Download  Print this page

3Com 4510G Configuration Manual

3com switch 4510g family.
Hide thumbs
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990

Advertisement

3Com Switch 4510G Family
Switch 4510G 24-Port
Switch 4510G 48-Port
Product Version:
Release 2202
Manual Version:
6W100-20100112
www.3com.com
3Com Corporation
350 Campus Drive, Marlborough,
MA, USA 01752 3064

Advertisement

   Related Manuals for 3Com 4510G

   Summary of Contents for 3Com 4510G

  • Page 1: Configuration Guide

    3Com Switch 4510G Family Configuration Guide Switch 4510G 24-Port Switch 4510G 48-Port Product Version: Release 2202 Manual Version: 6W100-20100112 www.3com.com 3Com Corporation 350 Campus Drive, Marlborough, MA, USA 01752 3064...
  • Page 2 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
  • Page 3: About This Manual

    About This Manual Organization 3Com Switch 4510G Family Configuration Guide is organized as follows: Volume Features 00-Product Product Overview Acronyms Overview Ethernet Port Link Aggregation Port Isolation MSTP Isolate-User-VL 01-Access LLDP VLAN Voice VLAN Volume BPDU GVRP QinQ Port Mirroring...
  • Page 4 Volume Features Logging In Logging In User Interface Logging In to an Through the Through Configuration Ethernet Switch Console Port Telnet/SSH Examples Logging in Through Web-based Specifying Logging In Controlling Login Network Source for Through NMS Users Management Telnet Packets System Basic System Device...
  • Page 5: Related Documentation, Obtaining Documentation

    3Com Switch 4510G Family Getting This guide provides all the information you need to install Started Guide and use the 3Com Switch 4510G Family. Obtaining Documentation You can access the most up-to-date 3Com product documentation on the World Wide Web at this URL: http://www.3com.com.
  • Page 6: Product Features

    (MANs). They can also be used for connecting server groups in data centers. The 3Com Switches 4510G support the innovative Intelligent Resilient Framework (IRF) technology. With IRF, multiple 4510G switches can be interconnected as a logical entity to form a new intelligent network featuring high availability, scalability, and manageability.
  • Page 7 Volume Features Traffic Policing, Configuration Traffic Shaping, QoS Overview Priority Mapping Approaches and Line Rate 05-QoS Volume Congestion Traffic Filtering Priority Marking Traffic Redirecting Management Class-Based Traffic Mirroring User Profile Appendix Accounting EAD Fast 802.1X HABP Deployment Port Security IP Source Guard SSH2.0 06-Security Authentication...
  • Page 8: Access Volume

    Features The following sections provide an overview of the main features of each module supported by the Switch 4510G. Access Volume Table 2-1 Features in Access volume Features Description This document describes: Combo Port Configuration Basic Ethernet Interface Configuration Configuring Flow Control on an Ethernet Interface...
  • Page 9 Features Description LLDP enables a device to maintain and manage its own and its immediate neighbor’s device information, based on which the network management system detects and determines the conditions of the communications links. This document describes: LLDP Introduction to LLDP Performing Basic LLDP Configuration Configuring CDP Compatibility Configuring LLDP Trapping...
  • Page 10: Ip Services Volume

    IP Services Volume Table 2-2 Features in the IP Services volume Features Description An IP address is a 32-bit address allocated to a network interface on a device that is attached to the Internet. This document describes: IP Address Introduction to IP addresses IP address configuration Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address.
  • Page 11 Features Description As a DHCP security feature, DHCP snooping can ensure DHCP clients to obtain IP addresses from authorized DHCP servers and record IP-to-MAC mappings of DHCP clients.This document describes: DHCP Snooping DHCP Snooping Overview Configuring DHCP Snooping Basic Functions Configuring DHCP Snooping to Support Option 82 After you specify an interface of a device as a BOOTP client, the interface can use BOOTP to get information (such as IP address) from the BOOTP...
  • Page 12: Ip Routing Volume

    IP address. Policy Routing The Switch 4510G implements policy routing through QoS policies. For details about traffic classification, traffic behavior and QoS policy configuration commands, refer to QoS Commands in the QoS Volume.
  • Page 13: Qos Volume

    Features Description Running at the data link layer, IGMP Snooping is a multicast control mechanism on the Layer 2 Ethernet switch and it is used for multicast group management and control. This document describes: IGMP Snooping Configuring Basic Functions of IGMP Snooping Configuring IGMP Snooping Port Functions Configuring IGMP Snooping Querier Configuring IGMP Snooping Policy...
  • Page 14: Security Volume

    Features Description The key to congestion management is how to define a dispatching policy for resources to decide the order of forwarding packets when congestion occurs. This document describes: Congestion Configuring SP Queuing Management Configure WRR Queuing Configuring WFQ Queuing Configuring SP+WRR Queues This document describes how to filter in or filter out a class of traffic by Traffic Filtering...
  • Page 15 Features Description In conjunction with 802.1X, EAD Fast Deployment can have an access switch to force all attached devices to download and install the EAD client before permitting them to access the network. This document describes: EAD Fast Deployment EAD Fast Deployment overview EAD Fast Deployment configuration On an HABP-capable switch, HABP packets can bypass 802.1X authentication and MAC authentication, allowing communication among...
  • Page 16: High Availability Volume

    Features Description ACLs are sets of rules (or sets of permit or deny statements) that decide what packets can pass and what should be rejected based on matching ACL Overview criteria. This document provides the introduction of IPv4 ACL and IPv6 ACL.
  • Page 17 Features Description RRPP is a link layer protocol designed for Ethernet rings. RRPP can prevent broadcast storms caused by data loops when an Ethernet ring is healthy, and rapidly restore the communication paths between the nodes after a link is disconnected on the ring. This document describes: RRPP overview Creating an RRPP Domain Configuring Control VLANs...
  • Page 18: System Volume

    Command Authorization Configuration Example Command Accounting Configuration Example An switch 4510G has a built-in Web server. You can log in to an switch 4510G through a Web browser and manage and maintain the switch intuitively by interacting with the built-in Web server. This document...
  • Page 19 Features Description Multiple ways are available for controlling different types of login users. This document describes: Introduction Controlling Login Users Controlling Telnet Users Controlling Network Management Users by Source IP Addresses Controlling Web Users by Source IP Addresses Basic system configuration involves the configuration of device name, system clock, welcome message, user privilege levels and so on.
  • Page 20 SNMP log configuration Trap configuration 3Com private MIB involves two styles, 3Com compatible MIB and 3Com new MIB. To implement NMS’s flexible management of the device, the device allows you to configure MIB style, that is, you can switch between MIB Style the two styles of MIBs.
  • Page 21 Features Description NQA analyzes network performance, services and service quality by sending test packets to provide you with network performance and service quality parameters. This document describes: NQA Overview Configuring the NQA Server Enabling the NQA Client Creating an NQA Test Group Configuring an NQA Test Group Configuring the Collaboration Function Configuring Trap Delivery...
  • Page 22 Appendix A Acronyms # A B C D E F G H I K L M N O P Q R S T U V W X Z Acronyms Full spelling Return 10GE Ten-GigabitEthernet Return Authentication, Authorization and Accounting Activity Based Costing Area Border Router Alternating Current ACKnowledgement...
  • Page 23 Acronyms Full spelling Border Gateway Protocol BIMS Branch Intelligent Management System BOOTP Bootstrap Protocol BPDU Bridge Protocol Data Unit Basic Rate Interface Bootstrap Router BitTorrent Burst Tolerance Return Call Appearance Certificate Authority Committed Access Rate Committed Burst Size Class Based Queuing Constant Bit Rate Core-Based Tree International Telephone and Telegraph Consultative...
  • Page 24 Acronyms Full spelling Connectivity Verification Return Deeper Application Recognition Data Circuit-terminal Equipment Database Description Digital Data Network DHCP Dynamic Host Configuration Protocol Designated IS DLCI Data Link Connection Identifier DLDP Device Link Detection Protocol Domain Name System Downstream on Demand Denial of Service Designated Router DSCP...
  • Page 25 Acronyms Full spelling Forward Defect Indication Forwarding Equivalence Class Fast Failure Detection Forwarding Group Forwarding information base FIFO First In First Out FQDN Full Qualified Domain Name Frame Relay Fast ReRoute FRTT Fairness Round Trip Time Functional Test File Transfer Protocol Return GARP Generic Attribute Registration Protocol...
  • Page 26 Acronyms Full spelling International Business Machines ICMP Internet Control Message Protocol ICMPv6 Internet Control Message Protocol for IPv6 IDentification/IDentity IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGMP-Snooping Internet Group Management Protocol Snooping Interior Gateway Protocol Incoming Label Map Internet Locator Service...
  • Page 27 Acronyms Full spelling LACP Link Aggregation Control Protocol LACPDU Link Aggregation Control Protocol Data Unit Local Area Network Link Control Protocol LDAP Lightweight Directory Access Protocol Label Distribution Protocol Label Edge Router LFIB Label Forwarding Information Base Label Information Base Link Layer Control LLDP Link Layer Discovery Protocol...
  • Page 28 Acronyms Full spelling Multicast Listener Discovery Protocol MLD-Snooping Multicast Listener Discovery Snooping Meet-Me Conference MODEM MOdulator-DEModulator Multilink PPP MP-BGP Multiprotocol extensions for BGP-4 Middle-level PE MP-group Multilink Point to Point Protocol group MPLS Multiprotocol Label Switching MPLSFW Multi-protocol Label Switch Forward Multicast Port Management Mobile Switching Center MSDP...
  • Page 29 Acronyms Full spelling Network Management Station NPDU Network Protocol Data Unit Network Provider Edge Network Quality Analyzer NSAP Network Service Access Point NetStream Collector N-SEL NSAP Selector NSSA Not-So-Stubby Area NTDP Neighbor Topology Discovery Protocol Network Time Protocol Return Operation Administration and Maintenance OAMPDU OAM Protocol Data Units OC-3...
  • Page 30 Acronyms Full spelling Power over Ethernet Point Of Presence Packet Over SDH Point-to-Point Protocol PPTP Point to Point Tunneling Protocol PPVPN Provider-provisioned Virtual Private Network Priority Queuing Primary Reference Clock Primary Rate Interface Protection Switching Power Sourcing Equipment PSNP Partial SNP Permanent Virtual Channel Pseudo wires Return...
  • Page 31 Acronyms Full spelling Resilient Packet Ring Rendezvous Point Tree RRPP Rapid Ring Protection Protocol Reservation State Block RSOH Regenerator Section Overhead RSTP Rapid Spanning Tree Protocol RSVP Resource ReserVation Protocol RTCP Real-time Transport Control Protocol Route Table Entry Real-time Transport Protocol Real-time Transport Protocol Return Source Active...
  • Page 32 Acronyms Full spelling Shortest Path First Shortest Path Tree Secure Shell Synchronization Status Marker Source-Specific Multicast Shared Tree STM-1 SDH Transport Module -1 STM-16 SDH Transport Module -16 STM-16c SDH Transport Module -16c STM-4c SDH Transport Module -4c Spanning Tree Protocol Signalling Virtual Connection Switch-MDT Switch-Multicast Distribution Tree...
  • Page 33 Acronyms Full spelling Return Variable Bit Rate Virtual Channel Identifier Virtual Ethernet Virtual File System VLAN Virtual Local Area Network Virtual Leased Lines Video On Demand VoIP Voice over IP Virtual Operate System VPDN Virtual Private Dial-up Network VPDN Virtual Private Data Network Virtual Path Identifier VPLS Virtual Private Local Switch...
  • Page 34: Table Of Contents

