HP A3100-16 v2 EI Configuration Manual Download Page 111 | Manualshive

Page: 111 / 193

background image

•

When the port receives a tagged frame, the port forwards the frame if the VLAN ID of the frame is

permitted by the port, or otherwise drops the frame.

Approach 2: Dynamic MAC-based VLAN

You can use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication

based on MAC addresses) to implement secure, flexible terminal access. After configuring dynamic

MAC-based VLAN on the switch, you must configure the MAC address-to-VLAN entries on the access

authentication server.
When a user passes authentication of the access authentication server, the switch obtains VLAN

information from the server, generates a MAC address-to-VLAN entry by using the source MAC address
of the user packet and the VLAN information, and assigns the port to the MAC-based VLAN. When the

user goes offline, the switch automatically deletes the MAC address-to-VLAN entry, and removes the port

from the MAC-based VLAN.

Configuring MAC-based VLAN

NOTE:

•

MAC-based VLANs are available only on hybrid ports.

•

The MAC-based VLAN feature is mainly configured on the downlink ports of the user access devices. Do
not enable this function together with link aggregation.

Configuring static MAC-based VLAN assignment

Follow these steps to configure static MAC-based VLAN assignment:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Associate MAC addresses
with a VLAN

mac-vlan mac-address

mac-address

vlan

vlan-id

[

priority

priority

]

Required

Enter Ethernet
interface view

interface

interface-type

interface-number

Enter
Ethernet

interface
view or port

group view Enter port

group view

port-group manual

port-group-name

Use either command.

•

The configuration made in
Ethernet interface view applies
only to the current port.

•

The configuration made in port
group view applies to all ports in

the port group.

Configure the link type of the

port(s) as hybrid

port link-type

hybrid

Required

Configure the hybrid port(s) to
permit packets of specific
MAC-based VLANs to pass

through

port hybrid

vlan

vlan-id-list

{

tagged

|

untagged

}

Required
By default, a hybrid port only permits

the packets of VLAN 1 to pass
through.

Enable MAC-based VLAN

mac-vlan enable

Required
Disabled by default

Configuring dynamic MAC-based VLAN

104

«
...
109
110
111
112
113
...
»

Summary of Contents for A3100-16 v2 EI

Page 1: ... JG222A HP A3100 24 v2 SI Switch JG223A HP A3100 8 v2 EI Switch JD318B HP A3100 16 v2 EI Switch JD319B HP A3100 24 v2 EI Switch JD320B HP A3100 8 PoE v2 EI Switch JD311B HP A3100 16 PoE v2 EI Switch JD312B HP A3100 24 PoE v2 EI Switch JD313B Part number 5998 1964 Software version Release 5103 Document version 6W100 20110909 ...

Page 2: ...MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompan...

Page 3: ...erface configuration 14 Loopback interface 14 Introduction to loopback interface 14 Configuring a loopback interface 14 Null interface 15 Introduction to null interface 15 Configuring null 0 interface 15 Displaying and maintaining loopback and null interfaces 16 MAC address table configuration 17 Overview 17 How a MAC address table entry is created 17 Types of MAC address table entries 17 MAC addr...

Page 4: ...aggregation groups 37 Displaying and maintaining Ethernet link aggregation 38 Ethernet link aggregation configuration examples 38 Layer 2 static aggregation configuration example 38 Layer 2 dynamic aggregation configuration example 40 Port isolation configuration 43 Introduction to port isolation 43 Configuring the isolation group 43 Displaying and maintaining isolation groups 44 Port isolation co...

Page 5: ...examples 91 BPDU tunneling for STP configuration example 91 BPDU tunneling for PVST configuration example 92 VLAN configuration 94 Introduction to VLAN 94 VLAN overview 94 VLAN fundamentals 94 Types of VLANs 95 Configuring basic VLAN settings 96 Configuring basic settings of a VLAN interface 96 Port based VLAN configuration 97 Introduction to port based VLAN 97 Assigning an access port to a VLAN 9...

Page 6: ... QinQ 138 Modifying the TPID in a VLAN tag 138 Protocols and standards 139 QinQ configuration task list 139 Enabling basic QinQ 140 Configuring selective QinQ available only on the A3100 v2 EI 140 Configuring an outer VLAN tagging policy in the port based approach 140 Configuring an outer VLAN tagging policy in the QoS policy based approach 141 Configuring the TPID value in VLAN tags 142 QinQ conf...

Page 7: ...ement address and its encoding format 172 Setting other LLDP parameters 173 Setting an encapsulation format for LLDPDUs 174 Configuring CDP compatibility available only on the A3100 v2 EI 174 Configuration prerequisites 175 Configuring CDP compatibility 175 Configuring LLDP trapping 176 Displaying and maintaining LLDP 176 LLDP configuration examples 177 Basic LLDP configuration example 177 CDP com...

Page 8: ...he interface rate and duplex mode Configuration prerequisites Before you configure combo interfaces complete the following tasks Check the number of combo interfaces on your switch which varies with your switch model and can be obtained from the installation manual Use the display interface command to determine which port fiber or copper of the combo interface is active If the current port is the ...

Page 9: ...egotiation The two ends can select a speed only from the available options For more information see Setting speed options for auto negotiation on an Ethernet interface Follow these steps to set duplex mode and speed on an Ethernet interface To do Use the command Remarks Enter system view system view Enter Ethernet interface view interface interface type interface number Change the description of t...

Page 10: ...speed auto negotiation mode with the highest speed of 100 Mbps If the transmission rate of each server in the server cluster is 100 Mbps their total transmission rate will exceed the capability of interface Ethernet 1 0 4 the interface providing access to the Internet for the servers To avoid congestion on Ethernet 1 0 4 set 10 Mbps as the only speed option available for negotiation on interface E...

Page 11: ...e resulting in increased overhead To prevent physical link flapping from affecting system performance configure link change suppression to delay the reporting of physical link state changes When the delay expires the interface reports any detected change Link change suppression does not suppress administrative up or down events When you shut down or bring up an interface by using the shutdown or u...

Page 12: ...link delay mode up command and the link delay command supersedes each other and whichever is configured last takes effect Configuring loopback testing on an Ethernet interface You can perform loopback testing on an Ethernet interface to determine whether the interface functions properly The Ethernet interface cannot forward data packets during the testing Loopback testing falls into the following ...

Page 13: ...s are not available on an interface during loopback testing During loopback testing the Ethernet interface operates in full duplex mode When you disable loopback testing the port returns to its duplex setting Loopback testing is a one time operation and is not recorded in the configuration file Configuring a port group Some interfaces on your switch might use the same set of settings To configure ...

Page 14: ...nfigure both of them you might fail to achieve the expected storm control effect Configuring storm suppression on an Ethernet Interface Use the following guidelines to set one suppression threshold for broadcast multicast and unknown unicast traffic separately on an Ethernet interface Set the threshold as a percentage of the interface transmission capability Set the threshold in kbps limiting the ...

Page 15: ...he switch does either of the following actions depending on your configuration Blocking the particular type of traffic and forwarding other types of traffic Even though the interface does not forward the blocked traffic it still counts the traffic When the blocked traffic is detected dropping below the threshold the interface begins to forward the traffic Shutting down the interface automatically ...

Page 16: ...ts respectively under the same interface Setting the statistics polling interval Follow these steps to set the statistics polling interval on an Ethernet interface To do Use the command Remarks Enter system view system view Enter Ethernet interface view interface interface type interface number Set the statistics polling interval on the Ethernet interface flow interval interval Optional 300 second...

Page 17: ...rt Place the receiving interface in controlled mode The interface does not receive or send packets Generate traps Delete all MAC address entries of the interface Perform the configured protective action Generate traps and log messages Delete all MAC address entries of the interface Hybrid or trunk port Generate traps If loopback detection control is enabled place the receiving interface in control...

Page 18: ...N PVID Set the protective action to take on the interface when a loop is detected loopback detection action no learning shutdown Optional By default a looped interface does not receive or send packets With the shutdown keyword specified the looped port will be automatically shut down and its physical state changes to Loop down After the loop is removed use the undo shutdown command on the port to ...

Page 19: ...ines When a straight through cable is used set the interface to work in the MDI mode different than its peer When a crossover cable is used set the interface to work in the same MDI mode as its peer or set either end to work in auto mode Follow these steps to set the MDI mode of an Ethernet interface To do Use the command Remarks Enter system view system view Enter Ethernet interface view interfac...

Page 20: ...clude regular expression Available in any view Display information about a manual port group or all manual port groups display port group manual all name port group name begin exclude include regular expression Available in any view Display information about the loopback function display loopback detection begin exclude include regular expression Available in any view Display information about sto...

Page 21: ...ack interface addresses are stable unicast addresses they are usually used as device identifications When you configure a rule on an authentication or security server to permit or deny packets that a switch generates you can simplify the rule by configuring it to permit or deny packets that carry the loopback interface address that identifies the switch When you use a loopback interface address as...

