Huawei AR3200 Series Configuration Manual - Lan Download

Page: 187 / 275

Type and number of the interface connected to computers of employees

VLAN allowed by the interface

Protective action taken when the number of learned MAC addresses exceeds the limit

Maximum number of MAC addresses learned on the interface

Procedure

Step 1

Create a VLAN and set the link type of the interface to trunk.

system-view

[Huawei]

vlan 10

[Huawei-vlan10]

quit

[Huawei]

interface ethernet 2/0/1

[Huawei-Ethernet2/0/1]

port link-type trunk

[Huawei-Ethernet2/0/1]

port trunk allow-pass vlan 10

Step 2

Configure the port security function.

# Enable the port security function.

[Huawei-Ethernet2/0/1]

port-security enable

Enable the sticky MAC function.

[Huawei-Ethernet2/0/1]

port-security mac-address sticky

# Configure the protective action.

[Huawei-Ethernet2/0/1]

port-security protect-action protect

# Set the maximum number of MAC addresses that can be learned on the interface.

[Huawei-Ethernet2/0/1]

port-security max-mac-num 4

To enable the port security function on other interfaces, repeat the preceding steps.

Step 3

Verify the configuration.

If PC1 is replaced by another PC, this replacement PC cannot access the company intranet.

----End

Configuration Files

Configuration file of the Router

#
vlan batch 10
#
interface Ethernet2/0/1
port link-type trunk
port trunk allow-pass vlan 10
port-security enable
port-security protect-action protect
port-security mac-address sticky
port-security max-mac-num 4
#
return

6.9.3 Example for Configuring MAC Address Limiting Rules on
Interfaces

Huawei AR3200 Series Enterprise Routers
Configuration Guide - LAN

6 MAC Address Table Configuration

Issue 02 (2012-03-30)

Huawei Proprietary and Confidential

176

Summary of Contents for AR3200 Series

Page 1: ...Huawei AR3200 Series Enterprise Routers V200R002C00 Configuration Guide LAN Issue 02 Date 2012 03 30 HUAWEI TECHNOLOGIES CO LTD ...

Page 2: ...be within the purchase scope or the usage scope Unless otherwise specified in the contract all statements information and recommendations in this document are provided AS IS without warranties guarantees or representations of any kind either express or implied The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensu...

Page 3: ...ment are defined as follows Symbol Description DANGER Indicates a hazard with a high level of risk which if not avoided will result in death or serious injury WARNING Indicates a hazard with a medium or low level of risk which if not avoided could result in minor or moderate injury CAUTION Indicates a potentially hazardous situation which if not avoided could result in equipment damage data loss p...

Page 4: ...veral items or no item can be selected 1 n The parameter before the sign can be repeated 1 to n times A line starting with the sign is comments Interface Numbering Conventions Interface numbers used in this manual are examples In device configuration use the existing interface numbers on devices Change History Changes between document issues are cumulative Therefore the latest document version con...

Page 5: ...guring the Load Balancing Mode 14 1 4 6 Optional Limiting the Number of Active Interfaces 15 1 4 7 Optional Setting the LACP Priority of the System 16 1 4 8 Optional Setting the LACP Priority for an Interface 16 1 4 9 Optional Enabling LACP Preemption and Setting the Preemption Delay 17 1 4 10 Optional Setting the Timeout Interval for Receiving LACP Packets 18 1 4 11 Checking the Configuration 18 ...

Page 6: ...ng Specified Protocol Packets 50 2 5 6 Optional Configuring VLAN ID Transparent Transmission 51 2 5 7 Checking the Configuration 51 2 6 Configuring Remote Bridging Integrated with IP Routing 52 2 6 1 Establishing the Configuration Task 52 2 6 2 Creating a Bridge Group 53 2 6 3 Adding User side Interfaces to a Bridge Group 54 2 6 4 Adding Network side Interfaces to a Bridge Group 55 2 6 5 Configuri...

Page 7: ...5 3 Assigning an IP Address to a VLANIF Interface 90 3 5 4 Optional Setting the MTU of a VLANIF Interface 90 3 5 5 Optional Configuring VLAN Damping 91 3 5 6 Checking the Configuration 92 3 6 Configuring VLAN Aggregation 92 3 6 1 Establishing the Configuration Task 92 3 6 2 Configuring Sub VLANs 93 3 6 3 Creating a Super VLAN 94 3 6 4 Assigning an IP Address to the VLANIF Interface of the Super VL...

Page 8: ...al Setting the Working Mode of the Voice VLAN 130 4 3 8 Optional Enabling an Interface to Communicate with Non Huawei Voice Devices 131 4 3 9 Checking the Configuration 132 4 4 Configuration Examples 132 4 4 1 Example for Configuring a Voice VLAN in Auto Mode 132 4 4 2 Example for Configuring a Voice VLAN in Manual Mode 136 5 GVRP Configuration 141 5 1 GVRP Overview 142 5 2 GVRP Features Supported...

Page 9: ...nfiguring MAC Address Flapping Detection 168 6 6 3 Unblocking an Interface or a MAC Address 169 6 6 4 Checking the Configuration 169 6 7 Configuring the Router to Discard Packets with an Invalid All 0 MAC Address 170 6 7 1 Establishing the Configuration Task 170 6 7 2 Configuring the Router to Discarding Packets with All 0 MAC Addresses 170 6 7 3 Triggering an Alarm for Packets with All 0 MAC Addr...

Page 10: ...ons 212 8 MSTP Configuration 218 8 1 MSTP Introduction 220 8 2 MSTP Features Supported by the AR3200 227 8 3 Configuring Basic MSTP Functions 229 8 3 1 Establishing the Configuration Task 230 8 3 2 Configuring the MSTP Mode 232 8 3 3 Configuring and Activating an MST Region 232 8 3 4 Optional Configuring a Priority for a Switching Device in an MSTI 234 8 3 5 Optional Configuring a Path Cost of a P...

Page 11: ...Proposal Agreement Mechanism 251 8 6 3 Configuring the MSTP Protocol Packet Format on an Interface 253 8 6 4 Enabling the Digest Snooping Function 253 8 6 5 Checking the Configuration 254 8 7 Maintaining MSTP 255 8 7 1 Clearing MSTP Statistics 255 8 8 Configuration Examples 255 8 8 1 Example for Configuring Basic MSTP Functions 255 Huawei AR3200 Series Enterprise Routers Configuration Guide LAN Co...

Page 12: ...egation in manual load balancing mode 1 4 Configuring Link Aggregation in Static LACP Mode This section describes how to configure link aggregation in static LACP mode 1 5 Maintaining Link Aggregation This section describes how to clear the statistics of received and sent LACP packets debug the link aggregation group and monitor the running status of the link aggregation group 1 6 Configuration Ex...

Page 13: ...ends of a link negotiate aggregation parameters by exchanging LACP packets After the negotiation is complete the two devices determine the active interface and the inactive interface In this mode you need to manually create an Eth Trunk and add members to it LACP negotiation determines which interfaces are active and which ones are inactive The static LACP mode is also called the M N mode In this ...

Page 14: ...t two ends determine the Actor first and the Partner selects active interfaces according to priorities of the interfaces on the Actor Figure 1 1 shows the process of selecting active interfaces Figure 1 1 Determining the active links in static LACP mode RouterA RouterB RouterB RouterA The Actor determines the active link Device with high priority Device with low priority Active interface selected ...

Page 15: ... an Eth Trunk Interface Context Eth Trunk interfaces increase bandwidth and improve transmission reliability You can configure Layer 2 and Layer 3 Eth Trunk interfaces for different applications on a network Procedure l Creating a Layer 2 Eth Trunk interface 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id A Layer 2 Eth Trunk interface is created By default an Eth ...

Page 16: ... run the shutdown command and then the undo shutdown command on the interface to make the setting take effect End 1 3 3 Configuring an Eth Trunk to Work in Manual Load Balancing Mode Context Perform the following steps on the AR3200 to configure an Eth Trunk in manual load balancing mode NOTE Check whether the Eth Trunk contains member interfaces before you configure the operation mode of the Eth ...

Page 17: ...nfiguration in the Eth Trunk interface view 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id The Eth Trunk interface view is displayed 3 Run trunkport interface type interface number1 to interface number2 1 8 Member interfaces are added to the Eth Trunk l Configuration in the member interface view 1 Run system view The system view is displayed 2 Run interface inter...

Page 18: ... the two ends cannot communicate When member interfaces have different rates the interfaces with lower rates may become congested and packet loss may occur After an interface is added to an Eth Trunk MAC address learning is performed by the Eth Trunk rather than the member interfaces G SHDSL interfaces that work in PTM mode cannot be added to an Eth Trunk End 1 3 5 Optional Configuring the Load Ba...

Page 19: ...nd can use different load balancing modes without affecting each other End 1 3 6 Optional Limiting the Number of Active Interfaces Context Perform the following steps on the AR3200 to limit the number of active interfaces Procedure l Setting the maximum number of interfaces that determine bandwidth for an Eth Trunk 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id T...

Page 20: ...ve interfaces on the local AR3200 and that on the remote AR3200 can be different If the values of this setting at the two ends are different the larger value is used End 1 3 7 Checking the Configuration Procedure l Run the display trunkmembership eth trunk trunk id command to display the member interfaces of the Eth Trunk l Run the display eth trunk trunk id command to display the load balancing s...

Page 21: ... increase the bandwidth and improve the connection reliability you can configure a link aggregation group on two directly connected routers The requirements are as follows l The links between two devices can implement redundancy backup When a fault occurs on one or more links the backup links replace the faulty ones to help ensure uninterrupted data transmission l The active links have the load ba...

Page 22: ...By default an Eth Trunk interface works in Layer 2 mode l Creating a Layer 3 Eth Trunk interface 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id A Layer 2 Eth Trunk interface is created 3 Run undo portswitch The Eth Trunk interface is configured to work in Layer 3 mode 4 Run ip address ip address mask mask length sub An IP address is configured for the Layer 3 Eth...

Page 23: ...faces from the Eth Trunk run the undo eth trunk command in the interface view or run the undo trunkport interface type interface number1 to interface number2 1 8 command in the Eth Trunk view Perform the following steps on the AR3200 Procedure Step 1 Run system view The system view is displayed Step 2 Run interface eth trunk trunk id The Eth Trunk interface view is displayed Step 3 Run mode lacp s...

Page 24: ...ce or static MAC address Ensure that interfaces added to an Eth Trunk are hybrid interfaces the default interface type An Eth Trunk interface cannot have other Eth Trunk interfaces as member interfaces An Ethernet interface can be added to only one Eth trunk interface To add the Ethernet interface to another Eth trunk delete the Ethernet interface from the current Eth Trunk first The member interf...

Page 25: ...ting each other NOTE All Layer 2 Eth Trunks in the system must use the same load balancing mode If the load balancing mode of one Eth Trunk is changed all the other Eth Trunks use the new load balancing mode l Configuring a Layer 3 Eth Trunk interface 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id The Eth Trunk interface view is displayed 3 Run load balance dst i...

Page 26: ...e minimum number of active interfaces l The maximum number of active interfaces on the local AR3200 and that on the remote AR3200 can be different If the values of this setting at the two ends are different the smaller value is used l Setting the minimum number of active interfaces 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id The Eth Trunk interface view is dis...

Page 27: ...AR3200 A smaller LACP priority value indicates a higher priority By default the LACP priority of the system is 32768 The end with smaller priority value functions as the Actor If the two ends have the same priority the end with a smaller MAC address functions as the Actor End 1 4 8 Optional Setting the LACP Priority for an Interface Context Perform the following steps on the AR3200 to set the LACP...

Page 28: ...4 Run lacp preempt delay delay time The preemption delay is set for the Eth Trunk By default the preemption delay is 30 seconds LACP preemption function ensures that the interface with the highest LACP priority serves as an active interface If this function is enabled the interface with the highest priority automatically becomes an active interface after recovering from a failure If this function ...

Page 29: ...he interval at which the peer end sends LACP packets That is when the fast keyword is used the timeout interval for receiving LACP packets is 3s when the slow keyword is used the timeout interval for receiving LACP packets is 90s l You can select different keywords on the two ends However it is recommended that you select the same keyword on both ends to facilitate maintenance End 1 4 11 Checking ...

Page 30: ...Unselect 100M 10 1547 561 11100000 1 Ethernet2 0 2 Unselect 100M 32768 1548 561 11100010 1 Ethernet2 0 3 Unselect 100M 32768 1549 561 11100010 1 Partner ActorPortName SysPri SystemID PortPri PortNo PortKey PortState Ethernet2 0 1 0 0000 0000 0000 0 0 0 11100000 Ethernet2 0 2 0 0000 0000 0000 0 0 0 11100011 Ethernet2 0 3 0 0000 0000 0000 0 0 0 11100011 1 5 Maintaining Link Aggregation This section ...

Page 31: ...e command to enable the debugging of Eth Trunk status machine l Run the debugging trunk updown command to enable the debugging of Eth Trunk Up and Down messages l Run the debugging trunk command to enable the debugging of Eth Trunk messages End 1 5 3 Monitoring the Operating Status of the Link Aggregation Group Context During the routine maintenance you can run the following commands in any view t...