    Table of Contents 1 Ethernet Port Configuration ·····················································································································1-1 Ethernet Port Configuration ····················································································································1-1 Combo Port Configuration···············································································································1-1 Basic Ethernet Interface Configuration····························································································1-2 Configuring Flow Control on an Ethernet Interface ·········································································1-3 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface ········1-3 Configuring Loopback Testing on an Ethernet Interface·································································1-4 Configuring a Port Group·················································································································1-4 Configuring an Auto-negotiation Transmission Rate·······································································1-5 Configuring Storm Suppression ······································································································1-6...
  • Page 35: Table Of Contents

    4 MSTP Configuration ··································································································································4-1 Overview ·················································································································································4-1 Introduction to STP ·································································································································4-1 Why STP ·········································································································································4-1 Protocol Packets of STP··················································································································4-1 Basic Concepts in STP····················································································································4-2 How STP works ·······························································································································4-3 Introduction to RSTP·······························································································································4-9 Introduction to MSTP ····························································································································4-10 Why MSTP ····································································································································4-10 Basic Concepts in MSTP···············································································································4-11 How MSTP Works ·························································································································4-14 Implementation of MSTP on Devices ····························································································4-15 Protocols and Standards ···············································································································4-15 MSTP Configuration Task List ··············································································································4-15...
  • Page 36: Table Of Contents

    Enabling LLDP·································································································································5-7 Setting LLDP Operating Mode ········································································································5-7 Setting the LLDP Re-Initialization Delay ·························································································5-8 Enabling LLDP Polling·····················································································································5-8 Configuring the TLVs to Be Advertised ···························································································5-8 Configuring the Management Address and Its Encoding Format ···················································5-9 Setting Other LLDP Parameters····································································································5-10 Setting an Encapsulation Format for LLDPDUs············································································5-10 Configuring CDP Compatibility ·············································································································5-11 Configuration Prerequisites ···········································································································5-11 Configuring CDP Compatibility······································································································5-12...
  • Page 37: Table Of Contents

    Voice VLAN Assignment Modes ·····································································································8-2 Security Mode and Normal Mode of Voice VLANs ·········································································8-3 Configuring a Voice VLAN ······················································································································8-4 Configuration Prerequisites ·············································································································8-4 Setting a Port to Operate in Automatic Voice VLAN Assignment Mode ·········································8-4 Setting a Port to Operate in Manual Voice VLAN Assignment Mode ·············································8-5 Displaying and Maintaining Voice VLAN·································································································8-6 Voice VLAN Configuration Examples ·····································································································8-6 Automatic Voice VLAN Mode Configuration Example ····································································8-6...
  • Page 38: Table Of Contents

    Enabling BPDU Tunneling·············································································································11-4 Configuring Destination Multicast MAC Address for BPDUs ························································11-5 BPDU Tunneling Configuration Examples ····························································································11-5 BPDU Tunneling for STP Configuration Example·········································································11-5 BPDU Tunneling for PVST Configuration Example ······································································11-6 12 Port Mirroring Configuration ················································································································12-1 Introduction to Port Mirroring ················································································································12-1 Classification of Port Mirroring ······································································································12-1 Implementing Port Mirroring ··········································································································12-1 Configuring Local Port Mirroring ···········································································································12-3 Configuring Remote Port Mirroring ·······································································································12-4...
  • Page 39: Ethernet Port Configuration

    Ethernet Port Configuration Ethernet Port Configuration GE and 10GE ports on the Switch 4510G Family are numbered in the following format: interface type A/B/C. A: Number of a member device in an IRF. If no IRF is formed, this value is 1.
  • Page 40: Basic Ethernet Interface Configuration

    In case of a Combo port, only one interface (either the optical port or the electrical port) is active at a time. That is, once the optical port is active, the electrical port will be inactive automatically, and vice versa. Basic Ethernet Interface Configuration Configuring an Ethernet interface Three types of duplex modes are available to Ethernet interfaces:...
  • Page 41 To do… Use the command… Remarks Optional By default, an Ethernet interface is in up Shut down the state. shutdown Ethernet interface To bring up an Ethernet interface, use the undo shutdown command. 10GE ports can be displayed only when 10GE interface module expansion cards are available on the device.
  • Page 42: Configuring Loopback Testing On An Ethernet Interface, Configuring A Port Group

    To do… Use the command… Remarks Required Configure the up/down By default, the physical-link-state suppression time of link-delay delay-time change suppression time is not physical-link-state changes configured. Configuring Loopback Testing on an Ethernet Interface You can enable loopback testing to check whether the Ethernet interface functions properly. Note that no data packets can be forwarded during the testing.
  • Page 43: Configuring An Auto-negotiation Transmission Rate

    Follow these steps to configure a manual port group: To do… Use the command… Remarks Enter system view — system-view Create a manual port group and enter port-group manual Required manual port group view port-group-name Add Ethernet interfaces to the manual Required group-member interface-list port group...
  • Page 44: Configuring Storm Suppression

    This function is available for auto-negotiation-capable Gigabit Layer-2 Ethernet electrical ports only.. If you repeatedly use the speed and the speed auto commands to configure the transmission rate on a port, only the latest configuration takes effect. Configuring Storm Suppression You can use the following commands to suppress the broadcast, multicast, and unknown unicast traffic.
  • Page 45: Setting The Interval For Collecting Ethernet Interface Statistics, Enabling Forwarding Of Jumbo Frames

    To do… Use the command… Remarks Optional By default, all unknown unicast traffic Set the unknown unicast unicast-suppression is allowed to pass through an storm suppression ratio { ratio | pps max-pps } interface, that is, unknown unicast traffic is not suppressed. If you set storm suppression ratios in Ethernet interface view or port group view repeatedly for an Ethernet interface that belongs to a port group, only the latest settings take effect.
  • Page 46: Enabling Loopback Detection On An Ethernet Interface

