manualshive.com logo in svg

HP Enterprise HP 3100-16 v2, Configuration Manual

The HP Enterprise HP 3100-16 v2 Configuration Manual is a comprehensive guide for setting up and optimizing your networking device. This indispensable manual is available for free download from manualshive.com, providing step-by-step instructions and crucial information to ensure seamless configuration.

Share
Download
background image

 

91 

# Create RADIUS scheme 

scheme1

; set the service type for the RADIUS server to 

extended

; specify 

the IP addresses of the primary authentication/authorization server and accounting server as 3::1; 
set the shared keys to 123321; specify that no domain name is carried in a username sent to the 

RADIUS server.  

[SwitchA] radius scheme scheme1 

[SwitchA-radius-scheme1] server-type extended 

[SwitchA-radius-scheme1] primary authentication 3::1 

[SwitchA-radius-scheme1] key authentication 123321 

[SwitchA-radius-scheme1] primary accounting 3::1 

[SwitchA-radius-scheme1] key accounting 123321 

[SwitchA-radius-scheme1] user-name-format without-domain 

[SwitchA-radius-scheme1] quit 

# Create an ISP domain 

domain1

; reference 

scheme1

 for the authentication, authorization, and 

accounting for LAN users; specify 

domain1

 as the default ISP domain. 

[SwitchA] domain domain1 

[SwitchA-isp-domian1] authentication lan-access radius-scheme scheme1 

[SwitchA-isp-domian1] authorization lan-access radius-scheme scheme1 

[SwitchA-isp-domian1] accounting lan-access radius-scheme scheme1 

[SwitchA-isp-domian1] quit 

[SwitchA] domain default enable domain1 

# Globally enable 802.1X and then enable it on Ethernet 1/0/1 and Ethernet 1/0/2.  

[SwitchA] dot1x 

[SwitchA] interface ethernet 1/0/1 

[SwitchA-Ethernet1/0/1] dot1x 

[SwitchA-Ethernet1/0/1] quit 

[SwitchA] interface ethernet 1/0/2 

[SwitchA-Ethernet1/0/2] dot1x 

[SwitchA-Ethernet1/0/2] quit 

3.

 

Configure Switch B: 
# Globally enable MLD snooping.  

<SwitchB> system-view 

[SwitchB] mld-snooping 

[SwitchB-mld-snooping] quit 

# Create VLAN 104, assign Ethernet 1/0/1 through Ethernet 1/0/3 to this VLAN, and enable 
MLD snooping in this VLAN.  

[SwitchB] vlan 104 

[SwitchB-vlan104] port ethernet 1/0/1 to ethernet 1/0/3 

[SwitchB-vlan104] mld-snooping enable 

[SwitchB-vlan104] quit 

# Create a user profile 

profile2

 and configure the user profile so that users can join or leave only 

one IPv6 multicast group, FF1E::101. Then, enable the user profile.  

[SwitchB] acl ipv6 number 2001 

[SwitchB-acl6-basic-2001] rule permit source ff1e::101 128 

[SwitchB-acl6-basic-2001] quit 

[SwitchB] user-profile profile2 

[SwitchB-user-profile-profile2] mld-snooping access-policy 2001 

[SwitchB-user-profile-profile2] quit 

Summary of Contents for HP 3100-16 v2

Page 1: ...22A HP 3100 24 v2 SI Switch JG223A HP 3100 8 v2 EI Switch JD318B HP 3100 16 v2 EI Switch JD319B HP 3100 24 v2 EI Switch JD320B HP 3100 8 PoE v2 EI Switch JD311B HP 3100 16 PoE v2 EI Switch JD312B HP 3100 24 PoE v2 EI Switch JD313B Part number 5998 5994 Software version Release 5203P05 Document version 6W100 20140603 ...

Page 2: ...MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompan...

Page 3: ...MP snooping fast leave processing 22 Disabling a port from becoming a dynamic router port 23 Configuring IGMP snooping querier 24 Enabling IGMP snooping querier 24 Configuring parameters for IGMP queries and responses 24 Configuring the source IP addresses for IGMP queries 25 Configuring IGMP snooping proxying 26 Enabling IGMP snooping proxying 26 Configuring a source IP address for the IGMP messa...

Page 4: ...pecifying the version of MLD snooping 64 Configuring IPv6 static multicast MAC address entries 65 Configuring MLD snooping port functions 65 Configuring aging timers for dynamic ports 66 Configuring static ports 66 Configuring a port as a simulated member host 67 Enabling fast leave processing 68 Disabling a port from becoming a dynamic router port 68 Configuring MLD snooping querier 69 Enabling M...

Page 5: ...st group policy fails to take effect 94 Configuring IPv6 multicast VLANs available only on the HP 3100 v2 EI 95 Overview 95 IPv6 multicast VLAN configuration task list 96 Configuring a port based IPv6 multicast VLAN 96 Configuration prerequisites 96 Configuring user port attributes 97 Configuring IPv6 multicast VLAN ports 97 Displaying and maintaining IPv6 multicast VLAN 98 IPv6 multicast VLAN con...

Page 6: ...critical information services The term router in this document refers to both routers and Layer 3 switches Unless otherwise stated the term multicast in this document refers to IP multicast Information transmission techniques The information transmission techniques include unicast broadcast and multicast Unicast In unicast transmission the information source must send a separate copy of informatio...

Page 7: ... D and Host E need the information If the information is broadcast to the subnet Host A and Host C also receive it In addition to information security issues broadcasting to hosts that do not need the information also causes traffic flooding on the same subnet Broadcast is disadvantageous in transmitting data to specific hosts Moreover broadcast transmission is a significant waste of network resou...

Page 8: ... subnet but multicast is not Multicast features A multicast group is a multicast receiver set identified by an IP multicast address Hosts join a multicast group to become members of the multicast group before they can receive the multicast data addressed to that multicast group Typically a multicast source does not need to join a multicast group An information sender is called a multicast source A...