Page 22: ... can filter uninteresting traffic by transmitting it to a null interface instead of applying an ACL For example by executing the ip route static 92 101 0 0 255 255 0 0 null 0 command which configures a static route that leads to null interface 0 you can have all the packets destined to the network segment 92 101 0 0 16 discarded Only one null interface Null 0 is supported on your switch You cannot...

Page 23: ...include regular expression Available in any view Display information about the null interface display interface null brief down begin exclude include regular expression display interface null 0 brief begin exclude include regular expression Available in any view Clear the statistics on a loopback interface reset counters interface loopback interface number Available in user view Clear the statisti...

Page 24: ...an entry it adds an entry for MAC SOURCE and Port A The switch performs the learning process each time it receives a frame from an unknown source MAC address until the MAC address table is fully populated After obtaining the source MAC address of a frame the switch looks up the destination MAC address in the MAC address table If the switch finds an entry for the MAC address it forwards the frame o...

Page 25: ... the MAC address table entry Broadcast mode If the switch receives a frame with the destination address as all ones or if no entry is available for the destination MAC address the switch broadcasts the frame to all the interfaces except the receiving interface Configuring the MAC address table The MAC address table configuration tasks include Manually configuring MAC address table entries Disablin...

Page 26: ...ress learning to prevent the MAC address table from being saturated for example when your switch is being attacked by a large amount of packets with different source MAC addresses Disabling MAC address learning on ports After enabling global MAC address learning you can disable the function on a single port or on all ports in a port group as needed Follow these steps to disable MAC address learnin...

Page 27: ...he latest network changes Set the aging timer appropriately An aging interval that is too long might cause the MAC address table to retain outdated entries exhaust the MAC address table resources and fail to update its entries to accommodate the latest network changes An interval that is too short might result in the removal of valid entries and unnecessary broadcasts which might affect device per...

Page 28: ... dynamic static interface interface type interface number blackhole vlan vlan id count begin exclude include regular expression Available in any view Display the aging timer for dynamic MAC address entries display mac address aging time begin exclude include regular expression Available in any view Display the system or interface MAC address learning state display mac address mac learning interfac...

Page 29: ...ay the MAC address entry for port Ethernet 1 0 1 Sysname display mac address interface ethernet 1 0 1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME 000f e235 dc71 1 Config static Ethernet 1 0 1 NOAGED 1 mac address es found Display information about the blackhole MAC address table Sysname display mac address blackhole MAC ADDR VLAN ID STATE PORT INDEX AGING TIME 000f e235 abcd 1 Blackhole N A NOAGE...

Page 30: ...nformation about the MAC address to the buffer area used to store user information When the timer set for sending MAC address monitoring Syslog or trap messages expires or when the buffer reaches capacity the device sends the Syslog or trap messages to the monitor end Configuring MAC Information The MAC Information configuration tasks include Enabling MAC Information globally Enabling MAC Informat...

Page 31: ... you can set the interval for sending Syslog or trap messages Follow these steps to set the interval for sending Syslog or trap messages To do Use the command Remarks Enter system view system view Set the interval for sending Syslog or trap messages mac address information interval interval time Optional One second by default Configuring the MAC Information queue length To avoid losing user MAC ad...

Page 32: ...etwork Management and Monitoring Configuration Guide 2 Enable MAC Information Enable MAC Information on Device Device system view Device mac address information enable Configure MAC Information mode as Syslog Device mac address information mode syslog Enable MAC Information on Ethernet 1 0 1 Device interface ethernet 1 0 1 Device Ethernet1 0 1 mac address information enable added Device Ethernet1 ...

Page 33: ...group of Ethernet interfaces aggregated together which are called member ports of the aggregation group For each aggregation group a logical interface called an aggregate interface is created To an upper layer entity that uses the link aggregation service a link aggregation group appears to be a single logical link and data traffic is transmitted through the aggregate interface When you create an ...

Page 34: ... mode MAC address learning MAC address learning capability MAC address learning limit forwarding of frames with unknown destination MAC addresses after the MAC address learning limit is reached NOTE Class two configurations made on an aggregate interface are automatically synchronized to all member ports of the interface These configurations are retained on the member ports even after the aggregat...

Page 35: ...two types system LACP priority and port LACP priority Table 4 LACP priorities Type Description Remarks System LACP priority Used by two peer devices or systems to determine which one is superior in link aggregation In dynamic link aggregation the system that has higher system LACP priority sets the Selected state of member ports on its side first and then the system that has lower priority sets th...

Page 36: ...s the same class two configurations as the aggregate interface Aggregating links in static mode LACP is disabled on the member ports in a static aggregation group You must manually maintain the aggregation state of the member ports The static link aggregation procedure comprises Selecting a reference port Setting the aggregation state of each member port Selecting a reference port The system selec...

Page 37: ...e current Selected ports Avoid this situation however because it might cause the aggregation state of a port to change after a reboot Aggregating links in dynamic mode LACP is automatically enabled on all member ports in a dynamic aggregation group The protocol automatically maintains the aggregation state of ports The dynamic link aggregation procedure comprises Selecting a reference port Setting...

Page 38: ...port ID as the reference port A port ID comprises a port LACP priority and a port number The port with the lower LACP priority value wins If two ports have the same LACP priority the system compares their port numbers The port with the smaller port number wins Setting the aggregation state of each member port After the reference port is selected the system with the lower system ID sets the state o...

Page 39: ...t of criteria depending on your configuration You can choose one of the following criteria or any combination of them for load sharing MAC addresses IP addresses Ethernet link aggregation configuration task list Complete the following tasks to configure Ethernet link aggregation Task Remarks Configuring a static aggregation group Configuring an aggregation group Configuring a dynamic aggregation g...

Page 40: ...an aggregate interface also removes the corresponding aggregation group At the same time all member ports leave the aggregation group Configuring a static aggregation group NOTE To guarantee a successful static aggregation ensure that the ports at both ends of each link are in the same aggregation state Follow these steps to configure a Layer 2 static aggregation group To do Use the command Remark...

Page 41: ...es a Layer 2 static aggregation group numbered the same Configure the aggregation group to work in dynamic aggregation mode link aggregation mode dynamic Required By default an aggregation group works in static aggregation mode Exit to system view quit Enter Layer 2 Ethernet interface view interface interface type interface number Assign the Ethernet interface to the aggregation group port link ag...

Page 42: ...to generate linkUp trap messages when its link goes up and linkDown trap messages when its link goes down For more information see the Network Management and Monitoring Configuration Guide Follow these steps to enable link state traps on an aggregate interface To do Use the command Remarks Enter system view system view Enable the trap function globally snmp agent trap enable standard linkdown link...

Page 43: ...ing for its peer aggregation group to guarantee correct aggregation Configuring the minimum number of Selected ports required to bring up an aggregation group might cause all the member ports in the current aggregation group to become unselected Shutting down an aggregate interface Shutting down or bringing up an aggregate interface affects the aggregation state and link state of ports in the corr...

Page 44: ...nfigure global link aggregation load sharing criteria To do Use the command Remarks Enter system view system view Configure the global link aggregation load sharing criteria link aggregation load sharing mode destination ip destination mac source ip source mac Required By default the global link aggregation load sharing criteria include the source MAC address for Layer 2 packet types such as ARP a...

Page 45: ... view Display detailed information about a specific or all aggregation groups display link aggregation verbose bridge aggregation interface number begin exclude include regular expression Available in any view Clear LACP statistics for a specific or all link aggregation member ports reset lacp statistics interface interface list Available in user view Clear statistics for a specific or all aggrega...

Page 46: ...4 to VLAN 10 DeviceA system view DeviceA vlan 10 DeviceA vlan10 port ethernet 1 0 4 DeviceA vlan10 quit Create VLAN 20 and assign port Ethernet 1 0 5 to VLAN 20 DeviceA vlan 20 DeviceA vlan20 port ethernet 1 0 5 DeviceA vlan20 quit Create Layer 2 aggregate interface Bridge Aggregation 1 DeviceA interface bridge aggregation 1 DeviceA Bridge Aggregation1 quit Assign ports Ethernet 1 0 1 through Ethe...

Page 47: ...regation groups on Device A DeviceA display link aggregation summary Aggregation Interface Type BAGG Bridge Aggregation RAGG Route Aggregation Aggregation Mode S Static D Dynamic Loadsharing Type Shar Loadsharing NonS Non Loadsharing Actor System ID 0x8000 000f e2ff 0001 AGG AGG Partner ID Select Unselect Share Interface Mode Ports Ports Type BAGG1 S none 3 0 Shar The output shows that link aggreg...

Page 48: ...nfiguration procedure 1 Configure Device A Create VLAN 10 and assign port Ethernet 1 0 4 to VLAN 10 DeviceA system view DeviceA vlan 10 DeviceA vlan10 port ethernet 1 0 4 DeviceA vlan10 quit Create VLAN 20 and assign port Ethernet 1 0 5 to VLAN 20 DeviceA vlan 20 DeviceA vlan20 port ethernet 1 0 5 DeviceA vlan20 quit Create Layer 2 aggregate interface Bridge aggregation 1 and configure the link ag...