    To do… Use the command… Remarks frames the length of 9,216 bytes interface interface-type to pass through all Layer 2 In Ethernet interface-number Ethernet interfaces. interface view jumboframe enable Enabling Loopback Detection on an Ethernet Interface If a port receives a packet that it sent out, a loop occurs. Loops may cause broadcast storms. The purpose of loopback detection is to detect loops on an interface.
  • Page 47: Configuring The Mdi Mode For An Ethernet Interface

    Loopback detection on a given port is enabled only after the loopback-detection enable command has been configured in both system view and the interface view of the port. Loopback detection on all ports will be disabled after the configuration of the undo loopback-detection enable command under system view.
  • Page 48: Testing The Cable On An Ethernet Interface

    To do… Use the command… Remarks Optional Defaults to auto. That is, the Configure the MDI mode for mdi { across | auto | normal } Ethernet interface determines the Ethernet interface the physical pin roles (transmit or receive) through negotiation. Testing the Cable on an Ethernet Interface 10-Gigabit Ethernet ports and optical interfaces of SFP ports do not support this feature.
  • Page 49 Blocking the interface. In this case, the interface is blocked and thus stops forwarding the traffic of this type till the traffic detected is lower than the threshold. Note that an interface blocked by the storm constrain function can still forward other types of traffic and monitor the blocked traffic. Shutting down the interface.
  • Page 50: Displaying And Maintaining An Ethernet Interface

    For network stability sake, configure the interval for generating traffic statistics to a value that is not shorter than the default. The storm constrain function, after being enabled, requires a complete statistical period (specified by the storm-constrain interval command) to collect traffic data, and analyzes the data in the next period.
  • Page 51: Link Aggregation Configuration

    Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: Overview Link Aggregation Configuration Task List Configuring an Aggregation Group Configuring an Aggregate Interface Configuring a Load Sharing Mode for Load-Sharing Link Aggregation Groups Displaying and Maintaining Link Aggregation Link Aggregation Configuration Examples Overview...
  • Page 52 LACP multi-active detection (MAD) mechanism in an Intelligent Resilient Framework (IRF). Switches of the Switch 4510G Family that support extended LACP functions can function as both member devices and intermediate devices in LACP MAD implementation. For details about IRF, member devices, intermediate devices, and the LACP MAD mechanism, see IRF in the System Volume.
  • Page 53 Currently, the Switch 4510G Family support returning Marker Response PDUs only after dynamic link aggregation member ports receive Marker PDUs. Operational key When aggregating ports, link aggregation control automatically assigns each port an operational key based on the port attributes, including the configurations of the port rate, duplex mode and link state.
  • Page 54: Link Aggregation Modes

    Link Aggregation Modes Depending on the link aggregation procedure, link aggregation operates in one of the following two modes: Static aggregation mode Dynamic aggregation mode Static aggregation mode LACP is disabled on the member ports in a static aggregation group. In a static aggregation group, the system sets a port to selected or unselected state by the following rules: Select a port as the reference port from the ports that are in up state and with the same class-two configurations as the corresponding aggregate interface.
  • Page 55: Load Sharing Mode Of An Aggregation Group, Link Aggregation Configuration Task List

    Load Sharing Mode of an Aggregation Group The link aggregation groups created on the Switch 4510G Family always operate in load sharing mode, even when they contain only one member port. Link Aggregation Configuration Task List...
  • Page 56: Configuring An Aggregation Group

    Task Remarks Enabling LinkUp/LinkDown Trap Generation Optional for an Aggregate Interface Shutting Down an Aggregate Interface Optional Configuring a Load Sharing Mode for Load-Sharing Link Aggregation Optional Groups Configuring an Aggregation Group The following ports cannot be assigned to an aggregation group: Stack ports, RRPP-enabled ports, MAC address authentication-enabled ports, port security-enabled ports, IP source guard-enabled ports, and 802.1x-enabled ports.
  • Page 57: Configuring A Dynamic Aggregation Group

    Removing a Layer 2 aggregate interface also removes the corresponding aggregation group. At the same time, the member ports of the aggregation group, if any, leave the aggregation group. To guarantee a successful static aggregation, ensure that the ports at the two ends of each link to be aggregated are consistent in the selected/unselected state.
  • Page 58: Configuring An Aggregate Interface

    Removing a dynamic aggregate interface also removes the corresponding aggregation group. At the same time, the member ports of the aggregation group, if any, leave the aggregation group. To guarantee a successful dynamic aggregation, ensure that the peer ports of the ports aggregated at one end are also aggregated.
  • Page 59: Shutting Down An Aggregate Interface, Configuring A Load Sharing Mode For Load-sharing Link Aggregation Groups

    To do... Use the command... Remarks Enable linkUp/linkDown trap Optional generation for the aggregate enable snmp trap updown Enabled by default interface Shutting Down an Aggregate Interface Shutting down or bringing up an aggregate interface affects the selected state of the ports in the corresponding aggregation group.
  • Page 60: Displaying And Maintaining Link Aggregation

    To do... Use the command... Remarks Optional By default, the hash keys for Layer 2 packets are source/destination MAC addresses, and those for link-aggregation load-sharing mode Configure the global link { destination-ip | destination-mac | Layer-3 packets are aggregation load sharing destination-port | ingress-port | source/destination IP mode...
  • Page 61: Link Aggregation Configuration Examples, Layer 2 Static Aggregation Configuration Example

    To do... Use the command... Remarks display link-aggregation verbose Display detailed information of [ bridge-aggregation Available in any view aggregation groups [ interface-number ] ] reset lacp statistics [ interface Clear the LACP statistics of interface-type interface-number [ to Available in user view ports interface-type interface-number ] ] reset counters interface...
  • Page 62: Layer 2 Dynamic Aggregation Configuration Example

    [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface GigabitEthernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 Configure Device B Follow the same configuration procedure performed on Device A to configure Device B. Layer 2 Dynamic Aggregation Configuration Example Network requirements As shown in Figure...
  • Page 63: Layer 2 Aggregation Load Sharing Mode Configuration Example

    [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 Configure Device B Follow the same configuration procedure performed on Device A to configure Device B. Layer 2 Aggregation Load Sharing Mode Configuration Example Network requirements As shown in Figure...
  • Page 64 [DeviceA] interface bridge-aggregation 2 [DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac [DeviceA-Bridge-Aggregation2] quit # Assign ports GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to aggregation group 2. [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 2 [DeviceA-GigabitEthernet1/0/3] quit [DeviceA] interface gigabitethernet 1/0/4 [DeviceA-GigabitEthernet1/0/4] port link-aggregation group 2 Configure Device B The configuration on Device B is similar to the configuration on Device A.
  • Page 65: Port Isolation Configuration, Introduction To Port Isolation, Configuring The Isolation Group

    VLAN, allowing for great flexibility and security. Currently: Switch 4510G Family support only one isolation group that is created automatically by the system as isolation group 1. You can neither remove the isolation group nor create other isolation groups on such devices.
  • Page 66: Port Isolation Configuration Example, Displaying And Maintaining Isolation Groups

    Displaying and Maintaining Isolation Groups To do… Use the command… Remarks Display the isolation group Available in any view display port-isolate group information Port Isolation Configuration Example Network requirements Users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device.
  • Page 67 Uplink port support: NO Group ID: 1 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3...
  • Page 68: Mstp Configuration, Introduction To Stp, Why Stp, Protocol Packets Of Stp

    MSTP Configuration When configuring MSTP, go to these sections for information you are interested in: Overview Introduction to STP Introduction to RSTP Introduction to MSTP MSTP Configuration Task List Configuring MSTP Displaying and Maintaining MSTP MSTP Configuration Example Overview As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the mean time, allows for link redundancy.
  • Page 69: Basic Concepts In Stp

    Topology change notification (TCN) BPDUs, used for notifying the concerned devices of network topology changes, if any. Basic Concepts in STP Root bridge A tree network must have a root; hence the concept of root bridge was introduced in STP. There is one and only one root bridge in the entire network, and the root bridge can change along with changes of the network topology.
  • Page 70: How Stp Works

