page 302 As a best practice, specify the network diameter and letting spanning tree protocols automatically calculate the timers based on the network diameter instead of manually setting the spanning tree timers. If the network diameter uses the default value, the timers also use their default values. Set the timers only on the root bridge.

  • Page 303: Setting The Timeout Factor

    Setting the timeout factor About timeout factor The timeout factor is a parameter used to decide the timeout period. The formula for calculating the timeout period is: timeout period = timeout factor × 3 × hello time. In a stable network, each non-root-bridge device forwards configuration BPDUs to the downstream devices at the hello time interval to detect link failures.

  • Page 304: Configuring Edge Ports

    Configuring edge ports About edge port If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port. When network topology change occurs, an edge port will not cause a temporary loop.
  • Page 305 Table 7 Mappings between the link speed (100M and below) and the path cost Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard 65535 200000000 200000 Single port 2000000 2000 Aggregate interface containing two Selected 1000000 1800 ports Aggregate interface 10 Mbps...
  • Page 306 Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard containing two Selected ports Aggregate interface containing three Selected ports Aggregate interface containing four Selected ports Table 10 Mappings between the link speed (25G) and the path cost Path cost Link speed Port type...

  • Page 307: Configuring Path Costs Of Ports

    Path cost Link speed Port type IEEE Private IEEE 802.1t 802.1d-1998 standard Aggregate interface containing two Selected ports Aggregate interface containing three Selected ports Aggregate interface containing four Selected ports Restrictions and guidelines If you change the standard for the default path cost calculation, you restore the path costs to the default.

  • Page 308: Configuring The Port Priority

    In PVST mode: stp vlan vlan-id-list cost cost-value In MSTP mode: stp [ instance instance-list ] cost cost-value By default, the system automatically calculates the path cost of each port. Configuring the port priority About port priority The priority of a port is a factor that determines whether the port can be elected as the root port of a device.

  • Page 309: Configuring The Mode A Port Uses To Recognize And Send Mstp Frames

    • In PVST or MSTP mode, the stp point-to-point force-false or stp point-to-point force-true command configured on a port takes effect on all VLANs or all MSTIs. • Before you set the link type of a port to point-to-point, make sure the port is connected to a point-to-point link.

  • Page 310: Enabling Outputting Port State Transition Information

    Enabling outputting port state transition information About outputting port state transition information In a large-scale spanning tree network, you can enable devices to output the port state transition information. Then, you can monitor the port states in real time. Procedure Enter system view.

  • Page 311: Performing Mcheck

    interface interface-type interface-number Enable the spanning tree feature for the port. stp enable By default, the spanning tree feature is enabled on all ports. Enabling the spanning tree feature in PVST mode Enter system view. system-view Enable the spanning tree feature. stp global enable When the device starts up with initial settings, the spanning tree feature is globally disabled by default.

  • Page 312: Performing Mcheck Globally

    Performing mCheck globally Enter system view. system-view Perform mCheck. stp global mcheck Performing mCheck in interface view Enter system view. system-view Enter interface view. interface interface-type interface-number Perform mCheck. stp mcheck Disabling inconsistent PVID protection About inconsistent PVID protection In PVST, if two connected ports use different PVIDs, PVST calculation errors might occur. By default, inconsistent PVID protection is enabled to avoid PVST calculation errors.
  • Page 313 The devices of different vendors in the same MST region cannot communicate with each other. To enable communication between an H3C device and a third-party device in the same MST region, enable Digest Snooping on the H3C device port connecting them.

  • Page 314: Configuring No Agreement Check

    By default, Digest Snooping is disabled globally. Configuring No Agreement Check About No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: • Proposal—Sent by designated ports to request rapid transition •...

  • Page 315: Configuring Tc Snooping

    In this case, the following occurs: The root port on the downstream device receives no agreement from the upstream device. It sends no agreement to the upstream device. As a result, the designated port of the upstream device can transit to the forwarding state only after a period twice the forward delay.