Page 49: ...ice B as you configure Device A 3 Verify the configurations Display the summary information about all aggregation groups on Device A DeviceA display link aggregation summary Aggregation Interface Type BAGG Bridge Aggregation RAGG Route Aggregation Aggregation Mode S Static D Dynamic Loadsharing Type Shar Loadsharing NonS Non Loadsharing Actor System ID 0x8000 000f e2ff 0001 AGG AGG Partner ID Sele...

Page 50: ...ion group To do Use the command Remarks Enter system view system view Enter Ethernet interface view interface interface type interface number Enter Layer 2 aggregate interface view interface bridge aggregation interface number Enter interface view or port group view Enter port group view port group manual port group name Required Use one of the commands as follows To assign an Ethernet port to the...

Page 51: ...Ethernet 1 0 3 and Ethernet 1 0 4 belong to the same VLAN Configure Device to enable Host A Host B and Host C to access the Internet when they are isolated from one another Figure 10 Network diagram for port isolation configuration Configuration procedure Assign ports Ethernet 1 0 1 Ethernet 1 0 2 and Ethernet 1 0 3 to isolation group 1 Device system view Device interface ethernet 1 0 1 Device Eth...

Page 52: ... Device display port isolate group Port isolate group information Uplink port support NO Group ID 1 Group members Ethernet1 0 1 Ethernet1 0 2 Ethernet1 0 3 45 ...

Page 53: ...efers to the IEEE 802 1d STP and various enhanced spanning tree protocols derived from that protocol Protocol packets of STP STP uses bridge protocol data units BPDUs also known as configuration messages as its protocol packets STP enabled network devices exchange BPDUs to establish a spanning tree BPDUs contain sufficient information for the network devices to complete spanning tree calculation I...

Page 54: ... port The root bridge has no root port Designated bridge and designated port Table 7 Description of designated bridges and designated ports Classification Designated bridge Designated port For a device A device directly connected to the local device and responsible for forwarding BPDUs to the local device The port through which the designated bridge forwards BPDUs to this device For a LAN The devi...

Page 55: ...f the optimum configuration BPDUs see Table 9 2 Based on the configuration BPDU and the path cost of the root port the device calculates a designated port configuration BPDU for each of the other ports The root bridge ID is replaced with that of the configuration BPDU of the root port The root path cost is replaced with that of the configuration BPDU of the root port plus the path cost of the root...

Page 56: ...e configuration BPDU with the lowest root bridge ID has the highest priority If all configuration BPDUs have the same root bridge ID their root path costs are compared For example the root path cost in a configuration BPDU plus the path cost of a receiving port is S The configuration BPDU with the smallest S value has the highest priority If all configuration BPDUs have the same root path cost the...

Page 57: ...d one Port A2 receives the configuration BPDU of Port C1 2 0 2 Port C1 finds that its existing configuration BPDU 0 0 0 Port A2 is superior to the received configuration BPDU and discards the received one Device A finds that it is both the root bridge and designated bridge in the configuration BPDUs of all its ports and considers itself as the root bridge It does not change the configuration BPDU ...

Page 58: ...received configuration BPDU is superior to the existing configuration BPDU 2 0 2 Port C2 and updates its configuration BPDU Port C1 0 0 0 Port A2 Port C2 1 0 1 Port B2 Device C compares the configuration BPDUs of all its ports decides that the configuration BPDU of Port C1 is the optimum and selects Port C1 as the root port with the configuration BPDU unchanged Based on the configuration BPDU and ...

Page 59: ...ss for example the link between Device B and Device C is down Blocked port Port C1 0 0 0 Port A2 Root port Port C2 0 5 1 Port B2 NOTE In Table 11 each configuration BPDU contains the following fields root bridge ID root path cost designated bridge ID and designated port ID After the comparison processes described in Table 1 1 a spanning tree with Device A as the root bridge is established and the ...

Page 60: ...porary loop will likely occur For this reason as a mechanism for state transition in STP the newly elected root ports or designated ports require twice the forward delay time before they transit to the forwarding state to ensure that the new configuration BPDU has propagated throughout the network Hello time Specifies the time interval at which a device sends hello packets to the surrounding devic...

Page 61: ...id network convergence it provides a better load sharing mechanism for redundant links by allowing data flows of different VLANs to be forwarded along separate paths For more information about VLANs see the chapter VLAN configuration MSTP provides the following features MSTP supports mapping VLANs to spanning tree instances by means of a VLAN to instance mapping table MSTP can reduce communication...

Page 62: ...VLAN 2 MSTI 2 Other VLANs MSTI 0 VLAN 1 MSTI 1 VLAN 2 MSTI 2 Other VLANs MSTI 0 VLAN 1 MSTI 1 VLAN 2 3 MSTI 2 Other VLANs MSTI 0 CST Figure 15 Network diagram and topology of MST region 3 As shown in Figure 14 a switched network comprises four MST regions and each MST region comprises four devices running MSTP Figure 15 shows the networking topology of MST region 3 55 ...

Page 63: ...STI 2 and other VLANs to MSTI 0 MSTP achieves load balancing by means of the VLAN to instance mapping table CST The common spanning tree CST is a single spanning tree that connects all MST regions in a switched network If you regard each MST region as a device the CST is a spanning tree calculated by these devices through STP or RSTP For example the blue lines in Figure 14 represent the CST IST An...

Page 64: ...e port The backup port for a root port or master port When the root port or master port is blocked the alternate port takes over Backup port The backup port of a designated port When the designated port fails the backup port takes over When a loop occurs because of the interconnection of two ports of the same MSTP device the device blocks either of the two ports and the blocked port is the backup ...

Page 65: ...lated CST Inside an MST region multiple spanning trees are calculated Each spanning tree is an MSTI Among these MSTIs MSTI 0 is the IST Like STP MSTP uses configuration BPDUs to calculate spanning trees An important difference is that an MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent CIST calculation The calculation of a CIST tree is also the process of configur...

Page 66: ...works Amendment 3 Multiple Spanning Trees MSTP configuration task list Before configuring MSTP you must plan the role of each device in each MSTI root bridge or leaf node and then configure the devices as planned In each MSTI only one device acts as the root bridge and all others act as leaf nodes Complete these tasks to configure MSTP Task Remarks Configuring an MST region Required Configuring th...

Page 67: ...e that this VLAN is mapped to the CIST MSTI 0 when you configure the VLAN to instance mapping table For more information about GVRP see the chapter GVRP configuration MSTP is mutually exclusive with any of the following functions on a port Smart Link and BPDU tunneling Configurations made in system view take effect globally Configurations made in Ethernet interface view take effect on the current ...

Page 68: ...ivated configuration information of the MST region display stp region configuration begin exclude include regular expression Optional Available in any view NOTE Two or more MSTP enabled devices belong to the same MST region only if they are configured to have the same format selector 0 by default not configurable MST region name VLAN to instance mapping entries in the MST region and MST region rev...

Page 69: ...dary root bridges for an instance when the root bridge fails MSTP will select the secondary root bridge with the lowest MAC address as the new root bridge Configuring the current device as the root bridge of a specific spanning tree Follow these steps to configure the current device as the root bridge of a specific spanning tree To do Use the command Remarks Enter system view system view Configure...

Page 70: ...MSTP mode by default Configuring the priority of a device Device priority is a factor in spanning tree calculation The priority of a device determines whether it can be elected as the root bridge of a spanning tree A lower numeric value indicates a higher priority You can set the priority of a device to a low value to specify the device as the root bridge of the spanning tree An MSTP enabled devic...

Page 71: ...k diameter indicates a larger network size Make this configuration on the root bridge only Follow these steps to configure the network diameter of a switched network To do Use the command Remarks Enter system view system view Configure the network diameter of the switched network stp bridge diameter diameter Required 7 by default NOTE Based on the network diameter you configured MSTP automatically...

Page 72: ...er stp timer hello time Optional 200 centiseconds 2 seconds by default Configure the max age timer stp timer max age time Optional 2000 centiseconds 20 seconds by default NOTE The length of the forward delay is related to the network diameter of the switched network The larger the network diameter is the longer the forward delay should be If the forward delay is too short temporary redundant paths...

Page 73: ...tor of the device stp timer factor factor Required 3 by default Configuring the maximum port rate The maximum rate of a port refers to the maximum number of BPDUs the port can send within each hello time The maximum rate of a port is related to the physical status of the port and the network structure Make this configuration on the root bridge and on the leaf nodes separately Follow these steps to...

Page 74: ...ser terminal configure it as an edge port and enable BPDU guard for it This enables the port to transition to the forwarding state quickly while ensuring network security Otherwise the port can be blocked and changes to the forwarding state after a period twice the Forward Delay In the waiting period service traffic is interrupted Among loop guard root guard and edge port settings only one functio...

Page 75: ...nd the path cost Path cost Link speed Port type IEEE 802 1d 1998 IEEE 802 1t Private standard 0 65535 200 000 000 200 000 Single Port 2 000 000 2 000 Aggregate interface containing 2 selected ports 1 000 000 1 800 Aggregate interface containing 3 selected ports 666 666 1 600 10 Mbps Aggregate interface containing 4 selected ports 100 500 000 1 400 Single Port 200 000 200 Aggregate interface contai...