Page 9: ...ource sends to multicast group G Here the asterisk represents any multicast source and G represents a specific multicast group S G Indicates a shortest path tree SPT or a multicast packet that multicast source S sends to multicast group G Here S represents a specific multicast source and G represents a specific multicast group Multicast advantages and applications Multicast advantages Advantages o...

Page 10: ...ence between the SSM model and the ASM model is that in the SSM model receivers have already determined the locations of the multicast sources by some other means In addition the SSM model uses a multicast address range that is different from that of the ASM SFM model and dedicated multicast forwarding paths are established between receivers and the specified multicast sources Multicast architectu...

Page 11: ...resses This block includes the following types of designated group addresses 232 0 0 0 8 SSM group addresses 233 0 0 0 8 Glop group addresses 239 0 0 0 to 239 255 255 255 Administratively scoped multicast addresses These addresses are considered locally unique rather than globally unique and can be reused in domains administered by different organizations without causing conflicts For more informa...

Page 12: ... The Flags field contains four bits Figure 5 Flags field format Table 4 Flags field description Bit Description 0 Reserved set to 0 R When set to 0 it indicates that this address is an IPv6 multicast address without an embedded RP address When set to 1 it indicates that this address is an IPv6 multicast address with an embedded RP address The P and T bits must also be set to 1 P When set to 0 it i...

Page 13: ...ant 24 bits of an IPv4 multicast MAC address are 0x01005E Bit 25 is 0 and the other 23 bits are the least significant 23 bits of a multicast IPv4 address Figure 6 IPv4 to MAC address mapping The most significant four bits of a multicast IPv4 address are 1110 which indicates that this address is a multicast address Only 23 bits of the remaining 28 bits are mapped to a MAC address so five bits of th...

Page 14: ...ulticast VLAN IGMP PIM MSDP and MBGP are for IPv4 and MLD snooping IPv6 PIM snooping IPv6 multicast VLAN MLD IPv6 PIM and IPv6 MBGP are for IPv6 This section provides only general descriptions about applications and functions of the Layer 2 and Layer 3 multicast protocols in a network For more information about these protocols see the related chapters Layer 3 multicast protocols Layer 3 multicast ...

Page 15: ... is used for delivery of multicast information between two ASs So far mature solutions include Multicast Source Discovery Protocol MSDP and Multicast Border Gateway Protocol MBGP MSDP propagates multicast source information among different ASs MBGP is an extension of the Multiprotocol Border Gateway Protocol MP BGP for exchanging multicast routing information among different ASs For the SSM model ...

Page 16: ...arding mechanism In a multicast model a multicast source sends information to the host group identified by the multicast group address in the destination address field of IP multicast packets To deliver multicast packets to receivers located at different positions of the network multicast routers on the forwarding paths usually need to forward multicast packets that an incoming interface receives ...

Page 17: ...ch floods multicast packets to all devices at Layer 2 With IGMP snooping enabled the Layer 2 switch forwards multicast packets for known multicast groups to only the receivers that require the multicast data at Layer 2 This feature improves bandwidth efficiency enhances multicast security and helps per host accounting for multicast users Figure 10 Before and after IGMP snooping is enabled on the L...

Page 18: ... Switch B are member ports The switch registers all its member ports in its IGMP snooping forwarding table Unless otherwise specified router ports and member ports in this document include both static and dynamic router ports and member ports NOTE An IGMP snooping enabled switch deems that all its ports on which IGMP general queries with the source IP address other than 0 0 0 0 or that receive PIM...

Page 19: ...the aging timer for the port If the receiving port is not in its router port list adds it into its router port list as a dynamic router port and starts an aging timer for the port When receiving a membership report A host sends an IGMP report to the IGMP querier for the following purposes If the host has been a member of a multicast group responds to the query with an IGMP report Applies for joini...

Page 20: ...emove the port from the forwarding entry for that group Instead it restarts the aging timer for the port After receiving the IGMP leave message the IGMP querier resolves the multicast group address in the message and sends an IGMP group specific query to the multicast group through the port that received the leave message After receiving the IGMP group specific query the switch forwards it through...

Page 21: ...or the forwarding entry for the multicast group If a forwarding entry matches the multicast group and contains the receiving port as a dynamic member port the proxy restarts the aging timer for the port If a forwarding entry matches the multicast group but does not contain the receiving port the proxy adds the port to the forwarding entry as a dynamic member port and starts an aging timer for the ...

Page 22: ...g Enabling IGMP snooping proxying Optional Configuring a source IP address for the IGMP messages sent by the proxy Optional Configuring an IGMP snooping policy Configuring a multicast group filter Optional Configuring multicast source port filtering Optional Enabling dropping unknown multicast data Optional Configuring IGMP report suppression Optional Setting the maximum number of multicast groups...

Page 23: ...complete the following tasks Configure the corresponding VLANs Determine the version of IGMP snooping Enabling IGMP snooping When you enable IGMP snooping follow these guidelines You must enable IGMP snooping globally before you enable it in a VLAN When you enable IGMP snooping in a specified VLAN IGMP snooping works only on the ports in this VLAN To enable IGMP snooping Step Command Remarks 1 Ent...

Page 24: ...cept 0100 5Exx xxxx where x represents a hexadecimal number from 0 to F can be manually added to the multicast MAC address table Multicast MAC addresses are the MAC addresses whose the least significant bit of the most significant octet is 1 Configuration procedure To configure a static multicast MAC address entry in system view Step Command Remarks 1 Enter system view system view N A 2 Configure ...

Page 25: ...ry for that multicast group If the memberships of multicast groups change frequently you can set a relatively small value for the aging timer of the dynamic member ports If the memberships of multicast groups change rarely you can set a relatively large value Configuring aging timers for dynamic ports globally Step Command Remarks 1 Enter system view system view N A 2 Enter IGMP snooping view igmp...