  • Page 316: Configuring Protection Features

    Figure 18 TC Snooping application scenario To avoid traffic interruption, you can enable TC Snooping on the IRF fabric. After receiving a TC-BPDU through a port, the IRF fabric updates MAC address table and ARP table entries associated with the port's VLAN. In this way, TC Snooping prevents topology change from interrupting traffic forwarding in the network.

  • Page 317: Configuring Bpdu Guard

    • Enabling root guard • Enabling loop guard • Configuring port role restriction • Configuring TC-BPDU transmission restriction • Enabling TC-BPDU guard • Enabling BPDU drop • Enabling PVST BPDU guard • Disabling dispute guard Configuring BPDU guard About BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers.

  • Page 318: Enabling Root Guard

    Configure BPDU guard. stp port bpdu-protection { enable | disable } By default, the enabling status of BPDU guard on an interface is the same as that of global BPDU guard. Enabling root guard About root guard Configure root guard on a designated port. The root bridge and secondary root bridge of a spanning tree should be located in the same MST region.

  • Page 319: Configuring Port Role Restriction

    As a result, loops occur in the switched network. The loop guard feature can suppress the occurrence of such loops. The initial state of a loop guard-enabled port is discarding in every MSTI. When the port receives BPDUs, it transits its state. Otherwise, it stays in the discarding state to prevent temporary loops. Restrictions and guidelines Do not enable loop guard on a port that connects user terminals.

  • Page 320: Configuring Tc-Bpdu Transmission Restriction

    Configuring TC-BPDU transmission restriction About TC-BPDU transmission restriction Make this configuration on the port that connects to the user access network. The topology change to the user access network might cause the forwarding address changes to the core network. When the user access network topology is unstable, the user access network might affect the core network.

  • Page 321: Enabling Bpdu Drop

    Enabling BPDU drop About BPDU drop In a spanning tree network, every BPDU arriving at the device triggers an STP calculation process and is then forwarded to other devices in the network. Malicious attackers might use the vulnerability to attack the network by forging BPDUs. By continuously sending forged BPDUs, they can make all devices in the network continue performing STP calculations.
  • Page 322 Port A1 can only receive BPDUs and cannot send BPDUs to Port B1. Port B1 does not receive BPDUs from Port A1 for a certain period of time. Device B determines itself as the root bridge. Port B1 sends its BPDUs to Port A1. Port A1 determines the received BPDUs are inferior to its own BPDUs.
  • Page 323 Figure 20 Dispute guard triggering scenario (on a root port) Device A Device B Device A Device B Device A Device B Root Root Root Root Root Port A1 Port B1 Port A1 Port B1 Port A1 Port B1 Port C1 Port C1 Port C1 Device C...

  • Page 324: Enabling The Device To Log Events Of Detecting Or Receiving Tc Bpdus

    Enabling the device to log events of detecting or receiving TC BPDUs About spanning tree TC BPDU event logging This feature allows the device to generate logs when it detects or receives TC BPDUs. This feature applies only to PVST mode. Procedure Enter system view.

  • Page 325: Enabling Snmp Notifications For New-Root Election And Topology Change Events

    If this feature and the spanning tree protocol are enabled on a port which is inferior to its downstream port, the downstream port can receive BPDUs from that port. To prevent network flapping caused by this problem, disable the spanning tree protocol before you enable BPDU transparent transmission on the port.

  • Page 326: Display And Maintenance Commands For The Spanning Tree Protocols

    Display and maintenance commands for the spanning tree protocols Execute display commands in any view and reset command in user view. Task Command display stp [ instance instance-list | vlan Display the spanning tree status vlan-id-list ] [ interface interface-list | and statistics.
  • Page 327 VLAN 10 and VLAN 30 are terminated on the distribution layer devices, and VLAN 40 is terminated on the access layer devices. The root bridges of MSTI 1 and MSTI 3 are Device A and Device B, respectively, and the root bridge of MSTI 4 is Device C. Figure 22 Network diagram MST region Device A...
  • Page 328 [DeviceB] stp region-configuration [DeviceB-mst-region] region-name example # Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively. [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceB-mst-region] revision-level 0 # Activate MST region configuration.
  • Page 329 # Enable the spanning tree feature globally. [DeviceD] stp global enable Verifying the configuration In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0. When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device.

