manualshive.com logo in svg

H3C SR8800 IM-FW-II, Configuration Manual, Page: 24 / 159

Share
Download
H3C SR8800 IM-FW-II Configuration Manual Download Page 24

14 

MAC-based VLAN on the router, you must configure the MAC address-to-VLAN entries on the access 

authentication server. 
When a user passes authentication of the access authentication server, the router obtains VLAN 

information from the server, generates a MAC address-to-VLAN entry by using the source MAC address 

of the user packet and the VLAN information, and assigns the port to the MAC-based VLAN. When the 

user goes offline, the router automatically deletes the MAC address-to-VLAN entry, and removes the port 
from the MAC-based VLAN. 

 

 

NOTE: 

For more information about access authentication, see 

Security Configuration Guide. 

 

Configuring a MAC-based VLAN 

 

 

NOTE: 

 

The router supports MAC-based VLAN only when its system working mode is SPC. 

 

MAC-based VLANs are available only on hybrid ports. 

 

Because MAC-based dynamic port assignment is mainly configured on the downlink ports of user 
access devices, do not enable this function together with link aggregation. 

 

To configure static MAC-based VLAN assignment: 

 

Step Command 

Remarks 

1.

 

Enter system view. 

system-view 

N/A 

2.

 

Associate MAC addresses with a 

VLAN. 

mac-vlan mac-address

 

mac-address 

vlan 

vlan-id

 

[

 priority 

priority

 ] 

N/A 

3.

 

Enter Ethernet interface view or 

port group view. 

 

Enter Ethernet interface view

interface

 

interface-type 

interface-number

 

 

Enter port group view

port-group manual 

port-group-name

 

Use either command. 

4.

 

Configure the link type of the 

port(s) as hybrid. 

port link-type

 

hybrid 

N/A 

5.

 

Configure the current hybrid 
port(s) to permit packets of 

specific MAC-based VLANs to 

pass through. 

port hybrid

 

vlan

 

vlan-id-list 

tagged

 

untagged

 }

 

By default, a hybrid port only 
permits the packets of VLAN 1 

to pass through.  

6.

 

Enable the MAC-based VLAN 

feature. 

mac-vlan enable 

By default, the MAC-based 
VLAN feature is disabled. 

 

To configure dynamic MAC-based VLAN: 

 

Step Command 

Remarks 

1.

 

Enter system view. 

system-view 

N/A 

Summary of Contents for SR8800 IM-FW-II

Page 1: ...H3C SR8800 10G Core Routers Layer 2 LAN Switching Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Software version SR8800 CMW520 R3347 Document version 6W103 20120224 ...

Page 2: ...mware Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of ...

Page 3: ...the H3C SR8800 documentation set Obtaining documentation Technical support Documentation feedback Audience This documentation is intended for Network planners Field technical support and servicing engineers Network administrators working with the SR8800 series Conventions This section describes the conventions used in this documentation set Command conventions Convention Description Boldface Bold ...

Page 4: ...at calls attention to important information that if not understood or followed can result in data loss data corruption or damage to hardware or software IMPORTANT An alert that calls attention to essential information NOTE An alert that contains additional or supplementary information TIP An alert that provides helpful information Network topology icons Represents a generic network device such as ...

Page 5: ...views and specifications Software configuration Configuration guides Describe software features and configuration procedures Command references Provide a quick reference to all available commands Operations and maintenance Release notes Provide information about the product release including the version history hardware and software compatibility matrix version upgrade information technical suppor...

Page 6: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments ...

Page 7: ... Displaying and maintaining VLANs 18 MAC address table configuration 19 Overview 19 How a MAC address table entry is created 19 Types of MAC address table entries 20 MAC address table based frame forwarding 20 Configuring the MAC address table 20 Configuring MAC address table entries 20 Disabling MAC address learning 21 Configuring the aging timer for dynamic MAC address entries 22 Configuring the...

Page 8: ...ing criteria for link aggregation groups 74 Ethernet link aggregation configuration task list 74 Configuring an aggregation group 74 Configuration guidelines 74 Configuring a static aggregation group 75 Configuring a dynamic aggregation group 77 Configuring an aggregate interface 79 Configuring the description of an aggregate interface or subinterface 79 Configuring the MTU of a Layer 3 aggregate ...

Page 9: ...iguration task list 111 Configuring GVRP functions 111 Configuring GARP timers 112 Displaying and maintaining GVRP 113 GVRP configuration examples 114 GVRP normal registration mode configuration example 114 GVRP fixed registration mode configuration example 115 GVRP forbidden registration mode configuration example 117 Configuring VLAN termination 119 Overview 119 Introduction to VLAN termination ...

Page 10: ...e initialization delay 139 Enable LLDP polling 139 Configuring the advertisable TLVs 140 Configuring the management address and its encoding format 140 Setting other LLDP parameters 141 Configuring the encapsulation format for LLDPDUs 142 Configuring CDP compatibility 143 Configuration prerequisites 143 Configuring CDP compatibility 143 Configuring LLDP trapping 143 Displaying and maintaining LLDP...

Page 11: ...cate directly In this way broadcast packets are confined to a single VLAN as illustrated in the following figure Figure 1 A VLAN diagram A VLAN can span across physical spaces The hosts that reside in different network segments may belong to the same VLAN users in a VLAN can be connected to the same switch or span across multiple switches or routers VLAN technology has the following advantages Bro...

Page 12: ...e tag protocol identifier TPID field the Priority field the canonical format indicator CFI field and the VLAN ID field The 16 bit TPID field with a value of 0x8100 indicates that the frame is VLAN tagged The Priority field three bits in length indicates the 802 1p priority of a packet For more information about packet priority see ACL and QoS Configuration Guide The CFI field one bit in length spe...

Page 13: ...l and Metropolitan Area Networks Virtual Bridged Local Area Networks Configuring basic VLAN settings To configure basic VLAN settings Step Command Remarks 1 Enter system view system view N A 2 Create VLANs vlan vlan id1 to vlan id2 all Optional Use this command to create VLANs in bulk 3 Enter VLAN view vlan vlan id By default only the default VLAN that is VLAN 1 exists in the system If the specifi...

Page 14: ...e view if the VLAN interface already exists 3 Configure an IP address for the VLAN interface ip address ip address mask mask length sub Optional Not configured by default 4 Specify the description of the VLAN interface description text Optional By default VLAN interface name is used For example Vlan interface1 Interface 5 Set the MTU for the VLAN interface mtu size Optional By default the MTU is 1...

Page 15: ...2 to it RouterA vlan5 vlan 10 RouterA vlan10 port gigabitethernet 3 1 2 RouterA vlan10 quit Create VLAN interface 5 and configure its IP address as 192 168 0 10 24 RouterA interface vlan interface 5 RouterA Vlan interface5 ip address 192 168 0 10 24 RouterA Vlan interface5 quit Create VLAN interface 10 and configure its IP address as 192 168 1 20 24 RouterA interface vlan interface 10 RouterA Vlan...

Page 16: ...s that connect the PCs as access ports A trunk port can carry multiple VLANs to receive and send traffic for them Except traffic of the port VLAN PVID traffic sent through a trunk port will be VLAN tagged Usually ports connecting network devices are configured as trunk ports As shown in Figure 5 because Device A and Device B need to transmit packets of VLAN 2 and VLAN 3 you need to configure the p...

Page 17: ...VID of the port changes to VLAN 1 The removal of a VLAN specified as the PVID of a trunk or hybrid port however does not affect the setting of the PVID on the port NOTE It is recommended that you set the same PVID for the local and remote ports Make sure that a port is assigned to its PVID Otherwise when receiving frames tagged with the PVID or untagged frames including protocol packets such as MS...