Page 32: ...needs to be load balanced among the LPUs of the Router To meet this requirement you need to configure an Eth Trunk on the Router Figure 1 4 Network diagram of link aggregation in manual load balancing mode BRAS Router Eth Trunk 1 DSLAM DSLAM Eth2 0 1 VLAN 100 150 Eth Trunk Eth Trunk 1 Eth2 0 4 Eth2 0 3 Eth2 0 2 VLAN 151 200 Configuration Roadmap The configuration roadmap is as follows 1 Create an ...

Page 33: ...trunk allow pass vlan 100 to 200 Router Eth Trunk1 quit Step 4 Verify the configuration Run the display trunkmembership eth trunk trunk id command in any view to check whether Eth Trunk 1 is created and whether member interfaces are added Router display trunkmembership eth trunk 1 Trunk ID 1 Used status VALID TYPE ethernet Working Mode Normal Number Of Ports in Trunk 2 Number Of UP Ports in Trunk ...

Page 34: ...p on two directly connected routers as shown in Figure 1 5 The requirements are as follows l The link aggregation group contains three member links Two links function as active links to implement load balancing and the other link functions as the backup link l When a fault occurs on an active link the backup link replaces the faulty one to help ensure uninterrupted data Figure 1 5 Network diagram ...

Page 35: ...runk1 quit Configure RouterB Huawei system view Huawei sysname RouterB RouterB interface eth trunk 1 RouterB Eth Trunk1 mode lacp static RouterB Eth Trunk1 quit Step 2 Add member interfaces to the Eth Trunk Configure RouterA RouterA interface ethernet 2 0 1 RouterA Ethernet2 0 1 eth trunk 1 RouterA Ethernet2 0 1 quit RouterA interface ethernet 2 0 2 RouterA Ethernet2 0 2 eth trunk 1 RouterA Ethern...

Page 36: ... PortNo PortKey PortState Weight Ethernet2 0 1 Selected 100M 100 6145 2865 11111100 1 Ethernet2 0 2 Selected 100M 100 6146 2865 11111100 1 Ethernet2 0 3 Unselect 100M 32768 6147 2865 11100000 1 Partner PartnerPortName SysPri SystemID PortPri PortNo PortKey PortState Ethernet2 0 1 32768 00e0 fca6 7f85 32768 6145 2609 11111100 Ethernet2 0 2 32768 00e0 fca6 7f85 32768 6146 2609 11111100 Ethernet2 0 3...

Page 37: ... 1 lacp priority 100 interface Ethernet2 0 2 eth trunk 1 lacp priority 100 interface Ethernet2 0 3 eth trunk 1 return l Configuration file of RouterB sysname RouterB interface Eth Trunk1 mode lacp static interface Ethernet2 0 1 eth trunk 1 interface Ethernet2 0 2 eth trunk 1 interface Ethernet2 0 3 eth trunk 1 return 1 6 3 Example for Configuring Layer 3 Link Aggregation Networking Requirements Ro...

Page 38: ...nd configure an IP addresses for the Eth Trunk interface RouterA interface eth trunk 1 RouterA Eth Trunk1 undo portswitch RouterA Eth Trunk1 ip address 100 1 1 1 24 RouterA Eth Trunk1 quit Add GE1 0 0 and GE2 0 0 to Eth Trunk 1 RouterA interface gigabitethernet 1 0 0 RouterA GigabitEthernet1 0 0 eth trunk 1 RouterA GigabitEthernet1 0 0 quit RouterA interface gigabitethernet 2 0 0 RouterA GigabitEt...

Page 39: ... utilization 0 00 PortName Status Weight GigabitEthernet1 0 0 UP 1 GigabitEthernet2 0 0 UP 1 The Number of Ports in Trunk 2 The Number of UP Ports in Trunk 2 The Eth Trunk interfaces on RouterA and RouterB can ping each other RouterA ping a 100 1 1 1 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 31 ms Reply from 100 1 1 2 bytes 5...

Page 40: ...tswitch ip address 100 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 eth trunk 1 interface GigabitEthernet2 0 0 eth trunk 1 return Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 1 Link Aggregation Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 29 ...

Page 41: ...g integrated with IP routing allows users in the same geographical location but on different network segments to communicate with each other 2 5 Configuring Remote Bridging Configuring remote bridging allows users in different geographical locations and on the same network segment to communicate with each other 2 6 Configuring Remote Bridging Integrated with IP Routing Configuring remote bridging ...

Page 42: ...rent bridging extends distances between network devices and expands networks without requiring end users to perform additional configurations on devices Transparent bridging which is easy to configure easy to use and cost effective is a viable solution for small scale networks especially scattered networks Local Bridging A device can be configured with multiple transparent bridges Interfaces added...

Page 43: ...on IP packets Remote Bridging Remote bridging allows LANs at different geographic locations to communicate with each other The intermediate network two bridged devices on which bridge groups are created can be an Ethernet or a non Ethernet network As shown in Figure 2 2 User 1 User 2 and User 3 belong to LAN 1 User 4 User 5 and User 6 belong to LAN 2 Two bridged devices are connected to the interm...

Page 44: ...s in a bridge group l Uses Bridge if interfaces of bridge groups to route packets between LANs on different network segments As shown in Figure 2 3 a bridge group is created on RouterA a Bridge if interface is added to the bridge group and configured with an IP address IP packet routing and integrated bridging and routing are enabled User 1 and User 2 are added to the bridge group and can use inte...

Page 45: ...not change the VLAN IDs of the packets even if the outbound interface has its own VLAN ID 2 2 Transparent Bridging Supported by the AR3200 This section describes transparent bridging features that the AR3200 supports in various usage scenarios Familiarizing yourself with the usage scenarios will help you complete the configuration task quickly and accurately Transparent bridging allows communicati...

Page 46: ...miliarize yourself with applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment To allow users in the same geographical location and on the same network segment to communicate with each other you can configure local bridging A device can be configu...

Page 47: ...an disable dynamic MAC address learning and use static MAC address entries for traffic forwarding Perform one or more of the following operations depending on the type of MAC address entries to be added l Configure a static MAC address entry for a bridge group Run mac address static mac address interface type interface number bridge bridge id A static MAC address entry is configured for a bridge g...

Page 48: ...up It can forward packets only after interfaces have been added to the group As shown in Figure 2 4 the following methods can be used to add users to a bridge group l Directly add users to the bridge group User 3 uses this method l Use a VLAN to add users to the bridge group Create a VLAN on a bridge and add users to the VLAN Users then connect to the bridge group through the VLANIF interface User...

Page 49: ...d protocol packets the bridge group will discard the protocol packets Procedure Step 1 Run system view The system view is displayed Step 2 Run bridge bridge id The bridge group view is displayed Step 3 Run bridging ip others disable The bridge group is disabled from bridging specified protocol packets To allow a bridge group to forward specified protocol packets enable the function that bridges th...

Page 50: ...ning Enable interface total 1 interface s in the bridge Vlanif12 Up Run the display bridge traffic bridge birdge id interface interface typeinterface number command to view the traffic statistics on a specified interface in the bridge group Huawei display bridge traffic Bridge 1 Input 34 total 0 bpdu 27 single 0 multi 7 broadcast Output 36 total 0 bpdu 28 single 0 multi 8 broadcast Bridge 2 Input ...

Page 51: ...idging integrated with IP routing complete the following task l Configuring physical parameters for interfaces to ensure that the interfaces are physically Up Data Preparation To configure local bridging integrated with IP routing you need the following data No Data 1 Number of a bridge group 2 Numbers of interfaces to be added to the bridge group 3 IP address of the Bridge if interface that repre...

Page 52: ...lt no blackhole MAC address entry is configured l Configure attributes for dynamic MAC address entries of a bridge group Run undo mac address learning disable Dynamic MAC address learning is enabled By default dynamic MAC address learning is enabled for a bridge group Optional Run mac address aging time seconds bridge The aging time is configured for a dynamic MAC entry The configured aging time t...

Page 53: ...interface of the device Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The user side interface view is displayed Step 3 Run bridge bridge id An interface is added to a bridge group A maximum of 20 interfaces can be added to a bridge group Different types of interfaces can be added to the same bridge group Layer 2 interfaces cannot...

Page 54: ...n ip address ip address mask mask length An IP address is configured for the Bridge if interface Step 4 Optional Run mac address mac address A MAC address is configured for the Bridge if interface End 2 4 5 Enabling IP Routing for a Bridge Group A bridge group can route protocol packets after IP routing is enabled Context IP routing enables a bridge group to bridge and route packets If IP routing ...

Page 55: ...cified protocol packets To allow a bridge group to forward specified protocol packets enable the function that bridges the protocol packets on the bridge group By default a bridge group bridges all protocol packets End 2 4 7 Checking the Configuration After configuring local bridging integrated with IP routing you can view the traffic statistics on a bridge group or a specified interface in the br...

Page 56: ...Output 731 packets 0 bytes 498 unicast 233 broadcast 0 multicast Input bandwidth utilization 0 00 Output bandwidth utilization 0 00 Run the display bridge traffic bridge bridge id interface interface type interface number command to view the traffic statistics on the local bridge group Huawei display bridge traffic Bridge 1 Input 283 total 0 bpdu 11 single 271 multi 1 broadcast Output 178 total 0 ...

Page 57: ... a virtual group It can forward packets only after interfaces have been added to the group Procedure Step 1 Run system view The system view is displayed Step 2 Run bridge bridge id A bridge group is created and the bridge group view is displayed If the bridge group specified by bridge id exists the bridge group view is displayed Multiple devices can use the same bridge number End Follow up Procedu...

Page 58: ...ime takes effect on the dynamic MAC address entries of all bridge groups The aging time can be 0 or ranges from 60 to 1000000 in seconds The value 0 indicates that a dynamic MAC address entry will not age 2 5 3 Adding User side Interfaces to a Bridge Group Adding user side interfaces to a bridge group allows LANs to communicate with each other Context A bridge group is a virtual group It can forwa...

Page 59: ... 20 interfaces can be added to a bridge group Different types of interfaces can be added to the same bridge group Layer 2 interfaces cannot be added to a bridge group Ethernet sub interfaces and GE sub interfaces configured to terminate QinQ tags do not support transparent bridging End 2 5 4 Adding Network side Interfaces to a Bridge Group Using intermediate links to connect two devices allows dif...

Page 60: ...Ethernet interface to a bridge group 1 Run bridge bridge id The Ethernet interface is added to the bridge group l Add an HDLC interface to a bridge group 1 Run link protocol hdlc HDLC is enabled on the interface 2 Run bridge bridge id The HDLC interface is added to the bridge group l Add a PPP interface to a bridge group 1 Run link protocol ppp PPP is enabled on the interface 2 Run bridge bridge i...

Page 61: ...group is configured A maximum of 20 interfaces can be added to a bridge group Different types of interfaces can be added to the same bridge group Layer 2 interfaces cannot be added to a bridge group To add an MFR interface to a bridge group ensure that the FR interfaces bound to the MFR interface have the same bandwidth otherwise packet loss may occur End 2 5 5 Optional Disabling a Bridge Group fr...

Page 62: ... group the outbound interface does not remove the VLAN IDs of the packets to be sent out Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run bridge vlan transmit enable VLAN ID transparent transmission is enabled NOTE l VLANIF interfaces do not support VLAN ID transparent transmission l It is ...

Page 63: ... Input 48 total 0 bpdu 11 single 36 multi 1 broadcast Output 35 total 0 bpdu 11 single 23 multi 1 broadcast 2 6 Configuring Remote Bridging Integrated with IP Routing Configuring remote bridging integrated with IP routing allows users in different geographical locations and on different network segments to communicate with each other 2 6 1 Establishing the Configuration Task Before configuring rem...

Page 64: ...re Step 1 Run system view The system view is displayed Step 2 Run bridge bridge id A bridge group is created and the bridge group view is displayed If the bridge group specified by bridge id exists the bridge group view is displayed Multiple devices can use the same bridge number End Follow up Procedure By default dynamic MAC address learning is enabled for a bridge group When a network is insecur...

Page 65: ... MAC address entries of all bridge groups The aging time can be 0 or ranges from 60 to 1000000 in seconds The value 0 indicates that a dynamic MAC address entry will not age 2 6 3 Adding User side Interfaces to a Bridge Group Adding user side interfaces to a bridge group allows LANs to communicate with each other Context A bridge group is a virtual group It can forward packets only after interface...

Page 66: ... 20 interfaces can be added to a bridge group Different types of interfaces can be added to the same bridge group Layer 2 interfaces cannot be added to a bridge group Ethernet sub interfaces and GE sub interfaces configured to terminate QinQ tags do not support transparent bridging End 2 6 4 Adding Network side Interfaces to a Bridge Group Using intermediate links to connect two devices allows dif...

Page 67: ...Ethernet interface to a bridge group 1 Run bridge bridge id The Ethernet interface is added to the bridge group l Add an HDLC interface to a bridge group 1 Run link protocol hdlc HDLC is enabled on the interface 2 Run bridge bridge id The HDLC interface is added to the bridge group l Add a PPP interface to a bridge group 1 Run link protocol ppp PPP is enabled on the interface 2 Run bridge bridge i...