  • Page 330: Example: Configuring Pvst

    Figure 23 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30 MSTI 4 mapped to VLAN 40 Root bridge Normal link Blocked link Example: Configuring PVST Network configuration As shown in Figure...
  • Page 331 Procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.
  • Page 332 VLAN ID Port Role STP State Protection Twenty-FiveGigE1/0/1 DESI FORWARDING NONE Twenty-FiveGigE1/0/3 DESI FORWARDING NONE Twenty-FiveGigE1/0/1 DESI FORWARDING NONE Twenty-FiveGigE1/0/2 DESI FORWARDING NONE Twenty-FiveGigE1/0/3 DESI FORWARDING NONE Twenty-FiveGigE1/0/2 DESI FORWARDING NONE Twenty-FiveGigE1/0/3 ROOT FORWARDING NONE # Display brief spanning tree information on Device B. [DeviceB] display stp brief VLAN ID Port...

  • Page 333: Example: Configuring Drni With Pvst

    Figure 25 VLAN spanning tree topologies Example: Configuring DRNI with PVST Network configuration As shown in Figure 26, Device A and Device B work at the distribution layer, and Device C and Device D work at the access layer. Configure DRNI on Device A and Device B. In the DR system, Device A is the primary DR device, and Device B is the secondary DR device.
  • Page 334 Figure 26 Network diagram Procedure Configure VLANs and VLAN member ports. (Details not shown.) Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. Create VLAN 10, and VLAN 20 on Device C. Create VLAN 20, and VLAN 30 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.
  • Page 335 Verifying the configuration When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device. # Display brief spanning tree information of the DR system on the primary DR device, Device A. [DeviceA] display stp brief VLAN ID Port...
  • Page 336 Contents Configuring LLDP ············································································· 1     About LLDP ······························································································································ 1   LLDP agents and bridge modes ····························································································· 1   LLDP frame formats ············································································································· 2   LLDPDUs ·························································································································· 3   TLVs································································································································· 3   Management address ··········································································································· 6   LLDP operating modes ········································································································· 6  ...

  • Page 338: Configuring Lldp

    Configuring LLDP About LLDP The Link Layer Discovery Protocol (LLDP) is a standard link layer protocol that allows network devices from different vendors to discover neighbors and exchange system and configuration information. In an LLDP-enabled network, a device advertises local device information in LLDP Data Units (LLDPDUs) to the directly connected devices.

  • Page 339: Lldp Frame Formats

    The types of supported LLDP agents vary with the bridge mode in which LLDP operates. LLDP supports the following bridge modes: customer bridge (CB) and service bridge (SB). • Customer bridge mode—LLDP supports nearest bridge agent, nearest non-TPMR bridge agent, and nearest customer bridge agent. LLDP processes the LLDP frames with destination MAC addresses for these agents and transparently transmits the LLDP frames with other destination MAC addresses in VLANs.

  • Page 340: Lldpdus

    LLDP frame encapsulated in SNAP Figure 3 SNAP-encapsulated LLDP frame Table 2 Fields in a SNAP-encapsulated LLDP frame Field Description MAC address to which the LLDP frame is advertised. It is the same as that Destination MAC address for Ethernet II-encapsulated LLDP frames. Source MAC address MAC address of the sending port.
  • Page 341 Organizationally specific TLVs and LLDP-MED TLVs are used for enhanced device management. They are defined by standardization or other organizations and are optional for LLDPDUs. Basic management TLVs Table 3 lists the basic management TLV types. Some of them are mandatory for LLDPDUs. Table 3 Basic management TLVs Type Description...
  • Page 342 Type Description Management VID Management VLAN ID. VID Usage Digest VLAN ID usage digest. ETS Configuration Enhanced Transmission Selection configuration. ETS Recommendation ETS recommendation. Priority-based Flow Control. Application protocol. Quantized Congestion Notification. QCN TLVs are not supported in the current software version. IEEE 802.3 organizationally specific TLVs Table 5 shows the IEEE 802.3 organizationally specific TLVs.

