HP 6125 Blade Switch Series Layer 2 - LAN Switching Configuration Guide Part number:5998-3155 Software version: Release 2103 Document version: 6W100-20120907...
Page 2
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Contents Configuring Ethernet interfaces ··································································································································· 1 Ethernet interface naming conventions ··························································································································· 1 Configuring the management Ethernet interface ··········································································································· 1 Configuring basic settings of an Ethernet interface ······································································································· 2 Shutting down an Ethernet interface ······························································································································· 3 Setting speed options for auto negotiation on an Ethernet interface ··········································································...
Page 4
Disabling global MAC address learning ············································································································ 22 Disabling MAC address learning on ports ········································································································· 22 Disabling MAC address learning on a VLAN ···································································································· 22 Configuring the aging timer for dynamic MAC address entries ··············································································· 22 Configuring the MAC learning limit on ports ····································································································· 23 ...
Page 5
STP protocol packets ············································································································································· 50 Basic concepts in STP ············································································································································ 51 Calculation process of the STP algorithm ··········································································································· 52 RSTP ················································································································································································· 57 MSTP ················································································································································································ 57 STP and RSTP limitations ······································································································································· 57 MSTP features ························································································································································ 57 ...
Page 9
Configuring the advertisable TLVs ····················································································································· 201 Configuring the management address and its encoding format ···································································· 201 Setting other LLDP parameters ···························································································································· 202 Setting an encapsulation format for LLDPDUs ·································································································· 203 Configuring CDP compatibility ··································································································································· 203 Configuration prerequisites ································································································································...
Configuring Ethernet interfaces Ethernet interface naming conventions The Switch Series provides both internal Ethernet interfaces and external Ethernet interfaces. An internal Ethernet interface is located at the back of a blade switch, and connects the blade switch to a server, so that the blade switch and the server can communicate. An external Ethernet interface is located at the front of a blade switch, and connects the switch to another network device, so that the blade switch can communicate with the network device.
Step Command Remarks Optional. Set the MTU for the mtu size By default, the MTU of an Ethernet interface is 1500 interface. bytes. Configuring basic settings of an Ethernet interface You can set an Ethernet interface to operate in one of the following duplex modes: •...
Step Command Remarks Restore the default settings for the default Optional. interface. Optional. Shut down the By default, an interface is in up state. shutdown interface. To bring up an interface, use the undo shutdown command. NOTE: Make sure that the fiber port speed matches the speed requirement of the inserted transceiver module. For example, after you insert a 1000-Mbps transceiver module into a fiber port, configure the port speed with the speed 1000 or speed auto command.
Figure 1 Speed auto negotiation application scenario As shown in Figure 1, all ports on Switch A are operating in speed auto negotiation mode, with the highest speed of 1000 Mbps. If the transmission rate of each server in the server cluster is 1000 Mbps, their total transmission rate will exceed the capability of port GigabitEthernet 1/0/4, the port providing access to the Internet for the servers.
As shown in Figure 2, when both Port A and Port B forward packets at the rate of 1000 Mbps, Port C is congested. To avoid packet loss, enable flow control on Port A and Port B. Figure 2 Flow control on ports Configure flow control in TxRx mode on Port B and flow control in Rx mode on Port A: When congestion occurs on Port C, Switch B buffers frames.
event, and the display interface brief or display interface command displays the interface state as UP. If the physical link is still down when the timer expires, the interface reports the link-down event to the upper layers. Link-up event suppression enables an interface to suppress link-up events and start a delay timer each time the physical link goes up.
Configuration restrictions and guidelines On an interface that is physically down, you can only perform internal loopback testing. On an • interface administratively shut down, you can perform neither internal nor external loopback testing. You cannot configure the speed, duplex, mdi, or shutdown command on the Ethernet interface •...
Configuring storm suppression In interface view, you can set the maximum size of broadcast, multicast, or unknown unicast traffic allowed to pass through an interface. When the broadcast, multicast, or unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the traffic drops below this threshold. The storm suppression thresholds configured for an Ethernet interface might become invalid if you enable the storm control function for the interface.
Enabling loopback detection on an Ethernet interface If a switch receives a packet that it sent, a loop has occurred to the switch. Loops might cause broadcast storms, which degrade network performance. You can use this feature to detect whether a loop has occurred.
Step Command Remarks Optional. Set the loopback loopback-detection interval-time detection interval. time 30 seconds by default. Enter Ethernet interface interface-type Use either command. interface view. interface-number Enable loopback detection on the loopback-detection enable Disabled by default. interface. Enable loopback Optional. detection control on a loopback-detection control trunk port or a hybrid...
To enable the interface to communicate with its peer, make sure that its transmit pins are connected to the remote receive pins. If the interface can detect the connection cable type, set the interface in auto MDI mode. If not, set its MDI mode by using the following guidelines: •...
You can test the cable connection of an Ethernet interface for a short or open circuit. The switch displays cable test results within five seconds. If any fault is detected, the test results include the length of the faulty cable segment. To test the cable connection of an Ethernet interface: Step Command...
Step Command Remarks Enter system view. system-view Optional. Set the traffic polling interval storm-constrain interval seconds of the storm control module. 10 seconds by default. interface interface-type Enter Ethernet interface view. interface-number Enable storm control, and set storm-constrain { broadcast | the lower and upper multicast | unicast } { pps | kbps | thresholds for broadcast,...
Page 23
Task Command Remarks Display information about the display loopback-detection [ | { begin | exclude | include } Available in loopback function. regular-expression ] any view display storm-constrain [ broadcast | multicast | unicast ] Display information about storm Available in [ interface interface-type interface-number ] [ | { begin | control.
Configuring loopback and null interfaces Configuring a loopback interface Introduction to the loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits: The physical layer state and link-layer protocols of a loopback interface are always up unless the •...
Step Command Remarks Shut down the loopback Optional shutdown interface. By default, a loopback interface is up. Restore the default settings for default Optional the loopback interface. NOTE: You can configure settings such as IP addresses and IP routes on loopback interfaces. For more Layer 3—IP Services Configuration Guide Layer 3—IP Routing Configuration Guide information, see...
Page 26
Task Command Remarks display interface [ loopback ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about Available in any view loopback interfaces. display interface loopback interface-number [ brief ] [ | { begin | exclude | include } regular-expression ] display interface [ null ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]...
Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can perform the shutdown command in interface range view to shut down a range of interfaces. Failure of applying a command on one member interface does not affect the application of the command on the other member interfaces.
Configuring the MAC address table This feature covers only the unicast MAC address table. For information about configuring static multicast MAC address table entries for IGMP snooping and MLD snooping, see IP Multicast Configuration Guide. The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces. The MAC address table configuration tasks are all optional can be performed in any order.
Manually configuring MAC address entries With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate frames, which can invite security hazards. For example, when a hacker sends frames with a forged source MAC address to a port different from the one to which the real MAC address is connected, the device creates an entry for the forged MAC address, and forwards frames destined for the legal user to the hacker instead.
Configuring a static or dynamic MAC address table entry in system view Step Command Remarks Enter system view. system-view By default, no MAC address entry is configured. Add or modify a mac-address { dynamic | static } dynamic or static MAC mac-address interface interface-type Make sure that you have created address entry.
Disabling global MAC address learning Disabling global MAC address learning disables the learning function on all ports. To disable MAC address learning: Step Command Remarks Enter system view. system-view Disable global MAC address mac-address mac-learning disable Enabled by default. learning. Disabling MAC address learning on ports After enabling global MAC address learning, you can disable the function on a port.
the device deletes that entry. This aging mechanism ensures that the MAC address table can quickly update to accommodate the latest network changes. Set the aging timer appropriately. Too long an aging interval might cause the MAC address table to retain outdated entries, exhaust the MAC address table resources, and fail to update its entries to accommodate the latest network changes.