Page 68: ...erent types of interfaces can be added to the same bridge group Layer 2 interfaces cannot be added to a bridge group To add an MFR interface to a bridge group ensure that the FR interfaces bound to the MFR interface have the same bandwidth otherwise packet loss may occur End 2 6 5 Configuring a Bridge if Interface for a Bridge Group LANs on different network segments can communicate with each othe...

Page 69: ...packets can be bridged or routed depending on the configuration Procedure Step 1 Run system view The system view is displayed Step 2 Run bridge bridge id The bridge group view is displayed Step 3 Run routing ip IP routing is enabled for the bridge group The IP routing function cannot be configured if any of member interfaces in the bridge group has an IP address Before configuring the IP routing f...

Page 70: ...he display bridge bridge id information command to check information about the remote bridge group l Run the display bridge traffic bridge bridge id interface interface type interface number command to view the traffic statistics on the bridge group End Example Run the display interface bridge if bridge id command to view information about the Bridge if interface Huawei display interface bridge if...

Page 71: ... of the local bridge group Huawei display bridge traffic Bridge 1 Input 54 total 0 bpdu 50 single 0 multi 4 broadcast Output 52 total 0 bpdu 45 single 0 multi 7 broadcast Bridge 2 Input 234 total 0 bpdu 198 single 0 multi 36 broadcast Output 234 total 0 bpdu 196 single 0 multi 38 broadcast Run the display bridge traffic bridge bridge id interface interface type interface number command to view the...

Page 72: ...e command or display mac address static dynamic interface type interface number bridge bridge id verbose command in any view to check the static or dynamic MAC address entry of a specified bridge group and interface End 2 7 2 Clearing the Traffic Statistics of a Bridge Group This section describes how to clear the current traffic statistics on a bridge group so that you can collect new statistics ...

Page 73: ...mmunication is required between terminals within the same department and between some departments To keep information secure information in some departments needs to be isolated from that in the other departments Users that require communication with each other need to be added to the same bridge group so that they can communicate with each other and are isolated from other departments As shown in...

Page 74: ... l Number of each bridge group to which the LANs that need to communicate with each other are added l ID of each VLAN of which interfaces are added to a bridge group Configuration Procedure 1 Create bridge group 1 Huawei system view Huawei sysname RouterA RouterA bridge 1 RouterA bridge1 quit 2 Add Eth2 0 1 and Eth2 0 2 to VLAN 11 RouterA vlan 11 RouterA vlan11 quit RouterA interface ethernet 2 0 ...

Page 75: ...thers Routing MAC learning Enable interface total 2 interface s in the bridge GigabitEthernet4 0 0 Up Vlanif11 Up Bridge 2 Status Undo Shutdown Bridging IP Others Routing MAC learning Enable interface total 1 interface s in the bridge GigabitEthernet3 0 0 Up After the preceding configuration is complete User 1 User 2 and User 3 can ping each other whereas they cannot ping User 4 Configuration File...

Page 76: ...d to different bridge groups After Bridge if interfaces are created and assigned IP addresses and the IP routing function is enabled the two hosts of Enterprise A can communicate with the hosts of Enterprises B Figure 2 9 Networking diagram of local bridging integrated with IP routing RouterA Eth2 0 1 User 1 User 2 1 1 1 1 24 1 1 1 2 24 Eth2 0 2 GE3 0 0 User 3 3 1 1 3 24 Enterprise B Enterprise A ...

Page 77: ...ink type access RouterA Ethernet2 0 2 port default vlan 11 RouterA Ethernet2 0 2 quit Add VLANIF 11 to bridge group 1 RouterA interface vlanif 11 RouterA Vlanif11 bridge 1 RouterA Vlanif11 quit Configure an IP address for GE3 0 0 on RouterA RouterA interface gigabitethernet 3 0 0 RouterA GigabitEthernet3 0 0 ip address 3 1 1 1 255 255 255 0 RouterA GigabitEthernet3 0 0 quit Create Bridge if interf...

Page 78: ...ts located in different geological areas As shown in Figure 2 10 intermediate links are used to connect RouterA and RouterB which are located in different locations Users 1 to 4 are on the same network segment User 3 and User 4 are in a different location than User 1 and User 2 Configuring remote bridging allows User 1 and User 2 to communicate with User 3 and User 4 Figure 2 10 Networking diagram...

Page 79: ... default vlan 11 RouterA Ethernet2 0 2 quit RouterA interface ethernet 2 0 1 RouterA Ethernet2 0 1 port link type access RouterA Ethernet2 0 1 port default vlan 11 RouterA Ethernet2 0 1 quit Add VLANIF 11 to bridge group 1 RouterA interface vlanif 11 RouterA Vlanif11 bridge 1 RouterA Vlanif11 quit Add GE3 0 0 to bridge group 1 RouterA interface gigabitethernet 3 0 0 RouterA GigabitEthernet3 0 0 br...

Page 80: ...guration file of RouterA sysname RouterA bridge 1 interface Vlanif11 bridge 1 interface Ethernet2 0 1 port link type access port default vlan 11 interface Ethernet2 0 2 port link type access port default vlan 11 interface GigabitEthernet3 0 0 bridge 1 return Configuration file of RouterB sysname RouterB bridge 1 interface Vlanif11 bridge 1 interface Ethernet2 0 1 port link type access port default...

Page 81: ... and the IP routing function is enabled the two hosts of Enterprise A can communicate with the hosts of Enterprises C Figure 2 11 Networking diagram of remote bridging integrated with IP routing RouterA GE3 0 0 Bridge if Eth2 0 1 RouterB GE3 0 0 User 4 User 1 User 2 1 1 1 1 24 1 1 1 2 24 2 1 1 4 24 Network Eth2 0 2 Eth2 0 0 Enterprise A Enterprise C Configuration Roadmap The configuration roadmap ...

Page 82: ...s RouterA Ethernet2 0 2 port default vlan 11 RouterA Ethernet2 0 2 quit Add VLANIF 11 to bridge group 1 RouterA interface vlanif 11 RouterA Vlanif11 bridge 1 RouterA Vlanif11 quit Add GE3 0 0 on Router A to bridge group 2 RouterA interface gigabitethernet 3 0 0 RouterA GigabitEthernet3 0 0 bridge 2 RouterA GigabitEthernet3 0 0 quit Create Bridge if interface 1 for bridge group 1 and Bridge if inte...

Page 83: ... and User 4 can successfully ping each other Configuration Files Configuration file of RouterA sysname RouterA bridge 1 routing ip bridge 2 routing ip interface Vlanif11 bridge 1 interface Ethernet2 0 1 port link type access port default vlan 11 interface Ethernet2 0 2 port link type access port default vlan 11 interface Bridge if1 ip address 1 1 1 3 255 255 255 0 interface Bridge if2 ip address 2...

Page 84: ...abled As shown in Figure 2 12 User 1 User 2 User 3 and User 4 are on the same network segment User 1 and User 3 belong to a VLAN User 2 and User 4 belong to the other VLAN To allow users in the same VLAN to communicate with each other and isolate users in different VLANs remote bridging and VLAN ID transparent transmission can be enabled In this manner User 1 can only communicate with User 3 and U...

Page 85: ... bridge group to which a user side interface and a network side interface are added Configuration Procedure 1 Configure Router A Create bridge group 1 Huawei system view Huawei sysname RouterA RouterA bridge1 bridge 1 RouterA bridge1 quit Add Ethernet1 0 0 and Ethernet2 0 0 to bridge group 1 and enable VLAN ID transparent transmission on the two interfaces RouterA interface ethernet 1 0 0 RouterA ...

Page 86: ...B Ethernet2 0 0 bridge vlan transmit enable RouterB Ethernet2 0 0 quit 4 Configure Switch 2 Create VLANs Huawei system view Huawei sysname Switch2 Switch2 vlan 11 Switch2 vlan11 quit Switch2 vlan 12 Switch2 vlan12 quit Add Eth1 0 1 to VLAN 11 and Eth1 0 2 to VLAN 12 Switch2 interface ethernet 1 0 1 Switch2 Ethernet1 0 1 port link type access Switch2 Ethernet1 0 1 port default vlan 11 Switch2 Ether...

Page 87: ...ation file of Switch 1 sysname Switch1 vlan batch 11 to 12 interface Ethernet1 0 1 port link type access port default vlan 11 interface Ethernet1 0 2 port link type access port default vlan 12 interface Ethernet1 0 3 port link type trunk port trunk allow pass vlan 11 to 12 return Configuration file of Switch 2 sysname Switch2 vlan batch 11 to 12 interface Ethernet1 0 1 port link type access Huawei...

Page 88: ...12 interface Ethernet1 0 3 port link type trunk port trunk allow pass vlan 11 to 12 return Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 2 Transparent Bridging Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 77 ...

Page 89: ...a VLAN 3 5 Configuring VLANIF Interfaces to Implement Layer 3 Communication This section describes how to configure VLANIF interfaces to implement Layer 3 communication 3 6 Configuring VLAN Aggregation This section describes how to configure VLAN aggregation to minimize IP addresses occupied by VLANs 3 7 Configuring MUX VLAN This section describes how to isolate interfaces in a VLAN 3 8 Configurin...

Page 90: ... VLAN networking minimizes the impact of the fault to each VLAN which improves network robustness 3 2 VLAN Features Supported by the AR3200 This section describes the VLAN features supported by the AR3200 Port based VLAN The AR3200 supports port based VLANs Ports on the AR3200 are classified into the following types l Access An access port can join only one VLAN the default VLAN Access ports are u...

Page 91: ...packet l If the VLAN ID of the packet is in the list of allowed VLAN IDs the port accepts the packet l If the VLAN ID of the packet is not in the list of allowed VLAN IDs the port discards the packet l If the VLAN ID of the packet is the same as the default VLAN ID and is in the list of allowed VLAN IDs the port removes the tag and sends the packet l If the VLAN ID of the packet is different from ...

Page 92: ...subordinate VLANs Subordinate VLANs are classified into group VLANs and separate VLANs A principal VLAN can communicate with its subordinate VLANs but the subordinate VLANs cannot communicate with each other Interfaces in a group VLAN can communicate with each other but interfaces in a separate VLAN cannot communicate with each other You can implement inter device MUX VLAN by configuring the same ...

Page 93: ...litate network management The default description of a VLAN shows the VLAN ID For example the description of VLAN 15 is VLAN 0015 End 3 3 3 Optional Creating VLANs in a Batch Context Perform the following steps on the AR3200 to configure VLANs in a batch Procedure Step 1 Run system view The system view is displayed Step 2 Run vlan batch vlan id1 to vlan id2 1 10 Multiple VLANs are created in a bat...

Page 94: ... vlan vlan id verbose command to check the description of a VLAN Huawei display vlan 10 verbose Management VLAN VLAN ID 10 VLAN Name VLAN Type Common Description VLAN 0010 Status Enable Broadcast Enable MAC Learning Enable Smart MAC Learning Disable Current MAC Learning Result Enable Statistics Disable Property Default VLAN State Up Untagged Port Ethernet2 0 0 Ethernet2 0 4 Active Untag Port Ether...

Page 95: ...k l Creating a VLAN Data Preparation To add interfaces to a VLAN you need the following data No Data 1 Types and numbers of the interfaces to be added to a VLAN 2 VLAN ID 3 4 2 Adding an Access Interface to a VLAN Context Use either of the following methods to add an access interface to a VLAN Procedure l Adding an access interface to a VLAN in the VLAN view 1 Run system view The system view is di...

Page 96: ...ss The link type of the interface is set to access By default the link type of an interface is hybrid 4 Run port default vlan vlan id The default VLAN of the interface is configured By default VLAN 1 is the default VLAN for all interfaces End 3 4 3 Adding a Trunk Interface to a VLAN Context Perform the following steps on the AR3200 to add a trunk interface to a VLAN Procedure Step 1 Run system vie...

Page 97: ...the interface is set to hybrid By default the interface type is hybrid Step 4 Run one of the following commands depending on the mode being used l To add the hybrid interface to a VLAN or multiple VLANs in tagged mode run port hybrid tagged vlan vlan id1 to vlan id2 1 10 l To add the hybrid interface to a VLAN or multiple VLANs in untagged mode run port hybrid untagged vlan vlan id1 to vlan id2 1 ...

Page 98: ...interface to forward packets of the default VLAN add the interface to the default VLAN End 3 4 6 Optional Specifying the Default VLAN for a Hybrid Interface Context Perform the following steps on the AR3200 to specify the default VLAN for a hybrid interface Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displ...

Page 99: ...100 Hex The Maximum Frame Length is 9216 IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 0018 2000 0083 Last physical up time Last physical down time 2009 04 19 18 25 51 Port Mode COMMON FIBER Speed 1000 Loopback NONE Duplex FULL Negotiation ENABLE Mdi NORMAL Last 300 seconds input rate 0 bits sec 0 packets sec Last 300 seconds output rate 0 bits sec 0 packets sec Input peak rate 0 ...