Page 18: ...h the VLAN tag removed or intact depending on your configuration with the port hybrid vlan command This is true of the PVID Assigning an access port to a VLAN You can assign an access port to a VLAN in VLAN view interface view including Ethernet interface view Layer 2 aggregate interface view and Layer 2 VE interface view or port group view To assign one or multiple access ports to a VLAN in VLAN ...

Page 19: ...s Optional The link type of a port is access by default 4 Assign the current access port s to a VLAN port access vlan vlan id Optional By default all access ports belong to VLAN 1 NOTE Before assigning an access port to a VLAN create the VLAN first In VLAN view you can assign only Layer 2 Ethernet interfaces to the current VLAN Assigning a trunk port to a VLAN A trunk port can carry multiple VLANs...

Page 20: ... VLAN 1 5 Configure the PVID of the trunk port s port trunk pvid vlan vlan id Optional By default the PVID is VLAN 1 NOTE To change the link type of a port from trunk to hybrid or vice versa you must set the link type to access first After configuring the PVID for a trunk port you must use the port trunk permit vlan command to configure the trunk port to allow packets from the PVID to pass through...

Page 21: ...r vice versa you must set the link type to access first Before assigning a hybrid port to a VLAN create the VLAN first After configuring the PVID for a hybrid port you must use the port hybrid vlan command to configure the hybrid port to allow packets from the PVID to pass through so that the egress port can forward packets from the PVID Port based VLAN configuration example Network requirements A...

Page 22: ...DeviceA GigabitEthernet3 1 3 port trunk permit vlan 100 200 Please wait Done 2 Configure Device B Configure Device B as you configure Device A 3 Configure hosts Configure Host A and Host C to be on the same network segment 192 168 100 0 24 for example Configure Host B and Host D to be on the same network segment 192 168 200 0 24 for example Verifying the configurations 1 Host A and Host C can ping...

Page 23: ...he MAC address to VLAN map based on the source MAC address of the frame for a match The device first performs a fuzzy match In the fuzzy match the device searches the MAC address to VLAN entries whose masks are not all Fs and performs a logical AND operation on the source MAC address and each mask If the result of an AND operation matches the corresponding MAC address the device tags the frame wit...

Page 24: ...is mainly configured on the downlink ports of user access devices do not enable this function together with link aggregation To configure static MAC based VLAN assignment Step Command Remarks 1 Enter system view system view N A 2 Associate MAC addresses with a VLAN mac vlan mac address mac address vlan vlan id priority priority N A 3 Enter Ethernet interface view or port group view Enter Ethernet ...

Page 25: ...ature is disabled 6 Configure 802 1X MAC portal authentication or any combination For more information see Security Command Reference N A MAC based VLAN configuration example NOTE The router supports MAC based VLAN only when its system working mode is SPC MAC based VLANs are available only on hybrid ports Network requirements As shown in Figure 7 GigabitEthernet 3 1 1 of Device A and Device C are ...

Page 26: ... VLANs 100 and 200 DeviceA system view DeviceA vlan 100 DeviceA vlan100 quit DeviceA vlan 200 DeviceA vlan200 quit Associate the MAC address of Laptop 1 with VLAN 100 and the MAC address of Laptop 2 with VLAN 200 DeviceA mac vlan mac address 000d 88f8 4e71 vlan 100 DeviceA mac vlan mac address 0014 222c aa69 vlan 200 Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 3 1...

Page 27: ...Ethernet 3 1 4 as trunk ports and assign them to VLANs 100 and 200 DeviceB interface GigabitEthernet 3 1 3 DeviceB GigabitEthernet3 1 3 port link type trunk DeviceB GigabitEthernet3 1 3 port trunk permit vlan 100 200 DeviceB GigabitEthernet3 1 3 quit DeviceB interface GigabitEthernet 3 1 4 DeviceB GigabitEthernet3 1 4 port link type trunk DeviceB GigabitEthernet3 1 4 port trunk permit vlan 100 200...

Page 28: ...rface vlan interface id brief begin exclude include regular expression Available in any view Display hybrid ports or trunk ports on the router display port hybrid trunk begin exclude include regular expression Available in any view Display MAC address to VLAN entries display mac vlan all dynamic mac address mac address mask mac mask static vlan vlan id begin exclude include regular expression Avai...

Page 29: ... Dynamically learning MAC address entries Usually a router can populate its MAC address table automatically by learning the source MAC addresses of incoming frames on each port When a frame arrives at a port Port A for example the router performs the following tasks 1 Checks the source MAC address MAC SOURCE for example of the frame 2 Looks up the source MAC address in the MAC address table If an ...

Page 30: ...iltering out frames with specific source or destination MAC addresses For example to block all packets destined for a specific user for security concerns you can configure the MAC address of this user as a destination blackhole MAC address entry NOTE A static or blackhole MAC address entry can overwrite a dynamic MAC address entry but not vice versa MAC address table based frame forwarding When fo...

Page 31: ...rface view Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number N A 3 Add or modify a MAC address entry mac address dynamic static mac address vlan vlan id Make sure that you have created the VLAN and assign the interface to the VLAN Disabling MAC address learning You may need to disable MAC address learning sometimes to prevent ...

Page 32: ...an vlan id N A 3 Disable MAC address learning on the VLAN mac address mac learning disable By default MAC address learning is enabled Configuring the aging timer for dynamic MAC address entries The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient use of table space If a dynamic MAC address entry has failed to update before the aging timer expires the...

Page 33: ...w system view N A 2 Enter interface view or port group view Enter Layer 2 Ethernet interface view Layer 2 VE interface view or Layer 2 aggregate interface view interface interface type interface number Enter port group view port group manual port group name Use either command The configuration you make in Layer 2 Ethernet interface view Layer 2 VE interface view or Layer 2 aggregate interface view...

Page 34: ... address aging time begin exclude include regular expression Available in any view Display the system or interface MAC address learning state display mac address mac learning interface type interface number begin exclude include regular expression Available in any view MAC address table configuration example Network requirements As shown in Figure 8 The MAC address of a host Host A is 000f e235 dc...

Page 35: ...AC address entry for port GigabitEthernet 3 1 10 Sysname display mac address interface GigabitEthernet 3 1 10 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 000f e235 dc71 1 Config static GigabitEthernet3 1 10 NOAGED 1 mac address es found on port GigabitEthernet3 1 10 Display information about the destination blackhole MAC address table Sysname display mac address blackhole MAC ADDR VLAN ID STATE...

Page 36: ...tree protocols derived from that protocol STP protocol packets STP uses bridge protocol data units BPDUs also known as configuration messages as its protocol packets STP enabled network devices exchange BPDUs to establish a spanning tree BPDUs contain sufficient information for the network devices to complete spanning tree calculation In STP BPDUs have the following types Configuration BPDUs Used ...

Page 37: ... bridge Designated port For a router A router directly connected with the local router and responsible for forwarding BPDUs to the local router The port through which the designated bridge forwards BPDUs to this router For a LAN The router responsible for forwarding BPDUs to this LAN segment The port through which the designated bridge forwards BPDUs to this LAN segment As shown in Figure 9 Device...

Page 38: ...configuration BPDU of the root port plus the path cost of the root port The designated bridge ID is replaced with the ID of this router The designated port ID is replaced with the ID of this port 3 The router compares the calculated configuration BPDU with the configuration BPDU on the port whose port role is to be determined If the calculated configuration BPDU is superior the router considers th...