Page 76: ...ks Enter system view system view Enter Ethernet interface view or Layer 2 aggregate interface view interface interface type interface number Enter interface view or port group view Enter port group view port group manual port group name Required Use either command Configure the path cost of the ports stp instance instance id cost cost Required By default MSTP automatically calculates the path cost...

Page 77: ...ance instance id port priority priority Required 128 for all ports by default NOTE When the priority of a port changes MSTP re calculates the role of the port and initiates a state transition A lower priority value indicates a higher priority If you configure the same priority value for all the ports on a device the specific priority of a port depends on the index number of the port A lower index ...

Page 78: ...mpliant standard format and legacy Compatible format By default the packet format recognition mode of a port is auto The port automatically distinguishes the two MSTP packet formats and determines the format of packets that it will send based on the recognized format You can configure the MSTP packet format on a port When working in MSTP mode after the configuration the port sends and receives onl...

Page 79: ...fied MSTI in order to monitor the port states in real time Make this configuration separately on the root bridge and on the leaf nodes Follow these steps to enable output of port state transition information To do Use the command Remarks Enter system view system view Enable output of port state transition information stp port log all instance instance id Required Enabled by default Enabling the MS...

Page 80: ...ods for performing mCheck produce the same results Performing mCheck globally Follow these steps to perform global mCheck To do Use the command Remarks Enter system view system view Perform mCheck stp mcheck Required Performing mCheck in interface view Follow these steps to perform mCheck in interface view To do Use the command Remarks Enter system view system view Enter Ethernet interface view or...

Page 81: ...ither command Enable Digest Snooping on the interface or port group stp config digest snooping Required Disabled by default Return to system view quit Enable global Digest Snooping stp config digest snooping Required Disabled by default CAUTION With digest snooping enabled in the same region verification does not require comparison of configuration digest so the VLAN to instance mappings must be t...

Page 82: ... ethernet 1 0 1 DeviceA Ethernet1 0 1 stp config digest snooping DeviceA Ethernet1 0 1 quit DeviceA stp config digest snooping Enable Digest Snooping on Ethernet 1 0 1 of Device B and enable global Digest Snooping on Device B DeviceB system view DeviceB interface ethernet 1 0 1 DeviceB Ethernet1 0 1 stp config digest snooping DeviceB Ethernet1 0 1 quit DeviceB stp config digest snooping Configurin...

Page 83: ... For example when the upstream device uses a rapid transition mechanism similar to that of RSTP and the downstream device adopts MSTP and does not work in RSTP mode the root port on the downstream device receives no agreement packet from the upstream device and sends no agreement packets to the upstream device As a result the designated port of the upstream device fails to transit rapidly and can ...

Page 84: ... a third party device that has different MSTP implementation Both devices are in the same region Device B is the regional root bridge and Device A is the downstream device Figure 20 No Agreement Check configuration Eth1 0 1 Device A Device B Eth1 0 1 Root port Designated port Root bridge 2 Configuration procedure Enable No Agreement Check on Ethernet 1 0 1 of Device A DeviceA system view DeviceA i...

Page 85: ...tries so that the device can normally forward the user traffic Configuration prerequisites Disable STP globally Configuring TC snooping Perform the TC snooping configuration on Device A shown in Figure 21 Follow these steps to configure TC snooping To do Use the command Description Enter system view system view Enable TC snooping stp tc snooping Required Disabled by default NOTE TC snooping and ST...

Page 86: ...more information about this detection interval see the Fundamentals Configuration Guide Make this configuration on a device with edge ports configured Follow these steps to enable BPDU guard To do Use the command Remarks Enter system view system view Enable the BPDU guard function for the device stp bpdu protection Required Disabled by default NOTE BPDU guard does not take effect on loopback testi...

Page 87: ... the upstream device a device can maintain the state of the root port and blocked ports However because of link congestion or unidirectional link failures these ports might fail to receive BPDUs from the upstream devices The device will reselect the port roles Those ports in forwarding state that failed to receive upstream BPDUs will become designated ports and the blocked ports will transition to...

Page 88: ...ard To do Use the command Remarks Enter system view system view Enable the TC BPDU guard function stp tc protection enable Optional Enabled by default Configure the maximum number of forwarding address entry flushes that the device can perform within a specific time period after it receives the first TC BPDU stp tc protection threshold number Optional 6 by default NOTE HP does not recommend you to...

Page 89: ...tance id interface interface list slot slot number brief begin exclude include regular expression Available in any view Display the MST region configuration information that has taken effect display stp region configuration begin exclude include regular expression Available in any view Display the root bridge information of all MSTIs display stp root begin exclude include regular expression Availa...

Page 90: ...figure the revision level of the MST region as 0 DeviceA system view DeviceA stp region configuration DeviceA mst region region name example DeviceA mst region instance 1 vlan 10 DeviceA mst region instance 3 vlan 30 DeviceA mst region instance 4 vlan 40 DeviceA mst region revision level 0 Activate MST region configuration DeviceA mst region active region configuration DeviceA mst region quit Spec...

Page 91: ... instance 1 vlan 10 DeviceC mst region instance 3 vlan 30 DeviceC mst region instance 4 vlan 40 DeviceC mst region revision level 0 Activate MST region configuration DeviceC mst region active region configuration DeviceC mst region quit Specify the current device as the root bridge of MSTI 4 DeviceC stp instance 4 root primary Enable MSTP globally DeviceC stp enable 5 Configure Device D Enter MST ...

Page 92: ...Ethernet1 0 3 DESI FORWARDING NONE 1 Ethernet1 0 2 DESI FORWARDING NONE 1 Ethernet1 0 3 ROOT FORWARDING NONE 3 Ethernet1 0 1 DESI FORWARDING NONE 3 Ethernet1 0 3 DESI FORWARDING NONE Display brief spanning tree information on Device C DeviceC display stp brief MSTID Port Role STP State Protection 0 Ethernet1 0 1 DESI FORWARDING NONE 0 Ethernet1 0 2 ROOT FORWARDING NONE 0 Ethernet1 0 3 DESI FORWARD...

Page 93: ...Figure 23 MSTIs mapped to different VLANs A B A B C D C B C MSTI mapped VLAN 10 A D D Root device Normal link Blocked link MSTI mapped to VLAN 30 MSTI mapped to VLAN 20 MSTI mapped to VLAN 40 86 ...

Page 94: ...rovider network User A s network cannot implement independent Layer 2 protocol calculation for example STP spanning tree calculation The Layer 2 protocol calculation in User A s network is mixed with that in the service provider network Figure 24 BPDU tunneling application scenario BPDU tunneling addresses this problem With BPDU tunneling Layer 2 protocol packets from customer networks can be tran...

Page 95: ...f the customer network send BPDUs to devices on the other side of the customer network to ensure consistent spanning tree calculation in the entire customer network However because BPDUs are Layer 2 multicast frames all STP enabled devices both in the customer network and in the service provider network can receive and process these BPDUs As a result neither the service provider network nor the cu...

Page 96: ...3 the default multicast MAC address for example In the service provider network the modified BPDU is forwarded as a data packet in the VLAN assigned to User A 2 At the egress of the service provider network PE 2 recognizes the BPDU with the destination MAC address 0x010F E200 0003 restores its original destination MAC address 0x0180 C200 0000 and then sends the BPDU to User A network 2 NOTE Be sur...

Page 97: ... system view Enter Ethernet interface view interface interface type interface number Enter Ethernet interface view or port group view Enter port group view port group manual port group name Required Use either command Enable BPDU tunneling for a protocol bpdu tunnel dot1q cdp hgmp lacp pvst stp udld vtp Required Disabled by default Enabling BPDU tunneling for a protocol in Layer 2 aggregate interf...

Page 98: ...network All ports that connect service provider devices and customer devices are access ports and belong to VLAN 2 All ports that interconnect service provider devices are trunk ports and allow packets of any VLAN to pass through MSTP is enabled on User A s network After the configuration CE 1 and CE 2 must implement consistent spanning tree calculation across the service provider network and the ...

Page 99: ... Ethernet1 0 2 bpdu tunnel dot1q stp BPDU tunneling for PVST configuration example Network requirements As shown in Figure 27 CE 1 and CE 2 are edge devices on the geographically dispersed network of User A PE 1 and PE 2 are edge devices on the service provider network All ports that connect service provider devices and customer devices and those that interconnect service provider devices are trun...

Page 100: ...stp enable PE1 Ethernet1 0 1 bpdu tunnel dot1q stp PE1 Ethernet1 0 1 bpdu tunnel dot1q pvst 2 Configure PE 2 Configure the destination multicast MAC address for BPDUs as 0x0100 0CCD CDD0 PE2 system view PE2 bpdu tunnel tunnel dmac 0100 0ccd cdd0 Configure Ethernet 1 0 2 as a trunk port and assign it to all VLANs PE2 interface ethernet 1 0 2 PE2 Ethernet1 0 2 port link type trunk PE2 Ethernet1 0 2 ...