Page 100: ...rfaces to implement Layer 3 communication 3 5 1 Establishing the Configuration Task Applicable Environment When the AR3200 needs to communicate with devices at the network layer you can create VLANIF interfaces logical interfaces on the AR3200 VLANIF interfaces can be assigned IP addresses because they work at the network layer The AR3200 communicates with the devices at the network layer through ...

Page 101: ...s to a VLANIF interface Procedure Step 1 Run system view The system view is displayed Step 2 Run interface vlanif vlan id A VLANIF interface is created and the VLANIF interface view is displayed Step 3 Run ip address ip address mask mask length The IP address of the VLANIF interface is configured End 3 5 4 Optional Setting the MTU of a VLANIF Interface Context l After using the mtu command on a sp...

Page 102: ... is large the packet will probably split into many fragments As a result the packet may be discarded due to insufficient QoS queue length To avoid this situation lengthen the QoS queue accordingly End 3 5 5 Optional Configuring VLAN Damping Context Perform the following steps on the AR3200 to configure VLAN damping Procedure Step 1 Run system view The system view is displayed Step 2 Run interface ...

Page 103: ...col current state DOWN Description HUAWEI AR Series Vlanif10 Interface Route Port The Maximum Transmit Unit is 1500 Internet Address is 10 10 10 20 24 IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 00e0 fc01 00e1 Current system time 2011 02 09 19 45 40 Input bandwidth utilization Output bandwidth utilization 3 6 Configuring VLAN Aggregation This section describes how to configure V...

Page 104: ...of each interface to bring the physical layer in Up state Data Preparation To configure VLAN aggregation you need the following data No Data 1 Sub VLAN IDs and interface numbers 2 Super VLAN ID 3 IP addresses and masks of the VLANIF interfaces 3 6 2 Configuring Sub VLANs Context Perform the following steps on the AR3200 to configure VLAN aggregation Huawei AR3200 Series Enterprise Routers Configur...

Page 105: ...type interface number1 to interface number2 1 10 The interfaces are added to the VLAN End 3 6 3 Creating a Super VLAN Context Perform the following steps on the AR3200 to create a super VLAN Procedure Step 1 Run system view The system view is displayed Step 2 Run vlan vlan id A VLAN is created and the VLAN view is displayed Step 3 Run aggregate vlan The VLAN is configured as a super VLAN Huawei AR...

Page 106: ... and the VLANIF interface view is displayed The VLANIF interfaces can be configured only for a super VLAN Therefore vlan id specifies the VLAN ID of the super VLAN Step 3 Run ip address ip address mask mask length sub The IP address of the VLANIF interface is configured The IP address of the VLANIF interface must be in the same network segment as users in the sub VLANs End 3 6 5 Configuring Proxy ...

Page 107: ... VLAN type Huawei display vlan 2 verbose Management VLAN VLAN ID 2 VLAN Name VLAN Type Super Description VLAN 0002 Status Enable Broadcast Enable MAC Learning Enable Smart MAC Learning Disable Current MAC Learning Result Enable Statistics Disable Property Default VLAN State Down sub VLAN List 20 Run the display interface vlanif command to view the physical status link protocol status IP address an...

Page 108: ... with each other In MUX VLAN implementation VLANs are classified into principal VLANs and subordinate VLANs Subordinate VLANs are classified into group VLANs and separate VLANs A principal VLAN can communicate with its subordinate VLANs but the subordinate VLANs cannot communicate with each other Interfaces in a group VLAN can communicate with each other but interfaces in a separate VLAN cannot co...

Page 109: ...ach principal VLAN can have at most 32 subordinate VLANs End 3 7 3 Configuring Subordinate VLANs Context Perform the following steps on the AR3200 to configure subordinate VLANs Procedure l Configuring group VLANs 1 Run system view The system view is displayed 2 Run vlan vlan id The principal VLAN view is displayed 3 Run subordinate group vlan id1 to vlan id2 The group VLANs are configured Huawei ...

Page 110: ...he MUX VLAN function Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run port mux vlan enable The MUX VLAN function is enabled on the interface NOTE l Limiting MAC address learning on an interface may affect the MUX VLAN function on the interface l Port security and MUX VLAN cannot be enabled ...

Page 111: ...Task Applicable Environment To improve device security only add trunk or hybrid interfaces not access interfaces to a management VLAN Users usually log in to and manage the device through the VLANIF interface corresponding to the management VLAN Pre configuration Tasks Before configuring a management VLAN complete the following task l Creating a VLAN Data Preparation To configure a management VLAN...

Page 112: ...ement vlan The total number of vlans is 6 VLAN ID Type Status MAC Learning Broadcast Multicast Unicast Property 1 common enable enable forward forward forward default 93 common enable enable forward forward forward default 95 common enable enable forward forward forward default 100 super enable enable forward forward forward default 202 mux enable enable forward forward forward default 1000 common...

Page 113: ...and Department 4 in VLAN 3 l Department 1 and Department 2 in VLAN 2 can communicate with each other l Department 3 and Department 4 in VLAN 3 can communicate with each other Figure 3 2 Network diagram of interface based VLAN assignment Eth2 0 1 RouterA Eth2 0 2 Eth2 0 3 Eth2 0 4 Department 1 VLAN2 VLAN3 RouterB RouterC RouterD Router Department 2 Department 3 Department 4 Configuration Roadmap Th...

Page 114: ...ei Ethernet2 0 4 port link type trunk Huawei Ethernet2 0 4 port trunk allow pass vlan 3 Huawei Ethernet2 0 4 quit Step 2 Verify the configuration Ping any host in VLAN 3 from a host in VLAN 2 The ping operation fails indicating that Department 1 and Department 2 are isolated from Department 3 and Department 4 Ping any host in Department 2 from a host in Department 1 The ping operation is successfu...

Page 115: ...rk diagram for communication between VLANs through VLANIF interfaces SwitchA Router Eth2 0 1 Eth2 0 3 VLAN 10 VLAN 20 Eth2 0 1 Eth2 0 2 PC1 PC2 10 10 10 2 24 20 20 20 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Add Ethernet interfaces to the VLAN 2 Configure VLANIF interfaces Data Preparation To complete the configuration you need the following data l Ethernet 2 0 1 of the...

Page 116: ...he VLANs SwitchA interface ethernet 2 0 1 SwitchA Ethernet2 0 1 port link type access SwitchA Ethernet2 0 1 port default vlan 10 SwitchA Ethernet2 0 1 quit SwitchA interface ethernet 2 0 2 SwitchA Ethernet2 0 2 port link type access SwitchA Ethernet2 0 2 port default vlan 20 SwitchA Ethernet2 0 2 quit SwitchA interface ethernet 2 0 3 RouterA Ethernet2 0 3 port link type trunk SwitchA Ethernet2 0 3...

Page 117: ...rnet2 0 2 port link type access port default vlan 20 interface Ethernet2 0 3 port link type trunk port trunk allow pass vlan 10 20 return 3 9 3 Example for Configuring VLAN Damping Networking Requirements As shown in Figure 3 4 the hosts in VLAN 10 communicate with the hosts outside VLAN 10 through VLANIF 10 The VLAN damping feature is configured on VLANIF 10 to prevent route flapping caused by ch...

Page 118: ...N damping delay Data Preparation To complete the configuration you need the following data l VLAN ID l Interface number l Number of the VLANIF interface l IP address of the VLANIF interface 10 100 100 100 24 l VLAN damping delay 20 seconds Procedure Step 1 Create a VLAN Create VLAN 10 Huawei system view Huawei sysname Router Router vlan batch 10 Step 2 Add interfaces to the VLAN Huawei AR3200 Seri...

Page 119: ...if 10 Vlanif10 current state UP Line protocol current state UP Last line protocol up time 2008 01 25 09 05 13 Description HUAWEI AR Series Vlanif10 Interface Route Port The Maximum Transmit Unit is 1500 The Holdoff Timer is 20 sec Internet Address is 10 100 100 100 24 IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 00e0 fc01 0005 Current system time 2008 01 25 09 05 37 Input bandwid...

Page 120: ...s of the Router to sub VLANs 2 Add the sub VLANs to the super VLAN 3 Configure the IP address for the super VLAN 4 Configure proxy ARP for the super VLAN Data Preparation To complete the configuration you need the following data l Ethernet 2 0 1 and Ethernet 2 0 2 belong to VLAN 2 l Ethernet 2 0 3 and Ethernet 2 0 4 belong to VLAN 3 l The VLAN ID of the super VLAN is 4 l The IP address of the supe...

Page 121: ...re VLAN 2 Create VLAN 2 Huawei vlan 2 Add Ethernet 2 0 1 and Ethernet 2 0 2 to VLAN 2 Huawei vlan2 port ethernet 2 0 1 2 0 2 Huawei vlan2 quit Step 3 Configure VLAN 3 Create VLAN 3 Huawei vlan 3 Add Ethernet 2 0 3 and Ethernet 2 0 4 to VLAN 3 Huawei vlan3 port ethernet 2 0 3 2 0 4 Huawei vlan3 quit Step 4 Configure VLAN 4 Configure the super VLAN Huawei vlan 4 Huawei vlan4 aggregate vlan Huawei vl...

Page 122: ...lan 3 interface Ethernet2 0 4 port link type access port default vlan 3 return 3 9 5 Example for Configuring the MUX VLAN Function Networking Requirements An enterprise forbids communication between some departments and allows communication between other departments All employees in the enterprise are allowed to access certain servers The MUX VLAN function can be configured to meet the preceding r...

Page 123: ...nfiguration Roadmap The configuration roadmap is as follows 1 Configure the principal VLAN 2 Configure the group VLAN 3 Configure the separate VLAN 4 Add interfaces to the VLANs and enable the MUX VLAN function on the interfaces Data Preparation To complete the configuration you need the following data l Ethernet 2 0 1 belongs to VLAN 2 l Ethernet 2 0 2 and Ethernet 2 0 3 belong to VLAN 3 l Ethern...

Page 124: ...uawei interface ethernet 2 0 4 Huawei Ethernet2 0 4 port link type access Huawei Ethernet2 0 4 port default vlan 4 Huawei Ethernet2 0 4 port mux vlan enable Huawei Ethernet2 0 4 quit Huawei interface ethernet 2 0 5 Huawei Ethernet2 0 5 port link type access Huawei Ethernet2 0 5 port default vlan 4 Huawei Ethernet2 0 5 port mux vlan enable Huawei Ethernet2 0 5 quit Step 2 Verify the configuration S...

Page 125: ...a group VLAN and add the hosts that need to be isolated to a separate VLAN Employing this function reduces the needed VLAN IDs When employees connect to servers through multiple AR3200s inter device MUX VLAN can be configured As shown in Figure 3 7 Ethernet2 0 1 of each Router is connected a server Ethernet2 0 2 to Ethernet2 0 5 are connected to PCs The Routers use Ethernet2 0 6 to communicate wit...

Page 126: ...ces 5 Configure the interfaces between RouterA and RouterB to allow the principal VLAN and subordinate VLANs to pass through Data Preparation To complete the configuration you need the following data l Ethernet2 0 1 belongs to VLAN 2 l Ethernet2 0 2 and Ethernet2 0 3 belong to VLAN 3 l Ethernet2 0 4 and Ethernet2 0 5 belong to VLAN 4 l Ethernet2 0 6 allows VLAN 2 VLAN 3 and VLAN 4 to pass through ...

Page 127: ...e RouterA Ethernet2 0 4 quit RouterA interface ethernet 2 0 5 RouterA Ethernet2 0 5 port link type access RouterA Ethernet2 0 5 port default vlan 4 RouterA Ethernet2 0 5 port mux vlan enable RouterA Ethernet2 0 5 quit Configure Ethernet2 0 6 to allow the principal VLAN and subordinate VLANs to pass through RouterA interface ethernet 2 0 6 RouterA Ethernet2 0 6 port link type trunk RouterA Ethernet...

Page 128: ... VLAN and subordinate VLANs to pass through RouterB interface ethernet 2 0 6 RouterB Ethernet2 0 6 port link type trunk RouterB Ethernet2 0 6 port trunk allow pass vlan 2 to 4 RouterB Ethernet2 0 6 quit Step 3 Verify the configuration All the hosts can access Server A and Server B in the principal VLAN Host A Host B Host E and Host F in the group VLAN can communicate with each other Host C Host D ...

Page 129: ...t link type access port default vlan 2 port mux vlan enable interface Ethernet2 0 2 port link type access port default vlan 3 port mux vlan enable interface Ethernet2 0 3 port link type access port default vlan 3 port mux vlan enable interface Ethernet2 0 4 port link type access port default vlan 4 port mux vlan enable interface Ethernet2 0 5 port link type access port default vlan 4 port mux vlan...

Page 130: ...terB VLANIF10 VLANIF10 10 10 10 2 24 20 20 20 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Add interfaces to the VLANs 2 Assign IP addresses to VLANIF interfaces 3 Configure basic OSPF functions Data Preparation To complete the configuration you need the following data l Ethernet 2 0 1 of RouterA belongs to VLAN 10 and IP address of VLANIF 10 is 10 10 10 1 24 l Ethernet 2 0...