Page 26: ...yer 2 aggregate interface view interface interface type interface number Enter port group view port group manual port group name Use either command 3 Configure the port as a static member port igmp snooping static group group address source ip source address vlan vlan id No static member ports exist by default 4 Configure the port as a static router port igmp snooping static router port vlan vlan ...

Page 27: ...ocessing enabled when the switch receives an IGMP leave message on a port it immediately removes that port from the forwarding entry for the multicast group specified in the message Then when the switch receives IGMP group specific queries for that multicast group it does not forward them to that port On a port that has only one host attached you can enable IGMP snooping fast leave processing to s...

Page 28: ...dition the IGMP general query or PIM hello message that the host sends affects the multicast routing protocol state on Layer 3 devices such as the IGMP querier or DR election and might further cause network interruption To solve these problems disable that router port from becoming a dynamic router port after the port receives an IGMP general query or a PIM hello message so as to improve network s...

Page 29: ...switch sends IGMP queries so that multicast forwarding entries can be established and maintained at the data link layer To enable IGMP snooping querier Step Command Remarks 1 Enter system view system view N A 2 Enter VLAN view vlan vlan id N A 3 Enable IGMP snooping querier igmp snooping querier Disabled by default IMPORTANT In a multicast network that runs IGMP you do not need to configure an IGM...

Page 30: ...id N A 3 Set the interval for sending IGMP general queries igmp snooping query interval interval 60 seconds by default 4 Set the maximum response delay for IGMP general queries igmp snooping max response time interval 10 seconds by default 5 Set the IGMP last member query interval igmp snooping last member query interval interval 1 second by default Configuring the source IP addresses for IGMP que...

Page 31: ...nable the function in a VLAN the device works as the IGMP snooping proxy for the downstream hosts and upstream router in the VLAN To enable IGMP snooping proxying in a VLAN Step Command Remarks 1 Enter system view system view N A 2 Enter VLAN view vlan vlan id N A 3 Enable IGMP snooping proxying in the VLAN igmp snooping proxying enable Disabled by default Configuring a source IP address for the I...

Page 32: ...oks up the ACL If a match is found to permit the port that received the report to join the multicast group the switch creates an IGMP snooping forwarding entry for the multicast group and adds the port to the forwarding entry Otherwise the switch drops this report message in which case the multicast data for the multicast group is not sent to this port and the user cannot retrieve the program Conf...

Page 33: ...than to multicast sources because the port blocks all multicast data packets but it permits multicast protocol packets to pass If this feature is disabled on a port the port can connect to both multicast sources and multicast receivers Configuring multicast source port filtering globally Step Command Remarks 1 Enter system view system view N A 2 Enter IGMP snooping view igmp snooping N A 3 Enable ...

Page 34: ...ault Configuring IGMP report suppression When a Layer 2 switch receives an IGMP report from a multicast group member the switch forwards the message to the Layer 3 device that directly connects to the Layer 2 switch When multiple members of a multicast group are attached to the Layer 2 switch the Layer 3 device might receive duplicate IGMP reports for the multicast group from these members With th...

Page 35: ...ort group manual port group name Use either command 3 Set the maximum number of multicast groups that a port can join igmp snooping group limit limit vlan vlan list 512 by default Enabling multicast group replacement For various reasons the number of multicast groups that the switch or a port joins might exceed the upper limit In addition in some specific applications a multicast group that the sw...

Page 36: ...anual port group name Use either command 3 Enable multicast group replacement igmp snooping overflow replace vlan vlan list Disabled by default Setting the 802 1p precedence for IGMP messages You can change the 802 1p precedence for IGMP messages so that they can be assigned higher forwarding priority when congestion occurs on their outgoing ports Setting the 802 1p precedence for IGMP messages gl...

Page 37: ... found the host is allowed to leave the group Otherwise the leave message is dropped by the access switch A multicast user control policy is functionally similar to a multicast group filter A difference is that a control policy can control both multicast joining and leaving of users based on authentication and authorization but a multicast group filter is configured on a port to control only multi...

Page 38: ... service for IP packets As defined in RFC 24724 the first six bits contains the DSCP priority for prioritizing traffic in the network and the last two bits are reserved This configuration applies to only the IGMP messages that the local switch generates when the switch or its port acts as a member host rather than those forwarded ones To set the DSCP value for IGMP messages Step Command Remarks 1 ...

Page 39: ... view This command works only on an IGMP snooping enabled VLAN but not in a VLAN with IGMP enabled on its VLAN interface This command cannot remove the static group entries of IGMP snooping groups Clear statistics for the IGMP messages learned by IGMP snooping reset igmp snooping statistics Available in user view IGMP snooping configuration examples Group policy and simulated joining configuration...

Page 40: ...rnet1 0 2 pim dm RouterA Ethernet1 0 2 quit 3 Configure Switch A Enable IGMP snooping and the function of dropping unknown multicast traffic globally SwitchA system view SwitchA igmp snooping SwitchA igmp snooping drop unknown SwitchA igmp snooping quit Create VLAN 100 assign Ethernet 1 0 1 through Ethernet 1 0 4 to this VLAN and enable IGMP snooping in the VLAN SwitchA vlan 100 SwitchA vlan100 po...

Page 41: ...rbose Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Port flags D Dynamic port S Static port C Copy port P PIM port Vlan id 100 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port Eth1 0 1 D 00 01 30 IP group s the following ip group s match to one mac group IP group address 224 1 1 1 0 0 0 0 224 1 1 1 Attribute Host Port Host port s total 2 port Eth1 ...

Page 42: ...e Protocol STP see Layer 2 LAN Switching Configuration Guide NOTE If no static router port is configured when the path of Switch A Switch B Switch C gets blocked at least one IGMP query response cycle must be completed before the multicast data can flow to the receivers along the new path of Switch A Switch C Namely multicast delivery will be interrupted during this process Figure 14 Network diagr...