Task Command Remarks display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type Display MAC address table interface-number ] | blackhole ] [ vlan vlan-id ] Available in any view information. [ count ] ] [ | { begin | exclude | include } regular-expression ] Display the aging timer for display mac-address aging-time [ | { begin |...
Page 34
# Add a blackhole MAC address entry. [Sysname] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer for dynamic MAC address entries to 500 seconds. [Sysname] mac-address timer aging 500 # Display the MAC address entry for port GigabitEthernet 1/0/1. [Sysname] display mac-address interface gigabitethernet 1/0/1 MAC ADDR VLAN ID...
Configuring MAC Information Overview Introduction to MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users who are joining and leaving a network by monitoring their MAC addresses.
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number Enable MAC Information on mac-address information enable Disabled by default. the interface. { added | deleted } Configuring MAC Information mode Step Command Remarks Enter system view.
Step Command Remarks Optional Configure the MAC mac-address information Information queue length. queue-length value 50 by default. MAC Information configuration example Network requirements As shown in Figure 4, enable MAC Information on GigabitEthernet 1/0/1 on Device to send MAC address changes in Syslog messages to Host B through GigabitEthernet 1/0/3. Host B analyzes and displays the Syslog messages.
Configuring Ethernet link aggregation Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an "aggregate link." Link aggregation delivers the following benefits: Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed •...
Page 39
In an aggregation group, all selected member ports are assigned the same operational key. Configuration classes Every configuration setting on a port might affect its aggregation state. Port configurations fall into the following classes: Port attribute configurations—Includes port rate, duplex mode, and link status (up/down). These •...
Page 40
Table 3 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port aggregation priority, port number, and operational key. Basic LACP Each member port in a LACP-enabled aggregation group exchanges the preceding functions information with its peer.
Aggregation LACP status on Pros Cons mode member ports The administrator does not need to Aggregation is unstable. The maintain link aggregations. The aggregation state of the member Dynamic Enabled peer systems maintain the ports is susceptible to network aggregation state of the member changes.
Figure 6 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Port attribute/class 2 configurations same as the reference port? Port number as low as to set More candidate ports than max.
Figure 7 Setting the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID, which has identified the aggregation state changes on the remote system, sets the aggregation state of local member ports as the same as their peer ports. A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports, and will set one, and only one, half-duplex port as a Selected port when none of the full-duplex ports can be selected or only half-duplex ports exist in the group.
You can choose one of the following criteria or any combination for load sharing: • Source/Destination MAC addresses Source/Destination IP addresses • Configuration restrictions and guidelines Follow these guidelines when you configure a link aggregation group: To ensure stable aggregation state and service continuity, do not change port attributes or class-two •...
Feature Reference Port security Port security in Security Configuration Guide IP source guard IP source guard in Security Configuration Guide 802.1X 802.1X in Security Configuration Guide • If a port is used as a reflector port for port mirroring, do not assign it to an aggregation group. For more information about reflector ports, see Network Management and Monitoring Configuration Guide.
Configuring a dynamic aggregation group To guarantee a successful dynamic aggregation, be sure that the peer ports of the ports aggregated at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each member port. Configuring a Layer 2 dynamic aggregation group Step Command...
Configuring an aggregate interface Most of the configurations that can be performed on Layer 2 Ethernet interfaces can also be performed on Layer 2 aggregate interfaces. Configuring the description of an aggregate interface You can configure the description of an aggregate interface for administration purposes such as describing the purpose of the interface.
Limiting the number of Selected ports for an aggregation group The bandwidth of an aggregate link increases along with the number of selected member ports. To avoid congestion caused by insufficient Selected ports on an aggregate link, you can set the minimum number of Selected ports required for bringing up the specific aggregate interface.
Step Command Remarks Enter Layer 2 aggregate interface bridge-aggregation Use either command. interface view. interface-number Shut down the aggregate By default, aggregate interfaces shutdown interface. are up. Restoring the default settings for an aggregate interface Step Command Remarks Enter system view. system-view interface bridge-aggregation Enter Layer 2 aggregate interface view.
Step Command Remarks Configure the link-aggregation load-sharing global mode { destination-ip | By default, the system selects the global load link-aggregation destination-mac | source-ip | sharing criteria according to the packet type. load-sharing source-mac } * criteria. In system view, the switch supports the following load-sharing criteria and combinations: Load-sharing criteria automatically determined based on the packet type •...
Figure 8 Local-first link-aggregation load sharing To enable local-first load sharing for link aggregation: Step Command Remarks Enter system view. system-view Enable local-first load-sharing Optional. link-aggregation load-sharing for link aggregation. mode local-first Enabled by default. Displaying and maintaining Ethernet link aggregation Task Command...
Task Command Remarks Display summary information display link-aggregation summary [ | { begin | Available in any view about all aggregation groups. exclude | include } regular-expression ] Display detailed information about display link-aggregation verbose a specific or all aggregation [ bridge-aggregation [ interface-number ] ] [ | Available in any view groups.
Page 53
Configuration procedure Configure Device A: # Create VLAN 10, and assign port GigabitEthernet 1/0/4 to VLAN 10. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign port GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit...
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Actor System ID: 0x8000, 000f-e2ff-0001 Partner ID Select Unselect Share Interface Mode Ports Ports Type ------------------------------------------------------------------------------- BAGG1 none Shar The output shows that link aggregation group 1 is a load-shared Layer 2 static aggregation group and it contains three Selected ports.
Page 55
[DeviceA] vlan 10 [DeviceA-vlan10] port gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port GigabitEthernet 1/0/5 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitethernet 1/0/5 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface Bridge-Aggregation 1, and configure the link aggregation mode as dynamic.
Page 56
Interface Mode Ports Ports Type ------------------------------------------------------------------------------- BAGG1 0x8000, 000f-e2ff-0002 Shar The output shows that link aggregation group 1 is a load-shared Layer 2 dynamic aggregation group and it contains three Selected ports. # Display the global link-aggregation load-sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address...
Configuring port isolation Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another. To use the feature, assign ports to a port isolation group. Ports in an isolation group are called "isolated ports."...
Page 58
Figure 11 Networking diagram Configuration procedure # Add ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to the isolation group. <Device> system-view [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port-isolate enable [Device-GigabitEthernet1/0/1] quit [Device] interface gigabitethernet 1/0/2 [Device-GigabitEthernet1/0/2] port-isolate enable [Device-GigabitEthernet1/0/2] quit [Device] interface gigabitethernet 1/0/3 [Device-GigabitEthernet1/0/3] port-isolate enable # Display information about the isolation group.
Configuring spanning tree protocols As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, putting them in a standby state, which still also allows for link redundancy. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP).
Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge. The other bridges in the network are called "leaf nodes." The root bridge is not permanent, but can change with changes of the network topology.
Calculation process of the STP algorithm The spanning tree calculation process described in the following sections is a simplified process for example only. The STP algorithm uses the following calculation process: Initialize the state. Upon initialization of a device, each port generates a BPDU with the port as the designated port, the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge Select the root bridge.
Page 62
Table 9 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device compares the priority of the received configuration BPDU with that of the configuration BPDU generated by the port, and: • If the former priority is lower, the device discards the received configuration BPDU and keeps the configuration BPDU the port generated.
Page 63
Device Port name Configuration BPDU on the port Port A2 {0, 0, 0, Port A2} Port B1 {1, 0, 1, Port B1} Device B Port B2 {1, 0, 1, Port B2} Port C1 {2, 0, 2, Port C1} Device C Port C2 {2, 0, 2, Port C2} NOTE:...