Page 101: ...and servers that a particular workgroup uses can be assigned to the same VLAN regardless of their physical locations VLAN technology delivers the following benefits Confining broadcast traffic within individual VLANs This reduces bandwidth waste and improves network performance Improving LAN security By assigning user groups to different VLANs you can isolate them at Layer 2 To enable communicatio...

Page 102: ...smitted across different media A value of 0 indicates that MAC addresses are encapsulated in the standard format A value of 1 indicates that MAC addresses are encapsulated in a non standard format The value of the field is 0 by default The 12 bit VLAN ID field identifies the VLAN that the frame belongs to The VLAN ID range is 0 to 4095 Because 0 and 4095 are reserved a VLAN ID actually ranges from...

Page 103: ... bulk Enter VLAN view vlan vlan id Required If the specified VLAN does not exist this command creates the VLAN first By default only the default VLAN VLAN 1 exists in the system Configure a name for the current VLAN name text Optional By default the name of a VLAN is its VLAN ID VLAN 0001 for example Configure the description of the current VLAN description text Optional VLAN ID is used by default...

Page 104: ...AN interface undo shutdown Optional By default a VLAN interface is in the up state The VLAN interface is up as long as one port in the VLAN is up and goes down if all ports in the VLAN go down An administratively shut down VLAN interface is in the down state until you bring it up regardless of how the state of the ports in the VLAN changes NOTE Before you create a VLAN interface for a VLAN create ...

Page 105: ...N see the chapter Voice VLAN configuration HP recommends that you set the same PVID for the local and remote ports Make sure that a port is assigned to its PVID Otherwise when the port receives frames tagged with the PVID or untagged frames including protocol packets such as MSTP BPDUs the port filters out these frames The following table shows how ports of different link types handle frames Actio...

Page 106: ... port group view Enter port group view port group manual port group name Required Use either command In Ethernet interface view the subsequent configurations apply to the current port In port group view the subsequent configurations apply to all ports in the port group In Layer 2 aggregate interface view the subsequent configurations apply to the Layer 2 aggregate interface and all its member port...

Page 107: ...fied VLAN s port trunk permit vlan vlan id list all Required By default a trunk port carries only VLAN 1 Configure the PVID of the trunk port s port trunk pvid vlan vlan id Optional VLAN 1 is the PVID by default NOTE To change the link type of a port from trunk to hybrid or vice versa you must set the link type to access first After configuring the PVID for a trunk port you must use the port trunk...

Page 108: ...ntagged Required By default a hybrid port allows only packets of VLAN 1 to pass through untagged Configure the PVID of the hybrid port port hybrid pvid vlan vlan id Optional VLAN 1 is the default by default NOTE To change the link type of a port from trunk to hybrid or vice versa you must set the link type to access first After you use the port link type access hybrid trunk command to change the l...

Page 109: ... B Host D Device A VLAN 100 VLAN 100 VLAN 200 VLAN 200 Device B Eth1 0 1 Eth1 0 2 Eth1 0 3 Eth1 0 3 Configuration procedure 1 Configure Device A Create VLAN 100 and assign port Ethernet 1 0 1 to VLAN 100 DeviceA system view DeviceA vlan 100 DeviceA vlan100 port ethernet 1 0 1 DeviceA vlan100 quit Create VLAN 200 and assign port Ethernet 1 0 2 to VLAN 200 DeviceA vlan 200 DeviceA vlan200 port ether...

Page 110: ...hosts to a VLAN based on their MAC addresses The following approaches are available for configuring MAC based VLANs Approach 1 Static MAC based VLAN assignment Static MAC based VLAN assignment applies to networks containing a small number of VLAN users In such a network you can create a MAC address to VLAN map containing multiple MAC address to VLAN entries on a port enable the MAC based VLAN feat...

Page 111: ...based VLAN feature is mainly configured on the downlink ports of the user access devices Do not enable this function together with link aggregation Configuring static MAC based VLAN assignment Follow these steps to configure static MAC based VLAN assignment To do Use the command Remarks Enter system view system view Associate MAC addresses with a VLAN mac vlan mac address mac address vlan vlan id ...

Page 112: ...he current port The configuration made in port group view applies to all ports in the port group Configure the link type of the port s as hybrid port link type hybrid Required Enable MAC based VLAN mac vlan enable Required Disabled by default MAC based VLAN configuration example Network requirements As shown in Figure 32 Ethernet 1 0 1 of Device A and Device C are each connected to a meeting room ...

Page 113: ...s ports connecting to the servers respectively and assign them to VLANs 100 and 200 respectively Associate the MAC address of Laptop 1 with VLAN 100 and associate the MAC address of Laptop 2 with VLAN 200 Configuration procedure 1 Configure Device A Create VLANs 100 and 200 DeviceA system view DeviceA vlan 100 DeviceA vlan100 quit DeviceA vlan 200 DeviceA vlan200 quit Associate the MAC address of ...

Page 114: ...1 0 14 DeviceB vlan200 quit Configure Ethernet 1 0 3 and Ethernet 1 0 4 as trunk ports and assign them to VLANs 100 and 200 DeviceB interface ethernet 1 0 3 DeviceB Ethernet1 0 3 port link type trunk DeviceB Ethernet1 0 3 port trunk permit vlan 100 200 DeviceB Ethernet1 0 3 quit DeviceB interface ethernet 1 0 4 DeviceB Ethernet1 0 4 port link type trunk DeviceB Ethernet1 0 4 port trunk permit vlan...

Page 115: ...l index combined can uniquely identify a protocol template When you use commands to associate protocol templates with ports use protocol based vlan id protocol index to specify the protocol templates An untagged packet that reaches a port associated with protocol templates will be processed using the following workflow If the protocol type and encapsulation format carried in the packet matches a p...

Page 116: ...Ethernet interface view the subsequent configurations apply to the current port In port group view the subsequent configurations apply to all ports in the port group In Layer 2 aggregate interface view the subsequent configurations apply to the Layer 2 aggregate interface and all its member ports Configure the port link type as hybrid port link type hybrid Required Configure current hybrid port s ...

Page 117: ...automatic mode on a hybrid port can process only tagged voice traffic Do not configure a VLAN as both a protocol based VLAN and a voice VLAN For more information see the chapter Voice VLAN configuration After you configure a command on a Layer 2 aggregate interface the system starts applying the configuration to the aggregate interface and its aggregation member ports If the system fails to do tha...

Page 118: ... quit Configure port Ethernet 1 0 1 as a hybrid port that forwards packets of VLANs 100 and 200 untagged Device interface ethernet 1 0 1 Device Ethernet1 0 1 port link type hybrid Device Ethernet1 0 1 port hybrid vlan 100 200 untagged Please wait Done Associate port Ethernet 1 0 1 with the IPv4 protocol template of VLAN 100 and the IPv6 protocol template of VLAN 200 Device Ethernet1 0 1 port hybri...

Page 119: ...VLAN ID Protocol Index Protocol Type 100 1 ipv4 200 1 ipv6 Interface Ethernet 1 0 2 VLAN ID Protocol Index Protocol Type 100 1 ipv4 200 1 ipv6 Configuration guidelines Protocol based VLAN configuration applies only to hybrid ports Displaying and maintaining VLAN To do Use the command Remarks Display VLAN information display vlan vlan id1 to vlan id2 all dynamic reserved static begin exclude includ...

Page 120: ...lay protocol vlan vlan vlan id to vlan id all begin exclude include regular expression Available in any view Display protocol based VLAN information on specified interfaces display protocol vlan interface interface type interface number to interface type interface number all begin exclude include regular expression Available in any view Clear statistics on a port reset counters interface vlan inte...

Page 121: ... voice traffic You can configure the OUI addresses of a device in advance or use the default OUI addresses Table 14 lists the default OUI address for each vendor s devices Table 14 The default OUI addresses of different vendors Number OUI address Vendor 1 0001 e300 0000 Siemens phone 2 0003 6b00 0000 Cisco phone 3 0004 0d00 0000 Avaya phone 4 00d0 1e00 0000 Pingtel phone 5 0060 b900 0000 Philips N...

Page 122: ... voice connections can work normally In this case voice traffic streams do not trigger port assignment to the voice VLAN Figure 34 PCs and IP phones connected in series access the network In manual mode you must manually assign an IP phone accessing port to a voice VLAN Then the system matches the source MAC addresses carried in the packets against the device s OUI addresses If the system finds a ...

Page 123: ...hones send untagged voice traffic you can only configure the voice traffic receiving ports on the device to operate in manual voice VLAN assignment mode Table 16 Required configurations on ports of different link types in order for the ports to support tagged voice traffic Port link type Voice VLAN assignment mode Support for untagged voice traffic Configuration requirements Automatic No Access Ma...

Page 124: ...oes not recommend that you transmit both voice traffic and non voice traffic in a voice VLAN If you must transmit both voice traffic and nonvoice traffic ensure that the voice VLAN security mode is disabled Table 17 How a voice VLAN enabled port processes packets in security and normal mode Voice VLAN mode Packet type Packet processing mode Untagged packets Packets that carry the voice VLAN tag If...