Page 39: ...eir designated bridge IDs designated port IDs and the IDs of the receiving ports are compared in sequence The configuration BPDU containing a smaller ID wins out A tree shape topology forms when the root bridge root ports and designated ports are selected The following describes with an example how the STP algorithm works Figure 10 The STP algorithm As shown in Figure 10 the priority values of Dev...

Page 40: ... 0 Port A1 Port A2 0 0 0 Port A2 Device B Port B1 receives the configuration BPDU of Port A1 0 0 0 Port A1 finds that the received configuration BPDU is superior to its existing configuration BPDU 1 0 1 Port B1 and updates its configuration BPDU Port B2 receives the configuration BPDU of Port C2 2 0 2 Port C2 finds that its existing configuration BPDU 1 0 1 Port B2 is superior to the received conf...

Page 41: ...g configuration BPDU 0 10 2 Port C2 and updates its configuration BPDU Port C1 receives a periodic configuration BPDU 0 0 0 Port A2 from Port A2 finds that it is the same as the existing configuration BPDU and discards the received one Port C1 0 0 0 Port A2 Port C2 0 5 1 Port B2 Device C finds that the root path cost of Port C1 10 root path cost of the received configuration BPDU 0 plus path cost ...

Page 42: ...d due to timeout The router generates a configuration BPDU with itself as the root and sends out the BPDUs and TCN BPDUs This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity However the newly calculated configuration BPDU cannot be propagated throughout the network immediately so the old root ports and designated ports that have not dete...

Page 43: ...STP limitations STP does not support rapid state transition of ports A newly elected port must wait twice the forward delay time before transiting to the forwarding state even if it connects to a point to point link or is an edge port Although RSTP supports rapid network convergence it has the same drawback as STP All bridges within a LAN share the same spanning tree so redundant links cannot be b...

Page 44: ...n 3 This section describes some basic concepts of MSTP Figure 12 Basic concepts in MSTP Figure 13 Network diagram and topology of MST region 3 MST region 1 MST region 2 MST region 3 MST region 4 VLAN 1 MSTI 1 VLAN 2 MSTI 2 Other VLANs MSTI 0 VLAN 1 MSTI 1 VLAN 2 MSTI 2 Other VLANs MSTI 0 VLAN 1 MSTI 1 VLAN 2 MSTI 2 Other VLANs MSTI 0 VLAN 1 MSTI 1 VLAN 2 3 MSTI 2 Other VLANs MSTI 0 CST ...

Page 45: ...ationships between VLANs and MSTIs In Figure 13 the VLAN to instance mapping table of MST region 3 is VLAN 1 to MSTI 1 VLAN 2 and VLAN 3 to MSTI 2 and other VLANs to MSTI 0 MSTP achieves load balancing by means of the VLAN to instance mapping table CST The common spanning tree CST is a single spanning tree that connects all MST regions in a switched network If you regard each MST region as a route...

Page 46: ...r router Alternate port The backup port for a root port or master port When the root port or master port is blocked the alternate port takes over Backup port The backup port of a designated port When the designated port is invalid the backup port becomes the new designated port When a loop occurs due to the interconnection of two ports of the same router running a spanning tree protocol the router...

Page 47: ...ckup port Port state below Forwarding Learning Discarding How MSTP works MSTP divides an entire Layer 2 network into multiple MST regions which are interconnected by a calculated CST Inside an MST region multiple spanning trees are calculated each being an MSTI Among these MSTIs MSTI 0 is the IST Similar to STP MSTP uses configuration BPDUs to calculate spanning trees The only difference between t...

Page 48: ...cols are documented in the following standards IEEE 802 1d Media Access Control MAC Bridges IEEE 802 1w Part 3 Media Access Control MAC Bridges Amendment 2 Rapid Reconfiguration IEEE 802 1s Virtual Bridged Local Area Networks Amendment 3 Multiple Spanning Trees Spanning tree configuration task list Before configuring a spanning tree you must determine the spanning tree protocol to be used STP RSTP...

Page 49: ... VLAN Ignore feature Optional Configuring protection functions Optional Complete the following tasks to configure RSTP Task Remarks Configuring the root bridge Setting the spanning tree mode Required Configure the router to work in RSTP mode Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Optional Configuring the network diameter of a switched networ...

Page 50: ... bridge Setting the spanning tree mode Optional By default the router works in MSTP mode Configuring an MST region Required Configuring the root bridge or a secondary root bridge Optional Configuring the device priority Optional Configuring the maximum hops of an MST region Optional Configuring the network diameter of a switched network Optional Configuring spanning tree timers Optional Configurin...

Page 51: ...g functions on a port service loopback RRPP Smart Link and BPDU tunnel The spanning tree configurations made in system view take effect globally Configurations made in Ethernet interface view take effect on the current interface only Configurations made in port group view take effect on all member ports in the port group Configurations made in Layer 2 aggregate interface view take effect only on t...

Page 52: ...tem view N A 2 Enter MST region view stp region configuration N A 3 Configure the MST region name region name name Optional The MST region name is the MAC address by default 4 Configure the VLAN to instance mapping table instance instance id vlan vlan list vlan mapping modulo modulo Optional Use either command All VLANs in an MST region are mapped to the CIST or MSTI 0 by default 5 Configure the M...

Page 53: ...and a secondary root bridge in the same spanning tree A spanning tree can have one root bridge only If two or more routers are selected as the root bridge in a spanning tree at the same time the router with the lowest MAC address wins out When the root bridge of an instance fails or is shut down the secondary root bridge if you have specified one can take over the role of the primary root bridge H...

Page 54: ...rity of a router in a specified MSTI Step Command Remarks 1 Enter system view system view N A 2 Configure the priority of the current router In STP RSTP mode stp priority priority In MSTP mode stp instance instance id priority priority Use one of the commands The default setting is 32768 CAUTION After configuring a router as the root bridge or a secondary root bridge you cannot change the priority...

Page 55: ...nd max age for the router Each MST region is considered as a router and the configured network diameter is effective only for the CIST or the common root bridge but not for MSTIs Configuring spanning tree timers The following timers are used for spanning tree calculation Forward delay It is the delay time for port state transition To prevent temporary loops on a network the spanning tree sets an i...

Page 56: ... network to converge H3C recommends you to use the default setting An appropriate hello time setting enables the router to timely detect link failures on the network without using excessive network resources If the hello time is too long the router will consider packet loss as a link failure and trigger a new spanning tree calculation process If the hello time is too short the router will frequent...

Page 57: ...ace type interface number Enter port group view port group manual port group name Use one of the commands 3 Configure the maximum rate of the ports stp transmit limit limit The default setting is 10 NOTE The higher the maximum port rate is the more BPDUs will be sent within each hello time and the more system resources will be used By setting an appropriate maximum port rate you can limit the rate...

Page 58: ...propriate path costs allows VLAN traffic flows to be forwarded along different physical links achieving VLAN based load balancing The router can automatically calculate the default path cost alternatively you can also configure the path cost for ports Specifying a standard that the router uses when calculating the default path cost You can specify a standard for the router to use in automatic calc...

Page 59: ...Mbps Single Port 4 20 000 20 Aggregate interface containing 2 selected ports 10 000 18 Aggregate interface containing 3 selected ports 6666 16 Aggregate interface containing 4 selected ports 5000 14 10 Gbps Single Port 2 2000 2 Aggregate interface containing 2 selected ports 1000 1 Aggregate interface containing 3 selected ports 666 1 Aggregate interface containing 4 selected ports 500 1 NOTE When...