Page 64
Configuration BPDU on Device Comparison process ports after comparison • Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}, finds that the received configuration BPDU is superior to its • existing configuration BPDU {2, 0, 2, Port C1}, and updates its Port C1: {0, 0, 0, Port configuration BPDU.
Page 65
Figure 14 The final calculated spanning tree Root bridge Root port Designated port Blocked port Normal link Blocked link The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded following these guidelines: • Upon network initiation, every device regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.
The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded. RSTP RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster than STP.
MSTP basic concepts Figure 15 shows a switched network that comprises four MST regions, each MST region comprising four MSTP devices. Figure 16 shows the networking topology of MST region 3. Figure 15 Basic concepts in MSTP VLAN 1 MSTI 1 VLAN 1 MSTI 1 VLAN 2...
Page 68
MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: • A spanning tree protocol enabled Same region name • Same VLAN-to-instance mapping configuration •...
Page 69
For example, in MST region 3 in Figure 16, the regional root of MSTI 1 is Device B, the regional root of MSTI 2 is Device C, and the regional root of MSTI 0 (also known as the IST) is Device A. Common root bridge The common root bridge is the root bridge of the CIST.
Boundary port—Connects an MST region to another MST region or to an STP/RSTP-running device. • In MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST. Port states In MSTP, a port can be in one of the following states: Forwarding—The port receives and sends BPDUs, obtains MAC addresses, and forwards user...
Between two MST regions, the packet is forwarded along the CST. • Implementation of MSTP on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol packets. In addition to basic MSTP functions, the following functions are provided for ease of management: Root bridge hold •...
STP configuration task list Task Remarks Required Setting the spanning tree mode Configure the device to operate in STP mode. Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Optional Configuring the network diameter of a switched network Optional Configuring the Configuring spanning tree timers...
Task Remarks Required Setting the spanning tree mode Configure the device to operate in RSTP mode. Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Optional Configuring the network diameter of a switched network Optional Configuring spanning tree timers Optional Configuring...
Page 74
Task Remarks Optional Setting the spanning tree mode By default, the device operates in MSTP mode. Configuring an MST region Required Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Optional Configuring the maximum hops of an MST region Optional Configuri Configuring the network diameter of a switched network...
Setting the spanning tree mode The spanning tree modes include: STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port • supports only STP. RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transitions •...
Step Command Remarks Optional. • instance instance-id vlan Configure the vlan-list Use either command. VLAN-to-instance • vlan-mapping modulo All VLANs in an MST region are mapped mapping table. modulo to the CIST (or MSTI 0) by default. Configure the MSTP Optional.
Configuring the current device as the root bridge of a specific spanning tree Step Command Remarks Enter system view. system-view • In STP/RSTP mode: Use one of the commands. stp root primary Configure the current device • In MSTP mode: By default, a device does not as the root bridge.
Step Command Remarks • In STP/RSTP mode: Use one of the commands. stp priority priority Configure the priority of The default setting is the current device. • In MSTP mode: 32768. stp [ instance instance-id ] priority priority Configuring the maximum hops of an MST region By setting the maximum hops of an MST region, you can restrict the region size.
Configuring spanning tree timers The following timers are used for spanning tree calculation: Forward delay • It is the delay time for port state transition. To prevent temporary loops on a network, the spanning tree sets an intermediate port state, the learning state, before it transitions from the discarding state to the forwarding state, and requires that the port transitions its state after a forward delay timer to make sure that the state transition of the local port keeps synchronized with the peer.
Step Command Remarks Enter system view. system-view Optional. Configure the forward stp timer forward-delay time The default setting is 15 delay timer. seconds. Optional. Configure the hello timer. stp timer hello time The default setting is 2 seconds. Optional. Configure the max age stp timer max-age time The default setting is 20 timer.
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface view or Layer 2 interface interface-type interface-number aggregate interface view . Configure the maximum rate stp transmit-limit limit 10 by default. of the ports. Configuring edge ports If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port.
Configuring path costs of ports Path cost is a parameter related to the rate of a port. On a spanning tree device, a port can have different path costs in different MSTIs. Setting appropriate path costs allows VLAN traffic flows to be forwarded along different physical links, achieving VLAN-based load balancing.
Step Command Remarks Enter Layer 2 Ethernet interface view or Layer 2 interface interface-type interface-number aggregate interface view. Use one of the commands. • In STP/RSTP mode: stp cost cost Configure the path cost of the By default, the system ports.
Configuring the port link type A point-to-point link directly connects two devices. If two root ports or designated ports are connected over a point-to-point link, they can rapidly transition to the forwarding state after a proposal-agreement handshake process. Configuration restrictions and guidelines You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that •...
MSTP provides MSTP packet format incompatibility guard. In MSTP mode, if a port is configured to recognize/send MSTP packets in a mode other than auto, and if it receives a packet in a format different from the specified type, the port becomes a designated port and remains in the discarding state to prevent the occurrence of a loop.
To enable the spanning tree feature: Step Command Remarks Enter system view. system-view Enable the spanning By default, the spanning tree stp enable tree feature globally. feature is disabled globally. Enter Layer 2 Ethernet interface view or interface interface-type interface-number Layer 2 aggregate interface view.
NOTE: An mCheck operation takes effect on a device that operates in MSTP or RSTP mode. Configuring Digest Snooping As defined in IEEE 802.1s, connected devices are in the same region only when their MST region-related configurations (region name, revision level, and VLAN-to-instance mappings) are identical. A spanning tree device identifies devices in the same MST region by determining the configuration ID in BPDU packets.
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view or Layer 2 interface-number aggregate interface view. Enable Digest Snooping on stp config-digest-snooping Disabled by default. the interface. Return to system view. quit Enable global Digest stp config-digest-snooping Disabled by default. Snooping.
[DeviceA] stp config-digest-snooping # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device B and enable global Digest Snooping on Device B. <DeviceB> system-view [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] stp config-digest-snooping Configuring No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: Proposal—Sent by designated ports to request rapid transition •...
Figure 20 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implementation might be limited. For example, when the upstream device uses a rapid transition mechanism similar to that of RSTP, and the downstream device adopts MSTP and does not operate in RSTP mode, the root port on the downstream device receives no agreement packet from the upstream device and sends no agreement packets to the upstream device.
No Agreement Check configuration example Network requirements As shown in Figure Device A connects to a third-party device that has a different spanning tree implementation. Both • devices are in the same region. • The third-party device (Device B) is the regional root bridge, and Device A is the downstream device.
In the network, the IRF fabric transparently transmits the received BPDUs and does not participate in spanning tree calculations. When a topology change occurs to the IRF fabric or user networks, the IRF fabric may need a long time to learn the correct MAC address table entries and ARP entries, resulting in long network disruption.
The spanning tree protocol provides the BPDU guard function to protect the system against such attacks. With the BPDU guard function enabled on the devices, when edge ports receive configuration BPDUs, the system closes these ports and notifies the NMS that these ports have been closed by the spanning tree protocol.
Enabling loop guard A device that keeps receiving BPDUs from the upstream device can maintain the state of the root port and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail to receive BPDUs from the upstream devices. The device will reselect the port roles: Those ports in forwarding state that failed to receive upstream BPDUs will become designated ports, and the blocked ports will transition to the forwarding state, resulting in loops in the switched network.
Step Command Remarks Optional. Enable the TC-BPDU guard function. stp tc-protection enable Enabled by default. Configure the maximum number of Optional. stp tc-protection threshold forwarding address entry flushes that the number 6 by default. device can perform every 10 seconds. NOTE: HP does not recommend you disable this feature.