  • Page 343: Management Address

    If the MAC/PHY configuration/status TLV is not advertisable, none of the LLDP-MED TLVs will be advertised even if they are advertisable. If the LLDP-MED capabilities TLV is not advertisable, the other LLDP-MED TLVs will not be advertised even if they are advertisable. Table 6 LLDP-MED TLVs Type Description...

  • Page 344: Transmitting And Receiving Lldp Frames

    Transmitting and receiving LLDP frames Transmitting LLDP frames An LLDP agent operating in TxRx mode or Tx mode sends LLDP frames to its directly connected devices both periodically and when the local configuration changes. To prevent LLDP frames from overwhelming the network during times of frequent changes to local device information, LLDP uses the token bucket mechanism to rate limit LLDP frames.

  • Page 345: Restrictions And Guidelines: Lldp Configuration

    Restrictions and guidelines: LLDP configuration When you configure LLDP, follow these restrictions and guidelines: • Some of the LLDP configuration tasks are available in different interface views (see Table Table 7 Support of LLDP configuration tasks in different views Tasks Supported views Enabling LLDP Setting the LLDP operating mode...

  • Page 346: Enabling Lldp

    11. (Optional.) Configuring MAC address learning for DCN (Optional.) Setting the source MAC address of LLDP frames (Optional.) Enabling generation of ARP or ND entries for received management address TLVs Enabling LLDP Restrictions and guidelines For LLDP to take effect on specific ports, you must enable LLDP both globally and on these ports. Procedure Enter system view.

  • Page 347: Setting The Lldp Reinitialization Delay

    In Ethernet interface view, if you do not specify an agent type, the command sets the operating mode for the nearest bridge agent. In Layer 2/Layer 3 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr } admin-status { disable | rx | tx | txrx } In aggregate interface view, you can set the operating mode only for the nearest customer bridge agent and nearest non-TPMR bridge agent.
  • Page 348 country-code { ca-type ca-value }&<1-10> | elin-address tel-number } } } By default, the nearest bridge agent advertises all supported TLVs except the following TLVs: − DCBX TLVs. − Location identification TLVs. − Port and protocol VLAN ID TLVs. − VLAN name TLVs. −...
  • Page 349 lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all | link-aggregation } | dot3-tlv { all | link-aggregation | mac-physic | max-frame-size | power } | med-tlv { all | capability | inventory | power-over-ethernet | location-id { civic-address device-type country-code { ca-type ca-value }&<1-10>...

  • Page 350: Configuring Advertisement Of The Management Address Tlv

    lldp tlv-enable basic-tlv { port-description | system-capability | system-description | system-name } By default, the nearest bridge agent advertises all supported basic management TLVs. Only the nearest bridge agent is supported. Configuring advertisement of the management address TLV About advertisement of the management address TLV LLDP encodes management addresses in numeric or string format in management address TLVs.

  • Page 351: Setting The Encapsulation Format For Lldp Frames

    lldp [ agent { nearest-customer | nearest-nontpmr } ] tlv-enable basic-tlv management-address-tlv [ ipv6 ] [ ip-address ] | interface loopback interface-number ] In Layer 2/Layer 3 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr } tlv-enable basic-tlv management-address-tlv [ ipv6 ] [ ip-address ] By default: The nearest bridge agent and nearest customer bridge agent advertise the management address TLVs.

  • Page 352: Setting Lldp Frame Transmission Parameters

    Setting LLDP frame transmission parameters About setting LLDP frame transmission parameters The Time to Live TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device. By setting the TTL multiplier, you can configure the TTL of locally sent LLDPDUs. The TTL is expressed by using the following formula: TTL = Min (65535, (TTL multiplier ×...