Page 131: ...terA interface vlanif 30 RouterA Vlanif30 ip address 30 30 30 1 24 RouterA Vlanif30 quit Configure basic OSPF functions RouterA router id 1 1 1 1 RouterA ospf RouterA ospf 1 area 0 RouterA ospf 1 area 0 0 0 0 network 10 10 10 0 0 0 0 255 RouterA ospf 1 area 0 0 0 0 network 30 30 30 0 0 0 0 255 RouterA ospf 1 area 0 0 0 0 quit Step 2 Configure RouterB Create VLANs Huawei system view Huawei sysname ...

Page 132: ... 20 1 24 in this example After the configurations are complete computers on the two Layer 2 networks are isolated at Layer 2 and can communicate at Layer 3 End Configuration Files Configuration file of RouterA sysname RouterA router id 1 1 1 1 vlan batch 10 30 interface Vlanif10 ip address 10 10 10 1 255 255 255 0 interface Vlanif30 ip address 30 30 30 1 255 255 255 0 interface Ethernet2 0 1 port ...

Page 133: ...unk allow pass vlan 30 interface Ethernet2 0 2 port link type trunk port trunk allow pass vlan 10 ospf 1 area 0 0 0 0 network 20 20 20 0 0 0 0 255 network 30 30 30 0 0 0 0 255 return Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 3 VLAN Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 122 ...

Page 134: ...AR3200 This section describes the voice VLAN features supported by the AR3200 4 3 Configuring a Voice VLAN This chapter describes how to configure a voice VLAN 4 4 Configuration Examples This section provides configuration examples for voice VLAN Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 4 Voice VLAN Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyri...

Page 135: ...d Electronics Engineers IEEE assigns an OUI to each vendor so you can identify the vendor of a device according to the OUI The AR3200 supports a maximum of 16 OUIs You can set the mask of the OUI on the AR3200 to adjust the length of the MAC address that the AR3200 matches with the OUI Mode for Adding an Interface to the Voice VLAN You can use either of the following modes to add an interface to t...

Page 136: ...packet as follows to improve the transmission quality l Change the CoS 802 1p priority to 6 l Change the DSCP value to 46 4 3 Configuring a Voice VLAN This chapter describes how to configure a voice VLAN 4 3 1 Establishing the Configuration Task Before configuring a voice VLAN familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data Thi...

Page 137: ...in the voice VLAN to ensure the call quality Pre configuration Tasks Before configuring a voice VLAN complete the following task l Creating a VLAN Data Preparation To configure a voice VLAN you need the following data No Data 1 ID of the voice VLAN 2 Type and number of the interface on which the voice VLAN is enabled 3 Mode used to add the interface to the voice VLAN 4 OUI and mask of the voice VL...

Page 138: ...s of service traffic l Before deleting a VLAN that has been configured as a voice VLAN run the undo voice vlan enable command to disable the voice VLAN function l Only one VLAN can be configured as the voice VLAN on an interface End 4 3 3 Setting the OUI of the Voice VLAN The AR3200 identifies voice data flows based on the source MAC addresses of incoming data flows If the source MAC address of a ...

Page 139: ...face does not receive any voice data packets from the voice device within the aging time l In manual mode the interface connected to a voice device can forward voice data packets only after the interface is added to the voice VLAN manually Procedure l Configuring the auto mode 1 Run system view The system view is displayed 2 Run interface interface type interface number The interface view is displ...

Page 140: ...text By default the 802 1p priority and DSCP value for each voice VLAN are 6 and 46 respectively Manual configuration of the 802 1p priority and DSCP value will allow you to plan priorities for different voice services at will NOTE l The 802 1p priority is indicated by the value in the 3 bit PRI field in each 802 1Q VLAN frame This field determines the transmission priority for data packets when a...

Page 141: ...e transmitted over voice VLAN in secure mode or normal mode Context l In secure mode the interface on which voice VLAN is enabled checks the source MAC address of every incoming packet and discards the packets whose source MAC addresses do not match the OUI of the voice VLAN That is the interface forwards only voice data packets The secure mode protects the voice VLAN against attacks from maliciou...

Page 142: ...apply for an IP address To enable a Huawei device to communicate with non Huawei voice devices you can use the voice vlan legacy command to enable the Huawei device to identify proprietary protocol packets Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run voice vlan legacy enable The interfa...

Page 143: ...e VLAN dscp remark 46 Port Information Port Add Mode Security Mode Legacy Ethernet2 0 1 Auto Security Disable 4 4 Configuration Examples This section provides configuration examples for voice VLAN 4 4 1 Example for Configuring a Voice VLAN in Auto Mode In auto voice VLAN mode an interface can be automatically added to the voice VLAN after the voice VLAN function is enabled on the interface The sys...

Page 144: ...on Roadmap The configuration roadmap is as follows 1 Create VLANs and VLANIF interfaces on the Router and configure interfaces so that enterprise users can access the WAN through the Router 2 Enable the voice VLAN function on Ethernet2 0 1 and configure the voice VLAN 3 Configure a traffic policy and apply it to the inbound interface of voice data packets Data Preparation To complete the configura...

Page 145: ...ei interface gigabitethernet 3 0 0 Huawei GigabitEthernet3 0 0 ip address 192 168 4 1 24 Huawei GigabitEthernet3 0 0 quit Step 2 Configure the voice VLAN on the Router Enable the voice VLAN on Ethernet2 0 1 Huawei interface ethernet 2 0 1 Huawei Ethernet2 0 1 voice vlan 2 enable Configure the mode in which Ethernet2 0 1 is added to the voice VLAN Huawei Ethernet2 0 1 voice vlan mode auto Huawei Et...

Page 146: ...sk Description 0011 2200 0000 ffff ff00 0000 Run the display voice vlan 2 status command to check the voice VLAN configuration including the status aging time and mode in which the interface is added to the voice VLAN Huawei display voice vlan 2 status Voice VLAN Configurations Voice VLAN ID 2 Voice VLAN status Enable Voice VLAN aging time 100 minutes Voice VLAN 8021p remark 6 Voice VLAN dscp rema...

Page 147: ...ata packets only after the interface is added to the voice VLAN manually Networking Requirements Data flows of the HSI VoIP and IPTV services are transmitted on the network Users require high quality of VoIP services therefore voice data flows must be transmitted with a high priority As shown in Figure 4 3 the voice VLAN function is configured on the Router The Router determines whether a data pac...

Page 148: ...of the voice VLAN VLAN 2 l ID of the VLAN that the IP phone uses to request an IP address VLAN 6 l IP address of the VLANIF interface corresponding to the voice VLAN 192 168 2 1 24 l OUI and mask of the voice VLAN 0011 2200 0000 and ffff ff00 0000 l Default VLAN of Ethernet2 0 1 VLAN 6 l IP address of the WAN side interface 192 168 4 1 24 l Re marked DSCP priority for voice data packets with the s...

Page 149: ...1 port hybrid tagged vlan 2 Huawei Ethernet2 0 1 quit Configure the OUI of the voice VLAN Huawei voice vlan mac address 0011 2200 0000 mask ffff ff00 0000 Configure the working mode of the voice VLAN Huawei interface ethernet 2 0 1 Huawei Ethernet2 0 1 voice vlan security enable Step 3 Configure a traffic policy and apply it to the inbound interface of voice data packets Configure traffic classifi...

Page 150: ...ime 1440 minutes Voice VLAN 8021p remark 6 Voice VLAN dscp remark 46 Port Information Port Add Mode Security Mode Legacy Ethernet2 0 1 Manual Security Disable Run the display traffic policy user defined command to view details about the traffic policy configuration Huawei display traffic policy user defined p1 User Defined Traffic Policy Information Policy p1 Classifier c1 Operator AND Behavior b1...

Page 151: ...ort hybrid untagged vlan 6 voice vlan 2 enable voice vlan mode manual traffic policy p1 inbound interface GigabitEthernet3 0 0 ip address 192 168 4 1 255 255 255 0 return Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 4 Voice VLAN Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 140 ...

Page 152: ...other 5 2 GVRP Features Supported by the AR3200 This section describes the GVRP features supported by the AR3200 5 3 Configuring GVRP This section describes how to configure the GVRP function 5 4 Maintaining GVRP This section describes how to clear the GARP statistics 5 5 Configuration Examples This section provides a configuration example for GVRP Huawei AR3200 Series Enterprise Routers Configura...

Page 153: ...ributes are statically deregistered it also sends Leave messages to other devices l LeaveAll messages When a GARP participant is enabled the LeaveAll timer is started When the LeaveAll timer expires the GARP participant sends LeaveAll messages to request other GARP participants to deregister all the attributes of the sender Then other participants can re register the attributes The Join Leave and ...

Page 154: ... After other devices receive the LeaveAll messages they reset their LeaveAll timers Therefore only the LeaveAll timer with the smallest value takes effect even if devices have different settings for the LeaveAll timer l GARP operation process Through GARP the configuration information of a GARP member can be propagated on the entire LAN A GARP member may be a terminal workstation or a bridge A GAR...

Page 155: ... packet A message consists of the Attribute Type and Attribute List fields Attribute Type Indicates the type of an attribute which is defined by the GARP application The value is 0x01 for GVRP indicating that the attribute value is a VLAN ID Attribute List Indicates the attribute list which consists of multiple attributes Attribute Indicates an attribute which consists of the Attribute Length Attr...

Page 156: ...on all the devices on the same LAN have the same VLAN information The VLAN registration information transmitted through GVRP contains both static local registration information that is manually configured and the dynamic registration information from other devices A GVRP interface supports three registration modes l Normal In this mode the GVRP interface can dynamically register and deregister VLA...

Page 157: ...ally join or leave VLANs by configuring the GVRP function The GVRP function simplifies VLAN configuration Pre configuration Tasks Before configuring the GVRP function complete the following task l Adding the GVRP interfaces to all VLANs Data Preparation To configure the GVRP function you need the following data No Data 1 Optional Registration mode for GVRP interfaces 2 Optional Values of the GARP ...

Page 158: ...rmation and static VLAN registration information l Fixed In this mode the GVRP interface is disabled from dynamically registering and deregistering VLANs and can transmit only the static registration information If the registration mode is set to fixed for a trunk interface the interface allows only the manually configured VLANs to pass even if it is configured to allow all the VLANs to pass l For...

Page 159: ...t the GARP timers pay attention to the following points l The undo garp timer command restores the default values of the GARP timers If the default value of a timer is out of the valid range the undo garp timer command does not take effect l The value range of each timer changes with the values of the other timers If a value set for a timer is not within the allowed range you can change the value ...

Page 160: ... Configuration Procedure l Run the display gvrp status command to view the status of global GVRP l Run the display gvrp statistics interface interface type interface number to interface type interface number 1 5 command to view the GVRP statistics on an interface l Run the display garp timer interface interface type interface number to interface type interface number 1 5 command to view the values...

Page 161: ...istics interface interface type interface number to interface type interface number 1 5 command in the user view to clear GARP statistics on the specified interfaces End 5 5 Configuration Examples This section provides a configuration example for GVRP 5 5 1 Example for Configuring GVRP Networking Requirements As shown in Figure 5 2 a branch of Company A communicates with the headquarters through R...

Page 162: ...on you need the following data l VLANs allowed by interfaces of RouterA RouterB and RouterC all VLANs l Interface registration mode on RouterA and RouterB normal l Registration mode on Ethernet 2 0 1 and Ethernet 2 0 2 of RouterC fixed and normal respectively l VLANs of Company B on RouterC VLAN 101 to VLAN 200 Procedure Step 1 Configure RouterA Create VLAN 101 to VLAN 200 RouterA system view Rout...

Page 163: ...et 2 0 1 RouterC Ethernet2 0 1 port link type trunk RouterC Ethernet2 0 1 port trunk allow pass vlan all RouterC Ethernet2 0 1 quit RouterC interface ethernet 2 0 2 RouterC Ethernet2 0 2 port link type trunk RouterC Ethernet2 0 2 port trunk allow pass vlan all RouterC Ethernet2 0 2 quit Enable GVRP on the interfaces and set the registration modes for the interfaces RouterC interface ethernet 2 0 1...

Page 164: ... RouterA vlan batch 101 to 200 gvrp interface Ethernet2 0 1 port link type trunk port trunk allow pass vlan 2 to 4094 gvrp interface Ethernet2 0 2 port link type trunk port trunk allow pass vlan 2 to 4094 gvrp return l Configuration file of RouterB sysname RouterB vlan batch 101 to 200 gvrp interface Ethernet2 0 1 port link type trunk port trunk allow pass vlan 2 to 4094 gvrp interface Ethernet2 0...

Page 165: ...rface Ethernet2 0 2 port link type trunk port trunk allow pass vlan 2 to 4094 gvrp return Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 5 GVRP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 154 ...

Page 166: ...unction 6 5 Configuring Limitation on MAC Address Learning This section describes how to limit MAC learning based on interfaces and VLANs 6 6 Configuring MAC Address Flapping Detecting Function This section describes how to configure MAC address flapping detecting function 6 7 Configuring the Router to Discard Packets with an Invalid All 0 MAC Address This section describes how to configure the ro...

Page 167: ... that are manually configured A data frame is discarded if the source or destination MAC address matches a blackhole MAC address entry These entries are never aged out l Secure dynamic MAC address entries that interfaces learn after port security is enabled These entries can be aged out or not l Sticky MAC address entries that interfaces learn after the sticky MAC function is enabled These entries...