Page 97
All devices on the network are in the same MST region. Device A and Device B work at the • distribution layer. Device C and Device D work at the access layer. Configure MSTP so that packets of different VLANs are forwarded along different spanning trees: •...
Page 98
# Specify the current device as the root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Enable the spanning tree feature globally. [DeviceA] stp enable Configure Device B: # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively, and configure the revision level of the MST region as 0.
Page 99
[DeviceD-mst-region] region-name example [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 3 vlan 30 [DeviceD-mst-region] instance 4 vlan 40 [DeviceD-mst-region] revision-level 0 # Activate MST region configuration. [DeviceD-mst-region] active region-configuration [DeviceD-mst-region] quit # Enable the spanning tree feature globally. [DeviceD] stp enable Verify the configurations: In this example, suppose that Device B has the lowest root bridge ID.
Page 100
GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ALTE DISCARDING NONE GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the output, you can draw the MSTI mapped to each VLAN, as shown in Figure Figure 24 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10...
Configuring BPDU tunneling Overview As a Layer 2 tunneling technology, BPDU tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific tunnels across a service provider network. Background Dedicated lines are used in a service provider network to build user-specific Layer 2 networks. As a result, a user network consists of parts located at different sides of the service provider network.
Figure 26 BPDU tunneling implementation The upper section of Figure 26 represents the service provider network (ISP network). The lower section, including User A network 1 and User A network 2, represents the customer networks. Enabling BPDU tunneling on edge devices (PE 1 and PE 2) in the service provider network allows BPDUs of User A network 1 and User A network 2 to be transparently transmitted through the service provider network.
Configuration restrictions and guidelines Settings made in Layer 2 Ethernet interface view or Layer 2 aggregate interface view take effect • only on the current port. Before you enable BPDU tunneling for DLDP, EOAM, GVRP, HGMP, LLDP, or STP on a port, disable •...
Step Command Remarks Enter system view. system-view Configure the destination Optional. bpdu-tunnel tunnel-dmac multicast MAC address for mac-address 0x010F-E200-0003 by default. BPDUs. NOTE: For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network. BPDU tunneling configuration examples BPDU tunneling for STP configuration example Network requirements...
[PE1] vlan 2 [PE1-vlan2] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port access vlan 2 # Disable STP on GigabitEthernet 1/0/1, and then enable BPDU tunneling for STP on it. [PE1-GigabitEthernet1/0/1] undo stp enable [PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q stp Configure PE 2: # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0.
Page 107
Configuration procedure Configure PE 1: # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure GigabitEthernet 1/0/1 as a trunk port and assign it to all VLANs. [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type trunk [PE1-GigabitEthernet1/0/1] port trunk permit vlan all # Disable STP on GigabitEthernet 1/0/1, and then enable BPDU tunneling for STP and PVST on...
Configuring VLANs Overview Ethernet is a network technology based on the CSMA/CD mechanism. Because the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, virtual LAN (VLAN) was introduced to break a LAN down into separate VLANs. VLANs are isolated from each other at Layer 2.
The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, Ethernet also supports other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw. The VLAN tag fields are added to frames encapsulated in these formats for VLAN identification. In the header of a traditional Ethernet data frame, the field after the destination MAC address and the source MAC address is the Type field, which indicates the upper layer protocol type, as shown in Figure...
IP subnet • • Policy Other criteria • This chapter covers port-based VLAN, MAC-based VLAN, protocol-based VLAN, and IP subnet-based VLAN. The port-based VLAN implementation is the basis of all other VLAN implementations. To use any other VLAN implementations, you must configure port-based VLAN settings. You can configure all these types of VLANs on a port at the same time.
Configuring basic settings of a VLAN interface You can use VLAN interfaces to provide Layer 3 communication between hosts of different VLANs. VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface. You can assign the VLAN interface an IP address and specify the IP address as the gateway address for the devices in the VLAN, so that traffic can be routed to other IP subnets.
Configure VLAN interfaces on Switch A and configure the PCs to enable Layer 3 communication between the PCs. Figure 32 Network diagram Configuration procedure Configure Switch A: # Create VLAN 5 and assign GigabitEthernet 1/0/1 to it. <SwitchA> system-view [SwitchA] vlan 5 [SwitchA-vlan5] port GigabitEthernet 1/0/1 # Create VLAN 10 and assign GigabitEthernet 1/0/2 to it.
Configuring port-based VLANs Introduction to port-based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid. The link types use the following VLAN tag handling methods: An access port belongs to only one VLAN and sends traffic untagged.
Actions (in the inbound direction) Actions (in the outbound Port type direction) Untagged frame Tagged frame • Receives the frame if its VLAN ID is the same as the PVID. Tags the frame with the Removes the VLAN tag and Access PVID tag.
Step Command Remarks Use any command. • The configuration made in Layer 2 Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet interface • The configuration made in Layer 2 view: aggregate interface view applies to the interface interface-type Enter Layer 2 Ethernet aggregate interface and its...
Step Command Remarks Use any command. • The configuration made in Layer 2 Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet interface • The configuration made in Layer 2 view: aggregate interface view applies to the interface interface-type Enter aggregate interface and its aggregation...
Step Command Remarks Use any command. • The configuration made in Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet interface • The configuration made in Layer 2 view: aggregate interface view applies to the interface interface-type aggregate interface and its aggregation interface-number Enter interface...
Page 118
Figure 33 Network diagram Configuration procedure Configure Device A: # Create VLAN 100, and assign port GigabitEthernet 1/0/1 to VLAN 100. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] port gigabitethernet 1/0/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign port GigabitEthernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port gigabitethernet 1/0/2 [DeviceA-vlan200] quit...
[DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not configured Description: VLAN 0200 Name: VLAN 0200 Tagged Ports: GigabitEthernet1/0/3 Untagged Ports: GigabitEthernet1/0/2 Configuring MAC-based VLANs Introduction to MAC-based VLAN The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is usually used in conjunction with security technologies such as 802.1X to provide secure, flexible network access for terminal devices.
Page 120
multiple MAC address-to-VLAN entries, and enable the MAC-based VLAN feature and dynamic MAC-based VLAN assignment on the port. Dynamic MAC-based VLAN assignment uses the following workflows. When the port receives a frame, the port first determines whether the frame is tagged. If yes, the port reports the source MAC address of the frame.
When a port is assigned to the corresponding VLAN in a MAC address-to-VLAN entry, but has not • been assigned to the VLAN by using the port hybrid vlan command, the port sends packets from the VLAN with VLAN tags removed. •...
Page 122
Step Command Remarks Enter system view. system-view mac-vlan mac-address Associate a specific MAC mac-address [ mask address with a VLAN. mac-mask ] vlan vlan-id [ priority priority ] Enter Layer 2 Ethernet interface interface-type interface view. interface-number Configure the link type of port link-type hybrid By default, all ports are access ports.
Page 123
Step Command Remarks By default, dynamic MAC-based VLAN assignment is disabled. When you use the mac-vlan trigger enable command to enable dynamic MAC-based VLAN assignment, HP recommends that you configure the vlan precedence mac-vlan command, Enable dynamic so that VLANs are assigned based on MAC-based VLAN mac-vlan trigger enable single MAC addresses preferentially.
MAC-based VLAN configuration example Network requirements As shown in Figure GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop • 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms. •...
[DeviceA-vlan200] quit # Associate the MAC address of Laptop 1 with VLAN 100, and associate the MAC address of Laptop 2 with VLAN 200. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 1/0/1. Configure GigabitEthernet 1/0/1 as a hybrid port that sends packets of VLANs 100 and 200 untagged, and enable the MAC-based VLAN feature on it.