Page 60: ...rts by using IEEE 802 1d 1998 and set the path cost of GigabitEthernet 3 1 3 to 200 on MSTI 2 Sysname system view Sysname stp pathcost standard dot1d 1998 Sysname interface gigabitethernet 3 1 3 Sysname GigabitEthernet3 1 3 stp instance 2 cost 200 Configuring the port priority The priority of a port is an important factor in determining whether the port can be elected as the root port of a router ...

Page 61: ...e the link type of a port or a group of ports Step Command Remarks 1 Enter system view system view N A 2 Enter interface view or port group view Enter Ethernet interface view or Layer 2 aggregate interface view interface interface type interface number Enter port group view port group manual port group name Use one of the commands 3 Configure the port link type stp point to point auto force false ...

Page 62: ...rt group view port group manual port group name Use one of the commands 3 Configure the mode the port uses to recognize send MSTP packets stp compliance auto dot1s legacy The default setting is auto NOTE MSTP provides the MSTP packet format incompatibility guard function In MSTP mode if a port is configured to recognize send MSTP packets in a mode other than auto and receives a packet in a format ...

Page 63: ...r use this command with caution because the ports with the spanning tree feature disabled will keep forwarding data traffic and discard STP BPDUs and loops can occur Performing mCheck If a port on a router running MSTP or RSTP connects to an STP router this port will automatically transition to the STP compatible mode However it cannot automatically transition back to the original mode when The ST...

Page 64: ...traffic of VLAN 2 to pass through Device A and Device B run a spanning tree protocol Device A is the root bridge and Port A1 and Port A2 are designated ports On Device B Port B1 is the root port and port B2 is the blocked port Traffic of VLAN 2 is blocked Enabling the VLAN Ignore feature for a VLAN can make ports of the VLAN forward packets normally rather than comply with the spanning tree calcul...

Page 65: ...T region related configurations region name revision level VLAN to instance mappings on them are identical A spanning tree device identifies devices in the same MST region by checking the configuration ID in BPDU packets The configuration ID includes the region name revision level configuration digest that is in 16 byte length and is the result calculated via the HMAC MD5 algorithm based on VLAN t...

Page 66: ...ppings must be the same on associated ports With global Digest Snooping enabled modification of VLAN to instance mappings and removing of the current region configuration using the undo stp region configuration command are not allowed You can only modify the region name and revision level You must enable Digest Snooping both globally and on associated ports to make it take effect To make the confi...

Page 67: ... of messages are used for rapid state transition on designated ports Proposal Sent by designated ports to request rapid transition Agreement Used to acknowledge rapid transition requests Both RSTP and MSTP devices can perform rapid transition on a designated port only when the port receives an agreement packet from the downstream device RSTP and MSTP devices have the following differences For MSTP...

Page 68: ...the Forward Delay You can enable the No Agreement Check feature on the downstream device s port to enable the designated port of the upstream device to transit its state rapidly Configuration Prerequisites Before you configure the No Agreement Check function complete the following tasks Connect a router to a third party upstream router supporting spanning tree protocols via a point to point link C...

Page 69: ...connects to Device B a third party device that has a different spanning tree implementation Both devices are in the same region Device B is the regional root bridge and Device A is the downstream device Figure 20 Network diagram 2 Configuration procedure Enable No Agreement Check on GigabitEthernet 3 1 1 of Device A DeviceA system view DeviceA interface gigabitethernet 3 1 1 DeviceA GigabitEtherne...

Page 70: ...is disabled NOTE BPDU guard does not take effect on loopback test enabled ports For more information about loopback testing see Interface Configuration Guide Enabling root guard NOTE H3C recommends you to enable root guard The root bridge and secondary root bridge of a spanning tree should be located in the same MST region Especially for the CIST the root bridge and secondary root bridge are put i...

Page 71: ... devices The router will reselect the port roles Those ports in forwarding state that failed to receive upstream BPDUs will become designated ports and the blocked ports will transition to the forwarding state resulting in loops in the switched network The loop guard function can suppress the occurrence of such loops The initial state of a loop guard enabled port is discarding in every MSTI When t...

Page 72: ...entries To enable TC BPDU guard Step Command Remarks 1 Enter system view system view N A 2 Enable the TC BPDU guard function stp tc protection enable Optional By default TC BPDU guard is enabled 3 Configure the maximum number of forwarding address entry flushes that the router can perform every 10 seconds stp tc protection threshold number Optional The default setting is 6 NOTE H3C does not recomm...

Page 73: ...ay stp ignored vlan begin exclude include regular expression Available in any view Clear the spanning tree statistics reset stp interface interface list Available in user view MSTP configuration example Network requirements As shown in Figure 21 all devices on the network are in the same MST region Device A and Device B work at the distribution layer and Device C and Device D work at the access la...

Page 74: ...quit Specify the current device as the root bridge of MSTI 1 DeviceA stp instance 1 root primary Enable the spanning tree feature globally DeviceA stp enable 3 Configure Device B Enter MST region view configure the MST region name as example map VLAN 10 VLAN 30 and VLAN 40 to MSTI 1 MSTI 3 and MSTI 4 respectively and configure the revision level of the MST region as 0 DeviceB system view DeviceB s...

Page 75: ...DeviceD mst region instance 1 vlan 10 DeviceD mst region instance 3 vlan 30 DeviceD mst region instance 4 vlan 40 DeviceD mst region revision level 0 Activate MST region configuration DeviceD mst region active region configuration DeviceD mst region quit Enable the spanning tree feature globally DeviceD stp enable 6 Verify the configurations You can use the display stp brief command to display bri...

Page 76: ...T FORWARDING NONE 0 GigabitEthernet4 1 3 DESI FORWARDING NONE 1 GigabitEthernet4 1 1 ROOT FORWARDING NONE 1 GigabitEthernet4 1 2 ALTE DISCARDING NONE 4 GigabitEthernet4 1 3 DESI FORWARDING NONE Display brief spanning tree information on Device D DeviceD display stp brief MSTID Port Role STP State Protection 0 GigabitEthernet4 1 1 ROOT FORWARDING NONE 0 GigabitEthernet4 1 2 ALTE DISCARDING NONE 0 G...

Page 77: ...hernet links back up one another Figure 23 Diagram for Ethernet link aggregation Basic concepts Aggregation group member port and aggregate interface Link aggregation is implemented through link aggregation groups An aggregation group is a group of Ethernet interfaces combined together which are called member ports of the aggregation group For each aggregation group a logical interface called an a...

Page 78: ...e operational key In an aggregation group all selected member ports are assigned the same operational key Configuration classes Every configuration setting on a port may affect its aggregation state Port configurations fall into the following classes Port attribute configurations including port rate duplex mode and link status up down which are the most basic port configurations Class two configur...

Page 79: ...s dynamic aggregation of physical links It uses link aggregation control protocol data units LACPDUs for exchanging aggregation information between LACP enabled devices 1 LACP functions The IEEE 802 3ad LACP offers basic LACP functions and extended LACP functions as described in Table 9 Table 9 Basic and extended LACP functions Category Description Basic LACP functions Implemented through the basi...

Page 80: ...al 1 second or the long timeout interval 30 seconds Link aggregation modes Link aggregation has the following modes dynamic and static Dynamic link aggregation uses LACP and static link aggregation does not Table 1 1 compares the two aggregation modes Table 11 A comparison between static and dynamic aggregation modes Aggregation mode LACP status on member ports Pros Cons Static Disabled Aggregatio...