    Figure 4-1 A schematic diagram of designated bridges and designated ports All the ports on the root bridge are designated ports. Path cost Path cost is a reference value used for link selection in STP. By calculating path costs, STP selects relatively robust links and blocks redundant links, and finally prunes the network into a loop-free tree.
  • Page 71 For simplicity, the descriptions and examples below involve only four fields of configuration BPDUs: Root bridge ID (represented by device priority) Root path cost (related to the rate of the link connecting the port) Designated bridge ID (represented by device priority) Designated port ID (represented by port name) Calculation process of the STP algorithm Initial state...
  • Page 72 Initially, each STP-enabled device on the network assumes itself to be the root bridge, with the root bridge ID being its own device ID. By exchanging configuration BPDUs, the devices compare their root bridge IDs to elect the device with the smallest root bridge ID as the root bridge. Selection of the root port and designated ports on a non-root device Table 4-3 describes the process of selecting the root port and designated ports.
  • Page 73 Figure 4-2 Network diagram for the STP algorithm Device A With priority 0 Device B With priority 1 Device C With priority 2 Initial state of each device Table 4-4 shows the initial state of each device. Table 4-4 Initial state of each device Device Port name BPDU of port...
  • Page 74 BPDU of port Device Comparison process after comparison Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the configuration BPDU of the local port {1, 0, 1, BP1}, and updates the configuration BPDU of BP1.
  • Page 75 BPDU of port Device Comparison process after comparison After comparison: Because the root path cost of CP2 (9) (root path cost of the BPDU (5) plus path cost corresponding to CP2 (4)) is smaller than the root path cost of CP1 (10) (root path cost of the BPDU (0) + path cost corresponding to CP2 (10)), the BPDU Blocked port CP2: of CP2 is elected as the optimum BPDU, and CP2 is elected...
  • Page 76: Introduction To Rstp

    If a path becomes faulty, the root port on this path will no longer receive new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. In this case, the device will generate a configuration BPDU with itself as the root and send out the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.
  • Page 77: Introduction To Mstp, Why Mstp

    Introduction to MSTP Why MSTP Weaknesses of STP and RSTP STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before transiting to the forwarding state, even if it is a port on a point-to-point link or an edge port, which directly connects to a user terminal rather than to another device or a shared LAN segment.
  • Page 78: Basic Concepts In Mstp

    Basic Concepts in MSTP Figure 4-4 Basic concepts in MSTP Region A0 VLAN 1 mapped to instance 1 VLAN 2 mapped to instance 2 Other VLANs mapped to CIST BPDU BPDU Region D0 BPDU Region B0 VLAN 1 mapped to instance 1, VLAN 1 mapped to instance 1 B as regional root bridge VLAN 2 mapped to instance 2...
  • Page 79 VLAN-to-instance mapping table As an attribute of an MST region, the VLAN-to-instance mapping table describes the mapping relationships between VLANs and MSTIs. In Figure 4-4, for example, the VLAN-to-instance mapping table of region A0 is as follows: VLAN 1 is mapped to MSTI 1, VLAN 2 to MSTI 2, and the rest to CIST. MSTP achieves load balancing by means of the VLAN-to-instance mapping table.
  • Page 80 During MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST. Roles of ports MSTP calculation involves these port roles: root port, designated port, master port, alternate port, backup port, and so on.
  • Page 81: How Mstp Works

    Port states In MSTP, port states fall into the following three: Forwarding: the port learns MAC addresses and forwards user traffic; Learning: the port learns MAC addresses but does not forward user traffic; Discarding: the port neither learns MAC addresses nor forwards user traffic. When in different MSTIs, a port can be in different states.
  • Page 82: Implementation Of Mstp On Devices, Mstp Configuration Task List

    Within an MST region, the packet is forwarded along the corresponding MSTI. Between two MST regions, the packet is forwarded along the CST. Implementation of MSTP on Devices MSTP is compatible with STP and RSTP. STP and RSTP protocol packets can be recognized by devices running MSTP and used for spanning tree calculation.
  • Page 83 Task Remarks Enabling the MSTP Feature Required Configuring an MST Region Required Configuring the Work Mode of an MSTP Device Optional Configuring the Timeout Factor Optional Configuring the Maximum Port Rate Optional Configuring Ports as Edge Ports Optional Configuring the Configuring Path Costs of Ports Optional leaf nodes...
  • Page 84: Configuring Mstp, Configuring An Mst Region

    Configuring MSTP Configuring an MST Region Make the following configurations on the root bridge and on the leaf nodes separately. Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view — system-view Enter MST region view —...
  • Page 85: Configuring The Root Bridge Or A Secondary Root Bridge

    Configuring the Root Bridge or a Secondary Root Bridge MSTP can determine the root bridge of a spanning tree through MSTP calculation. Alternatively, you can specify the current device as the root bridge or a secondary root bridge using the commands provided by the system.
  • Page 86: Configuring The Work Mode Of An Mstp Device, Configuring The Priority Of A Device

    After specifying the current device as the root bridge or a secondary root bridge, you cannot change the priority of the device. Alternatively, you can also configure the current device as the root bridge by setting the priority of the device to 0. For the device priority configuration, refer to Configuring the Priority of a Device.
  • Page 87: Configuring The Maximum Hops Of An Mst Region

    After configuring a device as the root bridge or a secondary root bridge, you cannot change the priority of the device. During root bridge selection, if all devices in a spanning tree have the same priority, the one with the lowest MAC address will be selected as the root bridge of the spanning tree. Configuring the Maximum Hops of an MST Region By setting the maximum hops of an MST region, you can restrict the region size.
  • Page 88: Configuring Timers Of Mstp

    Based on the network diameter you configured, MSTP automatically sets an optimal hello time, forward delay, and max age for the device. The configured network diameter is effective for the CIST only, and not for MSTIs. Each MST region is considered as a device. The network diameter must be configured on the root bridge.
  • Page 89: Configuring The Timeout Factor

    To do... Use the command... Remarks Optional Configure the max age timer stp timer max-age time 2,000 centiseconds (20 seconds) by default The length of the forward delay time is related to the network diameter of the switched network. Typically, the larger the network diameter is, the longer the forward delay time should be. Note that if the forward delay setting is too small, temporary redundant paths may be introduced;...
  • Page 90: Configuring The Maximum Port Rate, Configuring Ports As Edge Ports

    To do... Use the command... Remarks Enter system view — system-view Required Configure the timeout factor of the device stp timer-factor factor 3 by default Configuring the Maximum Port Rate The maximum rate of a port refers to the maximum number of BPDUs the port can send within each hello time.
  • Page 91: Configuring Path Costs Of Ports

    To do... Use the command... Remarks Enter Ethernet interface interface interface-type Enter view, or Layer 2 interface-number Required interface aggregate interface view view or port Use either command. group view port-group manual Enter port group view port-group-name Required Configure the current ports as edge ports stp edged-port enable All ports are non-edge ports by default.
  • Page 92 Table 4-7 Link speed vs. path cost Link speed Duplex state 802.1d-1998 802.1t Private standard — 65535 200,000,000 200,000 Single Port 2,000,000 2,000 Aggregate Link 2 Ports 1,000,000 1,800 10 Mbps Aggregate Link 3 Ports 666,666 1,600 Aggregate Link 4 Ports 500,000 1,400 Single Port...
  • Page 93: Configuring Port Priority

    If you change the standard that the device uses in calculating the default path cost, the port path cost value set through the stp cost command will be invalid. When the path cost of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition.
  • Page 94: Configuring The Link Type Of Ports

    When the priority of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition. Generally, a lower priority value indicates a higher priority. If you configure the same priority value for all the ports on a device, the specific priority of a port depends on the index number of the port. Changing the priority of a port triggers a new spanning tree calculation process.
  • Page 95: Enabling The Output Of Port State Transition Information

    dot1s: 802.1s-compliant standard format, and legacy: Compatible format By default, the packet format recognition mode of a port is auto, namely the port automatically distinguishes the two MSTP packet formats, and determines the format of packets it will send based on the recognized format.
  • Page 96: Enabling The Mstp Feature, Performing Mcheck

    To do... Use the command... Remarks Required Enable output of port state transition stp port-log { all | This function is enabled by information instance instance-id } default. Enabling the MSTP Feature You must enable MSTP for the device before any other MSTP-related configurations can take effect. Make this configuration on the root bridge and on the leaf nodes separately.
  • Page 97: Configuring Digest Snooping

    By then, you can perform an mCheck operation to force the port to migrate to the MSTP (or RSTP) mode. You can perform mCheck on a port through the following two approaches, which lead to the same result. Performing mCheck globally Follow these steps to perform global mCheck: To do...
  • Page 98 Before enabling digest snooping, ensure that associated devices of different vendors are interconnected and run MSTP. Configuring the Digest Snooping feature You can enable Digest Snooping only on a device that is connected to a third-party device that uses its private key to calculate the configuration digest.
  • Page 99: Configuring No Agreement Check

    Digest Snooping configuration example Network requirements Device A and Device B connect to Device C, a third-party device, and all these devices are in the same region. Enable Digest Snooping on Device A and Device B so that the three devices can communicate with one another.
  • Page 100 Figure 4-7 shows the rapid state transition mechanism on MSTP designated ports. Figure 4-7 Rapid state transition of an MSTP designated port Figure 4-8 shows rapid state transition of an RSTP designated port. Figure 4-8 Rapid state transition of an RSTP designated port Downstream device Upstream device Proposal for rapid transition...
  • Page 101: Configuring Protection Functions