The following MAC VLAN addresses exist: S:Static D:Dynamic MAC ADDR MASK VLAN ID PRIO STATE -------------------------------------------------------- 000d-88f8-4e71 ffff-ffff-ffff 0014-222c-aa69 ffff-ffff-ffff Total MAC VLAN address count:2 Configuration guidelines MAC-based VLAN can be configured only on hybrid ports. MAC-based VLAN is usually configured on the downlink ports of access layer devices, and cannot be configured together with the link aggregation function.
Step Command Remarks Enter system view. system-view If the specified VLAN does not exist, this Enter VLAN view. vlan vlan-id command creates the VLAN first. protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc Create a protocol | raw | snap } | mode { ethernetii template for the...
Page 128
Figure 36 Network diagram Configuration consideration Create VLANs 100 and 200. Associate VLAN 100 with IPv4, and associate VLAN 200 with IPv6. Configure protocol-based VLANs to isolate IPv4 traffic and IPv6 traffic at Layer 2. Configuration procedure Configure Device: # Create VLAN 100, and assign port GigabitEthernet 1/0/11 to VLAN 100. <Device>...
Page 129
[Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. # Associate port GigabitEthernet 1/0/1 with the IPv4 protocol template of VLAN 100 and the IPv6 protocol template of VLAN 200. [Device-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 100 1 [Device-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 200 1 [Device-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a hybrid port that forwards packets of VLANs 100 and 200 untagged, and associate GigabitEthernet 1/0/2 with the IPv4 protocol template of VLAN...
ipv6 Configuration guidelines Protocol-based VLAN configuration applies only to hybrid ports. Configuring IP subnet-based VLANs In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet.
Step Command Remarks Associate the hybrid port hybrid ip-subnet-vlan vlan ports with the specified Not configured by default. vlan-id IP subnet-based VLAN. IP subnet-based VLAN configuration example Network requirements As shown in Figure 37, the hosts in the office belong to different IP subnets 192.168.5.0/24 and 192.168.50.0/24.
Page 132
[DeviceC] vlan 200 [DeviceC-vlan200] ip-subnet-vlan ip 192.168.50.0 255.255.255.0 [DeviceC-vlan200] quit # Configure interface GigabitEthernet 1/0/1 1 to permit packets of VLAN 100 to pass through. [DeviceC] interface gigabitethernet 1/0/11 [DeviceC-GigabitEthernet1/0/11] port link-type hybrid [DeviceC-GigabitEthernet1/0/11] port hybrid vlan 100 tagged Please wait... Done. [DeviceC-GigabitEthernet1/0/11] quit # Configure interface GigabitEthernet 1/0/12 to permit packets of VLAN 200 to pass through.
Configuring an isolate-user-VLAN Overview An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, the following types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device. The following are the characteristics of the isolate-user-VLAN implementation: • Isolate-user-VLANs are mainly used for upstream data exchange. An isolate-user-VLAN can be associated with multiple secondary VLANs.
Configure the downlink ports, for example, the ports connecting Device B to hosts in Figure to operate in host mode, so that the downlink ports can be added to the isolate-user-VLAN associated with the secondary VLAN automatically. For more information about the promiscuous and host mode commands, see Layer 2—LAN Switching Command Reference.
Step Command Remarks Enter Layer 2 Ethernet or aggregate interface view: interface interface-type interface-number interface By default, a port does not operate Configure the uplink port for bridge-aggregation in promiscuous mode or host mode the isolate-user-VLAN. interface-number in a VLAN. Configure the port to operate in promiscuous mode in a specific VLAN:...
Isolate-user-VLAN configuration example Network requirements As shown in Figure Connect Device A to downstream devices Device B and Device C. • • Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port GigabitEthernet 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3. Assign GigabitEthernet 1/0/2 to VLAN 2 and GigabitEthernet 1/0/1 to VLAN 3.
Configuring a voice VLAN Overview A voice VLAN is configured for voice traffic. After assigning the ports that connect to voice devices to a voice VLAN, the system automatically configures quality of service (QoS) parameters for voice traffic, to improve the transmission priority of voice traffic and ensure voice quality. Common voice devices include IP phones and integrated access devices (IADs).
Page 141
suitable for scenarios where PCs and IP phones connected in series access the network through the device and ports on the device transmit both voice traffic and data traffic at the same time, as shown Figure 40. When the voice VLAN works normally, when the system reboots, the system reassigns ports in automatic voice VLAN assignment mode to the voice VLAN after the reboot, ensuring that existing voice connections can work normally.
Port link Voice VLAN Support for tagged Configuration requirements type assignment mode voice traffic The PVID of the port cannot be the voice VLAN. Manual Configure the port to permit packets of the voice VLAN to pass through. Automatic The PVID of the port cannot be the voice VLAN. The PVID of the port cannot be the voice VLAN.
large quantities of forged voice VLAN-tagged or untagged packets to consume the voice VLAN bandwidth, affecting normal voice communication. Security mode—Only voice packets whose source MAC addresses match the recognizable OUI • addresses can pass through the voice VLAN-enabled inbound port, but all other packets are dropped.
values, for voice traffic. Voice traffic carries its own QoS priority settings. You can configure the device either to modify or not to modify the QoS priority settings carried by incoming voice traffic. Configuration restrictions and guidelines Configure the QoS priority settings for voice traffic on an interface before you enable voice VLAN on the interface.
Configuration procedure To set a port to operate in automatic voice VLAN assignment mode: Step Command Remarks Enter system view. system-view Optional. By default, the aging time of a voice VLAN is 1440 minutes. Set the voice VLAN aging voice vlan aging minutes The voice VLAN aging time time.
To make voice VLAN take effect on a port that is enabled with voice VLAN and operates in manual • voice VLAN assignment mode, you must assign the port to the voice VLAN manually. Configuration procedure To set a port to operate in manual voice VLAN assignment mode: Step Command Remarks...
Voice VLAN configuration examples Automatic voice VLAN mode configuration example Network requirements As shown in Figure The MAC address of IP phone A is 001 1- 1 100-0001. The phone connects to a downstream device • named PC A whose MAC address is 0022- 1 100-0002 and to GigabitEthernet 1/0/1 on an upstream device named Device A.
Page 148
# Configure the allowed OUI addresses as MAC addresses prefixed by 001 1- 1 100-0000 or 001 1-2200-0000. In this way, Device A identifies packets whose MAC addresses match any of the configured OUI addresses as voice packets. [DeviceA] voice vlan mac-address 0011-1100-0001 mask ffff-ff00-0000 description IP phone [DeviceA] voice vlan mac-address 0011-2200-0001 mask ffff-ff00-0000 description IP phone # Configure GigabitEthernet 1/0/1 as a hybrid port.
Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure Create VLAN 2 and configure it as a voice VLAN that permits only voice traffic to pass through. • • The IP phones send untagged voice traffic. Configure GigabitEthernet 1/0/1 as a hybrid port. Configure GigabitEthernet 1/0/1 to operate in manual voice VLAN assignment mode.
Configuring GVRP The Generic Attribute Registration Protocol (GARP) provides a generic framework for devices in a switched LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes. GVRP uses the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for GVRP devices on the network.
Page 152
A GARP participant sends Join messages when it wishes to declare its attribute values or receives Join messages from other GARP participants. Join messages fall into JoinEmpty and JoinIn. A GARP participant sends JoinEmpty messages to declare attribute values that it has not registered. It sends JoinIn messages to declare attribute values that it has registered.