Page 81: ... aggregation group sets the aggregation state of each member port as shown in Figure 24 Figure 24 Setting the aggregation state of a member port in a static aggregation group NOTE To ensure stable aggregation state and service continuity do not change port attributes or class two configurations on any member port If a static aggregation group has reached the limit on Selected ports any port joins ...

Page 82: ...ess The system with the lower LACP priority value wins out If they are the same compare the system MAC addresses The system with the lower MAC address wins 2 The system with the smaller system ID selects the port with the smallest port ID as the reference port A port ID comprises a port aggregation priority and a port number The port with the lower aggregation priority value wins out If two ports ...

Page 83: ...ne half duplex port as a Selected port when none of the full duplex ports can be selected or only half duplex ports exist in the group To ensure stable aggregation state and service continuity do not change port attributes or class two configurations on any member port In a dynamic aggregation group when the aggregation state of a local port changes the aggregation state of the peer port also chan...

Page 84: ...ate interface or subinterface Optional Configuring the MTU of a Layer 3 aggregate interface or subinterface Optional Enabling link state traps for an aggregate interface Optional Setting the minimum number of Selected ports for an aggregation group Optional Shutting down an aggregate interface Optional Restoring the default settings for an aggregate interface Optional Configuring load sharing crit...

Page 85: ...3 features such as MPLS and VPN on a port to be added to a Layer 3 aggregation group Remove any Layer 3 feature configured on a port before adding it to a Layer 3 aggregation group After adding a port to a Layer 3 aggregation group configure Layer 3 features on the aggregate interface instead of on the member ports If you configure any Layer 3 feature mistakenly on a member port remove the Layer 3...

Page 86: ...priority link aggregation port priority port priority Optional By default the aggregation priority of a port is 32768 Changing the aggregation priority of a port may affect the aggregation state of the ports in the static aggregation group Configuring a Layer 3 static aggregation group To configure a Layer 3 static aggregation group Step Command Remarks 1 Enter system view system view N A 2 Create...

Page 87: ...riority system priority Optional By default the system LACP priority is 32768 Changing the system LACP priority may affect the aggregation state of the ports in a dynamic aggregation group 3 Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view interface bridge aggregation interface number When you create a Layer 2 aggregate interface the system automatically creates a La...

Page 88: ...l By default the system LACP priority is 32768 Changing the system LACP priority may affect the aggregation state of the ports in the dynamic aggregation group 3 Create a Layer 3 aggregate interface and enter Layer 3 aggregate interface view interface route aggregation interface number When you create a Layer 3 aggregate interface the system automatically creates a Layer 3 static aggregation group...

Page 89: ...ing the MTU of a Layer 3 aggregate interface or subinterface Enabling link state traps for an aggregate interface Setting the minimum number of Selected ports for an aggregation group Shutting down an aggregate interface Restoring the default settings for an aggregate interface Configuring the description of an aggregate interface or subinterface You can configure the description of an aggregate i...

Page 90: ... Layer 3 aggregate interface or subinterface mtu size Optional The default setting is 1500 bytes Enabling link state traps for an aggregate interface You can configure an aggregate interface to generate linkUp trap messages when its link goes up and linkDown trap messages when its link goes down For more information see Network Management and Monitoring Configuration Guide To enable link state tra...

Page 91: ...old When the minimum threshold is reached the eligible member ports change to the Selected state and the link of the aggregate interface goes up To set the minimum number of Selected ports for an aggregation group Step Command Remarks 1 Enter system view system view N A 2 Enter aggregate interface view Enter Layer 2 aggregate interface view interface bridge aggregation interface number Enter Layer...

Page 92: ...r 3 aggregate interface or subinterface view interface route aggregation interface number interface number subnumber Use either command 3 Shut down the aggregate interface or subinterface shutdown By default aggregate interfaces or subinterfaces are up NOTE Shutting down an aggregate subinterface does not affect any aggregation group because an aggregate subinterface does not have an associated ag...

Page 93: ...aintaining Ethernet link aggregation Task Command Remarks Display information for an aggregate interface or multiple aggregate interfaces display interface bridge aggregation route aggregation brief down begin exclude include regular expression display interface bridge aggregation route aggregation interface number brief begin exclude include regular expression Available in any view Display the lo...

Page 94: ...ibutes and class two configurations see Configuration classes as the reference port see Reference port can operate as Selected ports Make sure that all member ports have the same port attributes and class two configurations as the reference port The other settings only need to be configured on the aggregate interface not on the member ports Layer 2 static aggregation configuration example Network ...

Page 95: ...eviceA GigabitEthernet4 1 3 quit Configure Layer 2 aggregate interface Bridge Aggregation 1 as a trunk port and assign it to VLANs 10 and 20 DeviceA interface bridge aggregation 1 DeviceA Bridge Aggregation1 port link type trunk DeviceA Bridge Aggregation1 port trunk permit vlan 10 20 Please wait Done Configuring GigabitEthernet4 1 1 Done Configuring GigabitEthernet4 1 2 Done Configuring GigabitEt...

Page 96: ...on source and destination MAC addresses Layer 2 dynamic aggregation configuration example Network requirements As shown in Figure 27 Configure a Layer 2 dynamic aggregation group on Device A and Device B respectively enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end and VLAN 20 at one end to communicate with VLAN 20 at the other end Enable traffic to be l...

Page 97: ...Bridge Aggregation 1 as a trunk port and assign it to VLANs 10 and 20 DeviceA interface bridge aggregation 1 DeviceA Bridge Aggregation1 port link type trunk DeviceA Bridge Aggregation1 port trunk permit vlan 10 20 Please wait Done Configuring GigabitEthernet4 1 1 Done Configuring GigabitEthernet4 1 2 Done Configuring GigabitEthernet4 1 3 Done DeviceA Bridge Aggregation1 quit Configure the device ...

Page 98: ... group member ports based on source and destination IP addresses Figure 28 Network diagram Configuration procedure 1 Configure Device A Create Layer 3 aggregate interface Route Aggregation 1 and configure an IP address and subnet mask for the aggregate interface DeviceA system view DeviceA interface route aggregation 1 DeviceA Route Aggregation1 ip address 192 168 1 1 24 DeviceA Route Aggregation1...

Page 99: ...isplay the global link aggregation load sharing criteria on Device A DeviceA display link aggregation load sharing mode Link Aggregation Load Sharing Mode destination ip address source ip address The output shows that the global link aggregation load sharing criteria are the source and destination IP addresses of packets Layer 3 dynamic aggregation configuration example Network requirements As sho...

Page 100: ...n load sharing mode source ip destination ip 2 Configure Device B Configure Device B using the same instructions that you used to as you configure Device A 3 Verify the configurations Display summary information about all aggregation groups on Device A DeviceA display link aggregation summary Aggregation Interface Type BAGG Bridge Aggregation RAGG Route Aggregation Aggregation Mode S Static D Dyna...

Page 101: ... group at the same time which is allowed with some old version software the link aggregation group configuration will take effect while the port group configuration is removed for compatibility sake after you upgrade the configuration file For more information about link aggregation see the chapter Configuring Ethernet link aggregation Isolated ports only support MAC address learning QoS actions a...

Page 102: ...e command in Ethernet interface view To bulk assign Ethernet ports to the isolation group perform the command in port group view The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and its aggregation member ports If the router fails to apply the configuration to the aggregate interface it does not assign any aggregation member port to the isolation gro...

Page 103: ...ite the previous one if any If you configure a common port in an isolation group as the common port of another isolation group the port leaves the previous group and joins the new one You cannot configure an isolated port in an isolation group as the uplink port in any isolation group You cannot configure the uplink port of an isolation group as an isolated or uplink port in any other isolation gr...