    To do... Use the command... Remarks Enter system view — system-view Enter Ethernet interface view, or interface interface-type Enter Layer 2 aggregate interface-number Required interface or interface view port group Use either command. view port-group manual Enter port group view port-group-name Required Enable No Agreement Check...
  • Page 102 Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU guard For access layer devices, the access ports generally connect directly with user terminals (such as PCs) or file servers. In this case, the access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system will automatically set these ports as non-edge ports and start a new spanning tree calculation process.
  • Page 103 Follow these steps to enable root guard: To do... Use the command... Remarks Enter system view — system-view Enter Ethernet interface view, or interface interface-type Enter Layer 2 interface-number Required interface view aggregate or port group interface view Use either command. view Enter port group port-group manual...
  • Page 104: Enabling Bpdu Dropping

    With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address entry flushes that the switch can perform within a certain period of time after receiving the first TC-BPDU. For TC-BPDUs received in excess of the limit, the switch performs forwarding address entry flush only when the time period expires.
  • Page 105: Displaying And Maintaining Mstp, Mstp Configuration Example

    Displaying and Maintaining MSTP To do... Use the command... Remarks View information about abnormally Available in any view display stp abnormal-port blocked ports View information about ports blocked Available in any view display stp down-port by STP protection functions View the historical information of port display stp [ instance role calculation for the specified instance-id ] history [ slot...
  • Page 106 Figure 4-10 Network diagram for MSTP configuration Configuration procedure VLAN and VLAN member port configuration Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, create VLAN 10, VLAN 20, and VLAN 40 on Device C, and create VLAN 20, VLAN 30, and VLAN 40 on Device D; configure the ports on these devices as trunk ports and assign them to related VLANs.
  • Page 107 <DeviceB> system-view [DeviceB] stp region-configuration [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable MSTP globally.
  • Page 108 # Activate MST region configuration. [DeviceD-mst-region] active region-configuration [DeviceD-mst-region] quit # Enable MSTP globally. [DeviceD] stp enable Verifying the configurations You can use the display stp brief command to display brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A.
  • Page 109 GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the above information, you can draw the MSTI corresponding to each VLAN, as shown in Figure 4-11. Figure 4-11 MSTIs corresponding to different VLANs 4-42...
  • Page 110: Lldp Configuration

    LLDP Configuration When configuring LLDP, go to these sections for information you are interested in: Overview LLDP Configuration Task List Performing Basic LLDP Configuration Configuring CDP Compatibility Configuring LLDP Trapping Displaying and Maintaining LLDP LLDP Configuration Examples Overview Background In a heterogeneous network, it is important that different types of network devices from different vendors can discover one other and exchange configuration for interoperability and management sake.
  • Page 111 Figure 5-1 Ethernet II-encapsulated LLDP frame format The fields in the frame are described in Table 5-1: Table 5-1 Description of the fields in an Ethernet II-encapsulated LLDP frame Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address.
  • Page 112 Field Description The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used. The SNAP type for the upper layer protocol. It is Type 0xAAAA-0300-0000-88CC for LLDP.
  • Page 113 VLAN Name A specific VLAN name on the port Protocol Identity Protocols supported on the port Currently, 3Com switches 4510G support receiving but not sending protocol identity TLVs. IEEE 802.3 organizationally specific TLVs Table 5-5 IEEE 802.3 organizationally specific TLVs Type...
  • Page 114: Operating Modes Of Lldp

    management. In addition, LLDP-MED TLVs make deploying voice devices in Ethernet easier. LLDP-MED TLVs are shown in Table 5-6: Table 5-6 LLDP-MED TLVs Type Description Allows a MED endpoint to advertise the supported LLDP-MED LLDP-MED Capabilities TLVs and its device type. Allows a network device or MED endpoint to advertise LAN Network Policy type and VLAN ID of the specific port, and the Layer 2 and...
  • Page 115: Lldp Configuration Task List, How Lldp Works

    How LLDP Works Transmitting LLDP frames An LLDP-enabled port operating in TxRx mode or Tx mode sends LLDP frames to its directly connected devices both periodically and when the local configuration changes. To prevent the network from being overwhelmed by LLDP frames at times of frequent local device information change, an interval is introduced between two successive LLDP frames.
  • Page 116: Performing Basic Lldp Configuration, Enabling Lldp, Setting Lldp Operating Mode

    LLDP-related configurations made in Ethernet interface view takes effect only on the current port, and those made in port group view takes effect on all ports in the current port group. Performing Basic LLDP Configuration Enabling LLDP To make LLDP take effect on certain ports, you need to enable LLDP both globally and on these ports. Follow these steps to enable LLDP: To do…...
  • Page 117: Setting The Lldp Re-initialization Delay, Enabling Lldp Polling, Configuring The Tlvs To Be Advertised

    Setting the LLDP Re-Initialization Delay When LLDP operating mode changes on a port, the port initializes the protocol state machines after a certain delay. By adjusting the LLDP re-initialization delay, you can avoid frequent initializations caused by frequent LLDP operating mode changes on a port. Follow these steps to set the LLDP re-initialization delay for ports: To do…...
  • Page 118: Configuring The Management Address And Its Encoding Format

    To do… Use the command… Remarks lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id | Optional protocol-vlan-id [ vlan-id ] | vlan-name By default, all types Configure the TLVs to be [ vlan-id ] } | dot3-tlv { all | link-aggregation | of LLDP TLVs except advertised...
  • Page 119: Setting Other Lldp Parameters, Setting An Encapsulation Format For Lldpdus

    Setting Other LLDP Parameters The TTL TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device. You can configure the TTL of locally sent LLDP frames to determine how long information about the local device can be saved on a neighbor device by setting the TTL multiplier.
  • Page 120: Configuring Cdp Compatibility

    To do… Use the command… Remarks Enter system view — system-view Enter Ethernet interface interface-type Enter Ethernet interface view interface-number Required interface view or Use either command. Enter port port group view port-group manual port-group-name group view Required Ethernet II encapsulation format Set the encapsulation format for applies by default.
  • Page 121: Configuring Lldp Trapping

    Configuring CDP Compatibility CDP-compatible LLDP operates in one of the follows two modes: TxRx, where CDP packets can be transmitted and received. Disable, where CDP packets can neither be transmitted nor be received. To make CDP-compatible LLDP take effect on certain ports, first enable CDP-compatible LLDP globally and configure CDP-compatible LLDP to operate in TxRx mode.
  • Page 122: Displaying And Maintaining Lldp, Lldp Configuration Examples, Basic Lldp Configuration Example

    To do… Use the command… Remarks Required lldp notification remote-change Enable LLDP trap sending enable Disabled by default Quit to system view — quit Optional Set the interval to send LLDP lldp timer notification-interval traps interval 5 seconds by default Displaying and Maintaining LLDP To do…...
  • Page 123: Configuration Procedure

    Configuration procedure Configure Switch A. # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 (you can skip this step because LLDP is enabled on ports by default), and set the LLDP operating mode to Rx. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp admin-status rx...
  • Page 124 Roll time : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s...
  • Page 125: Cdp-compatible Lldp Configuration Example

    Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV As the sample output shows, GigabitEthernet 1/0/2 of Switch A does not connect any neighboring devices.
  • Page 126 Configure CDP-compatible LLDP on Switch A. # Enable LLDP globally and enable LLDP to be compatible with CDP globally. [SwitchA] lldp enable [SwitchA] lldp compliance cdp # Enable LLDP (you can skip this step because LLDP is enabled on ports by default), configure LLDP to operate in TxRx mode, and configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.
  • Page 127: Vlan Configuration, Introduction To Vlan

    VLAN Configuration When configuring VLAN, go to these sections for information you are interested in: Introduction to VLAN Configuring Basic VLAN Settings Configuring Basic Settings of a VLAN Interface Port-Based VLAN Configuration MAC-Based VLAN Configuration Protocol-Based VLAN Configuration Displaying and Maintaining VLAN VLAN Configuration Example Introduction to VLAN VLAN Overview...
  • Page 128: Vlan Fundamentals

    Confining broadcast traffic within individual VLANs. This reduces bandwidth waste and improves network performance. Improving LAN security. By assigning user groups to different VLANs, you can isolate them at Layer 2. To enable communication between VLANs, routers or Layer 3 switches are required. Flexible virtual workgroup creation.
  • Page 129: Types Of Vlan, Configuring Basic Vlan Settings

    The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw, are also supported by Ethernet. The VLAN tag fields are also added to frames encapsulated in these formats for VLAN identification.
  • Page 130: Configuring Basic Settings Of A Vlan Interface