Page 153
On a GARP-enabled network, each port maintains its own Hold, Join, and Leave timers, but only • one LeaveAll timer is maintained on each device. This LeaveAll timer applies to all ports on the device. • The value ranges for the Hold, Join, Leave, and LeaveAll timers are dependent on one another. Table 19 for their dependencies.
Field Description Value • 0x00—LeaveAll event • 0x01—JoinEmpty event • 0x02—JoinIn event Attribute event Event that the attribute describes • 0x03—LeaveEmpty event • 0x04—LeaveIn event • 0x05—Empty event VLAN ID for GVRP If the value of the attribute event field is Attribute value Attribute value 0x00 (LeaveAll event), the attribute value...
GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes • effect on the current interface only. GVRP configuration made on a member port in an aggregation group takes effect only after the • port is removed from the aggregation group. Complete these tasks to configure GVRP: Task Remarks...
Step Command Remarks By default, a trunk port is assigned to VLAN 1 only. Assign the trunk ports to For more information about the port trunk permit vlan all all VLANs. port trunk permit vlan all command, see Layer 2—LAN Switching Command Reference.
Timer Lower limit Upper limit Leave Greater than twice the Join timer Less than the LeaveAll timer LeaveAll Greater than the Leave timer 32,765 centiseconds NOTE: To keep the dynamic VLANs learned through GVRP stable, do not set the LeaveAll timer smaller than its default value, 1000 centiseconds.
Page 158
Figure 46 Network diagram Configuration procedure Configure Device A: # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1.
# Display the local VLAN information that GVRP maintains on port GigabitEthernet 1/0/1 of Device B. [DeviceB] display gvrp local-vlan interface gigabitethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default),2-3 According to the output, information about VLAN 1, static VLAN information of VLAN 3 on the local device, and dynamic VLAN information of VLAN 2 on Device A are all registered through GVRP.
[DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1, and set the GVRP registration mode to fixed on the port. [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] gvrp registration fixed [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN). [DeviceB] vlan 3 [DeviceB-vlan3] quit Verify the configuration: Use the display gvrp local-vlan command to display the local VLAN information that GVRP...
Page 161
[DeviceA] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1, and set the GVRP registration mode to forbidden on the port.
Page 162
According to the output, information about VLAN 1 is registered through GVRP, but static VLAN information of VLAN 3 on the local device and dynamic VLAN information of VLAN 2 on Device A are not.
Configuring QinQ Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network; and service provider network VLANs (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.
Figure 49 Typical QinQ application scenario As shown in Figure 49, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20. The service provider assigns SVLAN 3 for customer network A, and assigns SVLAN 4 for customer network B.
Figure 50 Single-tagged Ethernet frame header and double-tagged Ethernet frame header On the other devices in the network, the interfaces may be configured with the MTU of 1500 bytes. The size of an outer VLAN tag is 4 bytes. HP recommends that you increase the MTU of each interface on the service provider network to at least 1504 bytes.
The device determines whether a received frame carries an SVLAN or CVLAN tag by checking the TPID value. For example, if a frame carries an SVLAN tag with TPID value 0x9100 and a CVLAN tag with TPID value 0x8100 and the configured TPID value of the SVLAN tag is 0x9100 and that of the CVLAN tag is 0x8200, the device considers that the frame carries only the SVLAN tag but not the CVLAN tag.
On a port with basic QinQ enabled, you must configure the port to allow packets from its PVID to • pass through. On a port with selective QinQ enabled, you must configure the port to allow packets from the outer VLANs of QinQ packets to pass through. Complete the follows tasks to configure QinQ: Task Remarks...
Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface view or Layer 2 interface interface-type interface-number aggregate interface view. Configure the link type of port link-type { hybrid | trunk } the ports. • When the ports are hybrid ports: port hybrid vlan vlan-id-list { tagged | Configure the ports to allow untagged }...
Step Command Remarks Return to system view. quit Create a QoS policy and qos policy policy-name enter QoS policy view. Associate the traffic class with classifier classifier-name behavior the traffic behavior defined behavior-name earlier. Return to system view. quit Enter Layer 2 Ethernet interface interface-type interface-number interface view.
Step Command Remarks • Mark the 802.1p priorities in outer VLAN tags: Configure a marking action remark dot1p 8021p and an inner-to-outer tag Use either command. • Copy the inner 802.1p priorities to priority copying action. outer 802.1p priorities: remark dot1p customer-dot1p-trust Return to system view.
Step Command Remarks Create a traffic behavior and enter traffic behavior behavior-name traffic behavior view. Configure the action of marking the remark customer-vlan-id vlan-id inner VLAN IDs. Return to system view. quit Create a QoS policy and enter QoS qos policy policy-name policy view.
QinQ configuration examples Basic QinQ configuration example Network requirements As shown in Figure The two branches of Company A, Site 1 and Site 2, are connected through the service provider • network and use CVLANs 10 through 70. The two branches of Company B, Site 3 and Site 4, are connected through the service provider network and use CVLANs 30 through 90.
Page 173
[PE1-GigabitEthernet1/0/1] port trunk permit vlan 100 # Configure VLAN 100 as the PVID for the port. [PE1-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Enable basic QinQ on the port. [PE1-GigabitEthernet1/0/1] qinq enable [PE1-GigabitEthernet1/0/1] quit Configure GigabitEthernet 1/0/2: # Configure GigabitEthernet 1/0/2 as a trunk port and assign it to VLAN 100 and VLAN 200. [PE1] interface gigabitethernet 1/0/2 [PE1-GigabitEthernet1/0/2] port link-type trunk [PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 200...
Configure GigabitEthernet 1/0/3: # Configure GigabitEthernet 1/0/3 as a trunk port and assign it to VLAN 100. [PE2] interface gigabitethernet 1/0/3 [PE2-GigabitEthernet1/0/3] port link-type trunk [PE2-GigabitEthernet1/0/3] port trunk permit vlan 100 # Configure VLAN 100 as the PVID for the port. [PE2-GigabitEthernet1/0/3] port trunk pvid vlan 100 # Enable basic QinQ on the port.
# Configure GigabitEthernet 1/0/1 as a trunk port and assign it to VLANs 10 through 50. <PE1> system-view [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type trunk [PE1-GigabitEthernet1/0/1] port trunk permit vlan 10 to 50 # Enable basic QinQ on the port. [PE1-GigabitEthernet1/0/1] qinq enable # Configure the port to transparently transmit frames from VLANs 10 through 50.
Page 176
The two branches of a company, Site 1 and Site 2, are connected through the service provider • network and use CVLAN 10 and CVLAN 20 to transmit voice traffic and data traffic separately. PE 1 and PE 2 are edge devices on the service provider network and are connected through •...
Page 177
[PE1-behavior-P100] quit # Create class A20 and configure the class to match frames with CVLAN 20. Create traffic behavior P200 and add the action of inserting outer VLAN tag 200. [PE1] traffic classifier A20 [PE1-classifier-A20] if-match customer-vlan-id 20 [PE1-classifier-A20] quit [PE1] traffic behavior P200 [PE1-behavior-P200] nest top-most vlan-id 200 [PE1-behavior-P200] quit...
[PE2] traffic classifier A20 [PE2-classifier-A20] if-match customer-vlan-id 20 [PE2-classifier-A20] quit [PE2] traffic behavior P200 [PE2-behavior-P200] nest top-most vlan-id 200 [PE2-behavior-P200] quit # Create a QoS policy named qinq, associate traffic class A10 with traffic behavior P100, and associate traffic class A20 with traffic behavior P200. [PE2] qos policy qinq [PE2-qospolicy-qinq] classifier A10 behavior P100 [PE2-qospolicy-qinq] classifier A20 behavior P200...