  • Page 353: Enabling Lldp Polling

    By default, no timeout is set for receiving LLDP frames, and the device does not report no LLDP neighbor events. Enabling LLDP polling About LLDP polling With LLDP polling enabled, a device periodically searches for local configuration changes. When the device detects a configuration change, it sends LLDP frames to inform neighboring devices of the change.
  • Page 354 CDP compatibility enables your device to receive and recognize CDP packets from the neighboring CDP device and send CDP packets to the neighboring device. The CDP packets sent to the neighboring CDP device carry the following information: • Device ID. •...

  • Page 355: Configuring Lldp Trapping And Lldp-Med Trapping

    • Configure LLDP to operate in TxRx mode on the port. Procedure Enter system view. system-view Enable CDP compatibility globally. lldp compliance cdp By default, CDP compatibility is disabled globally. Enter Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view. interface interface-type interface-number Configure CDP-compatible LLDP to operate in TxRx mode.

  • Page 356: Configuring Lldp Neighbor Validation And Aging

    Return to system view. quit (Optional.) Set the LLDP trap transmission interval. lldp timer notification-interval interval The default setting is 30 seconds. Configuring LLDP neighbor validation and aging Configuring LLDP neighbor validation on an interface About LLDP neighbor validation LLDP neighbor validation enables an interface to validate the identity of the neighbor based on the neighbor validation criteria configured on the interface.

  • Page 357: Configuring Mac Address Learning For Dcn

    Procedure Enter system view. system-view Enter Layer 2 or Layer 3 Ethernet interface view. interface interface-type interface-number Enable LLDP neighbor aging on the interface. lldp neighbor-protection aging { block | shutdown } By default, neighbor aging is disabled on an interface. Configuring MAC address learning for DCN About MAC address learning for DCN For the data communication network (DCN) to implement operation, administration, and...

  • Page 358: Enabling Generation Of Arp Or Nd Entries For Received Management Address Tlvs

    lldp source-mac vlan vlan-id By default, the source MAC address of LLDP frames is the MAC address of the egress interface. To use the MAC address of a Layer 3 Ethernet subinterface as the source MAC address, use vlan-id to specify the subinterface ID in Layer 3 Ethernet interface view. Enabling generation of ARP or ND entries for received management address TLVs About generation of ARP or ND entries for received management address TLVs...

  • Page 359: Lldp Configuration Examples

    Task Command display lldp local-information global interface Display local LLDP information. interface-type interface-number display lldp neighbor-information interface [ [ [ Display the information interface-type interface-number agent contained in the LLDP nearest-bridge nearest-customer TLVs sent from nearest-nontpmr verbose list system-name } ] [ ] ] | neighboring devices.
  • Page 360 [SwitchA] lldp global enable # Enable LLDP on Twenty-FiveGigE 1/0/1. By default, LLDP is enabled on ports. [SwitchA] interface twenty-fivegige 1/0/1 [SwitchA-Twenty-FiveGigE1/0/1] lldp enable # Set the LLDP operating mode to Rx on Twenty-FiveGigE 1/0/1. [SwitchA-Twenty-FiveGigE1/0/1] lldp admin-status rx [SwitchA-Twenty-FiveGigE1/0/1] quit # Enable LLDP on Twenty-FiveGigE 1/0/2.
  • Page 361 Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 21 Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP : Enable Admin status...
  • Page 362 Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 16 Number of received unknown TLV : 0 # Remove the link between Switch A and Switch B.