Page 104: ...face GigabitEthernet 3 1 2 Device GigabitEthernet3 1 2 port isolate enable group 2 Device GigabitEthernet3 1 2 quit Device interface GigabitEthernet 3 1 3 Device GigabitEthernet3 1 3 port isolate enable group 2 Device GigabitEthernet3 1 3 quit Configure GigabitEthernet 3 1 4 as the uplink port of isolation group 2 Device interface GigabitEthernet 3 1 4 Device GigabitEthernet3 1 4 port isolate upli...

Page 105: ...om enough for isolating users in actual networks especially in metropolitan area networks MANs By tagging tagged frames QinQ expands the available VLAN space from 4094 to 4094 4094 QinQ delivers the following benefits Releases the stress on the SVLAN resource Enables customers to plan their CVLANs without conflicting with SVLANs Provides an easy to implement Layer 2 VPN solution for small sized MA...

Page 106: ... overlap of VLAN IDs among customers and traffic from different customers can be separated QinQ frame structure A QinQ frame is transmitted double tagged over the service provider network As shown in Figure 33 the inner VLAN tag is the CVLAN tag and the outer one is the SVLAN tag that the service provider has allocated to the customer Figure 33 Single tagged Ethernet frame header and double tagged...

Page 107: ...e frame carries the corresponding VLAN tag For example if a frame carries VLAN tags with the TPID value of 0x9200 whereas the configured TPID value of the service provider VLAN tag is 0x9100 the router considers that the frame does not carry the service provider VLAN tag In addition the systems of different vendors may set the TPID of the outer VLAN tag of QinQ frames to different values For compa...

Page 108: ...work Do not configure QinQ on a reflector port For more information about reflector ports see Network Management and Monitoring Configuration Guide Configuring basic QinQ To enable basic QinQ Step Command Remarks 1 Enter system view system view N A 2 Enter interface view or port group view Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view interface interface type interface ...

Page 109: ...restore the default TPID value 0x8100 on an SPE card but you can directly change the TPID value on an SPC card Basic QinQ configuration example Network requirements As shown in Figure 35 The two branches of Company A Site 1 and Site 2 are connected through the service provider network and use CVLANs 10 through 70 The two branches of Company B Site 3 and Site 4 are connected through the service pro...

Page 110: ...onfigure VLAN 100 as the PVID for the port PE1 GigabitEthernet3 1 1 port trunk pvid vlan 100 Enable basic QinQ on the port PE1 GigabitEthernet3 1 1 qinq enable PE1 GigabitEthernet3 1 1 quit Configure GigabitEthernet 3 1 2 as a trunk port and assign it to VLAN 100 and VLAN 200 PE1 interface GigabitEthernet 3 1 2 PE1 GigabitEthernet3 1 2 port link type trunk PE1 GigabitEthernet3 1 2 port trunk permi...

Page 111: ...nfigure GigabitEthernet 3 1 2 as a trunk port and assign it to VLAN 100 and VLAN 200 PE2 interface GigabitEthernet 3 1 2 PE2 GigabitEthernet3 1 2 port link type trunk PE2 GigabitEthernet3 1 2 port trunk permit vlan 100 200 Set the TPID value in the outer VLAN tag to 0x8200 on the port PE2 GigabitEthernet3 1 2 qinq ethernet type 8200 PE2 GigabitEthernet3 1 2 quit Configure GigabitEthernet 3 1 3 as ...

Page 112: ...he PEs cannot determine whether the packet is from the user network or the service provider network and must deliver the packet to the CPU for processing In this case the Layer 2 protocol calculation in User A s network is mixed with that in the service provider network and the user network cannot implement independent Layer 2 protocol calculation Figure 36 BPDU tunneling application scenario With...

Page 113: ...PDUs of the same customer network can be broadcast in a specific VLAN across the service provider network so that the geographically dispersed networks of the same customer can implement consistent spanning tree calculation across the service provider network BPDUs of different customer networks can be confined within different VLANs for transmission on the service provider network Thus each custo...

Page 114: ...rst Assign the port on which you want to enable BPDU tunneling on the PE router and the connected port on the CE router to the same VLAN Configure ports connecting routers in the service provider network as trunk ports allowing packets of any VLAN to pass through Enabling BPDU tunneling for a protocol This section describes how to enable BPDU tunneling for STP You can enable BPDU tunneling for GVR...

Page 115: ...s must be the same on the edge routers on the service provider network BPDU tunneling configuration example Network requirements As shown in Figure 38 CE 1 and CE 2 are edges routers on the geographically dispersed network of User A PE 1 and PE 2 are edge routers on the service provider network All ports that connect service provider and customer routers are access ports and belong to VLAN 2 all p...

Page 116: ...it Sysname GigabitEthernet3 1 1 stp disable Sysname GigabitEthernet3 1 1 bpdu tunnel dot1q stp 2 Configure PE 2 Configure the destination multicast MAC address for BPDUs as 0x0100 0CCD CDD0 Sysname system view Sysname bpdu tunnel tunnel dmac 0100 0ccd cdd0 Create VLAN 2 and assign GigabitEthernet 3 1 2 to VLAN 2 Sysname vlan 2 Sysname vlan2 quit Sysname interface gigabitethernet 3 1 2 Sysname Giga...

Page 117: ...he attribute information of GARP participants is rapidly propagated across the entire LAN As shown in Figure 39 a GARP participant registers and deregisters its attribute information with other GARP participants by sending and withdrawing declarations and registers and deregisters the attribute information of other participants according to the declarations and withdrawals it receives Figure 39 Ho...

Page 118: ...n a GARP participant receives LeaveAll messages from other GARP participants it also sends LeaveAll messages and reset the LeaveAll timer GARP timers NOTE The settings of GARP timers apply to all GARP applications such as GVRP on a LAN On a GARP enabled network each port of a network device maintains its own Hold Join and Leave timers but only one LeaveAll timer is maintained on each device global...

Page 119: ...The LeaveAll timer and all other GARP timers also restart when the GARP participant receives a LeaveAll message NOTE Do not set the LeaveAll timer too short because a LeaveAll message deregisters all attributes in the entire network The LeaveAll timer must be greater than Leave timers on all ports H3C recommends that you set a LeaveAll timer no less than the default value 1000 centiseconds On a GA...

Page 120: ...es GARP messages to different GARP applications according to the destination MAC addresses carried in GARP messages GVRP GVRP overview As a GARP application GVRP enables a network device to propagate local VLAN registration information to other participant devices and to dynamically update the VLAN registration information from other devices to its local database including active VLAN members and ...

Page 121: ...from the aggregation group Configuring GVRP functions Before enabling GVRP on a port you must enable GVRP globally In addition GVRP can be configured only on trunk ports and you must assign the involved trunk ports to all dynamic VLANs To configure GVRP functions on a trunk port Step Command Remarks 1 Enter system view system view N A 2 Enable GVRP globally gvrp By default GVRP is disabled globall...

Page 122: ... Configuration Guide Enabling GVRP on a Layer 2 aggregate interface enables both the aggregate interface and all selected member ports in the corresponding link aggregation group to participate in dynamic VLAN registration and deregistration Configuring GARP timers Among the four GARP timers the LeaveAll timer is configured in system view and takes effect on all ports while the other three are con...