    As the default VLAN, VLAN 1 cannot be created or removed. You cannot manually create or remove VLANs reserved for special purposes. Dynamic VLANs cannot be removed with the undo vlan command. A VLAN with a QoS policy applied cannot be removed. For isolate-user-VLANs or secondary VLANs, if you have used the isolate-user-vlan command to create mappings between them, you cannot remove them until you remove the mappings between them first.
  • Page 131: Port-based Vlan Configuration, Introduction To Port-based Vlan

    Before creating a VLAN interface for a VLAN, create the VLAN first. Port-Based VLAN Configuration Introduction to Port-Based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid.
  • Page 132: Assigning An Access Port To A Vlan

    Do not set the voice VLAN as the default VLAN of a port in automatic voice VLAN assignment mode. Otherwise, the system prompts error information. For information about voice VLAN, refer Voice VLAN Configuration. The local and remote ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
  • Page 133 To do… Use the command… Remarks Required Enter VLAN view vlan vlan-id If the specified VLAN does not exist, this command creates the VLAN first. Assign one or a group of Required access ports to the current port interface-list By default, all ports belong to VLAN 1. VLAN In VLAN view, you only assign the access ports to the current VLAN.
  • Page 134: Assigning A Trunk Port To A Vlan

    Before assigning an access port to a VLAN, create the VLAN first. After you configure a command on a Layer-2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports.
  • Page 135: Assigning A Hybrid Port To A Vlan

    To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
  • Page 136: Mac-based Vlan Configuration, Introduction To Mac-based Vlan

    To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. Before assigning a hybrid port to a VLAN, create the VLAN first. The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
  • Page 137: Configuring A Mac Address-based Vlan

    The device associates MAC addresses with VLANs dynamically based on the information provided by the authentication server. If a user goes offline, the corresponding MAC address-to-VLAN association is removed automatically. Automatic configuration requires MAC address-to–VLAN mapping be configured on the authentication server. For detailed information, refer to 802.1X Configuration in the Security Volume.
  • Page 138: Protocol-based Vlan Configuration, Introduction To Protocol-based Vlan, Configuring A Protocol-based Vlan

    Protocol-Based VLAN Configuration Introduction to Protocol-Based VLAN Protocol-based VLANs are only applicable on hybrid ports. In this approach, inbound packets are assigned to different VLANs based on their protocol types and encapsulation formats. The protocols that can be used for VLAN assignment include IP, IPX, and AppleTalk (AT).
  • Page 139 To do… Use the command… Remarks group view Use either command. Enter Layer-2 interface aggregate In Ethernet interface view, bridge-aggregation interface view subsequent interface-number configurations apply to the current port. In port group view, the subsequent configurations apply to all ports in the port group.
  • Page 140: Ip Subnet-based Vlan Configuration, Configuring An Ip Subnet-based Vlan

    IP Subnet-Based VLAN Configuration Introduction In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet. This feature is used to assign packets from the specified network segment or IP address to a specific VLAN.
  • Page 141: Displaying And Maintaining Vlan

    To do… Use the command… Remarks Associate the hybrid port(s) with port hybrid ip-subnet-vlan Required the specified IP subnet-based vlan vlan-id VLAN After you configure a command on a Layer-2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports.
  • Page 142: Vlan Configuration Example

    To do... Use the command… Remarks reset counters interface Clear statistics on a port Available in user view [ interface-type [ interface-number ] ] The reset counters interface command can be used to clear statistics on a VLAN interface. For more information, refer to Ethernet Interface Commands in the Access Volume.
  • Page 143 # Configure GigabitEthernet 1/0/1 to permit packets from VLAN 2, VLAN 6 through VLAN 50, and VLAN 100 to pass through. [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 2 6 to 50 100 Please wait... Done. [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] quit Configure Device B as you configure Device A. Verification Verifying the configuration on Device A is similar to that of Device B.
  • Page 144 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output (normal): 0 packets, - bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, - no carrier The output above shows that: The port (GigabitEthernet 1/0/1) is a trunk port.
  • Page 145: Isolate-user-vlan Configuration, Configuring Isolate-user-vlan

    Isolate-User-VLAN Configuration When configuring an isolate-user VLAN, go to these sections for information you are interested in: Overview Configuring Isolate-User-VLAN Displaying and Maintaining Isolate-User-VLAN Isolate-User-VLAN Configuration Example Overview An isolate-user-VLAN adopts a two-tier VLAN structure. In this approach, two types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device.
  • Page 146 Assign non-trunk ports to the isolate-user-VLAN and ensure that at least one port takes the isolate-user-VLAN as its default VLAN; Assign non-trunk ports to each secondary VLAN and ensure that at least one port in a secondary VLAN takes the secondary VLAN as its default VLAN; Associate the isolate-user-VLAN with the specified secondary VLANs.
  • Page 147: Displaying And Maintaining Isolate-user-vlan, Isolate-user-vlan Configuration Example

    Displaying and Maintaining Isolate-User-VLAN To do... Use the command... Remarks Display the mapping between an display isolate-user-vlan isolate-user-VLAN and its secondary Available in any view [ isolate-user-vlan-id ] VLAN(s) Isolate-User-VLAN Configuration Example Network requirements Connect Device A to downstream devices Device B and Device C; Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port GigabitEthernet 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3.
  • Page 148 [DeviceB] vlan 2 [DeviceB-vlan2] port gigabitethernet 1/0/2 [DeviceB-vlan2] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 Configure Device C # Configure the isolate-user-VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC-vlan6] isolate-user-vlan enable [DeviceC-vlan6] port gigabitethernet 1/0/5 [DeviceC-vlan6] quit # Configure the secondary VLANs.
  • Page 149 gigabitethernet 1/0/2 gigabitethernet 1/0/5 VLAN ID: 3 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: gigabitethernet 1/0/1 gigabitethernet 1/0/5...
  • Page 150: Voice Vlan Configuration, Oui Addresses

    OUI address for each vendor’s devices. Table 8-1 The default OUI addresses of different vendors Number OUI address Vendor 0001-e300-0000 Siemens phone 0003-6b00-0000 Cisco phone 0004-0d00-0000 Avaya phone 00d0-1e00-0000 Pingtel phone 0060-b900-0000 Philips/NEC phone 00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone...
  • Page 151: Voice Vlan Assignment Modes

    In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE. OUI addresses mentioned in this document, however, are different from those in common sense. OUI addresses in this document are used by the system to determine whether a received packet is a voice packet.
  • Page 152: Security Mode And Normal Mode Of Voice Vlans

    Voice VLAN assignment Voice traffic Port link type mode type Access: not supported Trunk: supported if the default VLAN of the connecting port exists and is not the voice VLAN and the connecting port belongs to the default VLAN Tagged voice traffic Hybrid: supported if the default VLAN of the connecting port exists and is not the voice VLAN, the...
  • Page 153: Configuring A Voice Vlan, Setting A Port To Operate In Automatic Voice Vlan Assignment Mode

    Table 8-3 How a voice VLAN-enable port processes packets in security/normal mode Voice VLAN Packet type Packet processing mode working mode Untagged packets If the source MAC address of a packet matches an OUI address configured for the device, it is forwarded in the Packets carrying the voice VLAN;...
  • Page 154: Setting A Port To Operate In Manual Voice Vlan Assignment Mode

    Not enabled by default An switch 4510G supports up to eight voice VLANs globally. A protocol-based VLAN on a hybrid port can process only untagged inbound packets, whereas the voice VLAN in automatic mode on a hybrid port can process only tagged voice traffic. Therefore, do not configure a VLAN as both a protocol-based VLAN and a voice VLAN.
  • Page 155: Displaying And Maintaining Voice Vlan, Voice Vlan Configuration Examples, Automatic Voice Vlan Mode Configuration Example

    Required voice vlan enable An switch 4510G supports up to eight voice VLANs globally. You can configure different voice VLANs on different ports at the same time. However, one port can be configured with only one voice VLAN, and this voice VLAN must be a static VLAN that already exists on the device.
  • Page 156 Figure 8-1 Network diagram for automatic voice VLAN assignment mode configuration Device A Device B Internet GE1/0/1 GE1/0/1 GE1/0/2 VLAN 3 VLAN 2 IP phone A IP phone B 010-1001 010-1002 MAC: 0011-1100-0001 MAC: 0011-2200-0001 Mask: ffff-ff00-0000 Mask: ffff-ff00-0000 0755-2002 PC A PC B MAC: 0022-1100-0002...
  • Page 157: Manual Voice Vlan Assignment Mode Configuration Example

    0011-2200-0000 ffff-ff00-0000 IP phone B 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current states of voice VLANs. <DeviceA> display voice vlan state Maximum of Voice VLANs: 16 Current Voice VLANs: 2...
  • Page 158 Figure 8-2 Network diagram for manual voice VLAN assignment mode configuration Configuration procedure # Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.) <DeviceA> system-view [DeviceA] voice vlan security enable # Add a recognizable OUI address 0011-2200-0000.
  • Page 159 0011-2200-0000 ffff-ff00-0000 test 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 16 Current Voice VLANs: 2...
  • Page 160: Gvrp Configuration, Introduction To Gvrp