Page 125: ...teps to configure QoS priority settings for voice traffic To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Configure the interface to trust the QoS priority settings in incoming voice traffic but not to modify the CoS and DSCP values marked for incoming traffic of the voice VLAN voice vlan qos trust Configure the interface t...

Page 126: ... assignment modes on different ports are independent of one another Enable voice VLAN on the port voice vlan vlan id enable Required Disabled by default NOTE A protocol based VLAN on a hybrid port can process only untagged inbound packets whereas the voice VLAN in automatic mode on a hybrid port can process only tagged voice traffic Do not configure a VLAN as both a protocol based VLAN and a voice...

Page 127: ...rts at the same time However you can configure one port with only one voice VLAN and this voice VLAN must be a static VLAN that already exists on the device You cannot enable voice VLAN on a port where Link Aggregation Control Protocol LACP is enabled To make voice VLAN take effect on a port that is enabled with voice VLAN and operates in manual voice VLAN assignment mode you must assign the port ...

Page 128: ...to 3 Set the voice VLAN aging time to 30 minutes DeviceA voice vlan aging 30 Ethernet 1 0 1 might receive both voice traffic and data traffic at the same time To ensure the quality of voice packets and effective bandwidth use configure voice VLANs to work in security mode to transmit only voice packets By default voice VLANs work in security mode Optional DeviceA voice vlan security enable Configu...

Page 129: ...e 00e0 7500 0000 ffff ff00 0000 Polycom phone 00e0 bb00 0000 ffff ff00 0000 3com phone Display the current states of voice VLANs DeviceA display voice vlan state Maximum of Voice VLANs 8 Current Voice VLANs 2 Voice VLAN security mode Security Voice VLAN aging time 30 minutes Voice VLAN enabled port and its mode PORT VLAN MODE COS DSCP Ethernet1 0 1 2 AUTO 6 46 Ethernet1 0 2 3 AUTO 6 46 Manual voic...

Page 130: ...e auto Configure Ethernet 1 0 1 as a hybrid port DeviceA Ethernet1 0 1 port link type hybrid Configure the voice VLAN VLAN 2 as the PVID of Ethernet 1 0 1 and configure Ethernet 1 0 1 to permit the voice traffic of VLAN 2 to pass through untagged DeviceA Ethernet1 0 1 port hybrid pvid vlan 2 DeviceA Ethernet1 0 1 port hybrid vlan 2 untagged Enable voice VLAN on Ethernet 1 0 1 DeviceA Ethernet1 0 1...

Page 131: ...eviceA display voice vlan state Maximum of Voice VLANs 8 Current Voice VLANs 1 Voice VLAN security mode Security Voice VLAN aging time 1440 minutes Voice VLAN enabled port and its mode PORT VLAN MODE COS DSCP Ethernet1 0 1 2 MANUAL 6 46 124 ...

Page 132: ...ly propagated across the entire LAN A GARP participant registers and deregisters its attribute information with other GARP participants by sending and withdrawing declarations and registers and deregisters the attribute information of other participants according to the declarations and withdrawals that it receives Figure 38 How GARP works Device A Device B Declaration De register Register Declara...

Page 133: ...rs to control the sending of GARP messages NOTE The settings of GARP timers apply to all GARP applications such as GVRP on a LAN On a GARP enabled network each port of a switch maintains its own Hold Join and Leave timers but only one LeaveAll timer is maintained on each switch globally The value ranges for the Hold Join Leave and LeaveAll timers are dependent on one another For more information s...

Page 134: ...t least longer than the Leave timer On a GARP enabled network a switch can send LeaveAll messages at the interval set by its LeaveAll timer or the LeaveAll timer of another device on the network whichever is smaller This is because each time a switch on the network receives a LeaveAll message it resets its LeaveAll timer GARP message format Figure 39 GARP message format As shown in Figure 39 GARP ...

Page 135: ...e its local database with the VLAN registration information from other devices including active VLAN members and the ports through which they can be reached This ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other...

Page 136: ...these steps to configure GVRP functions on a trunk port To do Use the command Remarks Enter system view system view Enable GVRP globally gvrp Required Globally disabled by default Enter Ethernet interface view or Layer 2 aggregate interface view interface interface type interface number Enter Ethernet interface view Layer 2 aggregate interface view or port group view Enter port group view port gro...

Page 137: ... system view system view Configure the GARP LeaveAll timer garp timer leaveall timer value Optional The default is 1000 centiseconds Enter Ethernet or Layer 2 aggregate interface view interface interface type interface number Enter Ethernet interface view Layer 2 aggregate interface view or port group view Enter port group view port group manual port group name Required Perform either of the comma...

Page 138: ...isplay the current GVRP state in the specified VLANs on ports display gvrp state interface interface type interface number vlan vlan id begin exclude include regular expression Available in any view Display GVRP statistics on ports display gvrp statistics interface interface list begin exclude include regular expression Available in any view Display the global GVRP state display gvrp status begin ...

Page 139: ...and assign it to all VLANs DeviceB interface ethernet 1 0 1 DeviceB Ethernet1 0 1 port link type trunk DeviceB Ethernet1 0 1 port trunk permit vlan all Enable GVRP on trunk port Ethernet 1 0 1 DeviceB Ethernet1 0 1 gvrp DeviceB Ethernet1 0 1 quit Create VLAN 3 a static VLAN DeviceB vlan 3 DeviceB vlan3 quit 3 Verify the configuration Use the display gvrp local vlan command to display the local VLA...

Page 140: ...GVRP fixed registration mode configuration Configuration procedure 1 Configure Device A Enable GVRP globally DeviceA system view DeviceA gvrp Configure port Ethernet 1 0 1 as a trunk port and assign it to all VLANs DeviceA interface ethernet 1 0 1 DeviceA Ethernet1 0 1 port link type trunk DeviceA Ethernet1 0 1 port trunk permit vlan all Enable GVRP on Ethernet 1 0 1 and set the GVRP registration ...

Page 141: ...isplay gvrp local vlan interface ethernet 1 0 1 Following VLANs exist in GVRP local database 1 default 3 According to the output information about VLAN 1 and static VLAN information of VLAN 3 on the local device are registered through GVRP but dynamic VLAN information of VLAN 2 on Device A is not GVRP forbidden registration mode configuration example Network requirements As shown in Figure 42 Devi...

Page 142: ...an 3 DeviceB vlan3 quit 3 Verify the configuration Use the display gvrp local vlan command to display the local VLAN information that GVRP maintains on ports For example Display the local VLAN information that GVRP maintains on port Ethernet 1 0 1 of Device A DeviceA display gvrp local vlan interface ethernet 1 0 1 Following VLANs exist in GVRP local database 1 default According to the output info...

Page 143: ...who have multiple CVLANs Background and benefits The IEEE 802 1Q VLAN tag uses 12 bits for VLAN IDs A switch supports a maximum of 4094 VLANs This is far from enough for isolating users in actual networks especially in metropolitan area networks MANs By tagging tagged frames QinQ expands the available VLAN space from 4094 to 4094 4094 QinQ delivers the following benefits Releases the stress on the...

Page 144: ...tagged Ethernet frame from customer network A arrives at the edge of the service provider network the edge switch tags the frame with outer VLAN 3 When a tagged Ethernet frame from customer network B arrives at the edge of the service provider network the edge switch tags it with outer VLAN 4 As a result no overlap of VLAN IDs among customers exists and traffic from different customers can be iden...

Page 145: ...becomes a frame tagged with the port s PVID 2 Selective QinQ available only on the A3100 v2 EI Selective QinQ is more flexible than basic QinQ In addition to all the functions of basic QinQ selective QinQ enables a port to tag frames from different CVLANs with different SVLAN tags Besides being able to separate the service provider network from the customer networks selective QinQ provides abundan...

Page 146: ...ernet frame has the same position as the protocol type field in a frame without a VLAN tag To avoid problems in packet forwarding and handling in the network do not set the TPID value to any of the reserved values Table 20 Reserved protocol type values Protocol type Value ARP 0x0806 PUP 0x0200 RARP 0x8035 IP 0x0800 IPv6 0x86DD PPPoE 0x8863 0x8864 MPLS 0x8847 0x8848 IPX SPX 0x8137 IS IS 0x8000 LACP...

Page 147: ...r 2 aggregate interface view interface interface type interface number Enter interface view or port group view Enter port group view port group manual port group name Required Use either command Enable basic QinQ qinq enable Required Disabled by default Configuring selective QinQ available only on the A3100 v2 EI Basic QinQ can only tag received frames with the PVID of the receiving port Selective...

Page 148: ... A3100 v2 EI Switch Series in the QoS policy based approach Configure an outer VLAN tagging policy in the QoS policy based approach in the following workflow Configure a class to match packets with certain tags Configure a traffic behavior to tag packets with an outer VLAN tag Create a QoS policy associate the class with the behavior in the policy and globally apply the policy Enable selective Qin...