Page 43: ...g globally SwitchB system view SwitchB igmp snooping SwitchB igmp snooping quit Create VLAN 100 assign Ethernet 1 0 1 and Ethernet 1 0 2 to this VLAN and enable IGMP snooping in the VLAN SwitchB vlan 100 SwitchB vlan100 port ethernet 1 0 1 ethernet 1 0 2 SwitchB vlan100 igmp snooping enable SwitchB vlan100 quit 5 Configure Switch C Enable IGMP snooping globally SwitchC system view SwitchC igmp sno...

Page 44: ...group IP group address 224 1 1 1 0 0 0 0 224 1 1 1 Attribute Host Port Host port s total 1 port Eth1 0 2 D 00 03 23 MAC group s MAC group address 0100 5e01 0101 Host port s total 1 port Eth1 0 2 The output shows that Ethernet 1 0 3 of Switch A has become a static router port Display detailed IGMP snooping group information in VLAN 100 on Switch C SwitchC display igmp snooping group vlan 100 verbos...

Page 45: ... of multicast group 225 1 1 1 All the receivers run IGMPv2 and all the switches run IGMPv2 snooping Switch A which is close to the multicast sources is chosen as the IGMP snooping querier To prevent flooding of unknown multicast traffic within the VLAN be sure to configure all the switches to drop unknown multicast data packets Because a switch does not enlist a port that has heard an IGMP query w...

Page 46: ...mp snooping quit Create VLAN 100 and assign Ethernet 1 0 1 through Ethernet 1 0 4 to the VLAN SwitchB vlan 100 SwitchB vlan100 port ethernet 1 0 1 to ethernet 1 0 4 Enable IGMP snooping in VLAN 100 SwitchB vlan100 igmp snooping enable SwitchB vlan100 quit Configurations on Switch C and Switch D are similar to the configuration on Switch B Verifying the configuration After the IGMP snooping querier...

Page 47: ...es to the hosts on behalf of Router A Figure 16 Network diagram Configuration procedure 1 Configure an IP address and subnet mask for each interface as per Figure 16 Details not shown 2 On Router A enable IP multicast routing enable IGMP on Ethernet 1 0 1 and enable PIM DM on each interface RouterA system view RouterA multicast routing enable RouterA interface ethernet 1 0 1 RouterA Ethernet1 0 1 ...

Page 48: ...IGMP snooping groups and IGMP multicast groups For example Display information about IGMP snooping groups on Switch A SwitchA display igmp snooping group Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Port flags D Dynamic port S Static port C Copy port P PIM port Vlan id 100 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port Eth1 0 1 D 00 01 23 IP gro...

Page 49: ...rt Vlan id 100 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port Eth1 0 1 D 00 01 23 IP group s the following ip group s match to one mac group IP group address 224 1 1 1 0 0 0 0 224 1 1 1 Host port s total 1 port Eth1 0 3 D MAC group s MAC group address 0100 5e01 0101 Host port s total 1 port Eth1 0 3 Multicast source and user control policy configuration examp...

Page 50: ...n102 quit SwitchA vlan 103 SwitchA vlan103 port ethernet 1 0 3 SwitchA vlan103 quit SwitchA vlan 104 SwitchA vlan104 port ethernet 1 0 4 SwitchA vlan104 quit Enable IP multicast routing Enable PIM DM on VLAN interface 101 VLAN interface 102 and VLAN interface 104 and enable IGMP on VLAN interface 104 SwitchA multicast routing enable SwitchA interface vlan interface 101 SwitchA Vlan interface101 pi...

Page 51: ...horization server and accounting server as 3 1 1 1 set the shared keys to 123321 specify that no domain name is carried in a username sent to the RADIUS server SwitchA radius scheme scheme1 SwitchA radius scheme1 server type extended SwitchA radius scheme1 primary authentication 3 1 1 1 SwitchA radius scheme1 key authentication 123321 SwitchA radius scheme1 primary accounting 3 1 1 1 SwitchA radiu...

Page 52: ... server as 3 1 1 1 set the shared keys to 321123 specify that a username sent to the RADIUS server carry no domain name SwitchB radius scheme scheme2 SwitchB radius scheme2 server type extended SwitchB radius scheme2 primary authentication 3 1 1 1 SwitchB radius scheme2 key authentication 321123 SwitchB radius scheme2 primary accounting 3 1 1 1 SwitchB radius scheme2 key accounting 321123 SwitchB ...

Page 53: ...s Total 1 IP Source s Total 1 MAC Group s Port flags D Dynamic port S Static port C Copy port P PIM port Vlan id 104 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port Eth1 0 1 D 00 01 30 IP group s the following ip group s match to one mac group IP group address 224 1 1 1 0 0 0 0 224 1 1 1 Attribute Host Port Host port s total 1 port Eth1 0 3 D 00 04 10 MAC grou...

Page 54: ...GMP snooping in VLAN view 3 If IGMP snooping is disabled only for the corresponding VLAN use the igmp snooping enable command in VLAN view to enable IGMP snooping in the corresponding VLAN Configured multicast group policy fails to take effect Symptom Although a multicast group policy has been configured to allow hosts to join specific multicast groups the hosts can still receive multicast data ad...

Page 55: ... the display current configuration command to verify that the function of dropping unknown multicast data is enabled If not use the drop unknown command to enable the function of dropping unknown multicast data ...

Page 56: ...yer 2 device is the solution to this issue With the multicast VLAN feature the Layer 3 device replicates the multicast traffic only in the multicast VLAN instead of making a separate copy of the multicast traffic in each user VLAN This saves network bandwidth and lessens the burden on the Layer 3 device As shown in Figure 19 Host A Host B and Host C are in different user VLANs All the user ports p...

Page 57: ... Task Remarks Configuring user port attributes Required Configuring multicast VLAN ports Required Configuring a port based multicast VLAN When you configure a port based multicast VLAN you must configure the attributes of each user port and then assign the ports to the multicast VLAN A user port can be configured as a multicast VLAN port only if it is an Ethernet port or Layer 2 aggregate interfac...