    GVRP Configuration The GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network. When configuring GVRP, go to these sections for information you are interested in: Introduction to GVRP GVRP Configuration Task List Configuring GVRP Functions...
  • Page 161 Hold timer –– When a GARP application entity receives the first registration request, it starts a Hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This helps you save bandwidth. Join timer ––...
  • Page 162 GARP message format Figure 9-1 GARP message format Figure 9-1 illustrates the GARP message format. Table 9-1 describes the GARP message fields. Table 9-1 Description on the GARP message fields Field Description Value Protocol ID Protocol identifier for GARP One or multiple messages, each Message containing an attribute type and an ––...
  • Page 163: Gvrp Configuration Task List, Configuring Gvrp Functions

    GVRP GVRP enables a device to propagate local VLAN registration information to other participant devices and dynamically update the VLAN registration information from other devices to its local database about active VLAN members and through which port they can be reached. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information.
  • Page 164: Configuring Garp Timers

    To do… Use the command… Remarks Enter system view –– system-view Required Enable GVRP globally gvrp Globally disabled by default. Enter Ethernet Enter Ethernet interface view, interface view or Layer interface interface-type Required Layer 2 2 aggregate interface interface-number aggregate view Perform either of the interface view,...
  • Page 165: Displaying And Maintaining Gvrp

    To do… Use the command… Remarks Enter Required Enter Ethernet or Ethernet Layer 2 interface interface-type Perform either of the interface aggregate interface-number commands. view, Layer interface view Depending on the view you 2 aggregate accessed, the subsequent interface configuration takes effect on view, or Enter port-group port-group manual...
  • Page 166: Gvrp Configuration Examples, Gvrp Configuration Example I

    To do… Use the command… Remarks display gvrp state interface Display the current GVRP state Available in any view interface-type interface-number vlan vlan-id display gvrp statistics [ interface Display statistics about GVRP Available in any view interface-list ] Display the global GVRP state Available in any view display gvrp status Display the information about...
  • Page 167: Gvrp Configuration Example Ii

    [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN).
  • Page 168: Gvrp Configuration Example Iii

    [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1.
  • Page 169 [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1 and set the GVRP registration type to forbidden on the port. [DeviceA-GigabitEthernet1/0/1] gvrp [DeviceA-GigabitEthernet1/0/1] gvrp registration forbidden [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally.
  • Page 170: Qinq Configuration, Introduction To Qinq, Qinq Mechanism And Benefits

    QinQ Configuration When configuring QinQ, go to these sections for information you are interested in: Introduction to QinQ QinQ Configuration Task List Configuring Basic QinQ Configuring Selective QinQ Configuring the TPID Value in VLAN Tags QinQ Configuration Examples Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network;...
  • Page 171: Qinq Frame Structure

    Figure 10-1 Schematic diagram of the QinQ feature Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in Figure 10-1, customer network A has CVLANs 1 through 10, while customer network B...
  • Page 172: Implementations Of Qinq, Modifying The Tpid In A Vlan Tag

    Figure 10-2 Single-tagged frame structure vs. double-tagged Ethernet frame structure The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. Therefore, you are recommended to increase the MTU of each interface on the service provider network.
  • Page 173 Figure 10-3 VLAN tag structure of an Ethernet frame The device determines whether a received frame carries a SVLAN tag or a CVLAN tag by checking the corresponding TPID value. Upon receiving a frame, the device compares the configured TPID value with the value of the TPID field in the frame.
  • Page 174: Configuring Basic Qinq, Configuring Selective Qinq, Qinq Configuration Task List

    QinQ Configuration Task List Table 10-2 QinQ configuration task list Configuration task Remarks Configuring Basic QinQ Optional Configuring Selective QinQ Based on Ports Use either Configuring Selective QinQ Configuring Selective QinQ through QoS approach Policies Configuring the TPID Value in VLAN Tags Optional QinQ requires configurations only on the service provider network, not on the customer network.
  • Page 175: Configuring Selective Qinq Based On Ports, Configuring Selective Qinq Through Qos Policies

    Configuring Selective QinQ Based on Ports Switch 4510G series switches support the configuration of basic QinQ and selective QinQ at the same time on a port and when the two features are both enabled on the port, frames that meet the selective QinQ condition are handled with selective QinQ on this port first, and the left frames are handled with basic QinQ.
  • Page 176: Configuring The Tpid Value In Vlan Tags

    To do... Use the command... Remarks Required Create a class and enter traffic classifier classifier-name By default, the relationship class view [ operator { and | or } ] between the match criteria in a class is logical AND. Specify the inner VLAN if-match customer-vlan-id Required ID(s) of matching frames...
  • Page 177: Qinq Configuration Examples, Basic Qinq Configuration Example

    Follow these steps to configure a TPID value globally: To do... Use the command... Remarks Enter system view — system-view Optional Configure the TPID value in the qinq ethernet-type CVLAN tag or the SVLAN tag hex-value By default, the TPID value is 0x8100 QinQ Configuration Examples Basic QinQ Configuration Example Network requirements...
  • Page 178 Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configuration on Provider A Configure GigabitEthernet 1/0/1 # Configure VLAN 10 as the default VLAN of GigabitEthernet 1/0/1. <ProviderA> system-view [ProviderA] interface gigabitethernet 1/0/1 [ProviderA-GigabitEthernet1/0/1] port access vlan 10 # Enable basic QinQ on GigabitEthernet 1/0/1.
  • Page 179: Selective Qinq Configuration Example (port-based Configuration)

    # Configure GigabitEthernet 1/0/2 as a hybrid port and configure VLAN 10 as the default VLAN of the port. [ProviderB] interface gigabitethernet 1/0/2 [ProviderB-GigabitEthernet1/0/2] port link-type hybrid [ProviderB-GigabitEthernet1/0/2] port hybrid pvid vlan 10 [ProviderB-GigabitEthernet1/0/2] port hybrid vlan 10 untagged # Enable basic QinQ on GigabitEthernet 1/0/2. [ProviderB-GigabitEthernet1/0/2] qinq enable [ProviderB-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3...
  • Page 180 Figure 10-5 Network diagram for comprehensive selective QinQ configuration Configuration procedure Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configuration on Provider A Configure GigabitEthernet 1/0/1 # Configure GigabitEthernet 1/0/1 as a hybrid port to permit frames of VLAN 1000 and VLAN 2000 to pass through, and configure GigabitEthernet 1/0/1 to send packets of these VLANs with tags removed.
  • Page 181 [ProviderA] interface gigabitethernet 1/0/2 [ProviderA-GigabitEthernet1/0/2] port link-type hybrid [ProviderA-GigabitEthernet1/0/2] port hybrid vlan 1000 untagged # Tag CVLAN 10 frames with SVLAN 1000. [ProviderA-GigabitEthernet1/0/2] qinq vid 1000 [ProviderA-GigabitEthernet1/0/2-vid-1000] raw-vlan-id inbound 10 [ProviderA-GigabitEthernet1/0/2-vid-1000] quit [ProviderA-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3 # Configure GigabitEthernet 1/0/3 as a trunk port to permit frames of VLAN 1000 and VLAN 2000 to pass through.
  • Page 182: Selective Qinq Configuration Example (qos Policy-based Configuration)

    Selective QinQ Configuration Example (QoS Policy-Based Configuration) Network requirements As shown in Figure 10-6, Provider A and Provider B are service provider network access devices. Customer A, Customer B, Customer C, and Customer D are customer network access devices. Provider A and Provider B are interconnected through a trunk port, which permits the frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through.
  • Page 183 <ProviderA> system-view Configuration on GigabitEthernet 1/0/1 # Configure the port as a hybrid port permitting frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through with the outer VLAN tag removed. [ProviderA] interface gigabitethernet 1/0/1 [ProviderA-GigabitEthernet1/0/1] port link-type hybrid [ProviderA-GigabitEthernet1/0/1] port hybrid vlan 1000 2000 3000 untagged # Configure VLAN 3000 as the default VLAN of GigabitEthernet 1/0/1, and enable basic QinQ on GigabitEthernet 1/0/1.
  • Page 184 [ProviderA-GigabitEthernet1/0/2] port access vlan 1000 # Enable basic QinQ. Tag frames from VLAN 10 with the outer VLAN tag 1000. [ProviderA-GigabitEthernet1/0/2] qinq enable [ProviderA-GigabitEthernet1/0/2] quit Configuration on GigabitEthernet 1/0/3. # Configure the port as a trunk port permitting frames of VLAN 1000, VLAN 2000 and VLAN 3000 to pass through.
  • Page 185 As third-party devices are deployed between Provider A and Provider B, what we discuss here is only the basic configuration that should be made on the devices. Configure that device connecting with GigabitEthernet 1/0/3 of Provider A and the device connecting with GigabitEthernet 1/0/1 of Provider B so that their corresponding ports send tagged frames of VLAN 1000, VLAN 2000 and VLAN 3000.
  • Page 186: Introduction To Bpdu Tunneling, Bpdu Tunneling Configuration