  • Page 363: Example: Configuring Cdp-Compatible Lldp

    LLDP status information of port 2 [Twenty-FiveGigE1/0/2]: LLDP agent nearest-bridge: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 0...
  • Page 364 Figure 6 Network diagram Procedure Configure a voice VLAN on Switch A: # Create VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] quit # Set the link type of Twenty-FiveGigE 1/0/1 and Twenty-FiveGigE 1/0/2 to trunk, and enable voice VLAN on them. [SwitchA] interface twenty-fivegige 1/0/1 [SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk [SwitchA-Twenty-FiveGigE1/0/1] voice-vlan 2 enable...
  • Page 365 CDP neighbor-information of port 1[Twenty-FiveGigE1/0/1]: LLDP agent nearest-bridge: CDP neighbor index Chassis ID : SEP00141CBCDBFE Port ID : Port 1 CDP neighbor-information of port 2[Twenty-FiveGigE1/0/2]: LLDP agent nearest-bridge: CDP neighbor index Chassis ID : SEP00141CBCDBFF Port ID : Port 1...

  • Page 366: Configuring Dcbx

    Detects configuration errors on peer devices. • Remotely configures the peer device if the peer device accepts the configuration. NOTE: H3C devices support only the remote configuration feature. DCBX application scenario Figure 7 DCBX application scenario DCBX enables lossless packet transmission on DCE networks.

  • Page 367: Protocols And Standards

    ETS Configuration. ETS Recommendation. PFC. APP. H3C devices can send these types of DCBX information to a server or storage adapter supporting FCoE. However, H3C devices cannot accept these types of DCBX information. Protocols and standards • DCB Capability Exchange Protocol Specification Rev 1.00 •...

  • Page 368: Setting The Dcbx Version

    Enter Layer 2 Ethernet interface view. interface interface-type interface-number Enable LLDP on the interface. lldp enable By default, LLDP is enabled on an interface. Enable the interface to advertise DCBX TLVs. lldp tlv-enable dot1-tlv dcbx By default, DCBX TLV advertisement is disabled on an interface. Setting the DCBX version Restrictions and guidelines When you set the DCBX version, follow these restrictions and guidelines:...
  • Page 369 • DCBX Rev 1.00 identifies application protocol packets only by frame type and advertises only TLVs with frame type 0x8906 (FCoE). • DCBX Rev 1.01 has the following attributes: Supports identifying application protocol packets by both frame type and TCP/UDP port number.

  • Page 370: Configuring Ets Parameters

    c. Return to system view. quit Apply the QoS policy. Choose one option as needed: Apply the QoS policy to the outgoing traffic of all ports. qos apply policy policy-name global outbound Apply the QoS policy to the outgoing traffic of a Layer 2 Ethernet interface. interface interface-type interface-number qos apply policy policy-name outbound The configuration in system view applies to all interfaces.

  • Page 371: Configuring Group-Based Wrr Queuing

    By default, no match criterion is configured for the class to match packets. Return to system view. quit Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name Configure the behavior to mark packets with the specified local precedence value. remark local-precedence local-precedence By default, no local precedence marking action is configured.