Page 58: ...interface number Enter port group view port group manual port group name Use either command 3 Configure the user port link type as hybrid port link type hybrid Access by default 4 Specify the user VLAN that comprises the current user ports as the default VLAN port hybrid pvid vlan vlan id VLAN 1 by default 5 Configure the current user ports to permit packets of the specified multicast VLANs to pas...

Page 59: ... group view Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view interface interface type interface number Enter port group view port group manual port group name Use either command 5 Configure the current port as a member port of the multicast VLAN port multicast vlan vlan id By default a user port does not belong to any multicast VLAN Displaying and maintaining multicast VLA...

Page 60: ...ost side interface Ethernet 1 0 2 RouterA system view RouterA multicast routing enable RouterA interface ethernet 1 0 1 RouterA Ethernet1 0 1 pim dm RouterA Ethernet1 0 1 quit RouterA interface ethernet 1 0 2 RouterA Ethernet1 0 2 pim dm RouterA Ethernet1 0 2 igmp enable 3 Configure Switch A Enable IGMP snooping globally SwitchA system view SwitchA igmp snooping SwitchA igmp snooping quit Create V...

Page 61: ...rnet 1 0 2 and Ethernet 1 0 3 to VLAN 10 SwitchA mvlan 10 port ethernet 1 0 2 to ethernet 1 0 3 SwitchA mvlan 10 quit Assign Ethernet 1 0 4 to VLAN 10 SwitchA interface ethernet 1 0 4 SwitchA Ethernet1 0 4 port multicast vlan 10 SwitchA Ethernet1 0 4 quit Verifying the configuration Display the multicast VLAN information on Switch A SwitchA display multicast vlan Total 1 multicast vlan s Multicast...

Page 62: ...Eth1 0 3 D Eth1 0 4 D MAC group s MAC group address 0100 5e01 0101 Host port s total 3 port s Eth1 0 2 Eth1 0 3 Eth1 0 4 The output shows that IGMP snooping is maintaining the router ports and member ports in VLAN 10 ...

Page 63: ...r 2 switch floods IPv6 multicast packets to all devices at Layer 2 With MLD snooping enabled the Layer 2 switch forwards IPv6 multicast packets destined for known IPv6 multicast groups to only the receivers that require the multicast data at Layer 2 This feature improves bandwidth efficiency enhances multicast security and helps per host accounting for multicast users Figure 21 Before and after ML...

Page 64: ...specified router ports and member ports in this document include both static and dynamic router ports and member ports NOTE An MLD snooping enabled switch deems that the all its ports that receive MLD general queries with the source address other than 0 0 or that receive IPv6 PIM hello messages are dynamic router ports Aging timers for dynamic ports in MLD snooping and related messages and actions...

Page 65: ...witch forwards it through all the router ports in the VLAN resolves the address of the reported IPv6 multicast group and performs one of the following actions If no forwarding entry matches the group address creates a forwarding entry for the group adds the receiving port as a dynamic member port to the forwarding entry for the group and starts an aging timer for the port If a forwarding entry mat...

Page 66: ...dgment for the port that received the MLD done message If the port assuming that it is a dynamic member port receives an MLD report in response to the MLD multicast address specific query before its aging timer expires it indicates that some host attached to the port is receiving or expecting to receive IPv6 multicast data for that IPv6 multicast group The switch restarts the aging timer for the p...

Page 67: ... the IPv6 multicast group but does not contain the receiving port the proxy adds the port to the forwarding entry as a dynamic member port and starts an aging timer for the port If no forwarding entry matches the IPv6 multicast group the proxy creates a forwarding entry for the group adds the receiving port to the forwarding entry as a dynamic member port and starts an aging timer for the port The...

Page 68: ...onfigurations that you make are effective only on the ports that belong to the current VLAN For a given VLAN a configuration that you make in MLD snooping view is effective only if you do not make the same configuration in VLAN view In MLD snooping view the configurations that you make are effective on all ports In Layer 2 Ethernet interface view or Layer 2 aggregate interface view the configurati...

Page 69: ...D snooping Different versions of MLD snooping can process different versions of MLD messages MLDv1 snooping can process MLDv1 messages but flood MLDv2 messages in the VLAN instead of processing them MLDv2 snooping can process MLDv1 and MLDv2 messages If you change MLDv2 snooping to MLDv1 snooping the system Clears all MLD snooping forwarding entries that are dynamically created Keeps static MLDv2 ...

Page 70: ...mac address interface interface list vlan vlan id No static multicast MAC address entries exist by default To configure an IPv6 static multicast MAC address entry in interface view Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 2 Ethernet interface view Layer 2 aggregate interface view or port group view Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface v...

Page 71: ...mer for dynamic member ports host aging time interval 260 seconds by default Setting the aging timers for the dynamic ports in a VLAN Step Command Remarks 1 Enter system view system view N A 2 Enter VLAN view vlan vlan id N A 3 Set the aging timer for the dynamic router ports mld snooping router aging time interval 260 seconds by default 4 Set the aging timer for the dynamic member ports mld snoop...

Page 72: ... as a simulated member host for an IPv6 multicast group A simulated host is equivalent to an independent host For example when a simulated member host receives an MLD query it gives a response separately Therefore the switch can continue receiving IPv6 multicast data A simulated host acts like a real host in the following ways When a port is configured as a simulated member host the switch sends a...

Page 73: ...ulticast group the other hosts attached to the port in the same IPv6 multicast group cannot receive the IPv6 multicast data for the group Enabling fast leave processing globally Step Command Remarks 1 Enter system view system view N A 2 Enter MLD snooping view mld snooping N A 3 Enable fast leave processing fast leave vlan vlan list Disabled by default Enabling fast leave processing on a port Step...

Page 74: ...port mld snooping router port deny vlan vlan list By default a port can become a dynamic router port NOTE This configuration does not affect the static router port configuration Configuring MLD snooping querier Before you configure MLD snooping querier complete the following tasks Enable MLD snooping in the VLAN Determine the MLD general query interval Determine the MLD last member query interval ...