    BPDU Tunneling Configuration When configuring BPDU tunneling, go to these sections for information you are interested in: Introduction to BPDU Tunneling Configuring BPDU Tunneling BPDU Tunneling Configuration Examples Introduction to BPDU Tunneling As a Layer 2 tunneling technology, BPDU tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific channels across a service provider network.
  • Page 187: Bpdu Tunneling Implementation

    Depending on the device models, BPDU tunneling may support the transparent transmission of these types of Layer 2 protocol packets: Cisco Discovery Protocol (CDP) Device Link Detection Protocol (DLDP) Ethernet Operation, Administration and Maintenance (EOAM) GARP VLAN Registration Protocol (GVRP) HW Group Management Protocol (HGMP) Link Aggregation Control Protocol (LACP) Link Layer Discovery Protocol (LLDP)
  • Page 188: Configuring Bpdu Tunneling

    networks of the same customer can implement consistent spanning tree calculation across the service provider network. BPDUs of different customer networks can be confined within different VLANs for transmission on the service provider network. Thus, each customer network can perform independent spanning tree calculation.
  • Page 189: Enabling Bpdu Tunneling

    Assign the port on which you want to enable BPDU tunneling on the PE device and the connected port on the CE device to the same VLAN. Configure all the ports in the service provider network as trunk ports allowing packets of any VLAN to pass through.
  • Page 190: Bpdu Tunneling Configuration Examples

    To do… Use the command… Remarks Required Enable BPDU tunneling for a bpdu-tunnel dot1q { cdp | protocol on the Layer 2 aggregate gvrp | hgmp | pvst | stp | By default, BPDU tunneling for interface vtp } a protocol is disabled. Configuring Destination Multicast MAC Address for BPDUs By default, the destination multicast MAC address for BPDUs is 0x010F-E200-0003.
  • Page 191: Bpdu Tunneling For Pvst Configuration Example

    Figure 11-3 Network diagram for configuring BPDU tunneling for STP Configuration procedure Configuration on PE 1 # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Create VLAN 2 and assign GigabitEthernet 1/0/1 to VLAN 2. [PE1] vlan 2 [PE1-vlan2] quit [PE1] interface gigabitethernet 1/0/1...
  • Page 192 All ports used to connect devices in the service provider network are trunk ports and allow packets of any VLAN to pass through. PVST is enabled for VLANs 1 through 4094 on User A’s network. It is required that, after the configuration, CE 1 and CE 2 implement consistent PVST calculation across the service provider network, that...
  • Page 193: Port Mirroring Configuration, Introduction To Port Mirroring

    Port Mirroring Configuration When configuring port mirroring, go to these sections for information you are interested in: Introduction to Port Mirroring Configuring Local Port Mirroring Configuring Remote Port Mirroring Displaying and Maintaining Port Mirroring Port Mirroring Configuration Examples Introduction to Port Mirroring Port mirroring is to copy the packets passing through a port (called a mirroring port) to another port (called the monitor port) connected with a monitoring device for packet analysis.
  • Page 194 As shown in Figure 12-1, packets on the mirroring port are mirrored to the monitor port for the data monitoring device to analyze. Figure 12-1 Local port mirroring implementation How the device processes packets Traffic mirrored to Mirroring port Monitor port Monitor port Mirroring port Data monitoring device...
  • Page 195: Configuring Local Port Mirroring

    You must ensure that the source device and the destination device can communicate at Layer 2 in the remote probe VLAN. Destination device The destination device is the device where the monitor port is located. On it, you must create the remote destination mirroring group.
  • Page 196: Configuring Remote Port Mirroring, Configuring A Remote Source Mirroring Group (on The Source Device)

    To do… Use the command… Remarks [ mirroring-group groupid ] monitor-port A local port mirroring group takes effect only after its mirroring and monitor ports are configured. To ensure operation of your device, do not enable STP, MSTP, or RSTP on the monitor port. A port mirroring group can have multiple mirroring ports, but only one monitor port.
  • Page 197 To do… Use the command… Remarks Enter system view — system-view Create a remote source mirroring-group groupid Required mirroring group remote-source Required mirroring-group groupid In system view mirroring-port mirroring-port-list You configure multiple { both | inbound | outbound } mirroring ports in a mirroring group.
  • Page 198: Configuring A Remote Destination Mirroring Group (on The Destination Device)

    To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN with undo mirroring-group remote-probe vlan command first. Removing the probe VLAN can invalidate the remote source mirroring group. You are recommended to use a remote probe VLAN exclusively for the mirroring purpose. A port can belong to only one mirroring group.
  • Page 199: Displaying And Maintaining Port Mirroring, Port Mirroring Configuration Examples, Local Port Mirroring Configuration Example

    When configuring the monitor port, use the following guidelines: The port can belong to only the current mirroring group. To ensure operation of your device, do not assign the monitor port to a mirroring VLAN. Disable these functions on the port: STP, MSTP, and RSTP. You are recommended to use a monitor port only for port mirroring.
  • Page 200: Remote Port Mirroring Configuration Example

    Figure 12-3 Network diagram for local port mirroring configuration Switch A R&D department GE1/0/1 GE1/0/3 GE1/0/2 Switch C Data monitoring device Switch B Marketing department Configuration procedure Configure Switch C. # Create a local port mirroring group. <SwitchC> system-view [SwitchC] mirroring-group 1 local # Add port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to the port mirroring group as source ports.
  • Page 201 As shown in Figure 12-4, the administrator wants to monitor the packets sent from Department 1 and 2 through the data monitoring device. Use the remote port mirroring function to meet the requirement. Perform the following configurations: Use Switch A as the source device, Switch B as the intermediate device, and Switch C as the destination device.
  • Page 202 # Configure port GigabitEthernet 1/0/3 as a trunk port and configure the port to permit the packets of VLAN 2. [SwitchA] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] port link-type trunk [SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 2 Configure Switch B (the intermediate device). # Configure port GigabitEthernet 1/0/1 as a trunk port and configure the port to permit the packets of VLAN 2.
  • Page 203: Table Of Contents

    Table of Contents 1 IP Addressing Configuration····················································································································1-1 IP Addressing Overview··························································································································1-1 IP Address Classes ·························································································································1-1 Special IP Addresses ······················································································································1-2 Subnetting and Masking ··················································································································1-2 Configuring IP Addresses ·······················································································································1-3 Assigning an IP Address to an Interface ·························································································1-3 IP Addressing Configuration Example·····························································································1-4 Displaying and Maintaining IP Addressing ·····························································································1-5 2 ARP Configuration·····································································································································2-1 ARP Overview·········································································································································2-1 ARP Function ··································································································································2-1...
  • Page 204: Table Of Contents

    Enabling ARP Defense Against IP Packet Attacks ·········································································4-2 Configuring ARP Active Acknowledgement····························································································4-2 Introduction······································································································································4-2 Configuring the ARP Active Acknowledgement Function ·······························································4-3 Configuring Source MAC Address Based ARP Attack Detection···························································4-3 Introduction······································································································································4-3 Configuration Procedure··················································································································4-3 Displaying and Maintaining Source MAC Address Based ARP Attack Detection···························4-4 Configuring ARP Packet Source MAC Address Consistency Check ·····················································4-4 Introduction······································································································································4-4 Configuring ARP Packet Source MAC Address Consistency Check··············································4-5...
  • Page 205: Table Of Contents

    Displaying and Maintaining DHCP Relay Agent Configuration ······························································6-9 DHCP Relay Agent Configuration Examples··························································································6-9 DHCP Relay Agent Configuration Example ····················································································6-9 DHCP Relay Agent Option 82 Support Configuration Example····················································6-10 Troubleshooting DHCP Relay Agent Configuration··············································································6-11 7 DHCP Client Configuration·······················································································································7-1 Introduction to DHCP Client····················································································································7-1 Enabling the DHCP Client on an Interface ·····························································································7-1 Displaying and Maintaining the DHCP Client ·························································································7-2 DHCP Client Configuration Example ······································································································7-2...
  • Page 206: Table Of Contents

    11 IP Performance Optimization Configuration·······················································································11-1 IP Performance Overview ·····················································································································11-1 Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network ··········11-1 Enabling Reception of Directed Broadcasts to a Directly Connected Network·····························11-1 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network ···························11-2 Configuration Example ··················································································································11-2 Configuring TCP Opti