  • Page 372: Configuring Pfc Parameters

    Configuring PFC parameters About PFC parameters To prevent packets with an 802.1p priority value from being dropped, enable PFC for the 802.1p priority value. This feature reduces the sending rate of packets carrying this priority when network congestion occurs. The device uses PFC parameters to negotiate with the server adapter and to enable PFC for the specified 802.1p priorities on the server adapter.
  • Page 373 # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp global enable # Enable LLDP and DCBX TLV advertising on Twenty-FiveGigE 1/0/1. [SwitchA] interface twenty-fivegige 1/0/1 [SwitchA-Twenty-FiveGigE1/0/1] lldp enable [SwitchA-Twenty-FiveGigE1/0/1] lldp tlv-enable dot1-tlv dcbx Set the DCBX version to Rev. 1.01 on Twenty-FiveGigE 1/0/1. [SwitchA-Twenty-FiveGigE1/0/1] dcbx version rev101 [SwitchA-Twenty-FiveGigE1/0/1] quit Configure APP parameters:...
  • Page 374 Configure PFC: # Enable PFC in auto mode on Twenty-FiveGigE 1/0/1. [SwitchA-Twenty-FiveGigE1/0/1] priority-flow-control auto # Enable PFC for 802.1 priority 3. [SwitchA-Twenty-FiveGigE1/0/1] priority-flow-control no-drop dot1p 3 Verifying the configuration # Display the data exchange result on the DC server through the software interface. This example uses the data exchange result for a QLogic adapter on the DC server.
  • Page 375 Number of Traffic Classes Supported: 8 DCBX Parameter Information Parameter Type: Remote Pad Byte Present: Yes DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 2 Priority Group ID of Priority 3: 15 Priority Group ID of Priority 2: 1 Priority Group ID of Priority 5: 5 Priority Group ID of Priority 4: 4...
  • Page 376 Priority Group ID of Priority 7: 0 Priority Group ID of Priority 6: 0 Priority Group 0 Percentage: 50 Priority Group 1 Percentage: 50 Priority Group 2 Percentage: 0 Priority Group 3 Percentage: 0 Priority Group 4 Percentage: 0 Priority Group 5 Percentage: 0 Priority Group 6 Percentage: 0 Priority Group 7 Percentage: 0 Number of Traffic Classes Supported: 2...
  • Page 377 PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No PFC Enabled on Priority 7: No Number of Traffic Classes Supported: 6 DCBX Parameter Information Parameter Type: Local Pad Byte Present: No DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data PFC Enabled on Priority 0: No PFC Enabled on Priority 1: No...
  • Page 378 Contents Configuring L2PT ············································································· 1     About L2PT ······························································································································ 1   L2PT application scenario ····································································································· 1   Supported protocols ············································································································· 1   L2PT operating mechanism ··································································································· 2   L2PT tasks at a glance ················································································································ 3   Enabling L2PT ·························································································································· 3  ...

  • Page 379: Configuring L2Pt

    Layer 2 protocol calculation, which is transparent to the service provider network. • Isolates Layer 2 protocol packets from different customer networks through different VLANs. Supported protocols H3C devices support L2PT for the following protocols: • CDP. • DLDP.

  • Page 380: L2Pt Operating Mechanism

    • LLDP. • MVRP. • PAgP. • PVST. • STP (including STP, RSTP, and MSTP). • UDLD. • VTP. L2PT operating mechanism As shown in Figure 2, L2PT operates as follows: • When a port of PE 1 receives a Layer 2 protocol packet from the customer network in a VLAN, it performs the following operations: Multicasts the packet out of all customer-facing ports in the VLAN except the receiving port.

  • Page 381: L2Pt Tasks At A Glance

    Figure 3 L2PT network diagram L2PT tasks at a glance To configure L2PT, perform the following tasks: Enabling L2PT or L2PT drop Enabling L2PT This feature is applicable only to customer-facing ports. (Optional.) Setting the destination multicast MAC address for tunneled packets Enabling L2PT Restrictions and guidelines for L2PT •...

  • Page 382: Enabling L2Pt For A Protocol In Layer 2 Ethernet Interface View

    Enabling L2PT for a protocol in Layer 2 Ethernet interface view Restrictions and guidelines LACP and EOAM require point-to-point transmission. If you enable L2PT on a Layer 2 Ethernet interface for LACP or EOAM, L2PT multicasts LACP or EOAM packets out of customer-facing ports. As a result, the transmission between two CEs is not point-to-point.

  • Page 383: Display And Maintenance Commands For L2Pt

    Procedure Enter system view. system-view Set the destination multicast MAC address for tunneled packets. l2protocol tunnel-dmac mac-address By default, 010f-e200-0003 is used for tunneled packets. Display and maintenance commands for L2PT Execute display commands in any view and reset commands in user view. Task Command display l2protocol statistics [ interface...