Page 75: ...l condition of the network A multicast listening host starts a timer for each IPv6 multicast group that it has joined when it receives an MLD query general query or multicast address specific query This timer is initialized to a random value in the range of 0 to the maximum response delay advertised in the MLD query message When the timer value decreases to 0 the host sends an MLD report to the IP...

Page 76: ...pv6 address current interface FE80 02FF FFFF FE00 0001 by default 4 Configure the source IPv6 address of MLD multicast address specific queries mld snooping special query source ip ipv6 address current interface FE80 02FF FFFF FE00 0001 by default IMPORTANT The source IPv6 address of MLD query messages might affect MLD querier election within the subnet Configuring MLD snooping proxying Before you...

Page 77: ...2FF FFFF FE00 0001 Configuring an MLD snooping policy Before you configure an MLD snooping policy complete the following tasks Enable MLD snooping in the VLAN Determine the IPv6 ACL rule for IPv6 multicast group filtering Determine the maximum number of IPv6 multicast groups that a port can join Determine the 802 1p precedence for MLD messages Configuring an IPv6 multicast group filter On an MLD s...

Page 78: ...port group name Use either command 3 Configure an IPv6 multicast group filter mld snooping group policy acl6 number vlan vlan list By default no IPv6 group filter is configured on an interface That is the hosts on the interface can join any valid multicast group Enabling dropping unknown IPv6 multicast data Unknown IPv6 multicast data refers to IPv6 multicast data for which no entries exist in the...

Page 79: ...function is enabled or not To configure MLD report suppression Step Command Remarks 1 Enter system view system view N A 2 Enter MLD snooping view mld snooping N A 3 Enable MLD report suppression report aggregation Enabled by default Setting the maximum number of multicast groups that a port can join You can set the maximum number of IPv6 multicast groups that a port can join to regulate the traffi...

Page 80: ...p replacement function on the switch or on a certain port When the number of IPv6 multicast groups that the switch or the port has joined reaches the limit one of the following occurs If the IPv6 multicast group replacement feature is disabled new MLD reports are automatically discarded If the IPv6 multicast group replacement feature is enabled the IPv6 multicast group that the switch or the port ...

Page 81: ... 1p precedence for MLD messages is 0 Setting the 802 1p precedence for MLD messages in a VLAN Step Command Remarks 1 Enter system view system view N A 2 Enter VLAN view vlan vlan id N A 3 Set the 802 1p precedence for MLD messages mld snooping dot1p priority priority number The default 802 1p precedence for MLD messages is 0 Configuring an IPv6 multicast user control policy IPv6 multicast user con...

Page 82: ...s policy acl6 number No policy is configured by default That is a host can join or leave a valid multicast group at any time 4 Return to system view quit N A 5 Enable the created user profile user profile profile name enable Not enabled by default For more information about the user profile and user profile enable commands see Security Command Reference Enabling the MLD snooping host tracking func...

Page 83: ...n id slot slot number verbose begin exclude include regular expression Available in any view Display information about the hosts tracked by MLD snooping display mld snooping host vlan vlan id group ipv6 group address source ipv6 source address slot slot number begin exclude include regular expression Available in any view Display IPv6 static multicast MAC address entries display mac address mac ad...

Page 84: ...cast data for group FF1E 101 can be forwarded through Ethernet 1 0 3 and Ethernet 1 0 4 of Switch A even if Host A and Host B accidentally temporarily stop receiving IPv6 multicast data and that Switch A drops unknown IPv6 multicast data and does not broadcast the data to the VLAN where Switch A resides Figure 24 Network diagram Configuration procedure 1 Enable IPv6 forwarding and configure an IPv...

Page 85: ...tchA acl ipv6 number 2001 SwitchA acl6 basic 2001 rule permit source ff1e 101 128 SwitchA acl6 basic 2001 quit SwitchA mld snooping SwitchA mld snooping group policy 2001 vlan 100 SwitchA mld snooping quit Configure Ethernet 1 0 3 and Ethernet 1 0 4 as simulated hosts for IPv6 multicast group FF1E 101 SwitchA interface ethernet 1 0 3 SwitchA Ethernet1 0 3 mld snooping host join ff1e 101 vlan 100 S...

Page 86: ...ce the reliability of multicast traffic transmission Suppose STP runs on the network To avoid data loops the forwarding path from Switch A to Switch C is blocked under normal conditions and IPv6 multicast traffic flows to the receivers attached to Switch C only along the path of Switch A Switch B Switch C Configure Ethernet 1 0 3 on Switch C as a static router port so that IPv6 multicast traffic c...

Page 87: ...ble RouterA Ethernet1 0 1 pim ipv6 dm RouterA Ethernet1 0 1 quit RouterA interface ethernet 1 0 2 RouterA Ethernet1 0 2 pim ipv6 dm RouterA Ethernet1 0 2 quit 3 Configure Switch A Enable MLD snooping globally SwitchA system view SwitchA mld snooping SwitchA mld snooping quit Create VLAN 100 assign Ethernet 1 0 1 through Ethernet 1 0 3 to this VLAN and enable MLD snooping in the VLAN SwitchA vlan 1...

Page 88: ...AN SwitchC vlan 100 SwitchC vlan100 port ethernet 1 0 1 to ethernet 1 0 5 SwitchC vlan100 mld snooping enable SwitchC vlan100 quit Configure Ethernet 1 0 3 and Ethernet 1 0 5 as static member ports for IPv6 multicast group FF1E 101 SwitchC interface Ethernet 1 0 3 SwitchC Ethernet1 0 3 mld snooping static group ff1e 101 vlan 100 SwitchC Ethernet1 0 3 quit SwitchC interface Ethernet 1 0 5 SwitchC E...