Page 168: ...ddress entries so that packets with specified destination MAC addresses are forwarded through specified outbound interfaces l Configure blackhole MAC address entries to discard the packets with the specified destination MAC addresses or source MAC addresses to Blackhole MAC address entries prevent invalid MAC address entries from consuming the capacity of the MAC address table and prevent hackers ...

Page 169: ...ddress entry Procedure Step 1 Run system view The system view is displayed Step 2 Run mac address blackhole mac address vlan vlan id bridge bridge id A blackhole MAC address entry is created End 6 3 4 Optional Setting the Aging Time for Dynamic MAC Address Entries Context Perform the following steps on the AR3200 to set the aging time for dynamic MAC address entries Procedure Step 1 Run system vie...

Page 170: ... By default the AR3200 performs the forward action after MAC address learning is disabled That is the AR3200 forwards packets according to the MAC address table When the action is configured to discard the AR3200 matches the source MAC addresses of packets with the MAC address entries If the inbound interface and source MAC address of a packet matches a MAC address entry the AR3200 forwards the pa...

Page 171: ...ace numbers and VLAN IDs of outbound interface in all MAC address entries Huawei display mac address MAC Address VLAN Bridge Learned From Type 0000 3333 3333 2 Eth2 0 2 static 00e0 1234 5678 2 blackhole Total items displayed 2 Run the display mac address static command to view the destination MAC addresses outbound interface numbers and VLAN IDs of outbound interface in static MAC address entries ...

Page 172: ... Switch Slot Total Blackhole Static DynLoc DynRmt Secure Sticky Block Authen 0 2 1 1 0 0 0 0 0 0 sum 2 1 1 0 0 0 0 0 0 Mac Item of Transparent Bridge Total Blackhole Static Dynamic 0 0 0 0 6 4 Configuring Port Security This section describes how to configure the port security function 6 4 1 Establishing the Configuration Task Applicable Environment The port security function can prevent hosts with...

Page 173: ...splayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run port security enable The port security function is enabled By default the port security function is disabled on interfaces of the AR3200 NOTE Port security and MUX VLAN cannot be enabled on the same interface End 6 4 3 Enabling the Sticky MAC Function on an Interface Context The sticky MAC funct...

Page 174: ...entry is configured End 6 4 4 Optional Setting the Maximum Number of MAC Addresses Learned by an Interface Context l If the sticky MAC function is disabled this task can limit the maximum number of MAC addresses dynamically learned by an interface l If the sticky MAC function is enabled this task can limit the maximum number of sticky MAC addresses learned by an interface Procedure Step 1 Run syst...

Page 175: ...amic MAC Addresses on an Interface Context After the port security function is enabled on an interface the MAC addresses learned by the interface are secure dynamic MAC addresses and will not be aged out If the MAC addresses learned by an interface can be trusted for a specific period of time you can run the port security aging time command to set an aging time for the secure dynamic MAC addresses...

Page 176: ...view the secure dynamic MAC address entries and sticky MAC address entries Huawei display mac address sticky MAC Address VLAN Bridge Learned From Type 0000 1111 3333 2 Eth0 0 2 sticky Total items displayed 1 6 5 Configuring Limitation on MAC Address Learning This section describes how to limit MAC learning based on interfaces and VLANs 6 5 1 Establishing the Configuration Task Applicable Environme...

Page 177: ...ess learning is not limited Step 4 Run mac limit action discard forward The action to be taken on the packets when the number of learned MAC addresses reaches the limit is set By default the packets received after the number of learned MAC addresses reaches the limit are directly discarded Step 5 Run mac limit alarm disable enable The alarm generated when the number of learned MAC addresses reache...

Page 178: ... By default an alarm is generated when the packets received after the number of learned MAC addresses reaches the limit End 6 5 4 Checking the Configuration Procedure Step 1 Run the display mac limit interface type interface number vlan vlan id command to view the rule of limiting MAC address learning End Example Run the display mac limit command to check the configuration for limiting MAC address...

Page 179: ...D of the VLAN in which MAC address flapping needs to be configured 2 Blocking time for the interface on which MAC address flapping occurs 3 Number of retries before an interface is permanently blocked 6 6 2 Configuring MAC Address Flapping Detection Context After MAC address flapping detection is configured in a VLAN the router checks all the MAC addresses in the VLAN to detect MAC address flappin...

Page 180: ... the reset loop detect eth loop command in the corresponding VLAN if you want to restore the interface or MAC address Procedure Step 1 Run system view The system view is displayed Step 2 Run reset loop detect eth loop vlan vlan id all interface interface type interface number mac address mac address The specified interface or MAC address is unblocked Before using the reset loop detect eth loop com...

Page 181: ...11 01b2 628 Block forever 6 7 Configuring the Router to Discard Packets with an Invalid All 0 MAC Address This section describes how to configure the router to discard packets with an invalid all 0 MAC address 6 7 1 Establishing the Configuration Task Applicable Environment You can configure the router to discard packets with an all 0 source or destination MAC address to prevent invalid packets Pr...

Page 182: ...es not send a trap to the NMS and discards the packets directly To trigger the alarm on packets with an all 0 MAC address again perform the following steps Procedure Step 1 Run system view The system view is displayed Step 2 Run drop illegal mac alarm The router is configured to trigger an alarm when receiving a packet with an all 0 MAC address By default the router triggers an alarm when receivin...

Page 183: ...dress command to debug the Ethernet packets with the specified source MAC address or destination address End 6 9 Configuration Examples This section provides examples showing how to configure the MAC address table 6 9 1 Example for Configuring the MAC Address Table Networking Requirements As shown in Figure 6 1 the MAC address of PC1 is 0002 0002 0002 and the MAC address of PC2 is 0003 0003 0003 T...

Page 184: ...oadmap is as follows 1 Create VLANs on the Router and add the interfaces to the VLANs 2 Configure static MAC address entries 3 Set the aging time for the dynamic MAC address entries Data Preparation To complete the configuration you need the following data l MAC address of PC1 0002 0002 0002 l MAC address of PC2 0003 0003 0003 l MAC address of the server 0004 0004 0004 l VLAN that the Router belon...

Page 185: ...ay mac address command in any view to check whether the static MAC address entries are successfully added to the MAC address table Huawei display mac address static vlan 2 MAC Address VLAN Bridge Learned From Type 0002 0002 0002 2 Eth2 0 1 static 0003 0003 0003 2 Eth2 0 1 static 0004 0004 0004 2 Eth2 0 2 static Total items displayed 3 Run the display mac address aging time command to check whether...

Page 186: ... computers Figure 6 2 Network diagram of port security configuration Router Switch Internet PC1 PC2 PC3 VLAN 10 Eth2 0 1 Configuration Roadmap The configuration roadmap is as follows 1 Create a VLAN and set the link type of the interface to trunk 2 Enable the port security function 3 Enable the sticky MAC function on the interface 4 Configure the protective action on the interface 5 Set the maximu...

Page 187: ...e action Huawei Ethernet2 0 1 port security protect action protect Set the maximum number of MAC addresses that can be learned on the interface Huawei Ethernet2 0 1 port security max mac num 4 To enable the port security function on other interfaces repeat the preceding steps Step 3 Verify the configuration If PC1 is replaced by another PC this replacement PC cannot access the company intranet End...

Page 188: ...imit is reached Data Preparation To complete the configuration you need the following data l Limit on the number of MAC addresses learned by Ethernet2 0 1 4 l Limit on the number of MAC addresses learned by Ethernet2 0 2 100 l Action performed when the limit is reached discard packets with new MAC addresses and generate an alarm Procedure Step 1 Configure MAC address limiting rules on the interfac...

Page 189: ... Requirements As shown in Figure 6 4 Ethernet2 0 1 and Ethernet2 0 2 of the Router are connected to LSWs The LSWs are connected to users including a few IP phone users and many computer users IP phone users are in VLAN 100 and computer users are in VLAN 200 To prevent MAC address attacks and save MAC address table space configure a rule to limit the number of MAC addresses learned in VLAN 200 Figu...

Page 190: ...200 Huawei Ethernet2 0 1 quit Huawei interface ethernet 2 0 2 Huawei Ethernet2 0 2 port link type trunk Huawei Ethernet2 0 2 port trunk allow pass vlan 200 Huawei Ethernet2 0 2 quit Configure the following MAC address limiting rule in VLAN 200 l A maximum of 500 MAC addresses can be learned l When the number of learned MAC addresses reaches the limit the Router forwards packets with new source MAC...

Page 191: ... 0 1 port link type trunk port trunk allow pass vlan 100 200 interface Ethernet2 0 2 port link type trunk port trunk allow pass vlan 200 return Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 6 MAC Address Table Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 180 ...

Page 192: ...vices 7 3 Configuring Basic STP RSTP Functions STP RSTP is used to block redundant links on Layer 2 networks and trim a network into a loop free tree topology 7 4 Configuring STP RSTP Parameters on an Interface STP does not have a mechanism to confirm topology convergence whereas RSTP provides a feedback mechanism to implement rapid convergence 7 5 Configuring RSTP Protection Functions This sectio...

Page 193: ...tire STP RSTP capable network The root bridge is the logical center but is not necessarily the physical center of the entire network Another switching device can serve as the root bridge following a change in the network topology l Bridge ID As defined in IEEE 802 1D a bridge ID BID is composed of a 2 byte bridge priority and a 6 byte bridge MAC address On an STP capable network the device with th...

Page 194: ...DUs to the downstream switching device All ports on the root bridge are designated ports A designated port is selected for each network segment The device on which the designated port resides is called the designated bridge l RSTP port roles Compared with STP RSTP has two additional types of ports the alternate port and backup port More port roles are defined to simplify deployment of STP Figure 7...

Page 195: ...rwarding A port in the Forwarding state forwards user traffic and BPDUs Only the root port and designated port can enter the Forwarding state Learning When a port is in the Learning state a device creates a MAC address table based on the received user traffic but does not forward the traffic This is a transition state which is designed to prevent temporary loops Listening A port in the Listening s...

Page 196: ...ing states Max Age Sets the maximum lifetime of a BPDU on the network When the Max Age time is reached the connection to the root bridge is considered broken Comparison between STP RSTP and MSTP Table 7 3 compares STP RSTP and MSTP in terms of the characteristics of each protocol and their applicable environments Table 7 3 Comparison between STP RSTP and MSTP Spanning Tree Protocol Characteristics...

Page 197: ...ic for different VLANs is forwarded through different spanning trees which are independent of each other 7 2 STP RSTP Features Supported by the AR3200 Before configuring STP RSTP familiarize yourself with basic STP RSTP functions topology convergence STP RSTP protection and STP RSTP interoperability between Huawei devices and non Huawei devices STP RSTP is used to block redundant links on Layer 2 ...

Page 198: ... threshold the switching device processes only the specified number of TC BPDUs After the specified time period expires the device processes the excess TC BPDUs for once This function prevents the switching device from frequently deleting MAC entries and ARP entries saving CPU resources Root protection Due to incorrect configurations or malicious attacks on the network a root bridge may receive BP...

Page 199: ...oot bridge the higher the numerical value the lower the priority of the switching device and the less likely that the switching device becomes a root bridge l Set a path cost for a port With the same calculation method the lower the numerical value the smaller the cost of the path from the port to the root bridge and the more likely the port becomes a root port the higher the numerical value the l...

Page 200: ...hing device supports STP and RSTP RSTP is recommended Pre configuration Tasks Before configuring basic STP RSTP functions complete the following task l Connecting interfaces and setting physical parameters for the interfaces to ensure that the interfaces are physically Up Data Preparation To configure basic STP RSTP functions you need the following data No Data 1 Optional Priority of a switching d...

Page 201: ...nfigure the priorities of the switching devices to preferentially select a root bridge The lower the numerical value is the higher priority a switching device has and the more likely the switching device will be selected as a root bridge Context On an STP RSTP capable network there is only one root bridge which is the logic center of the entire spanning tree During root bridge selection a high per...

Page 202: ...ng the Path Cost for a Port The STP RSTP path cost determines root port selection The port from which to the root port costs the least is selected as the root port Context A path cost is port specific and is used by STP RSTP to select a link The path cost value range is determined by the calculation method After the calculation method is determined it is recommended that you set a relatively small...

Page 203: ... IEEE 802 1t standard method is used cost ranges from 1 to 200000000 End 7 3 5 Optional Configuring Port Priorities In each spanning tree select a designated port for each connection according to the bridge ID the cost of path and port IDs The lower the numerical value the more likely the port on a switching device becomes a designated port the higher the numerical value the more likely the port i...

Page 204: ...d and stable spanning tree calculation perform basic configurations on the switching device and its ports and enable STP RSTP Procedure Step 1 Run system view The system view is displayed Step 2 Run stp enable STP RSTP is enabled on the switching device By default STP RSTP is enabled on a router End 7 3 7 Checking the Configuration After basic STP RSTP functions are configured you can view the inf...