Page 123: ...er setting LeaveAll Greater than the Leave timer setting 32765 centiseconds NOTE To keep the dynamic VLANs learned through GVRP stable do not set the LeaveAll timer smaller than its default value 1000 centiseconds Displaying and maintaining GVRP Task Command Remarks Display GARP statistics on ports display garp statistics interface interface list begin exclude include regular expression Available ...

Page 124: ...s Enable GVRP and configure the normal registration mode on ports to enable the registration of dynamic and static VLAN information between the two routers Figure 41 Network diagram Configuration procedure 1 Configure Device A Enable GVRP globally DeviceA system view DeviceA gvrp Configure port GigabitEthernet 4 1 1 as a trunk port and assign it to all VLANs DeviceA interface GigabitEthernet 4 1 1...

Page 125: ...formation of VLAN 2 on the local router and dynamic VLAN information of VLAN 3 on Device B are all registered through GVRP Display the local VLAN information maintained by GVRP on port GigabitEthernet 4 1 1 of Device B DeviceB display gvrp local vlan interface GigabitEthernet 4 1 1 Following VLANs exist in GVRP local database 1 default 2 3 The output shows that information about VLAN 1 static VLAN...

Page 126: ...Ethernet 4 1 1 and set the GVRP registration mode to fixed on the port DeviceB GigabitEthernet4 1 1 gvrp DeviceB GigabitEthernet4 1 1 gvrp registration fixed DeviceB GigabitEthernet4 1 1 quit Create VLAN 3 a static VLAN DeviceB vlan 3 DeviceB vlan3 quit 3 Verify the configuration Use the display gvrp local vlan command to display the local VLAN information maintained by GVRP on ports For example D...

Page 127: ...LANs DeviceA interface GigabitEthernet 4 1 1 DeviceA GigabitEthernet4 1 1 port link type trunk DeviceA GigabitEthernet4 1 1 port trunk permit vlan all Enable GVRP on GigabitEthernet 4 1 1 and set the GVRP registration mode to forbidden on the port DeviceA GigabitEthernet4 1 1 gvrp DeviceA GigabitEthernet4 1 1 gvrp registration forbidden DeviceA GigabitEthernet4 1 1 quit Create VLAN 2 a static VLAN...

Page 128: ...local database 1 default According to the output above information about VLAN 1 is registered through GVRP but static VLAN information of VLAN 2 on the local router and dynamic VLAN information of VLAN 3 on Device B are not Display the local VLAN information maintained by GVRP on port GigabitEthernet 4 1 1 of Device B DeviceB display gvrp local vlan interface GigabitEthernet 4 1 1 Following VLANs ...

Page 129: ...s Based on the number of tags a VLAN tagged packet carries the VLAN tagged packets falls into the following types Dot1q packet also known as an 802 1q packet which carries a single VLAN tag QinQ packet which carries double VLAN tags Accordingly VLAN termination falls into the following types Dot1q termination Terminates Dot1q packets and removes a Dot1q packet s single VLAN tag QinQ termination Te...

Page 130: ...binterfaces on routers as shown in Figure 45 As shown in Figure 44 and Figure 45 Host A belongs to VLAN 2 and Host B belongs to VLAN 3 After you specify Host A s gateway IP address as 1 1 1 1 24 and Host B s gateway IP address as 1 1 2 1 24 Host A and Host B can communicate at Layer 3 through VLAN interfaces or Layer 3 Ethernet subinterfaces Figure 44 VLAN termination for inter VLAN communication ...

Page 131: ...ation configuration task list Complete the following tasks to configure VLAN termination Task Remarks Configuring TPID for VLAN tagged packets Optional Enabling a QinQ termination enabled interface subinterface to transmit broadcast and multicast packets Optional Configuring QinQ termination Required Configuring TPID for VLAN tagged packets IEEE 802 1Q inserts a four byte VLAN tag field between th...

Page 132: ... 0x8100 or the user defined value 0x8100 A QinQ packet Not 0x8100 or the user defined value N A An untagged Ethernet packet When sending out a packet the router processes the packet according to Table 18 Table 18 TPID based processing for a packet to be sent Whether a TPID value is defined by the user Set the TPID in the outer VLAN tag to Set the TPID in the inner VLAN tag to Yes User defined valu...

Page 133: ...ault the TPID value in the outer VLAN tag is 0x8100 If the interface receives and sends QinQ packets the TPID value in the inner VLAN tag of packets is always 0x8100 and is not configurable If not specified the TPID value in the outer VLAN tag of packets takes the default value 0x8100 Configuring TPID on a Layer 2 Ethernet or aggregate interface To configure VLAN termination on a VLAN interface se...

Page 134: ...n ambiguous QinQ termination enabled Layer 3 Ethernet aggregate subinterface or VLAN interface to transmit broadcast and multicast packets To enable an ambiguous QinQ termination enabled Layer 3 Ethernet aggregate subinterface or VLAN interface to transmit broadcast and multicast packets Step Command Remarks 1 Enter system view system view N A 2 Enter interface view Enter Layer 3 Ethernet interfac...

Page 135: ...searching the PPPoE session entries for a DHCP relay packet the inner VLAN ID is obtained by searching the DHCP session entries Configuring unambiguous QinQ termination To configure unambiguous QinQ termination on a Layer 3 Ethernet subinterface Layer 3 aggregate subinterface or VLAN interface Step Command Remarks 1 Enter system view system view N A 2 Enter interface view Enter Layer 3 Ethernet in...

Page 136: ...dot1q any vlan id list The outer VLAN ID of the QinQ packets that can be terminated by the current subinterface or VLAN interface is the interface number and is not configurable NOTE After you enable QinQ termination on a VLAN interface Layer 2 Ethernet interfaces in the corresponding VLAN process only QinQ packets destined for the VLAN interface and drop Dot1q and non VLAN tagged packets VLAN ter...

Page 137: ...Configure Switch B SwitchB system view SwitchB interface ethernet 1 2 SwitchB Ethernet1 2 port link type trunk SwitchB Ethernet1 2 port trunk permit vlan 11 100 Please wait Done SwitchB Ethernet1 2 qinq enable SwitchB Ethernet1 2 qinq vid 100 SwitchB Ethernet1 2 vid 100 raw vlan id inbound 11 SwitchB Ethernet1 2 vid 100 quit SwitchB Ethernet1 2 quit SwitchB interface ethernet 1 1 SwitchB Ethernet1...

Page 138: ...gure Switch C Use Switch C s factory configuration Ambiguous QinQ termination configuration example Network requirements As shown in Figure 50 Host A Host B and Host C are connected to Switch A and they belong to VLAN 1 1 VLAN 12 and VLAN 13 respectively The server group is connected to Switch C QinQ is enabled on Switch B Host A Host B and Host C need to communicate with the server group Figure 5...

Page 139: ...B interface ethernet 1 1 SwitchB Ethernet1 1 port link type trunk SwitchB Ethernet1 1 port trunk permit vlan 100 4 Configure the router Create Ethernet subinterface GigabitEthernet 2 1 7 100 and enter subinterface view Assign an IP address to the subinterface Configure the subinterface to terminate QinQ packets whose inner VLAN ID is 11 12 or 13 and outer VLAN ID is 100 Router system view Router i...

Page 140: ...gent Provider A receives double tagged packets sent from DHCP clients terminates these QinQ packets by removing their inner and outer VLAN tags and forwards the packets to DHCP server Provider B via the service provider network DHCP client A and client B can apply for IP addresses and related network configuration parameters from Provider B via the service provider network Figure 51 Network diagra...