Page 89: ...otal 1 MAC Group s Router port s total 1 port s Eth1 0 2 D 00 01 23 IP group s the following ip group s match to one mac group IP group address FF1E 101 FF1E 101 Attribute Host Port Host port s total 2 port s Eth1 0 3 S Eth1 0 5 S MAC group s MAC group address 3333 0000 0101 Host port s total 2 port s Eth1 0 3 Eth1 0 5 The output shows that Ethernet 1 0 3 and Ethernet 1 0 5 on Switch C have become...

Page 90: ...s globally SwitchA system view SwitchA ipv6 SwitchA mld snooping SwitchA mld snooping drop unknown SwitchA mld snooping quit Create VLAN 100 and assign Ethernet 1 0 1 through Ethernet 1 0 3 to VLAN 100 SwitchA vlan 100 SwitchA vlan100 port ethernet 1 0 1 to ethernet 1 0 3 Enable MLD snooping in VLAN 100 SwitchA vlan100 mld snooping enable Configure MLD snooping querier feature in VLAN 100 SwitchA ...

Page 91: ...display mld snooping statistics Received MLD general queries 3 Received MLDv1 specific queries 0 Received MLDv1 reports 12 Received MLD dones 0 Sent MLDv1 specific queries 0 Received MLDv2 reports 0 Received MLDv2 reports with right and wrong records 0 Received MLDv2 specific queries 0 Received MLDv2 specific sg queries 0 Sent MLDv2 specific queries 0 Sent MLDv2 specific sg queries 0 Received erro...

Page 92: ...quit 3 Configure Switch A Enable MLD snooping globally SwitchA system view SwitchA mld snooping SwitchA mld snooping quit Create VLAN 100 assign ports Ethernet 1 0 1 through Ethernet 1 0 4 to this VLAN and enable MLD snooping and MLD snooping proxying in the VLAN SwitchA vlan 100 SwitchA vlan100 port ethernet 1 0 1 to ethernet 1 0 4 SwitchA vlan100 mld snooping enable SwitchA vlan100 mld snooping ...

Page 93: ...bout MLD multicast groups on Router A RouterA display mld group Total 1 MLD Group s Interface group report information Ethernet1 0 1 2001 1 Total 1 MLD Group reported Group Address FF1E 1 Last Reporter FE80 2FF FFFF FE00 1 Uptime 00 00 03 Expires 00 04 17 When Host A leaves the IPv6 multicast group it sends an MLD done message to Switch A Receiving the message Switch A removes port Ethernet 1 0 4 ...

Page 94: ...quirements As shown in Figure 28 Switch A is a Layer 3 switch MLDv1 runs on Switch A and MLDv1 snooping runs on Switch B Multicast sources and hosts run 802 1X client An IPv6 multicast source control policy is configured on Switch A to block multicast flows from Source 2 to FF1E 101 An IPv6 multicast user control policy is configured on Switch B so that Host A can join or leave only multicast grou...

Page 95: ...tchA interface vlan interface 104 SwitchA Vlan interface104 pim ipv6 dm SwitchA Vlan interface104 mld enable SwitchA Vlan interface104 quit Create a multicast source control policy policy1 so that multicast flows from Source 2 to FF1E 101 will be blocked SwitchA acl ipv6 number 3001 SwitchA acl6 adv 3001 rule permit udp source 2 1 128 destination ff1e 101 128 SwitchA acl6 adv 3001 quit SwitchA tra...

Page 96: ...me1 SwitchA isp domian1 accounting lan access radius scheme scheme1 SwitchA isp domian1 quit SwitchA domain default enable domain1 Globally enable 802 1X and then enable it on Ethernet 1 0 1 and Ethernet 1 0 2 SwitchA dot1x SwitchA interface ethernet 1 0 1 SwitchA Ethernet1 0 1 dot1x SwitchA Ethernet1 0 1 quit SwitchA interface ethernet 1 0 2 SwitchA Ethernet1 0 2 dot1x SwitchA Ethernet1 0 2 quit ...

Page 97: ... access radius scheme scheme2 SwitchB isp domian2 quit SwitchB domain default enable domain2 Globally enable 802 1X and then enable it on Ethernet 1 0 2 and Ethernet 1 0 3 SwitchB dot1x SwitchB interface ethernet 1 0 2 SwitchB Ethernet1 0 2 dot1x SwitchB Ethernet1 0 2 quit SwitchB interface ethernet 1 0 3 SwitchB Ethernet1 0 3 dot1x SwitchB Ethernet1 0 3 quit 4 Configure RADIUS server On the RADIU...

Page 98: ...IPv6 multicast forwarding table on Switch A SwitchA display multicast ipv6 forwarding table ff1e 101 IPv6 Multicast Forwarding Table Total 1 entry Total 1 entry matched 00001 1 1 FF1E 101 MID 0 Flags 0x0 0 Uptime 00 08 32 Timeout in 00 03 26 Incoming interface Vlan interface101 List of 1 outgoing interfaces 1 Vlan interface104 Matched 19648 packets 20512512 bytes Wrong If 0 packets Forwarded 19648...

Page 99: ...nalysis The IPv6 ACL rule is incorrectly configured The IPv6 multicast group policy is not correctly applied The function of dropping unknown IPv6 multicast data is not enabled so unknown IPv6 multicast data is flooded Solution 1 Use the display acl ipv6 command to check the configured IPv6 ACL rule Make sure that the IPv6 ACL rule conforms to the IPv6 multicast group policy to be implemented 2 Us...

Page 100: ...t VLAN feature configured on the Layer 2 device is the solution to this issue With the IPv6 multicast VLAN feature the Layer 3 device needs to replicate the multicast traffic only in the IPv6 multicast VLAN instead of making a separate copy of the multicast traffic in each user VLAN This saves the network bandwidth and lessens the burden of the Layer 3 device As shown in Figure 30 Host A Host B an...

Page 101: ...onfiguring user port attributes Required Configuring IPv6 multicast VLAN ports Required Configuring a port based IPv6 multicast VLAN When you configure a port based IPv6 multicast VLAN you need to configure the attributes of each user port and then assign the ports to the IPv6 multicast VLAN A user port can be configured as a multicast VLAN port only if it is an Ethernet port or Layer 2 aggregate ...