Page 205: ...ly 15s RemHop 0 TC or TCN send 1 TC or TCN received 0 BPDU Sent 4 TCN 0 Config 0 RST 4 MST 0 BPDU Received 22 TCN 0 Config 0 RST 22 MST 0 Port2 DISCARDING Port Protocol enabled Port Role Alternate Port Port Priority 160 Port Cost Legacy Config auto Active 20 Designated Bridge Port 4096 00e0 6606 be00 128 1 Port Edged Config default Active disabled Point to point Config auto Active true Transit Lim...

Page 206: ...ecommended that you set the network diameter to determine the timer value The switching device automatically calculates the Forward Delay period Hello time and Max Age time based on the network diameter Then you can run the stp timer factor factor command to set the timeout period for waiting for BPDUs from the upstream 3 x Hello timer value x Time factor Port parameter Link type of a port l stp p...

Page 207: ...rs Edge ports l stp edged port enable The ports connected to terminals do not participate in STP RSTP calculation If a port is configured as an edge port the port does not participate in STP RSTP calculation After BPDU protection is configured on a switching device an edge port is shut down when receiving BPDUs You can configure the port to go Up after a specified delay has elapsed 7 4 1 Establish...

Page 208: ...nabled with rapid transition mechanism 5 Whether a port needs to transition to the RSTP mode 6 Maximum number of sent BPDUs 7 Whether a port needs to be configured as an edge port 8 Whether auto recovery needs to be configured for an edge port being shut down 9 Whether a port needs to clear statistics of the spanning tree 10 Whether the edge port needs to be configured as a BPDU filter 7 4 2 Confi...

Page 209: ...ork topology convergence and improves network stability l To configure all ports on the devices as BPDU filter ports run stp bpdu filter default By default a port is a non BPDU filter port After ports on a network edge device are configured as BPDU filter ports the ports no longer process or send BPDUs WARNING After the stp bpdu filter default and stp edged port default commands are run in the sys...

Page 210: ...interface automatically determines whether to connect to a P2P link The P2P link supports rapid network convergence l If the Ethernet port works in full duplex mode the port is connected to a P2P link In this case force true can be configured to implement rapid network convergence l If the Ethernet port works in half duplex mode you can run stp point to point force true to forcibly set the link ty...

Page 211: ...p bpdu filter enable command is run on a port the port no longer processes or sends BPDUs The port will not negotiate with the directly connected port to establish an STP connection Step 7 Run quit Return to the system view Step 8 Optional Run error down auto recovery cause cause item interval interval value The auto recovery function on an edge port is configured This function enables a port in t...

Page 212: ...gured Procedure l Run the display stp interface interface type interface number brief command to view spanning tree status and statistics End Example Run the display stp command to view the values of the Hello timer Max Age timer Forward Delay timer maximum number of sent BPDUs within each Hello time interval and whether a port is connected to a P2P link Huawei display stp interface ethernet 2 0 1...

Page 213: ...e edge port if the edge port receives an RST BPDU Then the device notifies the NMS of the shutdown event The attributes of the edge port are not changed TC protection Generally after receiving TC BPDUs packets for advertising network topology changes a switching device needs to delete MAC entries and ARP entries Frequent deletions exhaust CPU resources TC protection is used to suppress TC BPDUs Yo...

Page 214: ...After the root port ages a switching device may re select a root port incorrectly After the alternate port ages the port enters the Forwarding state Loops may occur in such a situation After loop protection is configured if the root port or alternate port does not receive RST BPDUs from the upstream switching device for a long time the switching device notifies the NMS that the port enters the Dis...

Page 215: ...an run the error down auto recovery cause bpdu protection interval interval value command to configure the auto recovery function and set the delay on the port After the delay expires the port automatically goes Up interval interval value ranges from 30 to 86400 in seconds Note the following when setting this parameter l There is no default value for the recovery time Therefore you must specify a ...

Page 216: ...s the switching device processes received TC BPDUs and updates forwarding entries within a given time is set NOTE The given time is specified by the RSTP Hello timer set by using the stp timer hello hello time command End 7 5 4 Configuring Root Protection on a Port The root protection function on a switching device protects a root bridge by preserving the role of a designated port Context Due to i...

Page 217: ...an be mitigated by configuring loop protection After loop protection is configured if the root port or alternate port does not receive BPDUs from the upstream switching device the root port is blocked and the switching device notifies the NMS that the port enters the Discarding state The blocked port remains in the Blocked state and no longer forwards packets This function helps prevent loops on t...

Page 218: ...of root protection on a specified port For example Huawei display stp interface ethernet 2 0 1 CIST Port8 Ethernet2 0 1 FORWARDING Port Protocol Enabled Port Role Root Port Port Priority 128 Port Cost Legacy Config auto Active 199 Designated Bridge Port 32768 0010 1220 0100 128 8 Port Edged Config default Active disabled Point to point Config auto Active true Transit Limit 147 packets hello time P...

Page 219: ...the master and the others are backups to fulfill network redundancy requirements Loops are bound to occur on such types of complex networks Loops will cause broadcast storms thereby exhausting network resources and paralyzing the network Loops also cause MAC address flapping that damages MAC address entries STP can be deployed on a network to eliminate loops by blocking some ports On the network s...

Page 220: ... a Configure the STP mode for the ring network b Configure primary and secondary root bridges c Set path costs for ports to block certain ports d Enable STP to eliminate loops l Enable STP globally l Enable STP on all the interfaces except the interfaces connected to terminals NOTE STP is not required on the interfaces connected to terminals because these interfaces do not need to participate in S...

Page 221: ...s This example uses the Huawei proprietary calculation method and sets the path cost to 200000 l If the switches are not Huawei 2300 Series all switches on a network must use the same path cost calculation method Refer to STP List of path costs to get standard of other calculation methods On RouterA configure the path cost calculation method as the Huawei proprietary method RouterA stp pathcost st...

Page 222: ...ole STP State Protection 0 Ethernet2 0 0 DESI FORWARDING NONE 0 Ethernet2 0 1 DESI FORWARDING NONE After RouterA is configured as a root bridge Ethernet2 0 0 connected to SwitchA and Ethernet2 0 1 connected to SwitchB are elected as designated ports during spanning tree calculation End Configuration Files l Configuration file of RouterA sysname RouterA stp mode stp stp instance 0 root primary stp ...

Page 223: ... 7 7 2 Example for Configuring Basic RSTP Functions This example shows how to configure basic RSTP functions Networking Requirements On a complex network loops are inevitable With the requirement for network redundancy backup network designers tend to deploy multiple physical links between two devices one of which is the master and the others are the backup Loops are likely or bound to occur in su...

Page 224: ...ing diagram of configuring basic STP functions RouterA Eth2 0 1 Network SwitchA RSTP Blocked port SwitchB Root Bridge Eth2 0 0 SwitchC SwitchD Eth0 0 1 Eth0 0 2 Eth0 0 1 Eth0 0 2 Eth0 0 1 Eth0 0 2 Eth0 0 1 Eth0 0 3 Eth0 0 2 Eth0 0 3 Eth0 0 4 Eth0 0 4 Eth0 0 3 Eth0 0 3 PC1 PC2 PC3 PC4 Configuration Roadmap The configuration roadmap is as follows 1 Configure basic RSTP functions including a Configur...

Page 225: ...he documentation of the switches 2 Configure primary and secondary root bridges Configure RouterA as the primary root bridge RouterA stp root primary Configure SwitchA as a second root bridge 3 Set path costs for the interface to be blocked NOTE l The values of path costs depend on path cost calculation methods This example uses the Huawei proprietary calculation method and sets the path cost to 2...

Page 226: ...interface ethernet 2 0 1 RouterA Ethernet2 0 1 stp root protection RouterA Ethernet2 0 1 quit Step 3 Verify the configuration After the previous configurations run the following commands to verify the configuration when the network is stable Run the display stp brief command on RouterA to view the interface status and protection type The displayed information is as follows RouterA display stp brie...

Page 227: ...interface Ethernet0 0 3 return l Configuration file of SwitchC stp mode rstp stp pathcost standard legacy interface Ethernet0 0 1 interface Ethernet0 0 2 stp disable interface Ethernet0 0 3 stp disable interface Ethernet0 0 4 stp instance 0 cost 200000 return l Configuration file of SwitchD stp mode rstp stp pathcost standard legacy interface Ethernet0 0 1 interface Ethernet0 0 2 stp disable Huawe...

Page 228: ...erface Ethernet0 0 4 stp instance 0 cost 200000 return Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 7 STP RSTP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 217 ...

Page 229: ...the basic STP RSTP function divides a switching network into multiple regions each of which has multiple spanning trees that are independent of each other MSTP isolates user traffic and service traffic and load balances VLAN traffic 8 4 Configuring MSTP Parameters on an Interface Proper MSTP parameter settings achieve rapid convergence 8 5 Configuring MSTP Protection Functions This section describ...

Page 230: ...nd procedures for some typical application scenarios for MSTP and also provides the related configuration files Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 8 MSTP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 219 ...

Page 231: ...2 1s standard in 2002 which defines MSTP MSTP is compatible with STP and RSTP It implements rapid convergence and provides multiple paths to load balance VLAN traffic Table 8 1 compares STP RSTP and MSTP in terms of the characteristics of each protocol and their applicable environments Table 8 1 Comparison between STP RSTP and MSTP Spanning Tree Protocols Characteristics Application Scenarios Prec...

Page 232: ... link is the master and the others are backups to fulfill network redundancy requirements Loops are bound to occur on such types of complex networks Loops will cause broadcast storms thereby exhausting network resources and paralyzing the network Loops also cause MAC address flapping that damages MAC address entries MSTP compatible with STP and RSTP uses multiple instances to isolate service traff...

Page 233: ...t are directly or indirectly connected You can use MSTP configuration commands to group multiple switching devices into an MST region As shown in Figure 8 2 the MST region D0 contains the switching devices S1 S2 S3 and S4 The region has three MSTIs Figure 8 2 MST region D0 S1 other VLANs MSTI0 S2 S4 S3 VLAN1 MSTI1 VLAN2 VLAN3 MSTI2 MSTI1 root switch S3 MSTI2 root switch S2 MSTI0 IST root switch S1...

Page 234: ... each MSTI has its own regional root Figure 8 3 MSTI Root VLAN 10 20 30 VLAN10 20 VLAN 20 30 VLAN 10 30 VLAN30 VLAN 10 30 VLAN20 VLAN 10 MST Region Root MSTI corresponding to VLAN 10 Root MSTI corresponding to VLAN 20 MSTI corresponding to VLAN 30 MSTI links MSTI links blocked by the protocol MSTIs are independent of each other An MSTI can correspond to one or more VLANs but a VLAN can be mapped t...

Page 235: ...ST is a segment of the CIST in an MST region As shown in Figure 8 4 the switching devices in an MST region are connected to form an IST l CIST A CIST calculated by using STP or RSTP connects all the switching devices on a switching network As shown in Figure 8 4 the ISTs and the CST form a complete spanning tree CIST l SST A Single Spanning Tree SST is formed in either of the following situations ...

Page 236: ...ted ports on S1 BP2 is a designated port on S2 CP2 is a designated port on S3 Alternate port l An alternate port is blocked after it receives a BPDU sent by another switching devices l An alternate port provides an alternate path to the root bridge This path is different than using the root port As shown in Figure 8 5 BP2 and AP4 are alternate ports Backup port l A backup port is blocked after it ...

Page 237: ... also a master port in the CIST Therefore AP1 is the master port in every MSTI in the MST region Edge port An edge port is located at the edge of an MST region and does not connect to any switching device Generally edge ports are directly connected to terminals As shown in Figure 8 5 BP3 is an edge port Figure 8 5 Port roles S1 AP2 S2 S3 AP3 CP2 CP3 BP2 CP1 BP1 S4 Root Bridge MST Region AP1 AP4 DP...

Page 238: ...di ng Yes Yes Yes Yes Yes Yes The port supports this status No The port does not support this status 8 2 MSTP Features Supported by the AR3200 Before configuring MSTP familiarize yourself with the concepts of basic MSTP functions topology convergence MSTP protection and MSTP interoperability between Huawei devices and non Huawei devices MSTP is used to block redundant links on the Layer 2 network ...

Page 239: ...o a switching device network flapping occurs After BPDU protection is enabled the switching device shuts down the edge port if the edge port receives an RST BPDU Then the device notifies the NMS of the shutdown event The attributes of the edge port are not changed TC protection Generally after receiving TC BPDUs packets for advertising network topology changes a switching device needs to delete MA...

Page 240: ...ing device notifies the NMS that the port enters the Discarding state The blocked port remains in the Blocked state and no longer forwards packets This function helps prevent loops on the network The root port transitions to the Forwarding state after receiving new BPDUs 8 3 Configuring Basic MSTP Functions MSTP based on the basic STP RSTP function divides a switching network into multiple regions...

Page 241: ... are backups to fulfill network redundancy requirements Loops are bound to occur on such types of complex networks Loops will cause broadcast storms thereby exhausting network resources and paralyzing the network Loops also cause MAC address flapping that damages MAC address entries MSTP can be deployed on a network to eliminate loops If a loop is detected MSTP blocks one or more ports to eliminat...