Page 149: ...port group view take effect on all ports in the port group Enable selective QinQ qinq enable downlink Required CAUTION For more information about QoS policies see the ACL and QoS Configuration Guide Configuring the TPID value in VLAN tags Follow these steps to configure the TPID value To do Use the command Remarks Enter system view system view Configure the TPID value qinq ethernet type hex value ...

Page 150: ...N 200 299 Configuration procedure NOTE Make sure that the switches in the service provider network have been configured to allow QinQ packets to pass through 1 Configure Provider A Configure Ethernet 1 0 1 Configure VLAN 10 as the PVID of Ethernet 1 0 1 ProviderA system view ProviderA interface ethernet 1 0 1 ProviderA Ethernet1 0 1 port access vlan 10 Enable basic QinQ on Ethernet 1 0 1 ProviderA...

Page 151: ...ybrid port and configure VLAN 10 as the PVID of the port ProviderB interface ethernet 1 0 2 ProviderB Ethernet1 0 2 port link type hybrid ProviderB Ethernet1 0 2 port hybrid pvid vlan 10 ProviderB Ethernet1 0 2 port hybrid vlan 10 untagged Enable basic QinQ on Ethernet 1 0 2 ProviderB Ethernet1 0 2 qinq enable ProviderB Ethernet1 0 2 quit Configure Ethernet 1 0 3 Configure Ethernet 1 0 3 as a trun...

Page 152: ... A and Customer C can be forwarded to each other across SVLAN 2000 Figure 47 Network diagram for port based selective QinQ configuration Eth1 0 1 Eth1 0 2 Eth1 0 3 Eth1 0 1 Eth1 0 2 Customer A VLAN 10 20 Customer C VLAN 20 Provider B Provider A VLAN 1000 2000 TPID 0x8200 Public network Customer B VLAN 10 Configuration procedure NOTE Be sure that you have configured the switches in the service prov...

Page 153: ...quit Configure Ethernet 1 0 3 Configure Ethernet 1 0 3 as a trunk port to permit frames of VLAN 1000 and VLAN 2000 to pass through ProviderA interface ethernet 1 0 3 ProviderA Ethernet1 0 3 port link type trunk Sysname Ethernet1 0 3 port trunk permit vlan 1000 2000 Set the TPID value in the outer tag to 0x8200 ProviderA Ethernet1 0 3 quit ProviderA qinq ethernet type 8200 2 Configure Provider B Co...

Page 154: ...rovider A and Provider B are access switches on the service provider network Customer A Customer B Customer C and Customer D are access switches on the customer network Provider A and Provider B are connected through a trunk port which permits the frames of VLAN 1000 VLAN 2000 and VLAN 3000 to pass through Third party switches are deployed between Provider A and Provider B with a TPID value of 0x8...

Page 155: ...net1 0 1 port link type hybrid ProviderA Ethernet1 0 1 port hybrid vlan 1000 2000 3000 untagged Configure VLAN 3000 as the PVID of Ethernet 1 0 1 ProviderA Ethernet1 0 1 port hybrid pvid vlan 3000 ProviderA Ethernet1 0 1 quit Create a class A10 to match frames of VLAN 10 of Customer A ProviderA traffic classifier A10 ProviderA classifier A10 if match customer vlan id 10 ProviderA classifier A10 qu...

Page 156: ...rnet1 0 1 qinq enable downlink Configure Ethernet 1 0 2 Configure VLAN 1000 as the PVID ProviderA interface ethernet 1 0 2 ProviderA Ethernet1 0 2 port access vlan 1000 Enable basic QinQ Tag frames from VLAN 10 with the outer VLAN tag 1000 ProviderA Ethernet1 0 2 qinq enable ProviderA Ethernet1 0 2 quit Configure Ethernet 1 0 3 Configure the port as a trunk port that permits frames of VLAN 1000 VL...

Page 157: ...enable ProviderB Ethernet1 0 2 quit Configure Ethernet 1 0 3 Configure VLAN 3000 as the PVID ProviderB interface Ethernet 1 0 3 ProviderB Ethernet1 0 3 port access vlan 3000 Enable basic QinQ to tag frames of all customer VLANs with the outer VLAN tag 3000 ProviderB Ethernet1 0 3 qinq enable 3 Configure switches on the public network Third party switches are deployed between Provider A and Provide...

Page 158: ... as a whole Many to one VLAN mapping is usually used together with one to one VLAN mapping Application scenario of one to one VLAN mapping Figure 49 shows a typical one to one VLAN mapping application scenario in which each home gateway uses different VLANs to transmit the PC VoD and VoIP services Figure 49 Application scenario of one to one VLAN mapping To meet the service provider s network desi...

Page 159: ...cepts of VLAN mapping Uplink traffic Traffic transmitted from the customer network to the service provider network Downlink traffic Traffic transmitted from the service provider network to the customer network Network side port A port connected to the service provider network Customer side port A port connected to the customer network Uplink policy A QoS policy that defines VLAN mapping rules for ...

Page 160: ...e downlink command on the customer side port The switch will automatically apply a downlink policy to the outgoing traffic mapping each SVLAN ID back to the corresponding CVLAN ID When forwarding a packet out of the port the switch replaces its SVLAN ID with the matching CVLAN ID Figure 52 One to one VLAN mapping implementation with a globally QoS policy Implementing one to one VLAN mapping with p...

Page 161: ...automatically applies a downlink policy to the outgoing traffic mapping each SVLAN ID back to the corresponding CVLAN ID When forwarding a packet out of the port the switch replaces its SVLAN ID with the matching CVLAN ID Figure 54 Many to one VLAN mapping implementation Configuring VLAN mapping This section describes how to configure one to one and many to one VLAN mapping on the A3100 v2 EI Conf...

Page 162: ... match criterion if match customer vlan id vlan id Required Return to system view quit Configure a behavior for an SVLAN Create a traffic behavior and enter traffic behavior view traffic behavior behavior name Configure an SVLAN marking action remark service vlan id vlan id Required Return to system view quit Create a QoS policy and enter QoS policy view qos policy policy name Required Associate t...

Page 163: ...rface interface type interface number Configure the port as a trunk port port link type trunk Required The default link type of ports is access Assign the port to SVLANs port trunk permit vlan vlan id list all Required By default a trunk port belongs to VLAN 1 only Configuring one to one VLAN mapping with port QoS policies Perform one to one VLAN mapping on wiring closet switches see Figure 49 Per...

Page 164: ... quit Create a QoS policy and enter QoS policy view qos policy policy name Required Associate the class with the behavior to map the CVLAN to the SVLAN classifier tcl name behavior behavior name Required Configuring a downlink policy Follow these steps to configure a downlink policy to map SVLANs back to CVLANs To do Use the command Remarks Enter system view system view Configure a class for an SV...

Page 165: ...the incoming traffic qos apply policy policy name inbound Required Apply the downlink policy to the outgoing traffic qos apply policy policy name outbound Required Configuring the network side port Follow these steps to configure the network side port To do Use the command Remarks Enter system view system view Enter Layer 2 Ethernet interface view interface interface type interface number Configur...

Page 166: ...s and enter class view traffic classifier tcl name operator or Configure multiple CVLANs as match criteria if match customer vlan id vlan id list vlan id1 to vlan id2 Required Return to system view quit Configure a behavior for an SVLAN Create a traffic behavior and enter traffic behavior view traffic behavior behavior name Configure an SVLAN marking action remark service vlan id vlan id Required ...

Page 167: ...w Enter Ethernet interface view interface interface type interface number Configure the port as a trunk port port link type trunk Required The default link type of an Ethernet port is access Assign the port to SVLANs port trunk permit vlan vlan id list all Required By default a trunk port belongs to VLAN 1 only VLAN mapping configuration examples One to one VLAN mapping configuration example Netwo...

Page 168: ...f match customer vlan id 1 SwitchA classifier c1 traffic classifier c2 SwitchA classifier c2 if match customer vlan id 2 SwitchA classifier c2 traffic classifier c3 SwitchA classifier c3 if match customer vlan id 3 SwitchA classifier c3 traffic classifier c4 SwitchA classifier c4 if match customer vlan id 4 SwitchA classifier c4 traffic classifier c5 SwitchA classifier c5 if match customer vlan id...

Page 169: ...k type trunk SwitchA Ethernet1 0 1 port trunk permit vlan 1 2 3 101 201 301 SwitchA Ethernet1 0 1 qinq enable downlink SwitchA Ethernet1 0 1 quit Configure customer side port Ethernet 1 0 2 as a trunk port assign the port to CVLANs 4 through 6 and SVLANs 102 202 and 302 and enable selective QinQ on the port SwitchA interface ethernet 1 0 2 SwitchA Ethernet1 0 2 port link type trunk SwitchA Etherne...

Page 170: ...or b1 remark service vlan id 101 SwitchA behavior b1 traffic behavior b2 SwitchA behavior b2 remark service vlan id 102 SwitchA behavior b2 quit SwitchA qos policy p1 SwitchA policy p1 classifier c1 behavior b1 mode dot1q tag manipulation SwitchA policy p1 quit SwitchA qos policy p2 SwitchA policy p2 classifier c2 behavior b2 mode dot1q tag manipulation SwitchA policy p2 quit Configure customer si...