Page 102: ...roup name Use either command 3 Configure the user port link type as hybrid port link type hybrid Access by default 4 Specify the user VLAN that comprises the current user ports as the default VLAN port hybrid pvid vlan vlan id VLAN 1 by default 5 Configure the current user ports to permit packets of the specified IPv6 multicast VLAN to pass and untag the packets port hybrid vlan vlan id list tagge...

Page 103: ...ew port group manual port group name Use either command 5 Configure the ports as member ports of the IPv6 multicast VLAN port multicast vlan ipv6 vlan id By default a user port does not belong to any IPv6 multicast VLAN Displaying and maintaining IPv6 multicast VLAN Task Command Remarks Display information about an IPv6 multicast VLAN display multicast vlan ipv6 vlan id begin exclude include regul...

Page 104: ...et1 0 1 ipv6 pim dm RouterA Ethernet1 0 1 quit RouterA interface ethernet 1 0 2 RouterA Ethernet1 0 2 ipv6 pim dm RouterA Ethernet1 0 2 mld enable 3 Configure Switch A Enable MLD snooping globally SwitchA system view SwitchA mld snooping SwitchA mld snooping quit Create VLAN 10 assign Ethernet 1 0 1 to VLAN 10 and enable MLD snooping in this VLAN SwitchA vlan 10 SwitchA vlan10 port ethernet 1 0 1 ...

Page 105: ... ethernet 1 0 2 to ethernet 1 0 3 SwitchA ipv6 mvlan 10 quit Assign Ethernet 1 0 4 to IPv6 multicast VLAN 10 SwitchA interface ethernet 1 0 4 SwitchA Ethernet1 0 4 port multicast vlan ipv6 10 SwitchA Ethernet1 0 4 quit Verifying the configuration Display the IPv6 multicast VLAN information on Switch A SwitchA display multicast vlan ipv6 Total 1 IPv6 multicast vlan s IPv6 Multicast vlan 10 port lis...

Page 106: ...01 Eth1 0 4 D MAC group s MAC group address 3333 0000 0101 Host port s total 3 port s Eth1 0 2 Eth1 0 3 Eth1 0 4 The output shows that MLD snooping is maintaining router ports and member ports in VLAN 10 ...

Page 107: ...ing you will receive email notification of product enhancements new driver versions firmware updates and other product resources Related information Documents To find related documents browse to the Manuals page of the HP Business Support Center website http www hp com support manuals For related documentation navigate to the Networking section and select a networking category For a complete list ...

Page 108: ...eparated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field names and menu items are in bold text For example the New User window appears cl...

Page 109: ...r a unified wired WLAN module or the switching engine on a unified wired WLAN switch Represents an access point Represents a mesh access point Represents omnidirectional signals Represents directional signals Represents a security product such as a firewall UTM multiservice security gateway or load balancing device Represents a security card such as a firewall load balancing NetStream SSL VPN IPS ...

Page 110: ...and maintaining IGMP snooping 33 Displaying and maintaining IPv6 multicast VLAN 98 Displaying and maintaining MLD snooping 78 Displaying and maintaining multicast VLAN 54 I IGMP snooping configuration examples 34 IGMP snooping configuration task list 17 Introduction to multicast 1 IPv6 multicast VLAN configuration examples 98 IPv6 multicast VLAN configuration task list 96 M MLD snooping configurat...

Reviews:

No comments

Related manuals for HP 3100-16 v2

D-Link DKVM-IP1 Manual preview
DKVM-IP1
Brand: D-Link Pages: 73
IBM E12 Quick Installation Manual preview
E12
Brand: IBM Pages: 2
Balluff NAMUR BES G06MD-GNX10B-EV02-EEX Operating Instructions Manual preview
NAMUR BES G06MD-GNX10B-EV02-EEX
Brand: Balluff Pages: 56
Thetford Marine TECMA Silence Marine Owner'S Manual preview
TECMA Silence Marine
Brand: Thetford Marine Pages: 9
LevelOne FEP-0800 Quick Installation Manual preview
FEP-0800
Brand: LevelOne Pages: 17
Greengate VNLW-P-1001-MV-N-V Installation Instructions preview
VNLW-P-1001-MV-N-V
Brand: Greengate Pages: 2
Key Digital HD Flash 4 KD-SW4x1 Operating Instructions Manual preview
HD Flash 4 KD-SW4x1
Brand: Key Digital Pages: 12
Leonton ET2-0602-M Series User Manual preview
ET2-0602-M Series
Brand: Leonton Pages: 17
Eaton Cooper Power Systems LCR 6200 RFN Instructional Leaflet preview
Cooper Power Systems LCR 6200 RFN
Brand: Eaton Pages: 8
Free-Way Switch 3X3-08 Instructions Manual preview
3X3-08
Brand: Free-Way Switch Pages: 6
Net Generation NG-PGS164W User Manual preview
NG-PGS164W
Brand: Net Generation Pages: 38
Xunison Hub D60 5G Quick Start Manual preview
Hub D60 5G
Brand: Xunison Pages: 14
TeleAdapt MediaHub Mini TA-3350 Installation Manual preview
MediaHub Mini TA-3350
Brand: TeleAdapt Pages: 23
KYLAND Ruby3A Hardware Installation Manual preview
Ruby3A
Brand: KYLAND Pages: 34
TRENDnet TEG-S80Dg Brochure & Specs preview
TEG-S80Dg
Brand: TRENDnet Pages: 2
Wyrestorm MX-0404-H2 Quick Start Manual preview
MX-0404-H2
Brand: Wyrestorm Pages: 4
Vagner Pool PRO PIEZO 1 Instruction Manual preview
PRO PIEZO 1
Brand: Vagner Pool Pages: 5
Edimax ES-3308P Datasheet preview
ES-3308P
Brand: Edimax Pages: 2

Brands by name

Popular brands

Load more brands