Page 242: ...ed port Blocked port MST Region Network VLAN1 10 VLAN11 20 MSTI1 MSTI2 NOTE If the current device supports MSTP configuring MSTP is recommended Pre configuration Tasks Before configuring basic MSTP functions complete the following task Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 8 MSTP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Techno...

Page 243: ...witching device is set to MSTP By default the working mode is MSTP STP and MSTP cannot recognize packets of each other but MSTP and RSTP can If an MSTP enabled switching device is connected to switching devices running STP interfaces of the MSTP enabled switching device connected to devices running STP automatically transition to STP mode and other interfaces still work in MSTP mode This enables d...

Page 244: ...p 1 Run system view The system view is displayed Step 2 Run stp region configuration The MST region view is displayed Step 3 Run region name name The name of an MST region is configured By default the MST region name is the MAC address of the management network interface on the MPU of the switching device Step 4 Perform either of the following steps to configure VLAN to instance mappings l Run the...

Page 245: ... Run active region configuration MST region configurations are activated so that the configured region name VLAN to instance mappings and revision number can take effect If this step is not done the preceding configurations cannot take effect If you have changed MST region configurations on the switching device after MSTP starts run the active region configuration command to activate the MST regio...

Page 246: ...ry root bridge function and then run the stp instance instance id priority priority command to re set a priority End 8 3 5 Optional Configuring a Path Cost of a Port in an MSTI The MSTP path cost determines root port selection in an MSTI The port with the lowest path cost to the root bridge is selected as the root port Context A path cost is port specific and is used by MSTP to select a link Path ...

Page 247: ...e id cost cost A path cost is set for the port in the current MSTI l When the Huawei proprietary calculation method is used cost ranges from 1 to 200000 l When the IEEE 802 1d standard method is used cost ranges from 1 to 65535 l When the IEEE 802 1t standard method is used cost ranges from 1 to 200000000 End 8 3 6 Optional Configuring a Port Priority in an MSTI A port with a smaller priority valu...

Page 248: ...such as the switching device priority and port priority will affect spanning tree calculation Any change to the configurations may cause network flapping Therefore to ensure rapid and stable spanning tree calculation perform basic configurations on the switching device and its ports and enable MSTP Procedure Step 1 Run system view The system view is displayed Step 2 Run stp enable MSTP is enabled ...

Page 249: ...led Port Role CIST Designated Port Port Priority 128 Port Cost Dot1T Config 100 Active 100 Designated Bridge Port 32768 00e0 fc0e a421 128 1229 Port Edged Config disabled Active disabled Point to point Config auto Active true Transit Limit 3 packets hello time Protection Type None Port Stp Mode MSTP Port Protocol Type Config auto Active dot1s PortTimes Hello 2s MaxAge 20s FwDly 15s RemHop 0 TC or ...

Page 250: ...n also be used to complete MSTP rapid convergence Therefore the configuration procedures and steps in this command task are all optional Pre configuration Tasks Before configuring MSTP parameters complete the following task l Configuring basic MSTP functions Data Preparation To configure MSTP parameters you need the following data No Data 1 Network diameter 2 Hello time forwarding delay time maxim...

Page 251: ...rk diameter cannot be larger than 7 l It is recommended that you run the stp bridge diameter diameter command to set the network diameter Then the switching device calculates the optimal Forward Delay period Hello timer value and Max Age timer value based on the set network diameter Step 3 Run stp timer factor factor The timeout period for waiting for BPDUs from the upstream device is set By defau...

Page 252: ...er of a switching device is 200 centiseconds l Run the stp timer max age max age command to set the Max Age timer The default Max Age timer of a switching device is 2000 centiseconds NOTE The values of the Hello timer Forward Delay timer and Max Age timer must comply with the following formulas otherwise network flapping occurs l 2 x Forward Delay 1 0 second Max Age l Max Age 2 x Hello Time 1 0 se...

Page 253: ... P2P link In this case force true can be configured to implement rapid network convergence l If the Ethernet port works in half duplex mode you can run stp point to point force true to forcibly set the link type to P2P Step 4 Run stp mcheck MCheck is enabled On a switching device running MSTP if an interface is connected to a device running STP the interface automatically transitions to the STP mo...

Page 254: ...n state to automatically go Up after the specified delay There is no default value for the recovery time Therefore you must specify a delay when using this command End Follow up Procedure When the topology of a spanning tree changes the forwarding paths to associated VLANs are changed The ARP entries corresponding to those VLANs on the switching device need to be updated MSTP processes ARP entries...

Page 255: ...fig Times Hello 2s MaxAge 20s FwDly 15s MaxHop 20 Active Times Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root ERPC 32768 00e0 fc0e a421 0 CIST RegRoot IRPC 32768 00e0 fc0e a421 0 CIST RootPortId 0 0 BPDU Protection Disabled TC or TCN received 8 STP Converge Mode Normal Time since last TC 0 days 23h 9m 30s Port3 Ethernet2 0 1 FORWARDING Port Protocol Enabled Port Role CIST Designated Port Port P...

Page 256: ...NMS of the shutdown event The attributes of the edge port are not changed TC protection Generally after receiving TC BPDUs packets for advertising network topology changes a switching device needs to delete MAC entries and ARP entries Frequent deletions exhaust CPU resources TC protection is used to suppress TC BPDUs You can configure the number of times a switching device processes TC BPDUs withi...

Page 257: ... a root port incorrectly and after the alternate port ages the port enters the Forwarding state Loops may occur in such a situation The loop protection function can be used to prevent such network loops If the root port or alternate port cannot receive RST BPDUs from the upstream switching device the root port is blocked and the switching device notifies the NMS that the port enters the Discarding...

Page 258: ...du protection BPDU protection is enabled on the switching device By default BPDU protection is not enabled on the switching device End Follow up Procedure To allow an edge port to automatically start after being shut down you can run the error down auto recovery cause bpdu protection interval interval value command to configure the auto recovery function and set the delay on the port After the del...

Page 259: ... CPU resources Procedure Step 1 Run system view The system view is displayed Step 2 Run stp tc protection TC protection is enabled for the MSTP process By default TC protection is not enabled on the switching device Step 3 Run stp tc protection threshold threshold The number of times the MSTP process handles the received TC BPDUs and updates forwarding entries within a given time is set NOTE The g...

Page 260: ...ink congestion or unidirectional link failure the switching device re selects a root port The original root port becomes a designated port and the original blocked ports change to the Forwarding state This switching may cause network loops which can be mitigated by configuring loop protection After loop protection is configured if the root port or alternate port does not receive BPDUs from the ups...

Page 261: ... status and configured protection type on a switching device For example Huawei display stp instance 0 interface ethernet 2 0 1 CIST Global Info Mode MSTP CIST Bridge 32768 00e0 fc0e a421 Config Times Hello 2s MaxAge 20s FwDly 15s MaxHop 20 Active Times Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root ERPC 32768 00e0 fc0e a421 0 CIST RegRoot IRPC 32768 00e0 fc0e a421 0 CIST RootPortId 0 0 BPDU Pr...

Page 262: ... quickly and accurately Applicable Environment On an MSTP network inconsistent protocol packet formats and BPDU keys may lead to a communication failure Setting MSTP parameters correctly on Huawei devices ensures interoperability between Huawei devices and non Huawei devices Pre configuration Tasks Before configuring MSTP interoperability between Huawei devices and non Huawei devices complete the ...

Page 263: ...ation flag bit An upstream device sends a Proposal message to a downstream device requesting rapid status transition After receiving the message the downstream device sets the port connected to the upstream device as a root port and blocks all non edge ports The root port then transitions to the Forwarding state The downstream device responds to the Proposal message with an Agreement message After...

Page 264: ...nce auto dot1s legacy The MSTP protocol packet format is configured on the interface The auto mode is used by default NOTE The negotiation will fail if the format of MSTP packets is set to dot1s on one end and legacy on the other end End 8 6 4 Enabling the Digest Snooping Function Interconnected Huawei and non Huawei devices cannot communicate with each other if they have the same region name revi...

Page 265: ...l Info Mode MSTP CIST Bridge 32768 00e0 fc0e a421 Config Times Hello 2s MaxAge 20s FwDly 15s MaxHop 20 Active Times Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root ERPC 32768 00e0 fc0e a421 0 CIST RegRoot IRPC 32768 00e0 fc0e a421 0 CIST RootPortId 0 0 BPDU Protection Disabled TC or TCN received 8 STP Converge Mode Normal Time since last TC 0 days 23h 9m 30s Port3 Ethernet2 0 1 FORWARDING Port P...

Page 266: ...clear spanning tree statistics End 8 8 Configuration Examples This section describes the networking requirements configuration roadmap data preparation and procedures for some typical application scenarios for MSTP and also provides the related configuration files 8 8 1 Example for Configuring Basic MSTP Functions This example shows how to configure basic MSTP functions Networking Requirements On ...

Page 267: ... network into a loop free tree As shown in Figure 8 7 to load balance traffic of VLANs 2 to 10 and traffic of VLANs 11 to 20 multiple MSTIs are created MSTP defines a VLAN mapping table in which VLANs are associated with spanning tree instances Run MSTP on RouterA SwitchA SwitchB SwitchC and SwitchD Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 8 MSTP Configuration Issue 02 2012 ...

Page 268: ...ch RouterA Root Switch RouterA MSTI1 MSTI2 Blocked port Blocked port Eth0 0 1 Eth0 0 2 Eth0 0 1 Eth0 0 3 Eth0 0 2 Eth0 0 4 E t h 0 0 4 Eth0 0 3 Eth0 0 2 Eth0 0 1 Eth0 0 2 Eth0 0 1 Eth0 0 3 E t h 0 0 3 MST Region Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 8 MSTP Configuration Issue 02 2012 03 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 257 ...

Page 269: ... To complete the configuration you need the following data l Region name RG1 l MSTIs MSTI 1 and MSTI 2 l Ethernet interface numbers shown in Figure 8 7 l Primary and secondary root bridges of MSTI 1 RouterA and SwitchA respectively and primary and secondary root bridges of MSTI 2 RouterA and SwitchB respectively l Path costs of the ports to be blocked 2000000 l VLAN IDs 2 to 20 l VLAN to which PC1...

Page 270: ...y calculation method as an example to set the path costs of the ports to be blocked to 200000 l If the switches are not Huawei 2300 Series all switches on a network must use the same path cost calculation method Refer to STP List of path costs to get standard of other calculation methods On RouterA configure the path cost calculation method as the Huawei proprietary method RouterA stp pathcost sta...

Page 271: ...0 RouterA Ethernet2 0 0 port link type trunk RouterA Ethernet2 0 0 port trunk allow pass vlan 2 to 20 RouterA Ethernet2 0 0 quit RouterA interface ethernet 2 0 1 RouterA Ethernet2 0 1 port link type trunk RouterA Ethernet2 0 1 port trunk allow pass vlan 2 to 20 RouterA Ethernet2 0 1 quit Add interfaces Eth0 0 1 Eth0 0 2 and Eth0 0 3 on SwitchA and SwitchB to VLAN 2 to 20 Add interfaces Eth0 0 1 Et...

Page 272: ...us and protection type on SwitchC In MSTI1 interface Eth0 0 1 is elected as root port interface Eth0 0 4 is blocked In MSTI2 interface Eth0 0 1 is elected as root port interface Eth0 0 4 is elected as designated port Verify the interface status and protection type on SwitchD In MSTI1 interface Eth0 0 1 is elected as root port interface Eth0 0 4 is elected as designated port In MSTI2 interface Eth0...

Page 273: ...0 0 2 port link type trunk port trunk allow pass vlan 2 to 20 interface Ethernet0 0 3 port link type trunk port trunk allow pass vlan 2 to 20 return l Configuration file of SwitchB sysname SwitchB vlan batch 2 to 20 stp instance 2 root secondary stp pathcost standard legacy stp region configuration region name RG1 instance 1 vlan 2 to 10 instance 2 vlan 11 to 20 active region configuration Huawei ...

Page 274: ...active region configuration interface Ethernet0 0 1 port link type trunk port trunk allow pass vlan 2 to 10 interface Ethernet0 0 2 port link type trunk port trunk allow pass vlan 2 to 10 stp disable interface Ethernet0 0 3 port link type trunk port trunk allow pass vlan 2 to 10 stp disable interface Ethernet0 0 4 port link type trunk port trunk allow pass vlan 2 to 10 stp instance 1 cost 200000 r...

Page 275: ...et0 0 2 port link type trunk port trunk allow pass vlan 11 to 20 stp disable interface Ethernet0 0 3 port link type trunk port trunk allow pass vlan 11 to 20 stp disable interface Ethernet0 0 4 port link type trunk port trunk allow pass vlan 11 to 20 stp instance 2 cost 200000 return Huawei AR3200 Series Enterprise Routers Configuration Guide LAN 8 MSTP Configuration Issue 02 2012 03 30 Huawei Pro...

Search results

Summary of Contents for AR3200 Series

Reviews:

Related manuals for AR3200 Series

Brands by name

Popular brands

Huawei AR3200 Series, Configuration Manual - Lan

Search results

Summary of Contents for AR3200 Series

Reviews:

Related manuals for AR3200 Series

Brands by name

Popular brands