Page 179
Figure 55 Network diagram Configuration procedure IMPORTANT: Be sure that you have configured the switches in the service provider network to allow QinQ packets to pass through. Configure PE 1: Configure GigabitEthernet 1/0/1: # Configure GigabitEthernet 1/0/1 as a hybrid port to permit frames of VLAN 100 and VLAN 200 to pass through untagged.
Page 180
[PE1-behavior-P200] nest top-most vlan-id 200 [PE1-behavior-P200] quit # Create a QoS policy named qinq, associate traffic class A10 with traffic behavior P100, and associate traffic class A20 with traffic behavior P200. [PE1] qos policy qinq [PE1-qospolicy-qinq] classifier A10 behavior P100 [PE1-qospolicy-qinq] classifier A20 behavior P200 [PE1-qospolicy-qinq] quit # Enable basic QinQ on the port.
Page 181
# Set the TPID value in the outer tag to 0x8200. [PE1-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200 [PE1-GigabitEthernet1/0/2] quit Configure PE 2: Configure GigabitEthernet 1/0/1: # Configure GigabitEthernet 1/0/1 as a hybrid port to permit frames of VLAN 100 and VLAN 200 to pass through untagged.
Page 182
[PE2-classifier-A100] if-match customer-vlan-id 30 [PE2-classifier-A100] if-match service-vlan-id 100 [PE2-classifier-A100] quit # Configure traffic behavior T100 to mark matching packets with CVLAN 10. [PE2] traffic behavior T100 [PE2-behavior-T100] remark customer-vlan-id 10 [PE2-behavior-T100] quit # Create class A200 and configure the class to match frames with CVLAN 40 and SVLAN 200.
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP provides the following types of VLAN mapping: One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN • mapping to sub-classify traffic from a particular VLAN for granular QoS control. One-to-two VLAN mapping—Tags single-tagged packets with an outer VLAN tag.
Figure 56 Application scenario of one-to-one VLAN mapping To further sub-classify each type of traffic by customer, perform one-to-one VLAN mapping on the wiring-closet switches, and assign a separate VLAN for each type of traffic from each customer. Application scenario of one-to-two and two-to-two VLAN mapping Figure 57 shows a typical application scenario in which two remote sites of VPN A, Site 1 and Site 2,...
Figure 57 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively. The VLAN assigned for VPN A is VLAN 10 in the SP 1 network and VLAN 20 in the SP 2 network. If Site 1 sends a packet to Site 2, the packet is processed on the way to its destination using the following workflow: When the packet tagged with VLAN 2 arrives at the edge of network SP 1, PE 1 tags the packet...
Uplink traffic—Traffic transmitted from the customer network to the service provider network. • • Downlink traffic—Traffic transmitted from the service provider network to the customer network. Network-side port—A port connected to or closer to the service provider network. • Customer-side port—A port connected to or closer to the customer network. •...
Figure 60 One-to-two VLAN mapping Two-to-two VLAN mapping Implement two-to-two VLAN mapping through the following configurations, as shown in Figure For uplink traffic, apply an inbound policy on the customer-side port to replace the SVLAN with a • new SVLAN, and apply an outbound policy on the network-side port to replace the CVLAN with a new CVLAN.
Task Switch role Configuring two-to-two VLAN mapping Edge switch between SP networks Configuring one-to-one VLAN mapping Perform one-to-one VLAN mapping on wiring-closet switches (see Figure 56) to isolate traffic by both user and traffic type. Perform these tasks to configure one-to-one VLAN mapping: Task Description Configuring an uplink policy...
Step Command Remarks Enter system view. system-view Create a class and enter class traffic classifier tcl-name [ operator view. { and | or } ] Repeat these steps to configure one Configure an SVLAN as the if-match service-vlan-id vlan-id class for each SVLAN. match criterion.
Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number • Configure the port as a trunk port: Use one of the commands.
Step Command Remarks Enter system view. system-view Create a class and enter class traffic classifier tcl-name [ operator view. or ] Configure CVLAN match if-match customer-vlan-id { vlan-list criteria. | vlan-id1 to vlan-id2 } Return to system view. quit Create a traffic behavior and traffic behavior behavior-name enter traffic behavior view.
Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number • Configure the port as a trunk port: Use one of the commands.
Task Description Required Configuring the network-side port Configure VLAN and other settings required for two-to-two VLAN mapping. Configuring an uplink policy for the customer-side port The uplink policy on the customer-side port modifies the SVLAN ID of incoming traffic. To configure an uplink policy for the customer-side port: Step Command Remarks...
Step Command Remarks Create a class and enter class traffic classifier tcl-name view. [ operator and ] Specify a foreign CVLAN as a Repeat these steps to create if-match customer-vlan-id vlan-id match criterion. one class for each local SVLAN and foreign CVLAN pair. Specify a local SVLAN as a match if-match service-vlan-id vlan-id criterion.
Step Command Remarks Create a QoS policy and enter qos policy policy-name QoS policy view. Associate the class with the classifier tcl-name behavior Repeat this step to create other behavior. behavior-name class-behavior associations. NOTE: If the uplink policy only replaces the CVLAN tags, skip the step of SVLAN marking. •...
Step Command Remarks • Configure the port as a trunk port: Use one of the commands. port link-type trunk Configure the link type of the The default link type of an Ethernet port. • Configure the port as a hybrid port is access.
Page 197
Figure 62 Network diagram Configuration procedure Configure Switch A: # Create the CVLANs and the SVLANs. <SwitchA> system-view [SwitchA] vlan 2 to 3 [SwitchA] vlan 101 to 102 [SwitchA] vlan 201 to 202 [SwitchA] vlan 301 to 302 # Configure uplink policies p1 and p2 to enable one SVLAN to transmit one service for one customer.
[SwitchA-behavior-b33] quit [SwitchA] qos policy p11 [SwitchA-policy-p11] classifier c11 behavior b11 [SwitchA-policy-p11] classifier c22 behavior b22 [SwitchA-policy-p11] classifier c33 behavior b33 [SwitchA-policy-p11] quit [SwitchA] qos policy p22 [SwitchA-policy-p22] classifier c44 behavior b11 [SwitchA-policy-p22] classifier c55 behavior b22 [SwitchA-policy-p22] classifier c66 behavior b33 [SwitchA-policy-p22] quit # Assign customer-side port GigabitEthernet 1/0/1 to CVLANs 1 to 3, and SVLANs 101, 201, and 301, and enable basic QinQ, and apply uplink policy p1 to the incoming traffic and...
Page 200
Figure 63 Network diagram PE 1 PE 2 PE 3 PE 4 GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/2 GE1/0/2 GE1/0/1 VLAN 10, 100 VLAN 10, 100 VLAN 10, 200 VLAN 30, 200 GE1/0/1 GE1/0/2 SP 1 SP 2 VLAN 10, 100 VLAN 30, 200 VLAN 10 VLAN 30 CE a1...
Page 201
# Configure port GigabitEthernet 1/0/2 as a trunk port, and assign it to VLAN 100. [PE2] interface gigabitethernet 1/0/2 [PE2-GigabitEthernet1/0/2] port link-type trunk [PE2-GigabitEthernet1/0/2] port trunk permit vlan 100 Configure PE 3: # Configure an uplink policy down_uplink for customer-side port GigabitEthernet 1/0/1 to substitute SVLAN ID 200 for the SVLAN ID in the incoming traffic tagged with CVLAN 10 and SVLAN 100.
Page 202
[PE3-GigabitEthernet1/0/1] port link-type trunk [PE3-GigabitEthernet1/0/1] port trunk permit vlan 200 [PE3-GigabitEthernet1/0/1] qos apply policy down_uplink inbound [PE3-GigabitEthernet1/0/1] qos apply policy down_downlink outbound [PE3-GigabitEthernet1/0/1] quit # Set network-side port GigabitEthernet 1/0/2 as a trunk port, assign it to VLAN 200, and apply uplink policy up_uplink to the outgoing traffic on the port.
Configuring LLDP Overview Background In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The IETF drafted the Link Layer Discovery Protocol (LLDP) in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 204
Field Description MAC address of the sending port. If the port does not have a MAC address, Source MAC address the MAC address of the sending bridge is used. Type Ethernet type for the upper layer protocol. It is 0x88CC for LLDP. Data LLDPDU.
Page 205
TLVs TLVs are type, length, and value sequences that carry information elements. The type field identifies the type of information, the length field measures the length of the information field in octets, and the value field contains the information itself. LLDPDU TLVs fall into the following categories: Basic management TLVs •...
Page 206
Type Description Indicates protocols supported on the port. An LLDPDU can carry multiple Protocol Identity different TLVs of this type. NOTE: HP devices support only receiving protocol identity TLVs. IEEE 802.3 organizationally specific TLVs Table 25 IEEE 802.3 organizationally specific TLVs Type Description Contains the bit-rate and duplex capabilities of the sending port, support for...
Type Description Hardware Revision Allows a terminal device to advertise its hardware version. Firmware Revision Allows a terminal device to advertise its firmware version. Software Revision Allows a terminal device to advertise its software version. Serial Number Allows a terminal device to advertise its serial number. Manufacturer Name Allows a terminal device to advertise its vendor name.
Receiving LLDPDUs An LLDP-enabled port that is operating in TxRx mode or Rx mode checks the validity of TLVs carried in every received LLDPDU. If valid, the information is saved and an aging timer is set for it based on the time to live (TTL) value in the Time to Live TLV carried in the LLDPDU.
Step Command Remarks Optional. Enable LLDP. lldp enable By default, LLDP is enabled on a port. Setting the LLDP operating mode LLDP can operate in one of the following modes. • TxRx mode—A port in this mode sends and receives LLDPDUs. Tx mode—A port in this mode only sends LLDPDUs.
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface-number interface view. Enable LLDP polling and lldp check-change-interval interval Disabled by default. set the polling interval. Configuring the advertisable TLVs To configure the advertisable LLDPDU TLVs on the specified port or ports: Step Command Remarks...
Step Command Remarks Optional. By default, the management address is Allow LLDP to advertise sent through LLDPDUs. the management The management address is the main lldp management-address-tlv address in LLDPDUs and IP address of the lowest-ID VLAN [ ip-address ] configure the advertised carried on the port.
Step Command Remarks Set the number of LLDPDUs Optional. sent each time fast LLDPDU lldp fast-count count 3 by default. transmission is triggered. Setting an encapsulation format for LLDPDUs LLDPDUs can be encapsulated in the following formats: Ethernet II or SNAP frames. With Ethernet II encapsulation configured, an LLDP port sends LLDPDUs in Ethernet II frames and •...
Globally enable LLDP. • • Enable LLDP on the port connecting to an IP phone and configure the port to operate in TxRx mode. Configuration procedure CAUTION: The maximum TTL value that CDP allows is 255 seconds. To make CDP-compatible LLDP work properly with Cisco IP phones, be sure that the product of the TTL multiplier and the LLDPDU transmit interval is less than 255 seconds.
Figure 67 Voice VLAN advertisement through LLDP With the received voice VLAN information, the IP phone automatically completes the voice VLAN configuration, including the voice VLAN ID, tagging status, and priority. This voice VLAN can be the voice VLAN directly specified for LLDP advertisement, the voice VLAN configured on the port, or the voice VLAN assigned by a server, depending on your configuration.
After the IP phone passes authentication, LLDP advertises the server-assigned VLAN in the Network Policy TLV to the IP phone. The IP phone will send its traffic tagged with the assigned VLAN. Configuring LLDP trapping LLDP trapping notifies the network management system (NMS) of events such as newly-detected neighboring devices and link malfunctions.
LLDP configuration examples Basic LLDP configuration example Network requirements As shown in Figure 68, the NMS and Switch A are located in the same Ethernet. An MED device and Switch B are connected to GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A. Enable LLDP on the ports of Switch A and Switch B to monitor the link between Switch A and Switch B and the link between Switch A and the MED device on the NMS.
Page 217
Verify the configuration: # Display the global LLDP status and port LLDP status on Switch A. [SwitchA] display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 2 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days,0 hours,4 minutes,40 seconds Transmit interval : 30s Hold multiplier...
Hold multiplier Reinit delay : 2s Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [GigabitEthernet1/0/1]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV...
Page 219
Configuration procedure Configure a voice VLAN on Switch A: # Create VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] quit # Set the link type of GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to trunk and enable voice VLAN on them. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type trunk [SwitchA-GigabitEthernet1/0/1] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/1] quit...
Page 220
Port ID : Port 1 Sofrware version : P0030301MFG2 Platform : Cisco IP Phone 7960 Duplex : Full As the sample output shows, Switch A has discovered the IP phones connected to GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2, and has obtained their LLDP device information.
Configuring a service loopback group Overview To increase traffic redirecting throughput, you can bundle multiple Ethernet ports of a device together to increase bandwidth and implement load sharing. These ports that act as a logical link form a service loopback group. A service loopback group must contain at least one Ethernet port as its member port, called a service loopback port.
Figure 70 Setting the state of each member port in a service loopback group NOTE: Every time a new port is assigned to a service loopback group, the system resets the state of the member ports in the service loopback group according to the process described previously. Configuration restrictions and guidelines •...
Step Command Remarks By default, a port does not belong to any Assign the Ethernet service loopback group. interface to the port service-loopback group You can configure this command on specified service number different ports to assign multiple ports to a loopback group.
Page 224
[DeviceA-GigabitEthernet1/0/3] undo lldp enable [DeviceA-GigabitEthernet1/0/3] undo ndp enable [DeviceA-GigabitEthernet1/0/3] port service-loopback group 1 [DeviceA-GigabitEthernet1/0/3] quit # Create logical interface Tunnel 1 and reference service loopback group 1 on Tunnel 1. [DeviceA] interface tunnel 1 [DeviceA-Tunnel1] service-loopback-group 1...
Configuring Layer 2 forwarding Configuring cut-through forwarding A cut-through forwarding-enabled device forwards a frame after it receives the first 64 bytes of the frame, thus improving forwarding performance. Cut-through forwarding does not affect cyclic redundancy code (CRC) checks, and thus CRC-error frames will not be forwarded.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers • • Technical support registration number (if applicable) Product serial numbers •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 228
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Index A B C D E G I L M O P Q R S T V Configuring link change suppression on an Ethernet interface,5 Assigning a port to the isolation group,48 Configuring LLDP to advertise a specific voice VLAN,204 Configuring LLDP trapping,206 BPDU tunneling configuration...
Page 230
Configuring the network diameter of a switched GVRP configuration examples,148 network,69 GVRP configuration task list,145 Configuring the port link type,76 Configuring the port priority,75 Isolate-user-VLAN configuration example,128 Configuring the root bridge or a secondary root bridge,67 Configuring the timeout factor,71 LLDP configuration examples,207 Configuring the TPID value in VLAN...
Page 231
Setting the spanning tree mode,66 Testing the cable connection of an Ethernet interface,1 1 Setting the statistics polling interval,8 Shutting down an Ethernet interface,3 Spanning tree configuration task list,62 VLAN mapping configuration examples,187 STP,50 VLAN mapping configuration tasks,178 Voice VLAN configuration examples,138...