  • Page 384: Example: Configuring L2Pt For Lacp

    Procedure Configure PE 1: # Set the destination multicast address to 0100-0ccd-cdd0 for tunneled packets. <PE1> system-view [PE1] l2protocol tunnel-dmac 0100-0ccd-cdd0 # Create VLAN 2. [PE1] vlan 2 [PE1-vlan2] quit # Configure Twenty-FiveGigE 1/0/1 as an access port and assign the port to VLAN 2. [PE1] interface twenty-fivegige 1/0/1 [PE1-Twenty-FiveGigE1/0/1] port access vlan 2 # Disable STP and enable L2PT for STP on Twenty-FiveGigE 1/0/1.
  • Page 385 Figure 5 Network diagram Requirements analysis To meet the network requirements, perform the following tasks: • For Ethernet link aggregation to operate correctly, configure VLANs on the PEs to ensure point-to-point transmission between CE 1 and CE 2 in an aggregation group. Set the PVIDs to VLAN 2 and VLAN 3 for Twenty-FiveGigE 1/0/1 and Twenty-FiveGigE 1/0/2 on PE 1, respectively.
  • Page 386 [PE1] vlan 3 [PE1-vlan3] quit # Configure Twenty-FiveGigE 1/0/1 as a trunk port, assign the port to VLAN 2, and set the PVID to VLAN 2. [PE1] interface twenty-fivegige 1/0/1 [PE1-Twenty-FiveGigE1/0/1] port link-mode bridge [PE1-Twenty-FiveGigE1/0/1] port link-type trunk [PE1-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 [PE1-Twenty-FiveGigE1/0/1] port trunk pvid vlan 2 # Enable QinQ on Twenty-FiveGigE 1/0/1.
  • Page 387 Received LACP Packets: 23 packet(s) Illegal: 0 packet(s) Sent LACP Packets: 26 packet(s) Twenty-FiveGigE1/0/2: Aggregate Interface: Bridge-Aggregation1 Local: Port Number: 4 Port Priority: 32768 Oper-Key: 1 Flag: {ACDEF} Remote: System ID: 0x8000, 0004-0000-0000 Port Number: 4 Port Priority: 32768 Oper-Key: 1 Flag: {ACDEF} Received LACP Packets: 10 packet(s) Illegal: 0 packet(s)
  • Page 388 Flag: {ACDEF} Remote: System ID: 0x8000, 0001-0000-0000 Port Number: 4 Port Priority: 32768 Oper-Key: 1 Flag: {ACDEF} Received LACP Packets: 10 packet(s) Illegal: 0 packet(s) Sent LACP Packets: 13 packet(s)
  • Page 389 Contents Configuring service loopback groups ···················································· 1     About service loopback groups ····································································································· 1   Restrictions and guidelines: Service loopback group configuration ························································ 1   Configuring a service loopback group ····························································································· 1   Display and maintenance commands for service loopback groups ························································ 2  ...
  • Page 390 Configuring service loopback groups About service loopback groups A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. Member ports in a service loopback group are load balanced.
  • Page 391 Display and maintenance commands for service loopback groups Execute display commands in any view. Task Command display service-loopback group Display information about service loopback groups. [ group-id ] Service loopback group configuration examples Example: Configuring a service loopback group Network configuration All Ethernet ports on the device support the tunnel service.
  • Page 392 # Create the interface Tunnel 1 and set it to GRE mode. The interface will automatically use service loopback group 1. [Sysname] interface tunnel 1 mode gre [Sysname-Tunnel1]...
  • Page 393 Contents Configuring cut-through Layer 2 forwarding············································ 1     About cut-through Layer 2 forwarding ····························································································· 1   Restrictions and guidelines for cut-through Layer 2 forwarding configuration ··········································· 1   Procedure ································································································································ 1...
  • Page 394 Configuring cut-through Layer 2 forwarding About cut-through Layer 2 forwarding A cut-through forwarding-enabled device forwards a frame after it receives the first 64 bytes of the frame. This feature reduces the transmission time of a frame and enhances forwarding performance. Restrictions and guidelines for cut-through Layer 2 forwarding configuration With cut-through forwarding, the device forwards CRC-error frames because it starts forwarding...

This manual is also suitable for:

S9850 seriesS6850-56hfS9850-32h

Table of Contents

Save PDF