Page 141: ...erial4 1 9 1 0 ip address 10 1 1 1 24 2 Configure DHCP server Provider B Assign an IP address to the DHCP server ProviderB system view ProviderB interface Serial 4 1 9 1 0 ProviderB Serial4 1 9 1 0 ip address 10 2 1 1 24 ProviderB Serial4 1 9 1 0 quit Enable DHCP ProviderB dhcp enable Configure an IP address pool on the DHCP server ProviderB dhcp server ip pool 1 ProviderB dhcp pool 1 network 192 ...

Page 142: ...hB system view SwitchB vlan 20 SwitchB vlan20 port ethernet 1 2 SwitchB vlan20 quit Configure port Ethernet 1 1 as a trunk port and assign it to VLAN 20 SwitchB interface ethernet 1 1 SwitchB Ethernet1 1 port link type trunk SwitchB Ethernet1 1 port trunk permit vlan 20 5 Configure Switch C Assign port Ethernet 1 2 to VLAN 10 SwitchC system view SwitchC vlan 10 SwitchC vlan10 port ethernet 1 2 Swi...

Page 143: ... including its major functions management IP address device ID and port ID as TLV type length and value triplets in LLDPDUs to the directly connected network devices and at the same time stores the device information received in LLDPDUs sent from the LLDP neighbors in a standard management information base MIB This allows a network management system to quickly detect and identify the Layer 2 netwo...

Page 144: ...format Table 20 Fields in a SNAP encapsulated LLDP frame Field Description Destination MAC address The MAC address to which the LLDPDU is advertised It is fixed to 0x0180 C200 000E a multicast MAC address Source MAC address The MAC address of the sending port If the port does not have a MAC address the MAC address of the sending bridge is used Type The SNAP type for the upper layer protocol It is ...

Page 145: ...ic LLDP TLVs Type Description Remarks Chassis ID Bridge MAC address of the sending device Mandatory Port ID ID of the sending port If MED TLVs are included in the LLDPDU the port ID TLV carries the MAC address of the sending port or the bridge MAC in case the port does not have a MAC address If no MED TLVs are included the port ID TLV carries the port name Time To Live Life of the transmitted info...

Page 146: ...g voice devices in Ethernet easier LLDP MED TLVs are shown in Table 24 Table 24 LLDP MED TLVs Type Description LLDP MED Capabilities Allows a network device to advertise the LLDP MED TLVs it supports Network Policy Allows a network device or terminal device to advertise VLAN ID of the specific port VLAN type and the Layer 2 and Layer 3 priorities for specific applications Extended Power via MDI Al...

Page 147: ...en the local configuration changes A frame transmit interval between two successive LLDP frames prevents the network from being overwhelmed by LLDP frames at times of frequent local device information change This interval is shortened to 1 second in either of the following cases A new LLDP frame is received carrying device information new to the local device The LLDP operating mode of the port cha...

Page 148: ...p view takes effect on all ports in the current port group Performing basic LLDP configuration Enabling LLDP To make LLDP take effect on specific ports you must enable LLDP both globally and on these ports To enable LLDP on the router Step Command Remarks 1 Enter system view system view N A 2 Enable LLDP globally lldp enable By default LLDP is enabled on ports but disabled globally 3 Enter Etherne...

Page 149: ... re initialization delay By adjusting the LLDP re initialization delay you can avoid frequent initializations caused by frequent LLDP operating mode changes on a port To set the LLDP re initialization delay for ports Step Command Remarks 1 Enter system view system view N A 2 Set the LLDP re initialization delay lldp timer reinit delay delay Optional The default setting is 2 seconds Enable LLDP pol...

Page 150: ...ber network policy power over ethernet Optional By default all types of LLDP TLVs except location identification TLVs are advertisable on a Layer 2 Ethernet port 4 Configure the advertisable TLVs Layer 3 Ethernet interface view lldp tlv enable basic tlv all port description system capability system description system name dot3 tlv all link aggregation mac physic max frame size power med tlv all ca...

Page 151: ...ll be advertised For a Layer 3 Ethernet port the management address is its own IP address If no IP address is configured for the Layer 3 Ethernet port no management address will be advertised 4 Configure the encoding format of the management address as character string lldp management address format string By default the management address is encoded in the numeric format Setting other LLDP parame...

Page 152: ...t interval Configuring the encapsulation format for LLDPDUs LLDPDUs can be encapsulated in Ethernet II or SNAP frames With Ethernet II encapsulation configured an LLDP port sends LLDPDUs in Ethernet II frames and processes an incoming LLDP frame only when it is Ethernet II encapsulated With SNAP encapsulation configured an LLDP port sends LLDPDUs in SNAP frames and processes an incoming LLDP frame...

Page 153: ...figure CDP compatible LLDP to operate in TxRx mode To enable LLDP to be compatible with CDP Step Command Remarks 1 Enter system view system view N A 2 Enable CDP compatibility globally lldp compliance cdp By default CDP compatibility is disabled 3 Enter Ethernet interface view or port group view Enter Layer 2 or Layer 3 Ethernet interface view interface interface type interface number Enter port g...

Page 154: ...ask Command Remarks Display the global LLDP information or the information contained in the LLDP TLVs to be sent through a port display lldp local information global interface interface type interface number begin exclude include regular expression Available in any view Display the information contained in the LLDP TLVs sent from neighboring routers display lldp neighbor information brief interfac...

Page 155: ...rts by default and set the LLDP operating mode to Rx RouterA interface gigabitethernet 4 1 1 RouterA GigabitEthernet4 1 1 lldp enable RouterA GigabitEthernet4 1 1 lldp admin status rx RouterA GigabitEthernet4 1 1 quit RouterA interface gigabitethernet 4 1 2 RouterA GigabitEthernet4 1 2 lldp enable RouterA GigabitEthernet4 1 2 lldp admin status rx RouterA GigabitEthernet4 1 2 quit 2 Configure Route...

Page 156: ...received unknown TLV 0 Port 2 GigabitEthernet4 1 2 Port status of LLDP Enable Admin status Rx_Only Trap flag No Polling interval 0s Number of neighbors 1 Number of MED neighbors 0 Number of CDP neighbors 0 Number of sent optional TLV 0 Number of received unknown TLV 3 The output shows that GigabitEthernet 4 1 1 of Router A connects a MED device and GigabitEthernet 4 1 2 of Router A connects a non ...

Page 157: ...ly Trap flag No Polling interval 0s Number of neighbors 0 Number of MED neighbors 0 Number of CDP neighbors 0 Number of sent optional TLV 0 Number of received unknown TLV 0 The output shows that GigabitEthernet 4 1 2 of Router A does not connect any neighboring router CDP compatible LLDP configuration example Network requirements As shown in Figure 56 enable CDP compatibility of LLDP on Router A F...

Page 158: ... admin status txrx RouterA GigabitEthernet4 1 2 lldp compliance admin status cdp txrx RouterA GigabitEthernet4 1 2 quit 2 Verify the configuration Display the neighbor information on Router A RouterA display lldp neighbor information CDP neighbor information of port 1 GigabitEthernet4 1 1 CDP neighbor index 1 Chassis ID SEP00141CBCDBFE Port ID Port 1 Sofrware version P0030301MFG2 Platform Cisco IP...

Page 159: ...nd maintaining MAC address tables 24 Displaying and maintaining the spanning tree 62 E Enabling a QinQ termination enabled interface subinterface to transmit broadcast and multicast packets 124 Ethernet link aggregation configuration examples 84 Ethernet link aggregation configuration task list 74 G GVRP configuration examples 1 14 GVRP configuration task list 1 1 1 I Introduction to BPDU tunnelin...

Reviews:

No comments