Page 171: ...t 1 0 2 SwitchA Ethernet1 0 2 port link type trunk SwitchA Ethernet1 0 2 port trunk permit vlan 4 5 6 102 SwitchA Ethernet1 0 2 qos apply policy p2 inbound SwitchA Ethernet1 0 2 quit Configure network side port Ethernet 1 0 3 as a trunk port and assign it to all SVLANs SwitchA interface ethernet 1 0 3 SwitchA Ethernet1 0 3 port link type trunk SwitchA Ethernet1 0 3 port trunk permit vlan 101 102 1...

Page 172: ...ress device ID and port ID as TLV type length and value triplets in Link Layer Discovery Protocol Data Units LLDPDUs to the directly connected devices At the same time the device stores the device information received in LLDPDUs sent from the LLDP neighbors in a standard management information base MIB LLDP enables a network management system to quickly and identify Layer 2 network topology change...

Page 173: ... SNAP encapsulated LLDPDU format Table 22 Description of the fields in a SNAP encapsulated LLDPDU Field Description Destination MAC address The MAC address to which the LLDPDU is advertised It is fixed to 0x0180 C200 000E a multicast MAC address Source MAC address The MAC address of the sending port If the port does not have a MAC address the MAC address of the sending bridge is used Type The SNAP...

Page 174: ...ecifies the ID of the sending port If the LLDPDU carries LLDP MED TLVs the port ID TLV carries the MAC address of the sending port or the bridge MAC if the port does not have a MAC address If the LLDPDU carries no LLDP MED TLVs the port ID TLV carries the port name Time To Live Specifies the life of the transmitted information on the receiving device End of LLDPDU Marks the end of the TLV sequence...

Page 175: ...hether the link is capable of being aggregated and the aggregation status whether the link is in an aggregation Maximum Frame Size Indicates the supported maximum frame size It is now the MTU of the port Power Stateful Control Indicates the power state control configured on the sending port including the power type of the PSE or PD PoE sourcing and receiving priority and PoE sourcing and receiving...

Page 176: ...address TLV encapsulates the management address How LLDP works Operating modes of LLDP LLDP can operate in one of the following modes TxRx mode A port in this mode sends and receives LLDPDUs Tx mode A port in this mode only sends LLDPDUs Rx mode A port in this mode only receives LLDPDUs Disable mode A port in this mode does not send or receive LLDPDUs Each time the LLDP operating mode of a port ch...

Page 177: ...Endpoint Devices LLDP configuration task list Complete these tasks to configure LLDP Task Remarks Enabling LLDP Required Setting the LLDP operating mode Optional Setting the LLDP re initialization delay Optional Enabling LLDP polling Optional Configuring the advertisable TLVs Optional Configuring the management address and its encoding format Optional Setting other LLDP parameters Optional Perform...

Page 178: ... steps to set the LLDP operating mode To do Use the command Remarks Enter system view system view Enter Layer 2 Ethernet interface view interface interface type interface number Enter Ethernet interface view or port group view Enter port group view port group manual port group name Required Use either command Set the LLDP operating mode lldp admin status disable rx tx txrx Optional TxRx by default...

Page 179: ... Ethernet interface view or port group view Enter port group view port group manual port group name Required Use either command Configure the advertisable TLVs lldp tlv enable basic tlv all port description system capability system description system name dot1 tlv all port vlan id protocol vlan id vlan id vlan name vlan id dot3 tlv all link aggregation mac physic max frame size power med tlv all c...

Page 180: ...s as character string lldp management address format string Optional By default the management address is encapsulated in the numeric format Setting other LLDP parameters The Time To Live TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device By setting the TTL multiplier you can configure the TTL of locally sent LLDPDUs which d...

Page 181: ...evices encapsulate LLDPDUs in SNAP frames configure the encapsulation format for LLDPDUs as SNAP to guarantee normal communication with the neighbors Follow these steps to set the encapsulation format for LLDPDUs to SNAP To do Use the command Remarks Enter system view system view Enter Layer 2 Ethernet interface view interface interface type interface number Enter Ethernet interface view or port g...

Page 182: ...tibility CDP compatible LLDP operates in one of the following modes TxRx CDP packets can be transmitted and received Disable CDP packets can be neither transmitted nor received LLDP traps are sent periodically and the interval is configurable To make CDP compatible LLDP take effect on certain ports first enable CDP compatible LLDP globally and then configure CDP compatible LLDP to operate in TxRx ...

Page 183: ...taining LLDP To do Use the command Remarks Display the global LLDP information or the information contained in the LLDP TLVs to be sent through a port display lldp local information global interface interface type interface number begin exclude include regular expression Available in any view Display the information contained in the LLDP TLVs sent from neighboring devices display lldp neighbor inf...

Page 184: ...m view SwitchA lldp enable Enable LLDP on GigabitEthernet 1 0 1 and GigabitEthernet 1 0 2 You can skip this step because LLDP is enabled on ports by default Set the LLDP operating mode to Rx SwitchA interface ethernet 1 0 1 SwitchA Ethernet1 0 1 lldp enable SwitchA Ethernet1 0 1 lldp admin status rx SwitchA Ethernet1 0 1 quit SwitchA interface ethernet 1 0 2 SwitchA Ethernet1 0 2 lldp enable Switc...

Page 185: ...rs 1 Number of CDP neighbors 0 Number of sent optional TLV 0 Number of received unknown TLV 0 Port 2 Ethernet1 0 2 Port status of LLDP Enable Admin status Rx_Only Trap flag No Polling interval 0s Number of neighbors 1 Number of MED neighbors 0 Number of CDP neighbors 0 Number of sent optional TLV 0 Number of received unknown TLV 3 As the sample output shows Ethernet 1 0 1 of Switch A connects to a...

Page 186: ...eighbors 0 Number of CDP neighbors 0 Number of sent optional TLV 0 Number of received unknown TLV 0 As the sample output shows Ethernet 1 0 2 of Switch A does not connect to any neighboring devices CDP compatible LLDP configuration example available only on the A3100 v2 EI NOTE The A3100 v2 SI Switch Series does not support voice VLAN and CDP compatible LLDP configurations Network requirements As ...

Page 187: ...ly SwitchA lldp enable SwitchA lldp compliance cdp Enable LLDP You can skip this step because LLDP is enabled on ports by default Configure LLDP to operate in TxRx mode and configure CDP compatible LLDP to operate in TxRx mode on Ethernet 1 0 1 and Ethernet 1 0 2 SwitchA interface ethernet 1 0 1 SwitchA Ethernet1 0 1 lldp enable SwitchA Ethernet1 0 1 lldp admin status txrx SwitchA Ethernet1 0 1 ll...

Page 188: ...thernet1 0 2 CDP neighbor index 2 Chassis ID SEP00141CBCDBFF Port ID Port 1 Sofrware version P0030301MFG2 Platform Cisco IP Phone 7960 Duplex Full As the sample output shows Switch A has discovered the IP phones connected to Ethernet 1 0 1 and Ethernet 1 0 2 and has obtained their LLDP device information 181 ...

Page 189: ...tering you will receive email notification of product enhancements new driver versions firmware updates and other product resources Related information Documents To find related documents browse to the Manuals page of the HP Business Support Center website http www hp com support manuals For related documentation navigate to the Networking section and select a networking category For a complete li...

Page 190: ...choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field names and menu items are in bold text For example the New User window appears click OK Multi level menus are separated by angle brac...

Page 191: ...ice such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device 184 ...

Page 192: ...hernet link aggregation 38 Displaying and maintaining GVRP 131 Displaying and maintaining isolation groups 44 Displaying and maintaining LLDP 176 Displaying and maintaining loopback and null interfaces 16 Displaying and maintaining MAC address tables 21 Displaying and maintaining MSTP 82 Displaying and maintaining VLAN 1 12 Displaying and maintaining voice VLAN 120 E Enabling basic QinQ 140 Ethern...

Page 193: ...sic LLDP configuration 170 Related information 182 Port isolation configuration example 44 V Port based VLAN configuration 97 VLAN mapping configuration examples 160 Protocol based VLAN configuration available only on the A3100 v2 EI 108 VLAN mapping overview 151 Voice VLAN configuration examples 120 Q 186 ...

Reviews:

No comments

Related manuals for A3100-16 v2 EI

Brand: Cabletron Systems Pages: 88

Brand: KELCO Pages: 2

Brand: Fema Pages: 96

Brand: Touch-plate Pages: 12

Brand: Enttec Pages: 22

Brand: VADA Pages: 4

AV Selector 310

Brand: Hama Pages: 21

Hi-Speed USB 2.0 Hub

Brand: Saitek Pages: 14

Brand: Unipoe Pages: 9

Brand: Cabletron Systems Pages: 116

Brand: Radio Shack Pages: 8

Brand: HighSecLabs Pages: 2

Brand: TLS Electronics Pages: 12

Brand: Comet Labs Pages: 46

Brand: H3C Pages: 39

Brand: Edimax Pages: 8

Brand: Gefen Pages: 31

Brand: EKOBUY Pages: 8

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands