manualshive.com logo in svg

Huawei AR530 Series, Configuration Manual

Share
Download
Huawei AR530 Series Configuration Manual Download Page 28

l

Run the 

display mac-address static

 command to check static MAC address entries.

l

Run the 

display mac-address dynamic

 command to check dynamic MAC address entries.

l

Run the 

display mac-address blackhole

 command to check blackhole MAC address

entries.

l

Run the 

display mac-address aging-time

 command to check the aging time of dynamic

MAC address entries.

l

Run the 

display mac-address summary

 command to check statistics on all the MAC

address entries.

l

Run the 

display mac-address total-number

 command to check the number of MAC

address entries.

l

Run the 

display mac-limit

 command to check the limit of the number of learned MAC

addresses.

----End

1.6.2 Configuring Port Security

The port security function changes MAC addresses learned on an interface into secure MAC
addresses (including secure dynamic MAC addresses and sticky MAC addresses). Only hosts
using secure MAC addresses or static MAC addresses can communicate with the device through
the interface. This function enhances security of the device.

Pre-configuration Tasks

Before configuring port security on an interface, complete the following tasks:

l

Disabling MAC address limiting on the interface

l

Disabling MAC address authentication on the interface

l

Disabling 802.1x authentication on the interface

l

Disabling MAC address security for DHCP snooping on the interface

1.6.2.1 Configuring the Secure MAC Function on an Interface

Context

If a network requires high access security, you can configure port security on specified interfaces.
MAC addresses learned by these interfaces change to secure dynamic MAC addresses or sticky
MAC addresses. When the number of learned MAC addresses reaches the limit, the interface
does not learn new MAC addresses and allows only the devices with the learned MAC addresses
to communicate with the industrial switch router. This prevents devices with untrusted MAC
addresses from accessing these interfaces, improving security of the industrial switch router and
the network.

By default, secure dynamic MAC addresses will not be aged out. You can set the aging time for
secure dynamic MAC addresses so that they can be aged out. Secure dynamic MAC addresses
are lost after the device restarts and the device needs to learn the MAC addresses again.

Huawei AR530&AR550 Series Industrial Switch Routers
Configuration Guide - Ethernet Switching

1 MAC Address Table Configuration

Issue 01 (2014-11-30)

Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

14

Summary of Contents for AR530 Series

Page 1: ...Huawei AR530 AR550 Series Industrial Switch Routers V200R005C70 Configuration Guide Ethernet Switching Issue 01 Date 2014 11 30 HUAWEI TECHNOLOGIES CO LTD ...

Page 2: ...t may not be within the purchase scope or the usage scope Unless otherwise specified in the contract all statements information and recommendations in this document are provided AS IS without warranties guarantees or representations of any kind either express or implied The information in this document is subject to change without notice Every effort has been made in the preparation of this docume...

Page 3: ...nitoring engineers l System maintenance engineers Symbol Conventions The symbols that may be found in this document are defined as follows Symbol Description Indicates an imminently hazardous situation which if not avoided will result in death or serious injury Indicates a potentially hazardous situation which if not avoided could result in death or serious injury Indicates a potentially hazardous...

Page 4: ...l items are grouped in braces and separated by vertical bars One item is selected x y Optional items are grouped in brackets and separated by vertical bars One item is selected or no item is selected x y Optional items are grouped in braces and separated by vertical bars A minimum of one item or a maximum of all items can be selected x y Optional items are grouped in brackets and separated by vert...

Page 5: ...encryption algorithms such as AES RSA RSA 2048 or higher SHA2 HMAC SHA2 is recommended The encryption algorithm depends on actual networking The irreversible encryption algorithm must be used for the administrator password SHA2 is recommended l Personal data Some personal data may be obtained or used during operation or fault location of your purchased products services features so you have an obl...

Page 6: ...hecking the Configuration 13 1 6 2 Configuring Port Security 14 1 6 2 1 Configuring the Secure MAC Function on an Interface 14 1 6 2 2 Configuring the Sticky MAC Function on an Interface 16 1 6 2 3 Checking the Configuration 17 1 6 3 Configuring MAC Address Flapping Detection 17 1 6 4 Configuring the Router to Discard Packets with an All 0 MAC Address 18 1 7 Configuration Examples 19 1 7 1 Example...

Page 7: ...LACP Mode 48 2 6 2 3 Adding Member Interfaces to an Eth Trunk 49 2 6 2 4 Optional Setting the Upper and Lower Thresholds for the Number of Active Interfaces 51 2 6 2 5 Optional Configuring a Load Balancing Mode 52 2 6 2 6 Optional Setting the LACP System Priority 52 2 6 2 7 Optional Setting the LACP Interface Priority 53 2 6 2 8 Optional Configuring LACP Preemption 54 2 6 2 9 Optional Setting the ...

Page 8: ...gregation to Save IP Addresses 98 3 6 3 1 Creating a Sub VLAN 98 3 6 3 2 Creating a Super VLAN 99 3 6 3 3 Assigning an IP Address to the VLANIF Interface of a Super VLAN 100 3 6 3 4 Optional Configuring an IP Address Pool for a Sub VLAN 101 3 6 3 5 Optional Enabling Proxy ARP on the VLANIF Interface of a Super VLAN 101 3 6 3 6 Checking the Configuration 102 3 6 4 Configuring an mVLAN to Implement ...

Page 9: ...g Selective QinQ 137 4 8 References 141 5 GVRP Configuration 142 5 1 Introduction to GVRP 143 5 2 Principles 144 5 2 1 Basic Concepts 144 5 2 2 Packet Structure 147 5 2 3 Working Procedure 148 5 3 Applications 152 5 4 Default Configuration 152 5 5 Configuring GVRP 153 5 5 1 Enabling GVRP 153 5 5 2 Optional Setting the Registration Mode for a GVRP Interface 154 5 5 3 Optional Setting the GARP Timer...

Page 10: ...he Maximum Number of Connections in an Eth Trunk that Affects Spanning Tree Calculation 198 6 6 2 5 Checking the Configuration 199 6 6 3 Setting RSTP Parameters that Affect RSTP Convergence 199 6 6 3 1 Setting the RSTP Network Diameter 199 6 6 3 2 Setting the RSTP Timeout Interval 200 6 6 3 3 Setting RSTP Timers 201 6 6 3 4 Setting the Maximum Number of Connections in an Eth Trunk that Affects Spa...

Page 11: ...t Bridge and Secondary Root Bridge 246 7 6 1 4 Optional Configuring a Priority for a Switching Device in an MSTI 247 7 6 1 5 Optional Configuring a Path Cost of a Port in an MSTI 248 7 6 1 6 Optional Configuring a Port Priority in an MSTI 249 7 6 1 7 Enabling MSTP 249 7 6 1 8 Checking the Configuration 250 7 6 2 Configuring MSTP Parameters on an Interface 251 7 6 2 1 Setting the MSTP Network Diame...

Page 12: ...ation 274 8 1 Introduction to SEP 275 8 2 Principles 275 8 2 1 Principles of SEP 275 8 2 2 Basic Concepts of SEP 278 8 2 3 SEP Implementation Mechanisms 282 8 3 Applications 294 8 3 1 Open Ring Networking 294 8 3 2 Closed Ring Networking 295 8 3 3 Multi Ring Networking 296 8 3 4 Hybrid SEP MSTP Ring Networking 297 8 3 5 SEP Multi Instance 298 8 4 Configuration Task Summary 299 8 5 Configuring SEP ...

Page 13: ... Configuring Local Bridging 360 9 6 1 1 Creating a Bridge Group 360 9 6 1 2 Adding Local Interfaces to a Bridge Group 360 9 6 1 3 Optional Disabling a Bridge Group from Bridging Specified Protocol Packets 361 9 6 1 4 Optional Configuring a MAC Address Table for a Bridge Group 362 9 6 1 5 Checking the Configuration 363 9 6 2 Configuring Local Bridging Integrated with IP Routing 363 9 6 2 1 Creating...

Page 14: ...hecking the Configuration 378 9 7 Maintaining Transparent Bridging 378 9 7 1 Monitoring the Operation of Bridge Groups 379 9 7 2 Clearing the Traffic Statistics of a Bridge Group 379 9 7 3 Clearing the Traffic Statistics on the Bridge if Interface of a Bridge Group 380 9 8 Configuration Example 380 9 8 1 Example for Configuring Local Bridging 380 9 8 2 Example for Configuring Local Bridging with I...

Page 15: ...of MAC 1 5 Default Configuration This section describes the default configuration of a MAC address table 1 6 Configuring the MAC Address Table This section describes the MAC address table configuration 1 7 Configuration Examples This section provides several configuration examples of MAC address 1 8 Common Configuration Errors This section describes how to process common configuration errors in MA...

Page 16: ...s learned from other devices When forwarding a data frame the device searches the MAC table for the outbound interface according to the destination MAC address and VLAN ID in the frame This helps the device reduce broadcasting Packet Forwarding Based on the MAC Address Table The device forwards packets based on the MAC address table in either of the following modes l Unicast mode If the destinatio...

Page 17: ...kets or broadcast packets l Manually Configured MAC Address Entries When creating MAC address entries by itself the device cannot identify whether the packets are from the legal users or the hackers This threatens the network safety Hackers can fake the source MAC address in attack packets The packet with a forged address enters the device from the other port Then the device learns a fault MAC tab...

Page 18: ...0e0 fc00 0001 and the VLAN ID as 1 enters the switch between t2 and t3 the flag of the matching MAC address entry is always 0 At t3 after discovering that the flag of the matching MAC address entry is 0 the switch assumes that the aging time of the MAC address entry expires and deletes the MAC address entry As stated above the minimum holdtime of a dynamic MAC address entry in the MAC address tabl...

Page 19: ...the sticky MAC function is disabled By default secure dynamic MAC addresses will never be aged out After the switch restarts secure dynamic MAC addresses are lost and need to be learned again l Sticky MAC addresses are learned on an interface where both port security and sticky MAC function are enabled Sticky MAC addresses will not be aged out After you save the configuration and restart the switc...

Page 20: ...22 33 MAC 11 22 33 Data flow Incorrect connection Access port As shown in Figure 1 2 Switch B should not be connected to Switch C When the two switches are connected Router Switch B and Switch C form a loop When Port1 of Switch A receives a broadcast packet Switch A forwards the packet to Switch B The packet is then sent to Port2 of Switch A Switch A detects that the source MAC address of the pack...

Page 21: ...tection on the Router to detect MAC address flapping and discover loops Figure 1 3 Networking diagram of MAC address flapping detection Switch Network LSW2 LSW1 Incorrect connection 1 4 Configuration Task Summary This chapter describes the configuration task summary of MAC Table 1 1 lists the configuration task summary of MAC address table Huawei AR530 AR550 Series Industrial Switch Routers Config...

Page 22: ...ccurs when a MAC address is learned by two interfaces in the same VLAN The MAC address entry learned later replaces the earlier one MAC address flapping detection enables the device to check all MAC addresses If MAC address flapping occurs the device sends an alarm to the NMS You can locate the faulty device according to the alarm and MAC address flapping history records This greatly improves netw...

Page 23: ...g is enabled Enable Port security Disabled Limit on the number of MAC addresses learned by an interface 1 Action to be taken when the number of learned MAC addresses reaches the limit Restrict Discarding packets with all 0 invalid MAC addresses Disabled Alarms generated when receiving packets with all 0 invalid MAC addresses Disabled 1 6 Configuring the MAC Address Table This section describes the...

Page 24: ...C address entry The system discards packets with configured static MAC addresses that have been learned by other interfaces End 1 6 1 2 Configuring a Blackhole MAC Address Entry Context To save the MAC address table space protect user devices or network devices from MAC address attacks you can configure untrusted MAC addresses as blackhole MAC addresses Packets with source or destination MAC addre...

Page 25: ... Ethernet frame in a MAC address entry When receiving other Ethernet frames destined for this MAC address the industrial switch router forwards the data frames through the outbound interface according to the MAC address entry The MAC address learning function reduces broadcast packets on a network After MAC address learning is disabled on an interface the industrial switch router does not learn so...

Page 26: ...ntity of packets with different source MAC addresses and send the packets to the industrial switch router the MAC address table of the industrial switch router may reach its full capacity When the MAC address table is full the industrial switch router cannot learn source MAC addresses of valid packets You can limit the number of MAC address entries learned on the industrial switch router When the ...

Page 27: ...ies reaches the limit l Limit the number of MAC address entries learned in a VLAN 1 Run system view The system view is displayed 2 Run vlan vlan id The VLAN view is displayed 3 Run mac limit maximum max num The maximum number of MAC address entries learned in the VLAN is set By default the number of MAC address entries learned in a VLAN is not limited 4 Run mac limit alarm disable enable The indus...

Page 28: ...s limiting on the interface l Disabling MAC address authentication on the interface l Disabling 802 1x authentication on the interface l Disabling MAC address security for DHCP snooping on the interface 1 6 2 1 Configuring the Secure MAC Function on an Interface Context If a network requires high access security you can configure port security on specified interfaces MAC addresses learned by these...

Page 29: ...es reaches the limit l restrict discards packets with new source MAC addresses and sends an alarm when the number of learned MAC addresses exceeds the limit l shutdown set the interface status to error down and sends an alarm when the number of learned MAC addresses exceeds the limit By default an interface cannot automatically restore to Up state after it is shut down To restore the interface run...

Page 30: ...er sticky MAC addresses still exist Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run port security enable Port security is enabled By default port security is disabled on an interface Step 4 Run port security mac address sticky The sticky MAC function is enabled on the interface By default ...

Page 31: ...to view the current configuration of an interface l Run the display mac address security vlan vlan id interface type interface number command to view secure dynamic MAC address entries l Run the display mac address sticky vlan vlan id interface type interface number command to view sticky MAC address entries End 1 6 3 Configuring MAC Address Flapping Detection MAC address flapping detection detect...

Page 32: ...s 1 Run the system view command to enter the system view 2 Run the reset loop detect eth loop vlan vlan id all interface interface type interface number mac address mac address command to unblock the specified interface or MAC address Before using the reset loop detect eth loop command run the display loop detect eth loop command to check the blocked interface or MAC address 1 6 4 Configuring the ...

Page 33: ...ent configuration command to check whether the industrial switch router is configured to discard packets with an all 0 MAC address 1 7 Configuration Examples This section provides several configuration examples of MAC address 1 7 1 Example for Configuring the MAC Address Table Networking Requirements As shown in Figure 1 4 the MAC address of PC1 is 0002 0002 0002 and the MAC address of PC2 is 0003...

Page 34: ...1 and Ethernet2 0 2 to VLAN 2 Huawei system view Huawei sysname Router Router vlan 2 Router vlan2 quit Router interface ethernet 2 0 1 Router Ethernet2 0 1 port hybrid tagged vlan 2 Router Ethernet2 0 1 quit Router interface ethernet 2 0 2 Router Ethernet2 0 2 port hybrid pvid vlan 2 Router Ethernet2 0 2 port hybrid untagged vlan 2 Router Ethernet2 0 2 quit Configure static MAC address entries Rou...

Page 35: ...e 500 interface Ethernet2 0 1 port hybrid tagged vlan 2 interface Ethernet2 0 2 port hybrid pvid vlan 2 port hybrid untagged vlan 2 mac address static 0002 0002 0002 Ethernet2 0 1 vlan 2 mac address static 0003 0003 0003 Ethernet2 0 1 vlan 2 mac address static 0004 0004 0004 Ethernet2 0 2 vlan 2 return 1 7 2 Example for Configuring Port Security Networking Requirements As shown in Figure 1 5 a com...

Page 36: ...e link type of the interface to trunk Huawei system view Huawei sysname Huawei Router vlan 10 Router vlan10 quit Router interface ethernet 2 0 1 Router Ethernet2 0 1 port link type trunk Router Ethernet2 0 1 port trunk allow pass vlan 10 Step 2 Configure the port security function Enable the port security function Router Ethernet2 0 1 port security enable Enable the sticky MAC function Router Ethe...

Page 37: ... num 4 return 1 7 3 Example for Configuring MAC Address Limiting Rules on Interfaces Networking Requirements As shown in Figure 1 6 Ethernet2 0 1 and Ethernet2 0 2 of the Router are connected to LSWs One LSW is connected to individual users and the other is connected to enterprise users To prevent MAC address attacks and limit the number of access users on the Router configure MAC address limiting...

Page 38: ...uccessfully configured Huawei display mac limit PORT VLAN Maximum Action Alarm Eth2 0 1 4 discard enable Eth2 0 2 100 discard enable End Configuration Files Configuration file of the Router interface Ethernet2 0 1 mac limit maximum 4 interface Ethernet2 0 2 mac limit maximum 100 return 1 7 4 Example for Configuring a MAC Address Learning Rule in a VLAN Networking Requirements As shown in Figure 1 ...

Page 39: ...ort link type trunk Huawei Ethernet2 0 1 port trunk allow pass vlan 100 200 Huawei Ethernet2 0 1 quit Huawei interface ethernet 2 0 2 Huawei Ethernet2 0 2 port link type trunk Huawei Ethernet2 0 2 port trunk allow pass vlan 200 Huawei Ethernet2 0 2 quit Configure the following MAC address limiting rule in VLAN 200 l A maximum of 500 MAC addresses can be learned l When the number of learned MAC add...

Page 40: ...rocess common configuration errors in MAC address entries 1 8 1 Correct MAC Address Entry Cannot Be Learned on the Device Fault Description MAC address entries cannot be learned on the device so Layer 2 forwarding fails Procedure Step 1 Check that the configurations on the interface are correct Run the display mac address command in any view to check whether the binding relationships between the M...

Page 41: ... 0 1 mac address learning disable port hybrid tagged vlan 10 undo negotiation auto speed 100 return Huawei vlan10 display this vlan 10 mac address learning disable return If the command output contains mac address learning disable MAC address learning is disabled on the interface or VLAN l If MAC address learning is disabled run the undo mac address learning disable command in the interface view o...

Page 42: ...arned MAC address entries has reached the maximum value supported by the industrial switch router Run the display mac address summary command to check the number of MAC address entries in the MAC address table l If the number of learned MAC address entries has reached the maximum value supported by the industrial switch router no MAC address entry can be created Run the display mac address command...

Page 43: ...ain If the number of MAC addresses on the interface is equal to or smaller than the number of devices connected to the interface the number of devices connected to the industrial switch router has exceeded the maximum supported by the industrial switch router Adjust network deployment End 1 9 Reference This section describes references of MAC address table The following table lists the references ...

Page 44: ...ings This section describes default parameter settings of link aggregation 2 6 Configuring Ethernet Link Aggregation This section describes how to configure Ethernet link aggregation 2 7 Maintaining Link Aggregation This section describes how to maintain link aggregation including monitoring the link aggregation running status and clearing LACPDU statistics 2 8 Configuration Examples This section ...

Page 45: ...bandwidth of the link aggregation interface is the sum of bandwidth of member interfaces l Higher reliability When an active link fails traffic on this active link is switched to another active link improving reliability of the link aggregation interface l Load balancing In a link aggregation group LAG traffic is load balanced among active links of member interfaces 2 2 Principles This section des...

Page 46: ...r the number of active interfaces When the number of active interfaces reaches this threshold the bandwidth of the Eth Trunk will not increase even if more member links go Up This guarantees high network reliability When the number of active member interfaces reaches the upper threshold additional active member interfaces go Down For example 8 trouble free member links are bundled into a trunk lin...

Page 47: ...s the HASH KEY value using the hash algorithm 3 Based on the HASH KEY value the Eth Trunk module searches the Eth Trunk forwarding table for the interface number and then sends the packet from the corresponding interface 2 2 3 Link Aggregation in Manual Load Balancing Mode Link aggregation can work in manual load balancing mode or LACP mode depending on whether LACP is used In manual load balancin...

Page 48: ...ep active member interfaces consistent at both ends set a higher priority for one end so that the other end selects active member interfaces based on the selection of the end with a higher priority The smaller the LACP system priority value the higher the LACP system priority l LACP interface priority Interface LACP priorities are set to prioritize interfaces of an Eth Trunk Interfaces with higher...

Page 49: ...hreshold for the number of active interfaces the system shuts down the LAG Implementation of Link Aggregation in LACP Mode LACP as specified in IEEE 802 3ad implements dynamic link aggregation and de aggregation allowing both ends to exchange LACPDUs After member interfaces are added to an Eth Trunk in LACP mode each end sends LACPDUs to inform its remote end of its system priority MAC address mem...

Page 50: ... Terminator Actor_Port Actor_State Partner_Port Partner_State Item Description Actor_Port Partner_Port Interface of the Actor or Partner Actor_State Partner_State Status of the Actor or Partner Actor_System_Priority Partner_System_Priority System priority of the Actor or Partner Actor_System Partner_System System ID of the Actor or Partner Actor_Key Partner_Key Operational key of the Actor or Part...

Page 51: ...MAC address functions as the Actor After devices at both ends select the Actor they select active interfaces according to the priorities of the Actor s interfaces Then active interfaces are selected active links in the LAG are specified and load balancing is implemented among these active links Figure 2 7 Selecting the Actor in LACP mode 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 DeviceB DeviceA Compare ...

Page 52: ...ve interface even if the priority of a backup interface is higher than that of the active interface l LACP preemption delay After LACP preemption occurs a backup link waits for a given period of time and then switches to the active status This period is called LACP preemption delay The LACP preemption delay is used to prevent unstable data transmission over an Eth Trunk link caused by frequent sta...

Page 53: ...e hash algorithm to calculate the address in a data frame and generates a HASH KEY Then the system searches for the outbound interface in the Eth Trunk forwarding table based on the generated HASH KEY value Each MAC or IP address corresponds to a HASH KEY so the system uses different outbound interfaces to forward data This mechanism ensures that frames of the same data flow are forwarded on the s...

Page 54: ... interface At both ends UPE and PE AGG of Eth Trunk 1 traffic shaping congestion management and congestion avoidance can be performed for outgoing traffic ensuring that packets of high priorities are sent in a timely manner 2 4 Configuration Task Summary The device supports the manual load balancing mode and Link Aggregation Control Protocol LACP mode Table 2 1 lists the link aggregation configura...

Page 55: ...rameters in LACPDUs LACP provides backup links and ensures high reliability of member links 2 6 2 Configuring Link Aggregation in LACP Mode 2 5 Default Settings This section describes default parameter settings of link aggregation Table 2 2 Default parameter settings of link aggregation Parameter Value Link aggregation mode Manual load balancing mode Upper threshold for the number of active member...

Page 56: ... 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id A Layer 2 Eth Trunk is created By default an Eth Trunk works in Layer 2 mode l Create a Layer 3 Eth Trunk 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id A Layer 2 Eth Trunk is created 3 Run undo portswitch The Eth Trunk is configured to work in Layer 3 mode 4 Run ip address ip addr...

Page 57: ...and LACP mode In manual load balancing mode you must manually create an Eth Trunk and add member interfaces to the Eth Trunk All active links forward data and evenly load balance traffic The manual load balancing mode mode is used when the peer device does not support LACP Before changing the working mode of an Eth Trunk ensure that the Eth Trunk contains no member interface Procedure Step 1 Run s...

Page 58: ...u add member interfaces to an Eth Trunk in a batch if one interface cannot be added to the Eth Trunk all subsequent interfaces in the batch cannot be added to the Eth Trunk either l Add member interfaces to an Eth Trunk in the member interface view 1 Run system view The system view is displayed 2 Run interface interface type interface number The member interface view is displayed 3 Run eth trunk t...

Page 59: ... trap in private mib enable command to enable Eth Trunk member interfaces to use the proprietary MIB to send trap messages The trap messages sent by using the proprietary MIB carry Eth Trunk IDs whereas the trap messages sent by using the public MIB do not carry Eth Trunk IDs NOTE After the trunk member trap in private mib enable command is configured Eth Trunk member interfaces only use the propr...

Page 60: ... Trunk 1 Run system view The system view is displayed 2 Run load balance dst ip dst mac src ip src mac src dst ip src dst mac A load balancing mode is configured for the Eth Trunk By default the load balancing mode of a Layer 2 Eth Trunk is src dst mac Eth Trunk member interfaces use flow based load balancing The local and remote ends can use different load balancing modes without affecting each o...

Page 61: ...to check information about Eth Trunk member interfaces l Run the display trunk resource command to check Eth Trunk resources that have been used on a device End 2 6 2 Configuring Link Aggregation in LACP Mode Link aggregation implements load balancing increases bandwidth and improves transmission reliability 2 6 2 1 Creating an Eth Trunk Context Eth Trunks increase bandwidth and improve transmissi...

Page 62: ...ommand to change the MTU of the remote interface to be the same value otherwise services may be interrupted l After changing the MTU on an interface run the shutdown command and then the undo shutdown command on the interface to make the setting take effect End 2 6 2 2 Setting the LACP Mode Context Link aggregation can work in manual load balancing mode or LACP mode depending on whether LACP is us...

Page 63: ...dd member interfaces to an Eth Trunk in the Eth Trunk interface view 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id The Eth Trunk interface view is displayed 3 Run trunkport interface type interface number1 to interface number2 1 8 A member interface is added to the Eth Trunk NOTE When you add member interfaces to an Eth Trunk in a batch if one interface cannot b...

Page 64: ...addresses and ARP entries but member interfaces do not Devices at both ends of an Eth Trunk must use the same number of physical interfaces interface rate duplex mode jumbo and flow control mode End Follow up Procedure You can configure Eth Trunk member interfaces to send trap messages after the Eth Trunk member interface status changes After the device receives a trap message check whether the de...

Page 65: ...erface view is displayed Step 3 Run least active linknumber link number The lower threshold for the number of active interfaces is set By default the lower threshold for the number of active interfaces is 1 The lower threshold for the number of active interfaces on the local device can be different from that on the remote device If the two values are different the larger one is used Step 4 Run max...

Page 66: ...oad balancing mode of one Eth Trunk is changed all the other Eth Trunks use the new load balancing mode l Configure a Layer 3 Eth Trunk 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id The Eth Trunk interface view is displayed 3 Run load balance dst ip dst mac src ip src mac src dst ip src dst mac A load balancing mode is configured for the Eth Trunk By default the...

Page 67: ...the configuration mode of the LACP system priority to system priority This mode can be used to differentiate the LACP system priority and LACP interface priority Step 3 Use either of the following methods to set the LACP system priority based on the configuration mode l default mode Run the lacp priority priority command to set the LACP system priority l system priority mode Run the lacp system pr...

Page 68: ...n function ensures that the interface with the highest LACP priority always functions as an active interface For example the interface with the highest priority becomes inactive due to a failure If LACP preemption is enabled the interface becomes active again after it recovers if LACP preemption is disabled the interface cannot become active interface after it recovers The LACP preemption delay is...

Page 69: ...nal active interfaces As a result data traffic on the faulty link is discarded After the timeout interval at which LACPDUs are received is set if a local member interface does not receive any LACPDUs within the configured timeout interval the local member interface becomes Down immediately and no longer forwards data Procedure Step 1 Run system view The system view is displayed Step 2 Run interfac...

Page 70: ...isplay trunkmembership eth trunk trunk id command to check information about Eth Trunk member interfaces l Run the display trunk resource command to check Eth Trunk resources that have been used on a device End 2 6 3 Creating an Eth Trunk Sub interface Sub interfaces can be configured on a Layer 3 Eth Trunk When Layer 3 devices connect to Layer 2 devices in different VALNs through the Layer 3 Eth ...

Page 71: ...s 2 7 1 Clearing LACP Packet Statistics Context NOTICE The cleared LACPDU statistics cannot be restored Exercise caution when you run the reset command Procedure l Run the reset lacp statistics eth trunk trunk id interface interface type interface number command in the user view to clear statistics about LACPDUs received and sent l Run the reset lacp error packet statistics command in the user vie...

Page 72: ...ou cannot determine which member interface is faulty when the quality of services on an Eth Trunk deteriorates To resolve this problem perform a ping test to detect each physical link to help locate the faulty link NOTE The ping test applies to scenarios where two devices are directly connected through an Eth Trunk Pre configuration Tasks Before using ping to monitor the reachability of Layer 3 Et...

Page 73: ...owing information l Response to each ping message If an echo response message is not received by the transmit end after the corresponding timer expires a message reading Request time out is displayed indicating that an Eth Trunk member interface fails If an echo response message is received the data bytes message sequence number and response time are displayed indicating that no Eth Trunk member i...

Page 74: ...h Trunk 1 Eth Trunk Eth1 0 1 Eth1 0 2 Eth1 0 3 Eth1 0 1 Eth1 0 2 Eth1 0 3 Eth1 0 4 Eth1 0 5 VLAN10 VLAN20 Eth1 0 4 Eth1 0 5 VLAN20 VLAN10 Configuration Roadmap The configuration roadmap is as follows 1 Create an Eth Trunk and add member interfaces to the Eth Trunk to increase link bandwidth 2 Create VLANs and add interfaces to the VLANs 3 Configure a load balancing mode to ensure that traffic is l...

Page 75: ...1 The configuration of RouterB is similar to the configuration of RouterA and is not mentioned here RouterA Eth Trunk1 load balance src dst mac RouterA Eth Trunk1 quit Step 4 Verify the configuration Run the display eth trunk 1 command in any view to check whether the Eth Trunk is created and whether member interfaces are added RouterA display eth trunk 1 Eth Trunk1 s state information is WorkingM...

Page 76: ... 1 interface Ethernet1 0 4 port link type trunk port trunk allow pass vlan 20 interface Ethernet1 0 5 port link type trunk port trunk allow pass vlan 10 return 2 8 2 Example for Configuring Link Aggregation in LACP Mode Networking Requirements To increase the bandwidth and improve the connection reliability you can configure an LAG on two directly connected routers as shown in Figure 2 11 The requ...

Page 77: ...nk 1 to work in LACP mode Configure RouterA Huawei system view Huawei sysname RouterA RouterA interface eth trunk 1 RouterA Eth Trunk1 mode lacp static RouterA Eth Trunk1 quit Configure RouterB Huawei system view Huawei sysname RouterB RouterB interface eth trunk 1 RouterB Eth Trunk1 mode lacp static RouterB Eth Trunk1 quit Step 2 Add member interfaces to Eth Trunk 1 Configure RouterA RouterA inte...

Page 78: ...IC Preempt Delay Disabled Hash arithmetic According to SA XOR DA System Priority 100 System ID 00e0 fca8 0417 Least Active linknumber 1 Max Active linknumber 2 Operate status Up Number Of Up Port In Trunk 2 ActorPortName Status PortType PortPri PortNo PortKey PortState Weight Ethernet2 0 1 Selected 100M 100 6145 2865 11111100 1 Ethernet2 0 2 Selected 100M 100 6146 2865 11111100 1 Ethernet2 0 3 Uns...

Page 79: ... Selected state Ethernet2 0 3 is in Unselect state That is load balancing and redundancy are implemented End Configuration Files l Configuration file of RouterA sysname RouterA lacp priority 100 interface Eth Trunk1 mode lacp static max active linknumber 2 interface Ethernet2 0 1 eth trunk 1 lacp priority 100 interface Ethernet2 0 2 eth trunk 1 lacp priority 100 interface Ethernet2 0 3 eth trunk 1...

Page 80: ...Configure RouterA Huawei system view Huawei sysname RouterA Create a Layer 3 Eth Trunk Eth Trunk 1 and configure an IP address for Eth Trunk 1 RouterA interface eth trunk 1 RouterA Eth Trunk1 undo portswitch RouterA Eth Trunk1 ip address 10 1 1 1 24 RouterA Eth Trunk1 quit Add Ethernet1 0 0 and Ethernet2 0 0 to Eth Trunk 1 RouterA interface ethernet 1 0 0 RouterA Ethernet1 0 0 eth trunk 1 RouterA ...

Page 81: ...nt system time 2011 4 14 14 51 01 Input bandwidth utilization 0 00 Output bandwidth utilization 0 00 PortName Status Weight Ethernet1 0 0 UP 1 Ethernet2 0 0 UP 1 The Number of Ports in Trunk 2 The Number of UP Ports in Trunk 2 The Eth Trunks on RouterA and RouterB can ping each other RouterA ping a 10 1 1 1 10 1 1 2 PING 10 1 1 2 56 data bytes press CTRL_C to break Reply from 10 1 1 2 bytes 56 Seq...

Page 82: ...y load balanced among Eth Trunk member interfaces due to the incorrect load balancing mode Procedure 1 Run the display eth trunk command to check whether the load balancing mode of the Eth Trunk meets networking requirements For example source or destination IP address based load balancing is not recommended in Layer 2 networking 2 Run the load balance command to set an appropriate load balancing ...

Page 83: ...n Control Link Aggregation Control Protocol Marker protocol and Configuration capabilities and restrictions Huawei AR530 AR550 Series Industrial Switch Routers Configuration Guide Ethernet Switching 2 Link Aggregation Configuration Issue 01 2014 11 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 69 ...

Page 84: ...LAN 3 5 Default Configuration This section describes the default configuration of VLAN 3 6 Configuring VLAN This section describes the VLAN configuration 3 7 Configuration Examples This section provides several configuration examples of VLANs including networking requirements configuration roadmap and configuration procedure 3 8 Common Configuration Errors This section describes common VLAN config...

Page 85: ...t storms As a result network performance deteriorates Switches can be used to connect LANs preventing collision However broadcast packets cannot be isolated and network quality cannot be improved The VLAN technology divides a physical LAN into multiple broadcast domains each of which is called a VLAN Hosts within a VLAN can communicate with each other while hosts in different VLANs cannot communic...

Page 86: ...tion and maintenance 3 2 Principles This section describes principles of VLAN 3 2 1 Basic Concepts of VLAN VLAN frame format A conventional Ethernet frame is encapsulated with the Length Type field for an upper layer protocol following the Destination address and Source address fields as shown in Figure 3 2 Figure 3 2 Conventional Ethernet frame format 2bytes 6bytes 6bytes 46 1500bytes 4bytes Dest...

Page 87: ...ating the VLAN to which the frame belongs VLAN IDs range from 0 to 4095 The values 0 and 4095 are reserved and therefore VLAN IDs range from 1 to 4094 Each frame sent by an 802 1Q capable switch carries a VLAN ID In a VLAN Ethernet frames are classified into the following types l Tagged frames frames with 4 byte 802 1Q tags l Untagged frames frames without 4 byte 802 1Q tags Link Types As shown in...

Page 88: ... links must carry VLAN tags to allow other switching devices to properly forward the frame based on the VLAN information l Before sending the frame to the destination host the switching device connected to the destination host removes the VLAN tag from the frame to ensure that the host receives an untagged frame Generally only tagged frames are transmitted on trunk links only untagged frames are t...

Page 89: ...oves tags from some VLAN frames on the outbound port Figure 3 5 Port types Hybrid Port Access Link Trunk Link l QinQ port QinQ ports are enabled with the IEEE 802 1 QinQ protocol A QinQ port adds a tag to a single tagged frame and supports a maximum of 4094 x 4094 VLAN tags which meets the requirement for the VLAN quantity Figure 3 6 shows the format of a QinQ frame The outer tag usually called th...

Page 90: ...essing frames frames within a switch all carry VLAN tags for uniform processing When a data frame reaches a port of the switch if the frame carries no VLAN tag and the port is configured with a PVID the frame is marked with the port s PVID If the frame has a VLAN tag the switch will not mark a VLAN tag for the frame regardless of whether the port is configured with a PVID The switch processes fram...

Page 91: ... ID to an untagged frame and discards the frame if the port denies the default VLAN ID l Accepts a tagged frame if the VLAN ID carried in the frame is permitted by the port l Discards a tagged frame if the VLAN ID carried in the frame is denied by the port If the frame s VLAN ID is permitted by the port the frame is transmitted The port can be configured whether to transmit frames with tags NOTE B...

Page 92: ...able for the MAC forwarding entry with the destination MAC address of Host B l If this entry exists DeviceA sends the frame to the outbound interface Port2 l If this entry does not exist DeviceA sends the frame to all interfaces bound to VLAN 2 except for Port4 4 Port2 sends the frame to DeviceB 5 After receiving the frame DeviceB queries its MAC address table for the MAC forwarding entry with the...

Page 93: ...s port DeviceA Host A Host D Host C Host B Port2 1 Host A communicates with host C as follows 1 Host A checks the IP address of host C and determines that host C is in another VLAN 2 Host A sends an ARP request packet to DeviceA to request DeviceA s MAC address 3 After receiving the ARP request packet DeviceA returns an ARP reply packet in which the source MAC address is the MAC address of the sub...

Page 94: ...ls on Layer 3 switches to reach Layer 3 routes A VLANIF interface is a Layer 3 logical interface which can be configured on either a Layer 3 switch or a router As shown in Figure 3 9 hosts connected to the switch are assigned to VLAN 2 and VLAN 3 To implement inter VLAN communication configure as follows Create two VLANIF interfaces on the device and configure IP addresses for them Set the default...

Page 95: ...t C All packets sent from host A to host C are sent to Device first to implement Layer 3 forwarding 3 2 4 VLAN Aggregation Background of VLAN Aggregation NOTE AR550 series do not support VLAN Aggregation VLAN is widely applied to switching networks because of its flexible control of broadcast domains and convenient deployment On a Router the interconnection between the broadcast domains is impleme...

Page 96: ... 2 is accessed to three hosts instead of ten hosts later the extra addresses will not be used by other VLANs and will be wasted This division is inconvenient for the later network upgrade and expansion Assume that two more hosts need to be added to VLAN 4 and VLAN 4 does not want to change the assigned IP addresses and the addresses after 10 1 1 24 has been assigned to others a new sub network wit...

Page 97: ...adcast domains can use the addresses in the same subnet segment As a result subnet differences are eliminated addressing becomes flexible and idle addresses are reduced Take the Table 3 3 to explain the implementation theory Suppose that user demands are unchanged In VLAN 2 10 host addresses are demanded in VLAN 3 5 host addresses are demanded in VLAN 4 1 host address is demanded According to the ...

Page 98: ...roadcast address of the subnet 10 1 1 255 In the network segment 236 addresses 255 19 236 are available which can be used by any host in the sub VLAN Communications Between VLANs l Introduction VLAN aggregation ensures that different VLANs use the IP addresses in the same subnet segment This however leads to the problem of Layer 3 forwarding between sub VLANs In common VLAN mode the hosts of diffe...

Page 99: ...om Host A the gateway finds that the IP address of Host B 10 1 1 3 is the IP address of a directly connected interface Then the gateway initiates an ARP broadcast to all the other sub VLAN interfaces to request for the MAC address of Host B 5 After receiving the ARP request Host B offers an ARP response 6 After receiving the ARP response from Host B the gateway replies its MAC address to Host A 7 ...

Page 100: ... you configure the super VLAN and then the trunk interface the frames of a super VLAN are filtered automatically according to the VLAN range set on the trunk interface As shown in Figure 3 13 no frame of the super VLAN 10 passes through Port3 on RouterA even though the interface allows frames from all VLANs to pass through If you finish configuring the trunk interface and allow all VLANs to pass t...

Page 101: ...Host A finds that two IP addresses are not in the same network segment 10 1 1 0 24 2 Host A initiates an ARP broadcast to its gateway to request for the MAC address of the gateway 3 After receiving the ARP request RouterA identifies the correlation between the sub VLAN and the super VLAN and offers an ARP response to Host A through sub VLAN 2 The source MAC address in the ARP response packet is th...

Page 102: ...e VLAN goes Up during the delay the status of the VLANIF interface keeps unchanged That is the VLAN damping function postpones the time at which the VLAN reports a Down event to the VLANIF interface avoiding unnecessary route flapping 3 2 6 VLAN Management To use a network management system to manage multiple devices create a VLANIF interface on each device and configure a management IP address fo...

Page 103: ...e core router of the business building and ports of each company are assigned to the corresponding VLANs This ensures that each company can have a virtual switch or a virtual workstation MAC Address Based VLAN Assignment Figure 3 16 Networking diagram of MAC address based VLAN assignment User A RouterB RouterA VLAN 10 User A VLAN 10 User C VLAN 10 RouterC Huawei AR530 AR550 Series Industrial Switc...

Page 104: ...ows Multiple VLANs belong to the same Layer 3 device Figure 3 17 Networking diagram of communications between multiple VLANs on the same Layer 3 device L2 Switch Trunk Link Router A CompanyA VLAN 2 VLAN 3 VLAN 4 CompanyB CompanyC As shown in Figure 3 17 if VLAN 2 VLAN 3 and VLAN 4 only belong to RouterA these VLANs are not VLANs across different switches In such a situation you can configure a VLA...

Page 105: ... across different switches In such a situation you can configure a VLANIF interface respectively on Switch A and Switch B for each VLAN and then configure the static route or run a routing protocol between Switch A and Switch B The Layer 3 device shown in Figure 3 18 can be a router or a Layer 3 switch 3 3 3 VLAN Aggregation NOTE AR550 series do not support VLAN Aggregation Huawei AR530 AR550 Seri...

Page 106: ...y only assigning IP addresses to the super VLANs After Proxy ARP is configured on Router the sub VLANs in each super VLAN can communicate with each other 3 4 Configuration Task Summary This chapter describes the configuration task summary of VLAN Table 3 5 lists the configuration task summary of VLAN Table 3 5 Configuration task summary of VLAN Item Description Task Assigning a LAN to VLANs VLANs ...

Page 107: ...s in a centralized manner 3 6 4 Configuring an mVLAN to Implement Integrated Management 3 5 Default Configuration This section describes the default configuration of VLAN Table 3 6 Default configuration of VLAN Parameter Default Setting Port link type Hybrid Default VLAN ID 1 Damping time 0s 3 6 Configuring VLAN This section describes the VLAN configuration 3 6 1 Assigning a LAN to VLANs VLANs can...

Page 108: ...ame is configured you can run the vlan vlan name vlan name command in the system view to enter the corresponding VLAN view Step 3 Run quit The system view is displayed Step 4 Configure the port type and features 1 Run the interface interface type interface number command to enter the view of an Ethernet port to be added to the VLAN 2 Run the port link type access hybrid trunk command to configure ...

Page 109: ... frames and then forwards the frames This is applicable to scenarios in which Ethernet ports are connected to terminals To add interfaces to a VLAN in a batch run the port hybrid untagged vlan vlan id step step number increased decreased command in the port group view Run the port hybrid tagged vlan vlan id1 to vlan id2 1 10 all command to add a port to VLANs in tagged mode In tagged mode a port f...

Page 110: ...transmission unit An MTU value determines the maximum number of bytes each time a sender can send If the size of packets exceeds the MTU supported by a transit node or a receiver the transit node or receiver fragments the packets or even discards them aggravating the network transmission load To avoid this problem set the MTU value of the VLANIF interface After configuring bandwidth for VLANIF int...

Page 111: ... The bandwidth of the VLANIF interface is configured End 3 6 2 2 Configuring Sub Interfaces for Inter VLAN Communication Context Users belong to different VLANs and are located on different network segments can communicate with each other by configuring sub interfaces NOTE To implement communication between VLANs hosts in each VLAN must use the IP address of the corresponding sub interface as the ...

Page 112: ...omplete Procedure l Run the display vlan vlan id vlan name vlan name verbose command to check information about all VLANs or a specified VLAN l Run the display interface vlanif vlan id command to check information about VLANIF interfaces Before running this command ensure that VLANIF interfaces have been configured End 3 6 3 Configuring VLAN Aggregation to Save IP Addresses VLAN aggregation preven...

Page 113: ...n port link type access The link type of the interface is set to access Step 4 Run quit Return to the system view Step 5 Run vlan vlan id A sub VLAN is created and the sub VLAN view is displayed Step 6 Run port interface type interface number1 to interface number2 1 10 A port is added to the sub VLAN End 3 6 3 2 Creating a Super VLAN Context A super VLAN consists of several sub VLANs No physical p...

Page 114: ... 3 3 Assigning an IP Address to the VLANIF Interface of a Super VLAN Context The IP address of the VLANIF interface of a super VLAN must contain the subnet segments where users in sub VLANs reside All the sub VLANs use the IP address of the VLANIF interface of the super VLAN saving IP addresses Procedure Step 1 Run system view The system view is displayed Step 2 Run interface vlanif vlan id A VLAN...

Page 115: ...LAN is displayed Step 3 Run ip pool start address to end address An IP address pool is configured for the sub VLAN End 3 6 3 5 Optional Enabling Proxy ARP on the VLANIF Interface of a Super VLAN Context VLAN aggregation allows sub VLANs to use the same subnet address but prevents PCs in different sub VLANs from communicating with each other at the network layer PCs in ordinary VLANs can communicat...

Page 116: ... ARP is enabled End 3 6 3 6 Checking the Configuration Procedure l Run the display vlan vlan id vlan name vlan name verbose command to check VLAN information l Run the display interface vlanif vlan id command to check information about a specific VLANIF interface l Run the display sub vlan vlan id command to check mappings between sub VLANs and super VLANs l Run the display super vlan vlan id comm...

Page 117: ...e VLAN with the physical interface Procedure Step 1 Run system view The system view is displayed Step 2 Run vlan vlan id The VLAN view is displayed NOTE If a device is configured with multiple VLANs configuring names for these VLANs is recommended Run the name vlan name command in the VLAN view After a VLAN name is configured you can run the vlan vlan name vlan name command in the system view to e...

Page 118: ...n Figure 3 20 an enterprise has four departments Department 1 is connected to RouterA which is connected to Ethernet 2 0 1 of the Router Department 2 is connected to RouterB which is connected to Ethernet 2 0 2 of the Router Department 3 is connected to RouterC which is connected to Ethernet 2 0 3 of the Router Department 4 is connected to RouterD which is connected to Ethernet 2 0 4 of the Router...

Page 119: ... add Ethernet 2 0 3 to VLAN 3 Router interface ethernet 2 0 3 Router Ethernet2 0 3 port link type trunk Router Ethernet2 0 3 port trunk allow pass vlan 3 Router Ethernet2 0 3 quit Set the link type of Ethernet 2 0 4 to trunk and add Ethernet 2 0 4 to VLAN 3 Router interface ethernet 2 0 4 Router Ethernet2 0 4 port link type trunk Router Ethernet2 0 4 port trunk allow pass vlan 3 Router Ethernet2 0...

Page 120: ...g Communication Between VLANs Using VLANIF Interfaces Networking Requirements As shown in Figure 3 21 Ethernet 2 0 1 of the Router is connected to the uplink interface of SwitchA On SwitchA the downlink interface Ethernet 2 0 1 is added to VLAN 10 and the downlink interface Ethernet 2 0 2 is added to VLAN 20 PC1 in VLAN 10 and PC2 in VLAN 20 need to communicate with each other Figure 3 21 Network ...

Page 121: ...system view Huawei sysname SwitchA SwitchA vlan batch 10 20 Add interfaces to the VLANs SwitchA interface ethernet 2 0 1 SwitchA Ethernet2 0 1 port link type access SwitchA Ethernet2 0 1 port default vlan 10 SwitchA Ethernet2 0 1 quit SwitchA interface ethernet 2 0 2 SwitchA Ethernet2 0 2 port link type access SwitchA Ethernet2 0 2 port default vlan 20 SwitchA Ethernet2 0 2 quit SwitchA interface ...

Page 122: ...tch 10 20 interface Ethernet2 0 1 port link type access port default vlan 10 interface Ethernet2 0 2 port link type access port default vlan 20 interface Ethernet2 0 3 port link type trunk port trunk allow pass vlan 10 20 return 3 7 3 Example for Configuring VLAN Damping Networking Requirements As shown in Figure 3 22 the hosts in VLAN 10 communicate with the hosts outside VLAN 10 through VLANIF 1...

Page 123: ...m view Huawei sysname Router Router vlan batch 10 Step 2 Add interfaces to the VLAN Add Ethernet 2 0 0 to VLAN 10 Router interface ethernet 2 0 0 Router Ethernet2 0 0 port link type access Router Ethernet2 0 0 port default vlan 10 Router Ethernet2 0 0 quit Add Ethernet 2 0 1 to VLAN 10 Router interface ethernet 2 0 1 Router Ethernet2 0 1 port link type access Router Ethernet2 0 1 port default vlan...

Page 124: ...MT_ETHNT_2 Hardware address is 00e0 fc01 0005 Current system time 2008 01 25 09 05 37 Input bandwidth utilization Output bandwidth utilization End Configuration Files sysname Router vlan batch 10 interface Vlanif10 ip address 10 100 100 100 255 255 255 0 damping time 20 interface Ethernet2 0 0 port link type access port default vlan 10 interface Ethernet2 0 1 port link type access port default vla...

Page 125: ...ce type Configure Ethernet 2 0 1 as an access interface Huawei system view Huawei interface ethernet 2 0 1 Huawei Ethernet2 0 1 port link type access Huawei Ethernet2 0 1 quit Configure Ethernet 2 0 2 as an access interface Huawei system view Huawei interface ethernet 2 0 2 Huawei Ethernet2 0 2 port link type access Huawei Ethernet2 0 2 quit Configure Ethernet 2 0 3 as an access interface Huawei s...

Page 126: ...e Huawei interface vlanif 4 Huawei Vlanif4 ip address 10 1 1 1 255 255 255 0 Huawei Vlanif4 quit Step 5 Configure the personal computers Configure the IP address for each personal computer and ensure that they reside in the same network segment as VLAN 4 After the preceding configuration is complete the personal computers and the Router can ping each other but the computers in VLAN 2 and the compu...

Page 127: ...k type access port default vlan 3 return 3 7 5 Example for Configuring Communication Across a Layer 3 Network Using VLANIF Interfaces Networking Requirements As shown in Figure 3 24 RouterA and RouterB connect to Layer 2 networks on VLAN 10 RouterA and RouterB communicate with each other through an OSPF enabled Layer 3 network Computers on the two Layer 2 networks need to be isolated at Layer 2 an...

Page 128: ...system view Huawei sysname RouterA RouterA vlan batch 10 30 Add interfaces to the VLANs RouterA interface ethernet 2 0 1 RouterA Ethernet2 0 1 port link type trunk RouterA Ethernet2 0 1 port trunk allow pass vlan 10 RouterA Ethernet2 0 1 quit RouterA interface ethernet 2 0 2 RouterA Ethernet2 0 2 port link type trunk RouterA Ethernet2 0 2 port trunk allow pass vlan 30 RouterA Ethernet2 0 2 quit As...

Page 129: ...uterB Vlanif10 ip address 10 10 20 1 24 RouterB Vlanif10 quit RouterB interface vlanif 30 RouterB Vlanif30 ip address 10 10 30 2 24 RouterB Vlanif30 quit Configure basic OSPF functions RouterB router id 2 2 2 2 RouterB ospf RouterB ospf 1 area 0 RouterB ospf 1 area 0 0 0 0 network 10 10 20 0 0 0 0 255 RouterB ospf 1 area 0 0 0 0 network 10 10 30 0 0 0 0 255 RouterB ospf 1 area 0 0 0 0 quit Step 3 ...

Page 130: ... RouterB router id 2 2 2 2 vlan batch 10 30 interface Vlanif10 ip address 10 10 20 1 255 255 255 0 interface Vlanif30 ip address 10 10 30 2 255 255 255 0 interface Ethernet2 0 1 port link type trunk port trunk allow pass vlan 30 interface Ethernet2 0 2 port link type trunk port trunk allow pass vlan 10 ospf 1 area 0 0 0 0 network 10 10 20 0 0 0 0 255 network 10 10 30 0 0 0 0 255 return 3 8 Common ...

Page 131: ... MAC addresses interfaces and VLANs in the learned MAC address entries are correct If the learned MAC address entries are incorrect run the undo mac address mac address vlan vlan id command on the system view to delete the current entries so that the Router can learn MAC address entries again After the MAC address table is updated check the MAC address entries again l If the MAC address entries ar...

Page 132: ...faces and user terminals are correct Check the connections between interfaces and user terminals according to the network plan If any user terminal is connected to an incorrect interface connect it to the correct interface After the preceding operations if the MAC address entries are correct go to Step 5 Step 5 Check whether port isolation is configured Run the interface interface type interface n...

Page 133: ...un the undo shutdown interface view command in the view of the VLANIF interface to enable the VLANIF interface 3 9 References This section describes references of VLAN The following table lists the references of this document Document Description Remarks RFC 3069 VLAN Aggregation for Efficient IP Address Allocation IEEE 802 1Q IEEE Standards for Local and Metropolitan Area Networks Virtual Bridged...

Page 134: ...Testing Specification of Virtual LAN Based on Port Huawei AR530 AR550 Series Industrial Switch Routers Configuration Guide Ethernet Switching 3 VLAN Configuration Issue 01 2014 11 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 120 ...

Page 135: ...plication Environment This section describes the applicable environment of QinQ 4 4 Configuration Task Summary 4 5 Configuration Notes This section describes the points of attention when configuring QinQ 4 6 Configuring QinQ This section describes how to configure QinQ 4 7 Configuration Examples This section provides several configuration examples of QinQ 4 8 References This section provides the r...

Page 136: ...ed on users and services For example the inner tag represents a user while the outer tag represents a service Moreover QinQ functions as a simple and practical VPN technology by transparently transmitting private VLAN services over a public network It extends core MPLS VPN services to metro Ethernet networks and implements an end to end VPN Benefits QinQ offers the following benefits l Extends the...

Page 137: ...VLANs 101 to 200 IPTV users through VLANs 201 to 300 and VoIP users through VLANs 301 to 400 When receiving service data the underlayer provider edge UPE adds outer tag 100 to packets from PCs outer tag 300 to packets from IPTV users and outer tag 500 to packets from VoIP users l 802 1p priority based QinQ encapsulation This encapsulation mode determines whether to add outer VLAN tag and which out...

Page 138: ...erface therefore a sub interface used for terminating VLAN tags is called a termination sub interface A termination sub interface can be either of the following l Dot1q VLAN tag termination sub interface removes a single VLAN tag from packets l QinQ VLAN tag termination sub interface removes double VLAN tags from packets QinQ VLAN tag termination sub interfaces provide different functions in diffe...

Page 139: ... Stacking or QinQ Stacking is performed based on ports and VLAN IDs Besides basic QinQ functions selective QinQ has the following functions l VLAN ID based selective QinQ adds outer VLAN tags based on VLAN IDs l 802 1p priority based selective QinQ adds outer VLAN tags based on 802 1p priorities in inner VLAN tags Selective QinQ is an extension of basic QinQ and is more flexible The difference is ...

Page 140: ...vice in different branches of enterprise A can communicate users using different services are isolated and voice services are transmitted preferentially 4 2 4 TPID The Tag Protocol Identifier TPID specifies the protocol type of a VLAN tag The TPID value defined in IEEE 802 1Q is 0x8100 Figure 4 4 shows the Ethernet packet format defined in IEEE 802 1Q An IEEE 802 1Q tag containing the TPID lies be...

Page 141: ... transmitted across the carrier network To prevent errors in packet forwarding and processing do not set the TPID to any of values listed in Table 4 1 Table 4 1 Protocol types and values Protocol Type Value ARP 0x0806 RARP 0x8035 IP 0x0800 IPv6 0x86DD PPPoE 0x8863 0x8864 MPLS 0x8847 0x8848 IPX SPX 0x8137 LACP 0x8809 802 1x 0x888E HGMP 0x88A7 Reserved 0xFFFD 0xFFFE 0xFFFF 4 3 Application Environmen...

Page 142: ...0 10 to 50 Selective QinQ As shown in Figure 4 6 enterprise A has two branches that connect to the carrier network through PE1 and PE2 respectively Enterprise A has different services so different VLANs are assigned Data services are transmitted in VLAN 10 to VLAN 30 and voice services are transmitted in VLAN 31 to VLAN 50 To save public VLAN IDs it is required that traffic between two branches of...

Page 143: ...ure QinQ tunneling including basic QinQ and selective QinQ 4 6 1 Configuring QinQ Tunneling Set the TPID value in an outer VLAN tag To enable interoperation between devices from different vendors set the same TPID value in outer VLAN tags on the devices 4 6 2 Configuring the TPID Value in an Outer VLAN Tag 4 5 Configuration Notes This section describes the points of attention when configuring QinQ...

Page 144: ...ag allocated by the carrier to user packets This implementation saves VLAN IDs and allows user packets to be transparently transmitted on the carrier network Procedure Step 1 Run system view The system view is displayed Step 2 Run bridge bridge id A bridge group is created and the bridge group view is displayed Step 3 Run quit Exit from the bridge group view Step 4 Run interface ethernet gigabitet...

Page 145: ...nfiguring Selective QinQ Context You can configure either of the following selective QinQ modes l VLAN ID based selective QinQ When private networks connect to a carrier network through CEs and PEs run the vlan stacking command on CE interfaces connected to PEs so that the CE interfaces add the outer VLAN tag allocated by the carrier to user packets This implementation saves VLAN IDs and allows us...

Page 146: ...e vid remark 8021p 8021p value2 VLAN ID based selective QinQ is configured NOTE The VLANs allowed by all sub interfaces of a main interface cannot overlap The vlan stacking default command can only be executed on a sub interface among all sub interfaces of each main interface Packets are forwarded through the default sub interface when the packets do not match other QinQ entries on a sub interface...

Page 147: ...g To enable interoperation between devices from different vendors set the same TPID value in outer VLAN tags on the devices Context Devices from different vendors or in different network plans may use different TPID values in VLAN tags of VLAN packets To adapt to an existing network plan the industrial switch router supports TPID value configuration You can set the TPID value on the industrial swi...

Page 148: ...etwork through PE1 and PE2 respectively Enterprise A has different services so different VLANs are assigned The requirements are as follows l VLANs are assigned independently in enterprise A and are independent of carrier VLANs or VLANs of other enterprises l Traffic between two branches of enterprise A is transparently transmitted through the public network devices transmitting the same service i...

Page 149: ...S VLAN tag to user packets 4 Add interfaces of the PE and P to VLAN 20 so that packets from VLAN 20 are allowed to pass through Procedure Step 1 Create a bridge group and add a sub interface to the bridge group Create a bridge group and add a sub interface to the bridge group on CE1 The configuration of CE2 is similar to that of CE1 Huawei system view Huawei sysname CE1 CE1 bridge 1 CE1 bridge1 qu...

Page 150: ...erface gigabitethernet 0 0 1 PE1 GigabitEthernet0 0 1 port link type trunk PE1 GigabitEthernet0 0 1 port trunk allow pass vlan 20 PE1 GigabitEthernet0 0 1 quit Step 5 Verify the configuration On a PC in a VLAN of a branch in enterprise A ping a PC in the same VLAN of the other branch in enterprise A The ping operation succeeds indicating that devices transmitting the same service can communicate w...

Page 151: ... P vlan batch 20 interface GigabitEthernet0 0 0 port link type trunk port trunk allow pass vlan 20 interface GigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 20 return 4 7 2 Example for Configuring Selective QinQ Networking Requirements As shown in Figure 4 8 enterprise A has two branches that connect to the carrier network through PE1 and PE2 respectively Enterprise A has diff...

Page 152: ... The configuration roadmap is as follows You can configure selective QinQ on the CE user side interface and implement communication between two branches of enterprise A through VLAN 20 and VLAN 21 provided by the carrier 1 Create a bridge group and add sub interfaces to the bridge group 2 Configure VLANs allowed by the user side sub interfaces of the CE configure the CE user side interface to add ...

Page 153: ...s similar to that of CE1 and is not mentioned here CE1 vlan batch 20 to 21 CE1 interface gigabitethernet 0 0 0 CE1 GigabitEthernet0 0 0 port link type trunk CE1 GigabitEthernet0 0 0 port trunk allow pass vlan 20 21 CE1 GigabitEthernet0 0 0 quit Add GE0 0 0 and GE0 0 1 on PE1 to VLAN 20 and VLAN 21 in trunk mode The configurations of PE2 and P are similar to the configuration of PE1 and are not men...

Page 154: ...pass vlan 20 to 21 interface GigabitEthernet0 0 1 interface GigabitEthernet0 0 1 1 bridge 1 bridge vlan transmit enable vlan stacking vid 10 to 30 pe vid 20 interface GigabitEthernet0 0 1 2 bridge 1 bridge vlan transmit enable vlan stacking vid 31 to 50 pe vid 21 remark 8021p 7 return Configuration file of PE1 sysname PE1 vlan batch 20 to 21 interface GigabitEthernet0 0 0 port link type trunk port...

Page 155: ... 0 1 port link type trunk port trunk allow pass vlan 20 to 21 return 4 8 References This section provides the references for QinQ The following table lists the references for the QinQ feature Document Description Remarks IEEE 802 1Q IEEE standard for local and metropolitan area networks Virtual Bridged Local Area Networks IEEE 802 1ad IEEE 802 1ad Virtual Bridged Local Area Networks Provider Bridg...

Page 156: ...enario of GVRP 5 4 Default Configuration This section describes default GVRP settings that can be changed in actual applications 5 5 Configuring GVRP This section describes how to configure the GVRP function 5 6 Maintaining GVRP This section describes how to clear the GVRP statistics 5 7 Configuration Examples This section provides a configuration example for GVRP 5 8 References This section lists...

Page 157: ...2 is configured on Router A and VLAN 1 is configured on Router B and Router C To forward packets of VLAN 2 from Router A to Router C the network administrator must manually create VLAN 2 on Router B and Router C Figure 5 1 Networking of GVRP application RouterA RouterB RouterC When a network is complicated and the network administrator is unfamiliar with the network topology or when many VLANs are...

Page 158: ...ipants VLAN Registration and Deregistration GVRP implements automatic registration and deregistration of VLAN attributes The functions of VLAN registration and deregistration are l VLAN registration adds a port to a VLAN l VLAN deregistration removes a port from a VLAN GVRP registers and deregisters VLAN attributes through attribute declarations and reclaim declarations as follows l When a port re...

Page 159: ...evices to deregister its attributes it sends Leave messages to other devices When the GARP participant receives a Leave message from another participant or some of its attributes are deregistered statically it also sends Leave messages to other devices Leave messages are classified into LeaveEmpty messages and LeaveIn messages The difference between the two types of messages is LeaveEmpty deregist...

Page 160: ...t starts the Leave timer after receiving a Leave or LeaveAll message If the participant does not receive any Join message of the corresponding attribute before the Leave timer expires the participant deregisters the attribute A participant sends a Leave message if one of its attributes is deleted but this attribute may still exist on other participants Therefore the participant receiving the Leave...

Page 161: ...re processed differently in each registration mode as follows l Normal mode Dynamic VLANs can be registered on a port and the port can send declarations of static VLANs and dynamic VLANs l Fixed mode Dynamic VLANs cannot be registered on a port and the port can send only declarations of static VLANs l Forbidden mode Dynamic VLANs cannot be registered on a port All VLANs except VLAN 1 are deleted f...

Page 162: ... value ranges from 2 to 255 in bytes Attribute Event Indicates the event that an attribute describes The value can be l 0 LeaveAll Event l 1 JoinEmpty Event l 2 JoinIn Event l 3 LeaveEmpty Event l 4 LeaveIn Event l 5 Empty Event Attribute Value Indicates the value of an attribute The value is a VLAN ID for GVRP This field is invalid in a LeaveAll attribute End Mark Indicates the end of a GARP PDU ...

Page 163: ... Port 3 sends the first JoinEmpty message to RouterC When the Join timer expires Port 3 restarts the Hold timer When the Hold timer expires again Port 3 sends the second JoinEmpty message After Port 2 receives the second JoinEmpty message RouterB does not take any action because Port 2 has been added to VLAN 2 3 After Port 4 of RouterC receives the first JoinEmpty message RouterC creates dynamic V...

Page 164: ...r Port 3 of RouterB receives the first JoinIn message RouterB adds Port 3 to VLAN 2 and requests Port 2 to start the Join timer and Hold timer When the Hold timer expires Port 2 sends the first JoinIn message to RouterA When the Join timer expires Port 2 restarts the Hold timer When the Hold timer expires again Port 2 sends the second JoinIn message After Port 3 receives the second JoinIn message ...

Page 165: ...outerB because Port 3 is still in VLAN 2 At this time RouterB requests Port 3 to start the Hold timer and Leave timer When the Hold timer expires Port 3 sends a LeaveIn message to RouterC Static VLAN 2 is not deleted from RouterC therefore Port 3 can receive the JoinIn message sent from Port 4 after the Leave timer expires In this case RouterA and RouterB can still learn dynamic VLAN 2 3 After Rou...

Page 166: ...RouterA 5 3 Applications This section describes the applicable scenario of GVRP GVRP enables routers on a network to dynamically maintain and update VLAN information With GVRP you can adjust the VLAN deployment on the entire network by configuring only a few devices You do not need to analyze the topology and manage configurations As shown in Figure 5 9 GVRP is enabled on all devices Devices are i...

Page 167: ...nterfaces You must perform related configurations to ensure that all dynamically registered VLANs can pass the trunk interfaces Procedure Step 1 Run system view The system view is displayed Step 2 Run gvrp GVRP is enabled globally Step 3 Run interface interface type interface number The interface view is displayed Step 4 Run port link type trunk The link type of the interface is set to trunk Step ...

Page 168: ...If the registration mode is set to fixed for a trunk interface the interface allows only the manually configured VLANs to pass even if it is configured to allow all the VLANs to pass l Forbidden In this mode the GVRP interface is disabled from dynamically registering and deregistering VLANs and can transmit only information about VLAN 1 If the registration mode is set to forbidden for a trunk inte...

Page 169: ...ue range of each timer changes with the values of the other timers If a value you set for a timer is not in the allowed range you can change the value of the timer that determines the value range of this timer l To restore the default values of all the GARP timers restore the Hold timer to the default value and then sequentially restore the Join timer Leave timer and LeaveAll timer to the default ...

Page 170: ...nds End 5 5 4 Checking the Configuration Procedure l Run the display gvrp status command to view the status of global GVRP l Run the display gvrp statistics interface interface type interface number to interface type interface number 1 5 command to view the GVRP statistics on an interface l Run the display garp timer interface interface type interface number to interface type interface number 1 5 ...

Page 171: ... Company B can communicate with company A using RouterB and RouterC Interfaces connected to company A allow only the VLAN to which company B belongs to pass Figure 5 10 Networking diagram of GVRP configuration RouterA RouterB RouterC Branch of company A Company A Company B Eth2 0 1 Eth2 0 1 Eth2 0 2 Eth2 0 1 Eth2 0 2 Eth2 0 2 Configuration Roadmap The configuration roadmap is as follows 1 Enable G...

Page 172: ... 1 gvrp RouterA Ethernet2 0 1 gvrp registration normal RouterA Ethernet2 0 1 quit RouterA interface ethernet 2 0 2 RouterA Ethernet2 0 2 gvrp RouterA Ethernet2 0 2 gvrp registration normal RouterA Ethernet2 0 2 quit The configuration of RouterB is similar to that of RouterA Step 3 Configure RouterC Create VLAN 101 to VLAN 200 RouterC system view RouterC vlan batch 101 to 200 Enable GVRP globally R...

Page 173: ... state of each interface number of GVRP registration failures source MAC address of the last GVRP PDU and registration mode of each interface RouterA display gvrp statistics interface ethernet 2 0 1 GVRP statistics on port Ethernet2 0 1 GVRP status Enabled GVRP registrations failed 0 GVRP last PDU origin 0001 0001 0001 GVRP registration type Normal Verify the configurations of RouterB and RouterC ...

Page 174: ... return 5 8 References This section lists references of GVRP The following table lists the references of this document Document Description Remarks IEEE Std 802 1D Information technology Telecommunications and information exchange between systems Local and metropolitan area networks Common specifications Media Access Control MAC Bridges IEEE Std 802 1Q IEEE Standards for Local and Metropolitan Are...

Page 175: ...onfiguration tasks and configuration logic 6 5 Default Configuration This section provides the default STP RSTP configuration You can change the configuration based on your needs 6 6 Configuring STP RSTP This section describes how to configure STP RSTP 6 7 Maintaining STP RSTP This section describes how to view and reset STP RSTP statistics 6 8 Configuration Examples This section provides several ...

Page 176: ...egion to prevent broadcast storms while implementing link redundancy l Route convergence is slow STP or RSTP is used in a scenario where all VLANs share one spanning tree In this situation users or services do not need to be differentiated RSTP l A loop free tree topology is form in an STP region to prevent broadcast storms while implementing link redundancy l RSTP achieves fast network convergenc...

Page 177: ...h the growth in scale of LANs STP has become an important protocol for a LAN Figure 6 1 Typical LAN networking 1 2 3 4 5 Host A Host B S1 S2 port1 port2 port1 port2 Data flow On the network shown in Figure 6 1 the following situations may occur l Broadcast storms cause a breakdown of the network If a loop exists on the network broadcast storms may occur leading to a breakdown of the network In Fig...

Page 178: ...e is the logical center of but is not necessarily at the physical center of the network The root bridge changes dynamically with the network topology After network convergence completes the root bridge generates and sends configuration BPDUs at specific intervals Other devices process and forward the configuration BPDU to communicate the topology changes ensuring a stable network topology Two Metr...

Page 179: ...Root bridge The root bridge is the bridge with the smallest BID The smallest BID is discovered by exchanging configuration BPDUs l Root port The root port on an STP device is the port with the smallest path cost to the root bridge and is responsible for forwarding data to the root bridge The root port is determined based on root path costs of all ports Among all the STP ports on a device the port ...

Page 180: ...tion BPDUs to the LAN S2 is the designated bridge for the LAN and BP2 is the designated port on S2 Figure 6 3 Designated bridge and designated port S1 S2 S3 AP1 AP2 BP1 CP1 BP2 CP2 LAN After the root bridge root ports and designated ports are selected successfully a tree topology is set up on the entire network When the topology is stable only the root port and designated ports forward traffic The...

Page 181: ...non root bridge On the root bridge the path cost of each port is 0 l Smallest sender BID used to select the root port among ports with the same root path cost The port with the smallest BID is selected as the root port in STP calculation For example S2 has a smaller BID than S3 in Figure 6 2 If the BPDUs received on port A and port B of S4 contain the same root path cost port B becomes the root po...

Page 182: ...ffic through the port This is a transitional state which is designed to prevent temporary loops Listening All ports are in Listening state before the root bridge root port and designated port are selected This is a transitional state Blocking A port in Blocking state receives and forwards only BPDUs and does not forward user traffic This is the final state of a blocked port Disabled A port in Disa...

Page 183: ...STP including Forwarding Learning and Discarding Table 6 5 describes the three port states Table 6 5 MSTP port states Port State Description Forwardi ng A port in Forwarding state can forward user traffic and process BPDUs Learning This is a transitional state When a port is in Learning state the device creates MAC address entries based on user traffic received on the port but does not forward use...

Page 184: ...alue is 15 seconds This means that the port stays in the Listening state for 15 seconds and then stays in the Learning state for another 15 seconds The port is blocked when it is in the Listening or Learning state which is key to preventing transient loops l Max Age The Max Age specifies the aging time of BPDUs This parameter can be manually configured on the root bridge The Max Age is spread to t...

Page 185: ...5 bytes long including the parameters such as the BID root path cost and PID A bridge processes a received configuration BPDU only when it finds that at least one of the sender BID and PID is different from that on the local receive port If both fields are the same as those on the receive port the bridge drops the configuration BPDU In this way the bridge does not need to process BPDUs with the sa...

Page 186: ...e that has elapsed since the original BPDU was generated on the root bridge If the configuration BPDU is sent from the root bridge the value of Message Age is 0 Otherwise the value of Message Age is the total time spent to transmit the BPDU from the root bridge to the local bridge including the transmission delay In real world situations the Message Age value of a configuration BPDU increases by 1...

Page 187: ...oot bridge They only transmit and receive BPDUs and do not forward user traffic All ports on the devices are in Listening state Then the devices select the root bridge root ports and designated ports based on configuration BPDUs BPDU Exchange Figure 6 7 shows the initial information exchange process The four parameters in a pair of brackets represent the root ID S1_MAC and S2_MAC are BIDs of the t...

Page 188: ...ach port and calculates the fields in the configuration BPDU based on the configuration BPDU on the root port and path cost of the root port l Replaces the root ID with the root ID in the configuration BPDU on the root port l Replaces the root path cost with the sum of the root path cost in configuration BPDU on the root port and the path cost of the root port l Replaces the sender BID with the lo...

Page 189: ...e illustrates how STP calculation is implemented Figure 6 8 STP networking and calculated topology DeviceA DeviceC DeviceB DeviceA Priority 0 DeviceC Priority 2 DeviceB Priority 1 Port A1 Port A2 Port C1 Port C2 Port B1 Port B2 P a t h c o s t 5 Path cost 4 P a t h c o s t 1 0 root port designated port blocked port Root Bridge STP Topology Calculation As shown in Figure 6 8 DeviceA DeviceB and Dev...

Page 190: ... to its own configuration BPDU 0 0 0 Port A1 so Port A1 discards the received configuration BPDU l Port A2 receives the configuration BPDU 2 0 2 Port C1 from Port C1 and finds it inferior to its own configuration BPDU 0 0 0 Port A2 superior so Port A2 discards the received configuration BPDU l DeviceA finds that the root bridge and designated bridge specified in the configuration BPDUs on its port...

Page 191: ...e calculated configuration BPDU with the original configuration BPDU 1 0 1 Port B2 on Port B2 The calculated configuration BPDU is superior to the original one so DeviceB selects Port B2 as the designated port replaces its configuration BPDU with the calculated one and periodically sends the configuration BPDU from Port B2 l Root port Port B1 0 0 0 Port A1 l Designated port Port B2 0 5 1 Port B2 D...

Page 192: ...ds the received configuration BPDU l Port C1 0 0 0 Port A2 l Port C2 0 5 1 Port B2 l The root path cost of Port C1 is 10 root path cost 0 in the received configuration BPDU plus the link patch cost 10 and the root path cost of Port C2 is 9 root path cost 5 in the received configuration BPDU plus the link patch cost 4 DeviceC finds that Port C2 has a smaller root path cost and therefore considers t...

Page 193: ...e root 1 After the network topology changes a downstream device continuously sends TCN BPDUs to the upstream device 2 The upstream device processes only the TCN BPDUs received on the designated port and drops TCN BPDUs on other ports 3 The upstream device sets the TCA bit of the Flags field in the configuration BPDUs to 1 and returns the configuration BPDUs to instruct the downstream device to sto...

Page 194: ...eploy this protocol A network protocol that clearly defines and distinguishes different situations outperforms the others that fail to do so Ports in the Listening Learning and Blocking states are the same to users because they are all prevented from forwarding service traffic From the perspective of port use and configuration the essential differences between ports lie in the port roles rather th...

Page 195: ...alternate port is blocked after learning a configuration BPDU sent by another bridge A backup port is blocked after learning a configuration BPDU sent by itself From the perspective of user traffic An alternate port acts as a backup of the root port and provides an alternate path from the designated bridge to the root bridge A backup port acts as a backup of the designated port and provides a back...

Page 196: ...arning Learning Root port or designated port Listening Discarding Root port or designated port Blocking Discarding Alternate port or backup port Disabled Discarding Disabled port l RSTP changes the configuration BPDU format and uses the Flags field to describe port roles RSTP retains the basic configuration BPDU format defined in STP and makes minor changes The value of the Type field is changed f...

Page 197: ... any timer that is used in STP l Rapid convergence Proposal agreement mechanism In STP a port that is selected as a designated port needs to wait at least one Forward Delay interval Learning state before it enters the Forwarding state In RSTP the port enters the Discarding state and then the proposal agreement mechanism allows the port to immediately enter the Forwarding state The proposal agreeme...

Page 198: ...e root bridge on a network may receive superior RST BPDUs due to incorrect configurations or malicious attacks When this occurs the root bridge can no longer serve as the root bridge causing an incorrect change of the network topology As a result traffic may be switched from high speed links to low speed links leading to network congestion If root protection is enabled on a designated port the por...

Page 199: ...tching device deletes its MAC address entries and ARP entries after receiving TC BPDUs If an attacker sends a large number of bogus TC BPDUs to the switching device in a short time the device frequently deletes MAC address entries and ARP entries This increases the load of the switching device and threatens network stability After enabling TC BPDU attack defense on a switching device you can set t...

Page 200: ...e their synced variable is set to 1 The synced variable of the root port p1 is also set to 1 and p1 sends an RST BPDU with the Agreement field set to S1 This RST BPDU carries the same information as the one sent from the root bridge S1 except that the Agreement field is set to 1 and the Proposal field is set to 0 7 After S1 receives this RST BPDU it identifies that the RST BPDU is sent in response...

Page 201: ...designated port and repeat the preceding process RST BPDUs are then flooded on the entire network Interoperability with STP RSTP can interoperate with STP but its advantages such as fast convergence are lost when it interoperates with STP On a network has both STP capable and RSTP capable devices STP capable devices drop RST BPDUs If a port on an RSTP capable device receives a configuration BPDU f...

Page 202: ...iguration Task Summary This section describes the STP RSTP configuration tasks and configuration logic Table 6 14 summarizes STP RSTP configuration tasks Table 6 14 STP RSTP configuration task summary Scenario Description Task Configuring basic STP RSTP functions Configure STP RSTP on switching devices on a network to trim the network into a tree topology free from loops 6 6 1 Configuring Basic ST...

Page 203: ...ers for interoperation between Huawei and non Huawei devices To implement interoperation between a Huawei device and a non Huawei device select the fast transition mode based on the Proposal Agreement mechanism of the non Huawei device 6 6 5 Setting Parameters for Interoperation Between Huawei and Non Huawei Devices 6 5 Default Configuration This section provides the default STP RSTP configuration...

Page 204: ...TP By default the working mode of a switching device is MSTP MSTP is compatible with STP and RSTP End 6 6 1 2 Optional Configuring the Root Bridge and Secondary Root Bridge Context The root bridge of a spanning tree is automatically calculated You can also manually specify a root bridge or secondary root bridge l A spanning tree can have only one effective root bridge When two or more devices are ...

Page 205: ...condary root bridge After you run this command the priority value of the device is set to 4096 and cannot be changed End 6 6 1 3 Optional Setting a Priority for a Switching Device Context An STP RSTP network can have only one root bridge which is the logical center of the spanning tree The root bridge should be a high performance switching device deployed at a high network layer however such a dev...

Page 206: ...d it is recommended that you set smaller path cost values for the ports with higher link rates In the Huawei calculation method the link rate determines the recommended value for the path cost Table 6 15 lists the recommended path costs for ports with different link rates Table 6 15 Mappings between link rates and path cost values Link Rate Recommended Path Cost Recommended Path Cost Range Allowab...

Page 207: ...st ranges from 1 to 65535 l When the IEEE 802 1t standard method is used cost ranges from 1 to 200000000 End 6 6 1 5 Optional Setting a Priority for a Port Context In spanning tree calculation priorities of the ports in a ring affect designated port election To block a port on a switching device set a greater priority value than the default priority value for the port Procedure Step 1 Run system v...

Page 208: ...spanning tree changes the forwarding paths for associated VLANs are changed Switching devices need to update the ARP entries corresponding to those VLANs Depending on how switching devices process ARP entries STP RSTP convergence mode can be fast or normal l In fast mode ARP entries to be updated are directly deleted l In normal mode ARP entries to be updated are rapidly aged The remaining lifetim...

Page 209: ...he STP Network Diameter Context Any two terminals on a switching network are connected through a specific path along multiple devices The network diameter is the maximum number of devices between any two terminals A larger network diameter indicates a larger network scale An improper network diameter may cause slow network convergence and affect communication Run the stp bridge diameter command to...

Page 210: ...rk If a switching device does not receive any BPDUs from the upstream device within the timeout interval spanning tree recalculation is performed The timeout interval is calculated as follows Timeout interval Hello time x 3 x Timer Factor Procedure Step 1 Run system view The system view is displayed Step 2 Run stp timer factor factor The Timer Factor value is set This parameter determines the time...

Page 211: ...protocol automatically adjusts these timers When the default network diameter is used the three timers also retain their default values NOTICE To prevent frequent network flapping make sure that the Hello Time Forward Delay and Max Age timer values conform to the following formulas l 2 x Forward Delay 1 0 second Max Age l Max Age 2 x Hello Time 1 0 second Procedure Step 1 Run system view The syste...

Page 212: ...aximum number of connections affecting bandwidth of Eth Trunk 1 is set to 1 the path cost of Eth Trunk 1 is larger than the path cost of Eth Trunk 2 Therefore the two devices perform spanning tree recalculation Then Eth Trunk 1 on deviceB becomes the alternate port and Eth Trunk 2 becomes the root port Figure 6 14 Setting the maximum number of connections in an Eth Trunk Before configuration After...

Page 213: ...onfiguring RSTP parameters that affect RSTP convergence configure basic RSTP functions 6 6 3 1 Setting the RSTP Network Diameter Context Any two terminals on a switching network are connected through a specific path along multiple devices The network diameter is the maximum number of devices between any two terminals A larger network diameter indicates a larger network scale An improper network di...

Page 214: ...tree Sometimes a device cannot receive the BPDU from the upstream device within the timeout interval because the upstream device is busy In this case recalculating the spanning tree will cause a waste of network resources To avoid wasting network resources set a long timeout interval on a stable network If a switching device does not receive any BPDUs from the upstream device within the timeout in...

Page 215: ...ge expires Devices on a ring network must use the same values of Forward Delay Hello Time and Max Age You are not advised to directly change the preceding three timers The three parameters are relevant to the network scale therefore it is recommended that you set the network diameter so that the spanning tree protocol automatically adjusts these timers When the default network diameter is used the...

Page 216: ...has the same bandwidth and deviceA is selected as the root bridge l Eth Trunk 1 has higher bandwidth than Eth Trunk 2 After STP calculation Eth Trunk 1 on deviceB is selected as the root port and Eth Trunk 2 is selected as the alternate port l If the maximum number of connections affecting bandwidth of Eth Trunk 1 is set to 1 the path cost of Eth Trunk 1 is larger than the path cost of Eth Trunk 2...

Page 217: ...nk Type for a Port Context P2P links can implement rapid convergence If the two ports connected by a P2P link are root or designated ports they can transit to the Forwarding state quickly by sending Proposal and Agreement packets This reduces the forwarding delay Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The view of an Ethern...

Page 218: ...d Step 3 Run stp transmit limit packet number The maximum transmission rate of BPDUs BPDUs per second is set for the interface By default an interface sends a maximum of six BPDUs per second NOTE If the same maximum transmission rate of BPDUs needs to be sent for each interface on a device run the stp transmit limit system view command End 6 6 3 7 Switching to the RSTP Mode Context If an interface...

Page 219: ...ng Edge Ports and BPDU Filter Ports Context As defined in RSTP a port that is located at the edge of a network and directly connected to a terminal device is an edge port An edge port does not process configuration BPDUs or participate in RSTP calculation It can transit from the Disable to Forwarding state without any delay Edge ports can still send BPDUs If the BPDUs are sent to another network t...

Page 220: ... 1 Run system view The system view is displayed 2 Run stp edged port default All ports are configured as edge ports By default all ports are non edge ports 3 Run stp bpdu filter default All ports are configured as BPDU filter ports By default all ports are non BPDU filter ports l Configuring a specified port as an edge port and BPDU filter port 1 Run system view The system view is displayed 2 Run ...

Page 221: ...cause bpdu protection interval interval value command in the system view to configure the auto recovery function and set a recovery delay on the port Then a port in error down state can automatically go Up after the delay expires Note the following when setting the recovery delay l By default the auto recovery function is disabled therefore the recovery delay parameter does not have a default valu...

Page 222: ...yed Step 2 Run interface interface type interface number The view of an interface participating in STP calculation is displayed Step 3 Run stp root protection Root protection is enabled on the interface By default root protection is disabled on the interface NOTE Root protection takes effect only on designated ports Root protection and loop protection cannot be configured on the same interface End...

Page 223: ...is displayed Step 2 Run interface interface type interface number The view of the root port or alternate port is displayed Step 3 Run stp loop protection Loop protection is enabled on the root port ore alternate port By default loop protection is disabled on a port NOTE An alternate port is a backup for a root port If a switching device has an alternate port configure loop protection on both the r...

Page 224: ...nected to the upstream device as the root port and blocks all non edge ports Then the root port transitions to the Forwarding state 2 The downstream device responds with an Agreement message After receiving the message the upstream device sets the port connected to the downstream device as the designated port and then the designated port transitions to the Forwarding state On an STP network if a H...

Page 225: ...ut error STP packets End 6 7 2 Monitoring STP RSTP Topology Change Statistics The statistics about STP RSTP topology changes can be viewed If the statistics increase network flapping occurs Procedure l Run the display stp topology change command to view statistics about STP RSTP topology changes l Run the display stp interface interface type interface number brief command to view the spanning tree...

Page 226: ...iscover the loops and block appropriate ports to trim the ring topology into a loop free tree topology The tree topology prevents infinite looping of packets which in turn helps improve packet processing performance Figure 6 16 Networking diagram of basic STP configurations RouterA Eth2 0 1 Network SwitchA STP Blocked port SwitchB Root Bridge Eth2 0 0 SwitchC SwitchD Eth0 0 1 Eth0 0 2 Eth0 0 1 Eth...

Page 227: ...l The path cost value range depends on path cost calculation methods This example uses the Huawei proprietary calculation method and sets the path cost to 200000 l All switching devices on a network must use the same path cost calculation method To use other path cost calculation methods see the list of recommended value ranges for the specific path cost calculation method On RouterA set the path ...

Page 228: ...play stp brief command on SwitchA to view port roles and states Eth0 0 1 is selected as the root port whereas Eth0 0 2 and Eth0 0 3 are selected as designated ports The ports are all in the Forwarding state SwitchA display stp brief MSTID Port Role STP State Protection 0 Ethernet0 0 1 ROOT FORWARDING NONE 0 Ethernet0 0 2 DESI FORWARDING NONE 0 Ethernet0 0 3 DESI FORWARDING NONE Run the display stp...

Page 229: ...et2 0 0 interface Ethernet2 0 1 return l Configuration file of SwitchA sysname SwitchA stp mode stp stp instance 0 root secondary stp pathcost standard legacy interface Ethernet0 0 1 interface Ethernet0 0 2 interface Ethernet0 0 3 return l Configuration file of SwitchB sysname SwitchB stp mode stp stp pathcost standard legacy interface Ethernet0 0 1 interface Ethernet0 0 2 interface Ethernet0 0 3 ...

Page 230: ...ers as standby links Redundant links may cause loops on the network and loops will result in broadcast storms and damage MAC address entries RSTP can be deployed on a network to eliminate loops by blocking some ports As shown in Figure 6 17 loops exist on the network and RouterA SwitchA SwitchB SwitchC and SwitchD are all running RSTP These devices exchange BPDUs to discover the loops and block ap...

Page 231: ...STP mode for the switching devices on the ring network b Configure primary and secondary root bridges c Set a path cost for the ports to block certain ports d Enable RSTP to eliminate loops l Enable RSTP globally l Enable RSTP on all the ports except those connected to terminals NOTE RSTP is not required on the ports connected to terminals because these ports do not need to participate in RSTP cal...

Page 232: ...t calculation method On RouterA set the path cost calculation method to the Huawei proprietary method RouterA stp pathcost standard legacy On SwitchA SwitchB SwitchC and SwitchD set the path cost calculation method to the Huawei proprietary method according to the configuration guide of the switches Set the path cost of Eth0 0 4 on SwitchC and SwitchD to 200000 The detailed configuration is not pr...

Page 233: ...Port Role STP State Protection 0 Ethernet2 0 0 DESI FORWARDING ROOT 0 Ethernet2 0 1 DESI FORWARDING ROOT After RouterA is configured as the root bridge Ethernet2 0 0 connected to SwitchA and Ethernet2 0 1 connected to SwitchB are elected as designated ports through spanning tree calculation End Configuration Files l Configuration file of RouterA sysname RouterA stp mode rstp stp instance 0 root pr...

Page 234: ...ance 0 cost 200000 return l Configuration file of SwitchD sysname SwitchD stp mode rstp stp pathcost standard legacy interface Ethernet0 0 1 interface Ethernet0 0 2 stp disable interface Ethernet0 0 3 stp disable interface Ethernet0 0 4 stp instance 0 cost 200000 return 6 9 References This section provides references for STP RSTP The following table lists the references for STP RSTP Huawei AR530 A...

Page 235: ... and metropolitan area networks Virtual Bridged Local Area Networks IEEE 802 1W IEEE Standard for Local and metropolitan area networks Common specifications Huawei AR530 AR550 Series Industrial Switch Routers Configuration Guide Ethernet Switching 6 STP RSTP Configuration Issue 01 2014 11 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 221 ...

Page 236: ...n task and logic of MSTP 7 5 Default Configuration This section describes the default MSTP configuration You can change the configuration based on actual needs 7 6 Configuring MSTP This section describes the MSTP configuration 7 7 Maintaining MSTP This section describes how to maintain MSTP 7 8 Configuration Examples This section provides several configuration examples of MSTP 7 9 References This ...

Page 237: ...enerated Broadcast storms are prevented and redundancy is achieved l Route convergence is slow STP or RSTP is used in a scenario where all VLANs share one spanning tree In this situation users or services do not need to be differentiated RSTP l In an RSTP region a loop free tree is generated Broadcast storms are prevented and redundancy is achieved l RSTP allows fast convergence of the network top...

Page 238: ...ting bandwidth and causing the failure in forwarding certain VLAN packets Figure 7 1 STP RSTP defect S1 S2 S3 S4 S5 S6 VLAN3 VLAN2 VLAN3 VLAN2 VLAN3 VLAN2 VLAN2 VLAN3 VLAN3 HostC VLAN3 HostB VLAN2 HostA VLAN2 HostD VLAN3 spanning tree root bridge S6 VLAN2 VLAN3 VLAN2 VLAN2 VLAN3 On the network shown in Figure 7 1 STP or RSTP is enabled The broken line shows the spanning tree S6 is the root switchi...

Page 239: ...rt status in the MSTI Figure 7 2 Multiple spanning trees in an MST region S1 S2 S3 S4 S5 S6 VLAN3 VLAN2 VLAN3 VLAN2 VLAN3 VLAN2 VLAN2 VLAN2 VLAN3 VLAN3 HostC VLAN3 HostB VLAN2 HostA VLAN2 HostD VLAN3 spanning tree root bridge S6 spanning tree root bridge S4 VLAN2 VLAN2 VLAN3 VLAN3 As shown in Figure 7 2 MSTP maps VLANs to MSTIs in the VLAN mapping table Each VLAN can be mapped to only one MSTI Thi...

Page 240: ...etween them The switching devices of one MST region have the following characteristics l MSTP enabled l Same region name l Same VLAN MSTI mappings l Same MSTP revision level A LAN can comprise several MST regions that are directly or indirectly connected Multiple switching devices can be grouped into an MST region by using MSTP configuration commands As shown in Figure 7 4 the MST region D0 contai...

Page 241: ... mapped to MSTI 0 Regional Root Regional roots are classified into Internal Spanning Tree IST and MSTI regional roots In the region B0 C0 and D0 on the network shown in Figure 7 6 the switching devices closest to the Common and Internal Spanning Tree CIST root are IST regional roots An MST region can contain multiple spanning trees each called an MSTI An MSTI regional root is the root of the MSTI ...

Page 242: ...ond to one or more VLANs but a VLAN can be mapped to only one MSTI Master Bridge The master bridge is the IST master which is the switching device closest to the CIST root in a region for example S1 shown in Figure 7 4 If the CIST root is in an MST region the CIST root is the master bridge of the region Huawei AR530 AR550 Series Industrial Switch Routers Configuration Guide Ethernet Switching 7 MS...

Page 243: ... using STP or RSTP based on all the nodes As shown in Figure 7 6 the MST regions are connected to form a CST IST An IST resides within an MST region An IST is a special MSTI with the MSTI ID being 0 called MSTI 0 An IST is a segment of the CIST in an MST region As shown in Figure 7 6 the switching devices in an MST region are connected to form an IST Huawei AR530 AR550 Series Industrial Switch Rou...

Page 244: ...rent spanning tree instances Table 7 2 Port roles Port Role Description Root port A root port is the non root bridge port closest to the root bridge Root bridges do not have root ports Root ports are responsible for sending data to root bridges As shown in Figure 7 7 S1 is the root CP1 is the root port on S3 BP1 is the root port on S2 Designate d port The designated port on a switching device forw...

Page 245: ...t A regional edge port is located at the edge of an MST region and connects to another MST region or an SST During MSTP calculation the roles of a regional edge port in the MSTI and the CIST instance are the same If the regional edge port is the master port in the CIST instance it is the master port in all the MSTIs in the region As shown in Figure 7 8 AP1 DP1 and DP2 in an MST region are directly...

Page 246: ...edge port AP1 Master S1 S2 S3 S4 MST Region DP1 DP2 Connect to the CIST root The port is blocked MSTP Port Status Table 7 3 lists the MSTP port status which is the same as the RSTP port status Huawei AR530 AR550 Series Industrial Switch Routers Configuration Guide Ethernet Switching 7 MSTP Configuration Issue 01 2014 11 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 23...

Page 247: ... Port Designated Port Regional Edge Port Alternate Port Backup Port Forwardi ng Yes Yes Yes No No Learning Yes Yes Yes No No Discardi ng Yes Yes Yes Yes Yes NOTE Yes The port supports this status No The port does not support this status 7 2 3 MST BPDUs MSTP calculates spanning trees on the basis of Multiple Spanning Tree Bridge Protocol Data Units MST BPDUs By transmitting MST BPDUs spanning tree ...

Page 248: ...age Age Max Age Hello Time Forward Delay Version 1 Length 0 Version 3 Length MST Configuration Identifier CIST Bridge Identifier CIST Remaining Hops MSTI Configuration Messages may be absent CIST Internal Root Path Cost MST special fields The first 36 bytes of an intra region or inter region MST BPDU are the same as those of an RST BPDU Fields from the 37th byte of an MST BPDU are MSTP specific Th...

Page 249: ...egional Root Identifier 8 Indicates the ID of the regional root switching device on the CIST that is the IST master ID If the root is in this region the CIST Regional Root Identifier is the same as the CIST Root Identifier CIST Port Identifier 2 Indicates the ID of the designated port in the IST Message Age 2 Indicates the lifecycle of the BPDU Max Age 2 Indicates the maximum lifecycle of the BPDU...

Page 250: ... configuration is incorrect a loop probably occurs due to incorrect MSTP calculation By using the stp compliance command you can configure a port on a Huawei datacom device to automatically adjust the MST BPDU format With this function the port automatically adopts the peer BPDU format The following MST BPDU formats are supported by Huawei datacom devices l auto l dot1s l legacy In addition to dot...

Page 251: ...re switching devices exchange MST BPDUs to calculate MSTIs and the CIST l Vectors are described as follows The following vectors participate in the CIST calculation root ID external root path cost region root ID internal root path cost designated switching device ID designated port ID receiving port ID The following vectors participate in the MSTI calculation regional root ID internal root path co...

Page 252: ...e same compare the IDs of regional roots 4 If the IDs of regional roots are the same compare IRPCs 5 If IRPCs are the same compare the IDs of designated switching devices 6 If the IDs of designated switching devices are the same compare the IDs of designated ports 7 If the IDs of designated ports are the same compare the IDs of receiving ports If the priority of a vector carried in the configurati...

Page 253: ... different MSTIs l A port can play different roles or have different status in different MSTIs On an MSTP aware network a VLAN packet is forwarded along the following paths l MSTI in an MST region l CST among MST regions MSTP Responding to Topology Changes MSTP topology changes are processed in the manner similar to that in RSTP For details about how RSTP processes topology changes see 6 2 6 RSTP ...

Page 254: ... device continues to send an agreement After receiving this BPDU the root port enters the Forwarding state 3 The downstream device replies with an agreement After receiving this BPDU the upstream device sets its port connecting to the downstream device to the designated port and the port enters the Forwarding state By default Huawei datacom devices use the fast transition mechanism in enhanced mod...

Page 255: ...e forwarded within MSTI 0 In Figure 7 11 S1 and S2 are devices at the aggregation layer S3 and S4 are devices at the access layer Traffic from VLAN 10 and VLAN 30 is terminated by aggregation devices and traffic from VLAN 40 is terminated by the access device Therefore S1 and S2 can be configured as the roots of MSTI 1 and MSTI 3 and S3 can be configured as the root of MSTI 4 7 4 Configuration Tas...

Page 256: ...convergence 7 6 2 Configuring MSTP Parameters on an Interface Configuring MSTP Protection Functions This section describes how to configure MSTP protection functions You can configure one or more functions 7 6 3 Configuring MSTP Protection Functions Configuring MSTP Interoperability Between Huawei Devices and Non Huawei Devices To communicate with a non Huawei device set proper parameters on the M...

Page 257: ... bridge and secondary root bridge l Set a priority for a switching device in an MSTI The lower the numerical value the higher the priority of the switching device and the more likely the switching device becomes a root bridge the higher the numerical value the lower the priority of the switching device and the less likely that the switching device becomes a root bridge l Set a path cost for a port...

Page 258: ...d 7 6 1 2 Configuring and Activating an MST Region Context An MST region contains multiple switching devices and network segments These switching devices are directly connected and have the same region name same VLAN to instance mapping and the same configuration revision number after MSTP is enabled One switching network can have multiple MST regions You can use MSTP commands to group multiple sw...

Page 259: ...o means the remainder of VLAN ID 1 divided by the value of modulo This formula is used to map a VLAN to the corresponding MSTI The calculation result of the formula is the ID of the mapping MSTI Step 5 Optional Run revision level level The MSTP revision number is set By default the MSTP revision number is 0 If the revision number of the MST region is not 0 this step is necessary NOTICE Changing MS...

Page 260: ...e with the smallest MAC address is used as the root bridge l You can specify multiple secondary root bridges for each spanning tree When the root bridge fails or is powered off the secondary root bridge becomes the new root bridge If a new root bridge is specified the secondary root bridge will not become the root bridge If multiple secondary root bridges are configured the secondary root bridge w...

Page 261: ...idge Therefore set low priorities for these devices A switching device with a high priority is more likely to be selected as the root bridge in an MSTI A smaller priority value indicates a higher priority Procedure Step 1 Run system view The system view is displayed Step 2 Run stp instance instance id priority priority A priority is set for the switching device in an MSTI The default priority valu...

Page 262: ...Rate Recommended Path Cost Recommended Path Cost Range Path Cost Range 10 Mbit s 2000 200 to 20000 1 to 200000 100 Mbit s 200 20 to 2000 1 to 200000 1 Gbit s 20 2 to 200 1 to 200000 10 Gbit s 2 2 to 20 1 to 200000 Higher than 10 Gbit s 1 1 to 2 1 to 200000 If a network has loops it is recommended that you set a relatively large path cost for ports with low link rates Procedure Step 1 Run system vi...

Page 263: ...1 Run system view The system view is displayed Step 2 Run interface interface type interface number The Ethernet interface view is displayed Step 3 Run stp instance instance id port priority priority A port priority is set in an MSTI By default the port priority is 128 The value range of the priority is from 0 to 240 in steps of 16 End 7 6 1 7 Enabling MSTP Context After configuring basic MSTP fun...

Page 264: ... ARP aging probe attempts is not set to 0 ARP implements aging probe for these ARP entries You can run the stp converge fast normal command in the system view to configure the STP RSTP convergence mode By default the normal MSTP convergence mode is used NOTE The normal mode is recommended If the fast mode is adopted ARP entries will be frequently deleted causing the CPU usage on device to reach 10...

Page 265: ... up convergence It is recommended that all devices be configured with the same network diameter Procedure Step 1 Run system view The system view is displayed Step 2 Run stp bridge diameter diameter The network diameter is configured By default the network diameter is 7 NOTE l RSTP uses a single spanning tree instance on the entire network As a result performance deterioration cannot be prevented w...

Page 266: ... following timers are used in spanning tree calculation l Forward Delay specifies the delay before a state transition After the topology of a ring network changes it takes some time to spread the new configuration BPDU throughout the entire network As a result the original blocked port may be unblocked before a new port is blocked When this occurs a loop exists on the network You can set the Forwa...

Page 267: ... By default the value of Forward Delay of the switching device is 1500 centiseconds 2 Run stp timer hello hello time The value of Hello Time of the switching device is set By default the value of Hello Time of the switching device is 200 centiseconds 3 Run stp timer max age max age The value of Max Age of the switching device is set By default the value of Max Age of the switching device is 2000 c...

Page 268: ...imum number of connections in an Eth Trunk Before configuration After configuration RouterA RouterB Eth Trunk1 Eth Trunk2 Alternate port RouterA RouterB Designated port Root port Eth Trunk1 Eth Trunk2 NOTE The maximum number of connections affects only the path cost of an Eth Trunk interface participating in spanning tree calculation and does not affect the actual bandwidth of the Eth Trunk link T...

Page 269: ...es whether to connect to a P2P link The P2P link supports rapid network convergence l If the Ethernet port works in full duplex mode the port is connected to a P2P link In this case force true can be configured to implement rapid network convergence l If the Ethernet port works in half duplex mode you can run stp point to point force true to forcibly set the link type to P2P End 7 6 2 6 Setting th...

Page 270: ...the MSTP mode by using the stp mcheck command In the following cases you need to manually switch the interface back to the MSTP mode manually l The STP enabled device is shut down or disconnected l The STP enabled device is switched to the MSTP mode Procedure l Switching to the MSTP mode in the interface view 1 Run system view The system view is displayed 2 Run interface interface type interface n...

Page 271: ...te This may cause loops on the network leading to broadcast storms Exercise caution when you configure a port as an edge port and BPDU filter port After a port is configured as an edge port and BPDU filter port in the interface view the port does not process or send BPDUs The port cannot negotiate the STP status with the directly connected port on the peer device Exercise caution when you configur...

Page 272: ...e maximum number of hops l The number of remaining hops in a BPDU sent by a non root switching device equals the maximum number of hops minus the number of hops from the non root switching device to the root switching device l If a switching device receives a BPDU in which the number of remaining hops is 0 the switching device will discard the BPDU Therefore the maximum number of hops of a spannin...

Page 273: ...erminal and will not receive BPDUs Attackers may send pseudo BPDUs to attack the switching device If the edge ports receive the BPDUs the switching device configures the edge ports as non edge ports and triggers a new spanning tree calculation Network flapping then occurs BPDU protection can be used to protect switching devices against malicious attacks NOTE Perform the following procedure on all ...

Page 274: ...s to attack the switching device the switching device receives a large number of TC BPDUs within a short time If MAC address entries and ARP entries are deleted frequently the switching device is heavily burdened causing potential risks to the network TC protection is used to suppress TC BPDUs The number of times that TC BPDUs are processed by a switching device within a given time period is confi...

Page 275: ...nterface Context On a network running MSTP a switching device maintains the root port status and status of blocked ports by receiving BPDUs from an upstream switching device If the switching device cannot receive BPDUs from the upstream device because of link congestion or unidirectional link failure the switching device re selects a root port The original root port becomes a designated port and t...

Page 276: ...ing the Configuration Procedure l Run the display stp instance instance id interface interface type interface number brief command to view spanning tree status and statistics End 7 6 4 Configuring MSTP Interoperability Between Huawei Devices and Non Huawei Devices To communicate with a non Huawei device set proper parameters on the MSTP enabled Huawei device 7 6 4 1 Configuring a Proposal Agreemen...

Page 277: ...s a root port and blocks all non edge ports The root port then transitions to the Forwarding state The downstream device responds to the Proposal message with an Agreement message After receiving the message the upstream device sets the port connected to the downstream device as a designated port The designated port then transitions to the Forwarding state When Huawei devices are connected to non ...

Page 278: ...t the other end End 7 6 4 3 Enabling the Digest Snooping Function Context Interconnected Huawei and non Huawei devices cannot communicate with each other if they have the same region name revision number and VLAN to instance mappings but different BPDU keys To address this problem enable the digest snooping function on the Huawei device Perform the following steps on a switching device in an MST r...

Page 279: ...un the reset stp error packet statistics to clears the statistics of error STP packets End 7 7 2 Monitoring the Statistics on MSTP Topology Changes Procedure l Run the display stp instance instance id topology change command to view the statistics about MSTP topology changes l Run the display stp instance instance id interface interface type interface number tc bpdu statistics command to view the ...

Page 280: ...lapping of MAC address tables and damages MAC address entries MSTP can be deployed to eliminate loops MSTP blocks redundant links on a Layer 2 network and trims the network into a loop free tree As shown in Figure 7 13 to load balance traffic of VLANs 2 to 10 and traffic of VLANs 11 to 20 multiple MSTIs are created MSTP defines a VLAN mapping table in which VLANs are associated with spanning tree ...

Page 281: ...ot Switch RouterA MSTI1 MSTI2 Blocked port Blocked port Eth0 0 1 Eth0 0 2 Eth0 0 1 Eth0 0 3 Eth0 0 2 Eth0 0 4 E t h 0 0 4 Eth0 0 3 Eth0 0 2 Eth0 0 1 Eth0 0 2 Eth0 0 1 Eth0 0 3 E t h 0 0 3 MST Region Huawei AR530 AR550 Series Industrial Switch Routers Configuration Guide Ethernet Switching 7 MSTP Configuration Issue 01 2014 11 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co ...

Page 282: ...ces Procedure Step 1 Configure basic MSTP functions 1 Configure the MSTP mode for the devices on the ring network Configure the MSTP mode on RouterA Huawei system view Huawei sysname RouterA RouterA stp mode mstp Configure the MSTP mode on SwitchA SwitchB SwitchC and SwitchD 2 Add all devices to MST region RG1 and create two MSTIs MSTI1 maps to VLAN 2 to 10 and MSTI2 maps to VLAN 11 to 20 Configur...

Page 283: ...aces connected to PCs or set those interfaces as edge ports As shown in Figure 7 13 disable MSTP on interface Eth0 0 2 and Eth0 0 3 of SwitchC or set them as edge ports As shown in Figure 7 13 disable MSTP on interface Eth0 0 2 and Eth0 0 3 of SwitchD or set them as edge ports l Enable MSTP globally Enable MSTP globally on RouterA RouterA stp enable Enable MSTP globally on SwitchA SwitchB SwitchC ...

Page 284: ...otection type The displayed information is as follows RouterA display stp brief MSTID Port Role STP State Protection 0 Ethernet2 0 0 DESI FORWARDING NONE 0 Ethernet2 0 1 DESI FORWARDING NONE 1 Ethernet2 0 0 DESI FORWARDING ROOT 1 Ethernet2 0 1 DESI FORWARDING ROOT 2 Ethernet2 0 0 DESI FORWARDING ROOT 2 Ethernet2 0 1 DESI FORWARDING ROOT In MSTI1 after RouterA is configured as a root bridge RouterA...

Page 285: ... 1 vlan 2 to 10 instance 2 vlan 11 to 20 active region configuration interface Ethernet2 0 0 port link type trunk port trunk allow pass vlan 2 to 20 stp root protection interface Ethernet2 0 1 port link type trunk port trunk allow pass vlan 2 to 20 stp root protection return l Configuration file of SwitchA sysname SwitchA vlan batch 2 to 20 stp instance 1 root secondary stp pathcost standard legac...

Page 286: ...e of SwitchC sysname SwitchC vlan batch 2 to 10 stp pathcost standard legacy stp region configuration region name RG1 instance 1 vlan 2 to 10 instance 2 vlan 11 to 20 active region configuration interface Ethernet0 0 1 port link type trunk port trunk allow pass vlan 2 to 10 interface Ethernet0 0 2 port link type trunk port trunk allow pass vlan 2 to 10 stp disable interface Ethernet0 0 3 port link...

Page 287: ...pe trunk port trunk allow pass vlan 11 to 20 stp instance 2 cost 200000 return 7 9 References This section provides references for STP RSTP The following table lists the references for STP RSTP Document Description Rema rks IEEE 802 1D IEEE Standard for Local and metropolitan area networks Virtual Bridged Local Area Networks IEEE 802 1S IEEE Standard for Local and metropolitan area networks Virtua...

Page 288: ...o of IPSec 8 4 Configuration Task Summary This section describes the configuration task and logic of SEP 8 5 Configuring SEP This section describes the SEP configuration 8 6 Maintaining SEP This section describes how to maintain SEP including clearing SEP statistics 8 7 Configuration Examples This section describes the typical application scenarios of SEP networking requirements and configuration ...

Page 289: ...nce time is affected by the network topology Huawei developed SEP to overcome the disadvantages of the preceding ring network protocols SEP has the following advantages l Applies to diverse complex networks and supports all topologies and network topology query For example a network running SEP can connect to a network running STP RSTP or MSTP Network topology display helps locate blocked interfac...

Page 290: ...hat the link between Router1 and Router5 becomes faulty l If SEP is not deployed on the semi ring CE1 traffic is still transmitted along the original path but NPE1 does not forward traffic causing traffic interruption l If SEP is deployed on the semi ring the blocked interface on Router5 is unblocked enters the Forwarding state and sends link state advertisements LSAs to instruct other nodes on th...

Page 291: ...uter5 NPE2 VRRP peer BFD NPE1 Master Backup IP MPLS Core Core Aggregation Access Backup Master SEP Segment In common SEP networking a physical ring can be configured with only one SEP segment in which only one interface can be blocked If an interface in a complete SEP segment is blocked all service data is transmitted only along the path where the primary edge interface is located The path where t...

Page 292: ...ire network To eliminate redundant links and ensure link connectivity a mechanism used to prevent loops is required Figure 8 2 shows the typical networking of an open ring running SEP The following describes the basic concepts of SEP Figure 8 2 Networking diagram of an open ring running SEP Network Router1 Router2 Router3 Router4 Router5 CE No Neighbor Primary Edge Port Block Port SEP Segment Netw...

Page 293: ...edge interfaces secondary edge interfaces no neighbor primary edge interfaces and no neighbor secondary edge interfaces NOTE Normally edge interfaces and no neighbor edge interfaces belong to different SEP segments Table 8 1 Interface roles Interface Role Sub role Description Edge interface Primary edge interface A SEP segment has only one primary edge interface which is determined by the configur...

Page 294: ...Huawei devices and non Huawei devices or interconnect Huawei devices and devices that do not support SEP Common interface In a SEP segment all interfaces except edge interfaces are common interfaces A common interface monitors the status of the directly connected SEP link When the link status changes the interface sends a topology change notification message to notify its neighbors Then the topolo...

Page 295: ...interface periodically sends LSAs to its neighbor After the state machine of the neighbor goes Up the two interfaces update their LSA databases that is all topology information LSA ACK packet TC packet When the topology of a SEP segment changes the device where the SEP segment and the upper layer network are intersected sends a Topology Change TC packet to notify the upper layer network Then all n...

Page 296: ...ink must send Hello packets to each other as a means of status confirmation If an interface does not receive a Hello packet from an interface at the other end of a link within a specified period the interface considers the other to be Down Neighbor negotiations provide information required to obtain the SEP segment topology Interfaces establish neighbor relationships through neighbor negotiations ...

Page 297: ...ring the primary edge interface is listed first in the topology information displayed on each interface l If the primary edge interface is not elected but the secondary edge interface is elected the secondary edge interface is listed first in the topology information displayed on each interface Linear topology All topologies except ring topologies are linear topologies For interfaces at both ends ...

Page 298: ...ter1 and P1 on Router5 have the same role P1 with a higher MAC address is elected as the primary edge interface After the primary edge interface is selected it periodically sends primary edge interface election packets without waiting for the success of neighbor negotiations A primary edge interface election packet contains the interface role primary edge interface secondary edge interface or comm...

Page 299: ...ode You can configure the interface blocking mode to specify a blocked interface Table 8 5 lists interface blocking modes Table 8 5 Interface blocking mode Interface Blocking Mode Description Specify the interface with the highest priority as the blocked interface SEP compares interface priorities as follows 1 Compares configured interface priority values A larger value indicates a higher priority...

Page 300: ...face to block the interface cannot preempt to be the blocked interface l Preemption After the interface blocking mode is specified whether a specified interface will be blocked is determined by the preemption mode Table 8 6 lists the preemption modes Table 8 6 Preemption mode Preemption Mode Description Non preemption mode When all link faults are rectified or the last two interfaces enabled with ...

Page 301: ...face The specified interface then sends blocking status packets to request the previously blocked interface to transition to the Forwarding state NOTE Only two interfaces on a device can be added to the same SEP segment If one interface is the no neighbor primary edge interface the other interface is the brother interface of the no neighbor primary edge interface Whether the brother interface of t...

Page 302: ...n topology The fault is rectified and the preemption function takes effect After faults occur in the SEP segment and the last faulty interface recovers the blocked interface is preempted and the topology is considered changed Preemption is triggered by the primary edge interface When an interface in a SEP segment receives a preemption packet from the primary edge interface the interface needs to s...

Page 303: ...e NOTE The topology change notification function is configured on devices that connect an upper layer network and a lower layer network If the topology of one network changes devices affected inform the other network of the change Table 8 8 lists the scenarios in which topology changes are reported Huawei AR530 AR550 Series Industrial Switch Routers Configuration Guide Ethernet Switching 8 SEP Con...

Page 304: ...change notification function Suppression of SEP TC Notification Packets Topology changes of a SEP segment are advertised to other SEP segments or upper layer networks A large number of topology change TC notification packets are generated in the following cases l A link becomes disconnected transiently l A SEP segment is attacked by invalid TC notification packets l There are multiple SEP ring net...

Page 305: ...a device to process a specified number of TC notification packets within a specified period By default three TC notification packets with different source addresses are processed in 2s l Avoid the networking scenario having more than three SEP ring networks SEP Multi Instance In common SEP networking shown in Figure 8 6 a physical ring network can be configured with only one SEP segment in which o...

Page 306: ...ach protected instance indicating a VLAN range The topology calculated by a SEP segment is only valid for that SEP segment After different protected instances are configured for SEP segments and the mapping between protected instances and VLANs is set a blocked interface is only valid for the VLANs protected by the SEP segment where the blocked interface resides Data traffic for different VLANs ca...

Page 307: ...otected instance 2 is configured in SEP segment 2 to protect the data from VLAN 201 to VLAN 400 The data is transmitted along path Router3 Router4 As the blocked interface in SEP segment 1 P1 blocks only the data from VLAN 100 to VLAN 200 When a node fault or link fault occurs each SEP segment calculates its own topology independently and the nodes in each SEP segment update their own LSA database...

Page 308: ...r LSA databases After the topology of SEP segment 2 is recalculated the data from VLAN 201 to VLAN 400 is transmitted along path Router3 Router4 8 3 Applications This section describes the applicable scenario of IPSec 8 3 1 Open Ring Networking As shown in Figure 8 9 Router1 to Router5 form an open ring to access a Layer 2 network The two edge devices on the Layer 2 network that is Router1 and Rou...

Page 309: ...alled closed ring networking The networking is at the aggregation layer and is used to aggregate Layer 2 unicast and multicast services When SEP runs at the aggregation layer redundancy protection switching can be implemented at the aggregation layer and the topology of the SEP segment can be displayed On a closed ring network two edge interfaces are located on the same edge device Huawei AR530 AR...

Page 310: ...on switching can be implemented at the access layer and the aggregation layer and the topology of the SEP segment can be displayed If the topology of the access layer changes a node in the SEP segment sends a Flush FDB packet to instruct other nodes in the SEP segment to update their MAC address forwarding tables and ARP tables Edge devices in the SEP segment send TC packets to notify the upper la...

Page 311: ... redundancy protection switching can be implemented at the access layer If the topology of the access layer changes a node in the SEP segment sends a Flush FDB packet to instruct other nodes in the SEP segment to update their MAC address forwarding tables and ARP tables Router1 and Router2 at the edge of the SEP segment send a TC packet to notify the aggregation layer of the topology change in the...

Page 312: ...eds to be configured with a protected instance each protected instance indicating a VLAN range The topology calculated by a SEP segment is only valid for that SEP segment After different protected instances are configured for SEP segments and the mapping between protected instances and VLANs is set a blocked interface is only valid for the VLANs protected by the SEP segment where the blocked inter...

Page 313: ...asic SEP functions are configured on devices the devices start SEP negotiation One of the two interfaces that complete neighbor negotiations last is blocked to eliminate redundant links NOTE When logging in to nodes on a SEP semi ring through Telnet to configure the nodes note the following points l Basic SEP functions need to be configured from the node at one end of the semi ring to the node at ...

Page 314: ...take measures to ensure reliable data transmission Therefore the topology change notification function needs to be enabled on the SEP network 8 5 4 Configuring the Topology Change Notification Function 8 5 Configuring SEP This section describes the SEP configuration 8 5 1 Configuring Basic SEP Functions When there is no faulty link on a ring network running SEP SEP can eliminate loops on the Ether...

Page 315: ...ts but not service packets enhancing SEP security Each SEP segment must be configured with a control VLAN After being added to a SEP segment configured with a control VLAN an interface is added to the control VLAN automatically NOTE On a SEP network that has no neighbor edge interfaces a device that is not in a SEP segment cannot be added to the control VLAN of the SEP segment Otherwise a loop wil...

Page 316: ...ntrol VLAN After an interface is added to a SEP segment configured with a control VLAN the interface is automatically added to the control VLAN If the interface type is trunk in the configuration file the port trunk allow pass vlan command is displayed in the view of the interface added to the SEP segment If the interface type is hybrid in the configuration file the port hybrid tagged vlan command...

Page 317: ...n interface bridge MAC address of the interface interface ID and integrity of the topology database Table 8 10 lists interface roles Table 8 10 Interface roles Interface Role Sub role Description Deployment Scenario Common interface In a SEP segment all interfaces except edge interfaces and blocked interfaces are common interfaces A common interface monitors the status of the directly connected SE...

Page 318: ...terminates packets and sends topology change notification messages to other networks No neighbor primary edge interface An interface at the edge of a SEP segment is a no neighbor edge interface which is determined by the configuration and election The no neighbor primary edge interface terminates packets and sends topology change notification messages to other networks No neighbor primary edge int...

Page 319: ...sure that STP has been disabled on the interface except that the interface is a no neighbor edge interface Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The view of an Ethernet interface added to the SEP segment is displayed Step 3 Optional Run stp disable STP is disabled on the interface Step 4 Run sep segment segment id edge no...

Page 320: ...erface blocking mode Interface Blocking Mode Description Specify the interface with the highest priority as the blocked interface This mode applies to a large scale network After fault recovery the interface with the highest priority in a SEP segment becomes the blocked interface In this mode the priorities of the interfaces in the SEP segment need to be set in advanced Specify the interface in th...

Page 321: ...king mode is set By default one of the interfaces at two ends of the link that is set up last or recovers from a fault last is blocked End Follow up Procedure If the interface with the highest priority is specified to block run the sep segment segment id priority priority command in the view of the interface to be blocked to increase its priority When a fault is rectified the specified interface i...

Page 322: ... needs to be specified in advance l After a network fault is rectified and the preemption action is taken manual preemption no longer takes effect Manual preemption needs to be configured again to ensure that the blocked point can be moved to the specified point after the next fault is rectified This increases the maintenance workload The following conditions must be met to trigger preemption l Th...

Page 323: ...e topology status of a specified SEP segment End 8 5 3 Configuring SEP Multi Instance Applicable Environment In common SEP networking a physical ring can be configured with only one SEP segment in which only one interface can be blocked If an interface in a complete SEP segment is blocked all service data is transmitted only along the path where the primary edge interface is located The path where...

Page 324: ...yed in the SEP segment and protected instances are mapped to different VLANs Data traffic for different VLANs can then be transmitted along different paths NOTE Currently SEP multi instance allows two SEP segments to be configured on a physical ring Different blocked interfaces and priorities need to be configured for the two SEP segments Pre configuration Tasks Before configuring SEP multi instan...

Page 325: ...an upper layer network This function enables the device to notify the peer device of topology changes in the lower layer and upper layer networks All the devices on the network where the peer device resides then delete original MAC addresses and ARP entries and learn new MAC addresses to ensure uninterrupted traffic forwarding 8 5 4 1 Reporting Topology Changes in a Lower Layer Network SEP Topolog...

Page 326: ...s the upper layer network will receive it multiple times This reduces packet processing efficiency on the upper layer network Therefore topology change notifications need to be suppressed Suppressing topology change notifications frees the upper layer network from processing multiple duplicate packets and protects the devices in the SEP segment against topology change notification attacks Run the ...

Page 327: ...8 7 Configuration Examples This section describes the typical application scenarios of SEP networking requirements and configuration roadmap 8 7 1 Example for Configuring SEP on a Closed Ring Network Networking Requirements Generally redundant links are used to connect an Ethernet switching network to an upper layer network to provide link backup and enhance network reliability The use of redundan...

Page 328: ... ring SEP network Block Port Primary Edge Port Router1 Router2 Router3 Router4 Router5 SEP Segment1 GE7 0 1 GE7 0 1 GE7 0 1 GE7 0 1 GE7 0 2 GE7 0 1 GE7 0 2 GE7 0 2 Secondary Edge Port GE7 0 2 GE7 0 2 GE7 0 3 GE7 0 3 GE7 0 3 GE7 0 1 CE1 VLAN 100 Access Aggregation Configuration Roadmap The configuration roadmap is as follows 1 Configure basic SEP functions a Configure SEP segment 1 on Router1 to Ro...

Page 329: ...er3 sep segment1 control vlan 10 Router3 sep segment1 protected instance all Router3 sep segment1 quit Configure Router4 Huawei system view Huawei sysname Router4 Router4 sep segment 1 Router4 sep segment1 control vlan 10 Router4 sep segment1 protected instance all Router4 sep segment1 quit Configure Router5 Huawei system view Huawei sysname Router5 Router5 sep segment 1 Router5 sep segment1 contr...

Page 330: ...t7 0 2 stp disable Router3 GigabitEthernet7 0 2 sep segment 1 Router3 GigabitEthernet7 0 2 quit Configure Router4 Router4 interface gigabitethernet 7 0 1 Router4 GigabitEthernet7 0 1 stp disable Router4 GigabitEthernet7 0 1 sep segment 1 Router4 GigabitEthernet7 0 1 quit Router4 interface gigabitethernet 7 0 2 Router4 GigabitEthernet7 0 2 stp disable Router4 GigabitEthernet7 0 2 sep segment 1 Rout...

Page 331: ...see the configuration files Step 3 Verify the configuration l Run the shutdown command on GE7 0 1 of Router3 to simulate an interface fault and then run the display sep interface command on Router3 to check whether GE7 0 2 of Router3 has switched from the Discarding state to the Forwarding state Router3 display sep interface gigabitethernet 7 0 2 SEP segment 1 Interface Port Role Neighbor Status P...

Page 332: ...erface GigabitEthernet7 0 1 port hybrid tagged vlan 10 100 stp disable sep segment 1 interface GigabitEthernet7 0 2 port hybrid tagged vlan 10 100 stp disable sep segment 1 sep segment 1 priority 128 interface GigabitEthernet7 0 3 port hybrid tagged vlan 100 return l Configuration file of Router4 sysname Router4 vlan batch 10 100 sep segment 1 control vlan 10 protected instance 0 to 4094 interface...

Page 333: ...nect an Ethernet switching network to an upper layer network to provide link backup and enhance network reliability The use of redundant links however may produce loops causing broadcast storms and rendering the MAC address table unstable As a result communication quality deteriorates and services may even be interrupted SEP can be deployed on the ring network to eliminate loops and restore commun...

Page 334: ...GE7 0 1 GE7 0 2 GE7 0 1 GE7 0 2 GE7 0 1 GE7 0 1 GE7 0 3 GE7 0 1 GE7 0 3 GE7 0 1 GE7 0 2 GE7 0 1 GE7 0 2 GE7 0 4 GE7 0 1 GE7 0 2 GE7 0 3 Control VLAN 10 Control VLAN 20 Control VLAN 30 Configuration Roadmap The configuration roadmap is as follows 1 Configure basic SEP functions a Configure SEP segments 1 to 3 and configure VLAN 10 VLAN 20 and VLAN 30 as their respective control VLANs l Configure SE...

Page 335: ...p count d Configure the preemption mode on the device where the primary edge interface is located Configure delayed preemption in SEP segment 1 and manual preemption in SEP segment 2 and SEP segment 3 e Configure the topology change notification function on the edge devices between SEP segments namely Router2 Router3 and Router4 2 Configure the Layer 2 forwarding function on CE1 CE2 and Router1 to...

Page 336: ...EP segments For details about the configuration see the configuration files NOTE l The control VLAN must be a VLAN that has not been created or used but the configuration file automatically displays the command for creating the VLAN l Each SEP segment must be configured with a control VLAN After an interface is added to the SEP segment configured with a control VLAN the interface is automatically ...

Page 337: ...ter4 interface gigabitethernet 7 0 2 Router4 GigabitEthernet7 0 2 stp disable Router4 GigabitEthernet7 0 2 sep segment 1 Router4 GigabitEthernet7 0 2 quit Router4 interface GigabitEthernet 7 0 3 Router4 GigabitEthernet7 0 3 stp disable Router4 GigabitEthernet7 0 3 sep segment 1 Router4 GigabitEthernet7 0 3 quit Router4 interface gigabitethernet 7 0 1 Router4 GigabitEthernet7 0 1 stp disable Router...

Page 338: ...terface to 2 Hop counts of other interfaces increase by steps of 1 in the downstream direction of the primary interface 4 Configure the preemption mode Configure delayed preemption on Router1 Router1 sep segment 1 Router1 sep segment1 preempt delay 30 NOTE l You must set the preemption delay when delayed preemption is used because there is no default delay time l When the last faulty interface rec...

Page 339: ...n see the configuration files Step 3 Verify the configuration After completing the preceding configurations verify the configuration Router1 is used as an example l Run the shutdown command on GE7 0 1 of Router2 to simulate an interface fault and then run the display sep interface command on Router3 to check whether GE7 0 4 of Router3 has switched from the Discarding state to the Forwarding state ...

Page 340: ... 10 100 200 stp disable sep segment 1 interface GigabitEthernet7 0 2 port hybrid tagged vlan 20 200 stp disable sep segment 2 edge primary interface GigabitEthernet7 0 3 port hybrid tagged vlan 10 100 200 stp disable sep segment 1 return l Configuration file of Router3 sysname Router3 vlan batch 10 20 30 100 200 sep segment 1 control vlan 10 protected instance 0 to 4094 sep segment 2 control vlan ...

Page 341: ...nt 1 protected instance 0 to 4094 interface GigabitEthernet7 0 1 port hybrid tagged vlan 30 100 stp disable sep segment 3 edge primary interface GigabitEthernet7 0 2 port hybrid tagged vlan 10 100 200 stp disable sep segment 1 interface GigabitEthernet7 0 3 port hybrid tagged vlan 10 100 200 stp disable sep segment 1 return l Configuration file of Router5 sysname Router5 vlan batch 10 100 200 300 ...

Page 342: ...0 200 stp disable sep segment 2 return l Configuration file of Router7 sysname Router7 vlan batch 20 200 sep segment 2 control vlan 20 protected instance 0 to 4094 interface GigabitEthernet7 0 1 port hybrid tagged vlan 20 200 stp disable sep segment 2 interface GigabitEthernet7 0 2 port hybrid tagged vlan 20 200 stp disable sep segment 2 interface GigabitEthernet7 0 3 port hybrid tagged vlan 200 r...

Page 343: ...d vlan 30 100 stp disable sep segment 3 return l Configuration file of Router10 sysname Router10 vlan batch 30 100 sep segment 3 control vlan 30 protected instance 0 to 4094 interface GigabitEthernet7 0 1 port hybrid tagged vlan 30 100 stp disable sep segment 3 interface GigabitEthernet7 0 2 port hybrid tagged vlan 30 100 stp disable sep segment 3 interface GigabitEthernet7 0 3 port hybrid tagged ...

Page 344: ...ss table unstable As a result communication quality deteriorates and services may even be interrupted SEP can be deployed on the ring network to eliminate loops and restore communication if a link fault occurs NOTE In this example devices at the aggregation layer run the MSTP protocol As shown in Figure 8 17 multiple Layer 2 switching devices form a ring at the access layer and multiple Layer 3 de...

Page 345: ...ogy of the lower layer network changes This ensures uninterrupted traffic forwarding Figure 8 17 Networking diagram of a hybrid ring SEP network Router1 Router2 Router3 Block Port SEP Access SEP Segment1 MSTP Aggregation PE1 PE2 PE4 PE3 No neighbor Primary Edge Port No neighbor Secondary Edge Port Do not Support SEP GE7 0 1 GE7 0 1 GE7 0 1 GE7 0 1 GE7 0 1 GE7 0 1 GE7 0 1 GE7 0 2 GE7 0 2 GE7 0 2 GE...

Page 346: ...P ring to the VLANs c Configure PE3 as the root bridge and PE4 as the backup root bridge 3 Configure the Layer 2 forwarding function on CE and Router1 to Router3 Procedure Step 1 Configure basic SEP functions 1 Configure SEP segment 1 on Router1 to Router3 and configure VLAN 10 as the control VLAN of SEP segment 1 Configure Router1 Huawei system view Huawei sysname Router1 Router1 sep segment 1 Ro...

Page 347: ...3 interface gigabitethernet 7 0 1 Router3 GigabitEthernet7 0 1 stp disable Router3 GigabitEthernet7 0 1 sep segment 1 Router3 GigabitEthernet7 0 1 quit Router3 interface gigabitethernet 7 0 2 Router3 GigabitEthernet7 0 2 stp disable Router3 GigabitEthernet7 0 2 sep segment 1 Router3 GigabitEthernet7 0 2 quit 3 Specify an interface to block On Router1 where the no neighbor primary edge interface of...

Page 348: ...er2 stp region configuration Router2 mst region region name RG1 Router2 mst region active region configuration Router2 mst region quit 2 Create VLANs and add interfaces to VLANs On PE1 create VLAN 100 and add GE7 0 1 GE7 0 2 and GE7 0 3 to VLAN 100 PE1 vlan 100 PE1 vlan100 quit PE1 interface gigabitethernet 7 0 1 PE1 GigabitEthernet7 0 1 port hybrid tagged vlan 100 PE1 GigabitEthernet7 0 1 quit PE...

Page 349: ...and Router1 to Router3 For details about the configuration see the configuration files Step 4 Verify the configuration After the configurations are complete and network becomes stable run the following commands to verify the configuration Router1 is used as an example l Run the shutdown command on GE7 0 1 of Router2 to simulate an interface fault and then run the display sep interface command on R...

Page 350: ...4 interface GigabitEthernet7 0 1 port hybrid tagged vlan 10 100 sep segment 1 edge no neighbor secondary interface GigabitEthernet7 0 2 port hybrid tagged vlan 10 100 stp disable sep segment 1 return l Configuration file of Router3 sysname Router3 vlan batch 10 100 sep segment 1 control vlan 10 protected instance 0 to 4094 interface GigabitEthernet7 0 1 port hybrid tagged vlan 10 100 stp disable s...

Page 351: ...id tagged vlan 100 interface GigabitEthernet7 0 2 port hybrid tagged vlan 100 interface GigabitEthernet7 0 3 port hybrid tagged vlan 100 return l Configuration file of PE3 sysname PE3 vlan batch 100 200 stp instance 0 root primary stp region configuration region name RG1 active region configuration interface GigabitEthernet7 0 1 port hybrid tagged vlan 100 interface GigabitEthernet7 0 2 port hybri...

Page 352: ...g network two SEP segments are configured to process different VLAN services implement load balancing and provide link backup Networking Requirements In common SEP networking a physical ring can be configured with only one SEP segment in which only one interface can be blocked If an interface in a complete SEP segment is blocked all service data is transmitted only along the path where the primary...

Page 353: ...witches Router1 to Router4 is connected to the network SEP runs at the aggregation layer SEP multi instance is configured on Router1 to Router4 to allow for two SEP segments to improve bandwidth efficiency implement load balancing and provide link backup Configuration Roadmap The configuration roadmap is as follows 1 Configure basic SEP functions a Create two SEP segments and a control VLAN on Rou...

Page 354: ...sep segment1 control vlan 10 Router1 sep segment1 quit Configure Router2 Huawei system view Huawei sysname Router2 Router2 sep segment1 Router2 sep segment1 control vlan 10 Router2 sep segment1 quit Configure Router3 Huawei system view Huawei sysname Router3 Router3 sep segment 1 Router3 sep segment1 control vlan 10 Router3 sep segment1 quit Configure Router4 Huawei system view Huawei sysname Rout...

Page 355: ... not mentioned here For details see the configuration files Step 3 Add all the devices on the ring network to the SEP segments and configure interface roles NOTE By default STP is enabled on a Layer 2 interface Before adding an interface to a SEP segment disable STP on the interface On Router1 configure GE7 0 1 as the primary edge interface and GE7 0 3 as the secondary edge interface Router1 inter...

Page 356: ... gigabitethernet 7 0 1 Router1 sep segment2 preempt delay 15 Router1 sep segment2 quit NOTE l In this configuration example an interface fault needs to be simulated and then rectified to implement delayed preemption To ensure that delayed preemption takes effect on the two SEP segments simulate an interface fault in the two SEP segments For example l In SEP segment 1 run the shutdown command on GE...

Page 357: ...GigabitEthernet7 0 1 preempt delay 15 protected instance 1 sep segment 2 control vlan 10 block port sysname Router2 interface GigabitEthernet7 0 1 preempt delay 15 protected instance 2 interface GigabitEthernet7 0 1 port hybrid tagged vlan 10 100 to 500 stp disable sep segment 1 edge primary sep segment 2 edge primary interface GigabitEthernet7 0 3 port hybrid tagged vlan 10 100 to 500 stp disable...

Page 358: ...301 to 500 active region configuration sep segment 1 control vlan 10 protected instance 1 sep segment 2 control vlan 10 protected instance 2 interface GigabitEthernet7 0 1 port hybrid tagged vlan 10 100 to 500 stp disable sep segment 1 sep segment 2 interface GigabitEthernet7 0 2 port hybrid tagged vlan 10 100 to 500 stp disable sep segment 1 sep segment 2 interface GigabitEthernet7 0 3 port hybri...

Page 359: ... vlan 10 100 to 500 stp disable sep segment 1 sep segment 2 return l Configuration file of CE1 sysname CE1 vlan batch 100 to 300 interface GigabitEthernet7 0 1 port hybrid tagged vlan 100 to 300 return l Configuration file of CE2 sysname CE2 vlan batch 301 to 500 interface GigabitEthernet7 0 1 port hybrid tagged vlan 301 to 500 return Huawei AR530 AR550 Series Industrial Switch Routers Configurati...

Page 360: ...r settings of transparent bridging 9 6 Configuring Transparent Bridging Transparent bridges are widely used in Ethernet LANs because they are easy to configure and operate 9 7 Maintaining Transparent Bridging This section describes how to clear traffic statistics on a bridge group to help locate faults in the bridge group 9 8 Configuration Example This section describes the typical application sce...

Page 361: ...ng the existing LAN network Transparent bridging is easy to use and cost effective so it is widely used 9 2 Principles 9 2 1 Basic Principles of Transparent Bridging Forwarding Entry Learning Transparent bridging uses a forwarding table to forward packets A network bridge s forwarding table records the mapping between the MAC address and the packet s outbound interface If an Ethernet frame arrives...

Page 362: ...s added to the network bridge table as shown in Figure 9 2 Figure 9 2 Network bridge learning that PC1 connects to Port1 RouterA Port3 Port4 Port1 Port2 00e0 fcaa aaaa 00e0 fcaa bbbb Source MAC Destination MAC MAC address Port 00e0 fcaa aaaa port1 LAN1 PC 1 LAN1 PC 2 PC 4 LAN2 PC 3 LAN2 Huawei AR530 AR550 Series Industrial Switch Routers Configuration Guide Ethernet Switching 9 Transparent Bridgin...

Page 363: ...ts to Port2 RouterA Port3 Port4 Port1 Port2 00e0 fcaa aaaa 00e0 fcaa bbbb Source MAC Destination MAC MAC address Port 00e0 fcaa aaaa port1 00e0 fcaa bbbb port2 LAN1 PC 1 PC 3 LAN2 LAN1 PC 2 PC 4 LAN2 The network bridge learns the mappings between all MAC addresses and bridge interfaces as shown in Figure 9 4 Huawei AR530 AR550 Series Industrial Switch Routers Configuration Guide Ethernet Switching...

Page 364: ...e forwarding table and the inbound and outbound interfaces of the frame are different the outbound interface forwards the data frame l Broadcast If the received data frame s destination MAC address is a unicast MAC address and cannot be found in the forwarding table or the destination MAC address of the data frame is a multicast or broadcast MAC address the data frame is forwarded using any interf...

Page 365: ...terface MAC forwarding entry l Be configured with static and blackhole MAC address entries l Be enabled with or disabled from dynamic MAC address entry learning l Be configured with the aging time of dynamic MAC entries l Bridge all protocol packets including IP and non IP packets by default 9 2 3 Remote Bridging If LANs in different geographical locations need to communicate with each other at th...

Page 366: ...ansfer Mode ATM can also be used for remote bridging To support remote bridging transparent bridging provides the following functions l Allow Ethernet interfaces Ethernet sub interfaces VLANIF Serial Serial sub interfaces VT Dialer interfaces to be added to bridge groups l Link encapsulation protocols such as Ethernet PPP PPPoA PPPoE and PPPoEoA l 802 1Q VLAN ID transparent transmission l Bridging...

Page 367: ... Bridge if 1 1 1 1 24 RouterB PC1 PC2 PC3 PC4 1 1 1 11 24 1 1 1 13 24 1 1 1 12 24 1 1 1 14 24 Eth2 0 2 PC5 PC6 2 2 2 3 24 2 2 2 4 24 As shown in Figure 9 7 a bridge group and a Bridge if interface are configured on Router A Ethernet2 0 1 and Ethernet2 0 2 connecting two different LANs are added to the bridge group An IP address is configured for the Bridge if interface After the integrated bridgin...

Page 368: ...N ID transparent transmission is enabled on the interfaces of Router A and Router B allowing PC1 and PC2 to communicate with each other 9 3 Applications Transparent bridging allows communication between different LANs Transparent bridging can be configured in four usage scenarios depending on the geographical locations and network segments of LANs Table 9 1 lists the four usage scenarios and selec...

Page 369: ...gure 9 13 Interworking on the Same Network Segment An enterprise has multiple departments located in the same office building but on different floors As businesses develop data communication is required between the terminals within the same department and between some departments Due to information security information in some departments need to be isolated with that in the other departments In t...

Page 370: ...t and therefore they can be bridged to communicate with each other Enterprise B however belongs to a LAN on a different network segment Therefore link layer bridging cannot meet the requirement of the communication between Enterprise A and Enterprise B In this case you can configure local bridging integrated with IP routing to achieve the communication between Enterprise A and Enterprise B Figure ...

Page 371: ...4 User 2 1 1 1 2 24 User 4 1 1 1 4 24 User 3 1 1 1 3 24 Remote Users in the Same VLAN on the Same Network Segment To allow users in the same department the same VLAN to communicate with each other and to isolate users in different departments different VLANs VLAN ID transparent transmission must be enabled As shown in Figure 9 12 User 1 User 2 User 3 and User 4 are on the same network segment User...

Page 372: ...twork segment and therefore they can be bridged to communicate with each other Enterprise C however belongs to a LAN on a different network segment Therefore link layer bridging cannot meet the requirement of the communication between Enterprise A and Enterprise C In this case you can configure remote bridging integrated with IP routing to achieve the communication between Enterprise A and Enterpr...

Page 373: ... on different network segments to communicate with each other 9 6 2 Configuring Local Bridging Integrated with IP Routing 9 5 Default Configuration This section provides default parameter settings of transparent bridging Table 9 3 Default parameter settings of transparent bridging Parameter Default Setting Briding function for a specified network protocol Enabled for all protocols Routing function...

Page 374: ...ridge group is a virtual group It can forward packets only after interfaces have been added to the group As shown in Figure 9 14 the following methods can be used to add users to a bridge group l Directly add users to the bridge group User 3 uses this method l Use a VLAN to add users to the bridge group Create a VLAN on a bridge and add users to the VLAN Users then connect to the bridge group thro...

Page 375: ...of interfaces can be added to the same bridge group Layer 2 interfaces cannot be added to a bridge group End 9 6 1 3 Optional Disabling a Bridge Group from Bridging Specified Protocol Packets Context To allow a bridge group to forward specified protocol packets enable the function that bridges the protocol packets on the bridge group If a bridge group is disabled from bridging specified protocol p...

Page 376: ... Procedure Step 1 Run system view The system view is displayed Step 2 Run bridge bridge id The bridge group view is displayed Multiple devices can use the same bridge number Step 3 Run mac address learning disable Dynamic MAC address learning is disabled By default dynamic MAC address learning is enabled for a bridge group Step 4 Run quit Return to the system view Step 5 Configure a MAC address en...

Page 377: ...edure l Run the display bridge bridge id information command to view information about the bridge group l Run the display bridge traffic bridge birdge id interface interface type interface number command to view the traffic statistics on a specified interface in the bridge group End 9 6 2 Configuring Local Bridging Integrated with IP Routing Configuring local bridging integrated with IP routing al...

Page 378: ...a bridge and add users to the VLAN Users then connect to the bridge group through the VLANIF interface User 1 and User 2 use this method l Use Ethernet sub interfaces to add users to the bridge group This method is used when flows on a physical interface need to be differentiated using sub interfaces User 4 uses this method Figure 9 15 Networking diagram for adding users to bridge groups RouterA U...

Page 379: ...ration Procedure Step 1 Run system view The system view is displayed Step 2 Run bridge bridge id The bridge group view is displayed Step 3 Run routing ip IP routing is enabled for the bridge group The IP routing function cannot be configured if any of member interfaces in the bridge group has an IP address Before configuring the IP routing function delete the IP addresses of these member interface...

Page 380: ...e id The bridge group view is displayed Step 3 Run bridging ip others disable The bridge group is disabled from bridging specified protocol packets By default a bridge group bridges all protocol packets End 9 6 2 5 Optional Configuring a MAC Address Table for a Bridge Group Context By default dynamic MAC address learning is enabled for a bridge group When a network is insecure and vulnerable to at...

Page 381: ...ion l Run mac address blackhole mac address bridge bridge id A blackhole MAC address entry is configured for a bridge group By default no blackhole MAC address entry is configured l Run mac address aging time seconds bridge The aging time is configured for a dynamic MAC entry The configured aging time takes effect on the dynamic MAC address entries of all bridge groups End 9 6 2 6 Checking the Con...

Page 382: ...e the same bridge number End 9 6 3 2 Adding a LAN side Interface to a Bridge Group Context A bridge group is a virtual group It can forward packets only after interfaces have been added to the group As shown in Figure 9 16 the following methods can be used to add users to a bridge group l Directly add users to the bridge group User 1 uses this method l Use a VLAN to add users to the bridge group C...

Page 383: ...e bridge id An interface is added to a bridge group A maximum of 20 interfaces can be added to a bridge group Different types of interfaces can be added to the same bridge group Layer 2 interfaces cannot be added to a bridge group Ethernet sub interfaces and GE sub interfaces configured to terminate QinQ tags do not support transparent bridging End Huawei AR530 AR550 Series Industrial Switch Route...

Page 384: ...id The Ethernet interface is added to the bridge group l Add a PPP interface to a bridge group 1 Run link protocol ppp PPP is enabled on the interface 2 Run bridge bridge id The PPP interface is added to the bridge group A maximum of 20 interfaces can be added to a bridge group Different types of interfaces can be added to the same bridge group Layer 2 interfaces cannot be added to a bridge group ...

Page 385: ...dge group the outbound interface does not remove the VLAN IDs of the packets to be sent out Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run bridge vlan transmit enable VLAN ID transparent transmission is enabled NOTE l VLANIF interfaces do not support VLAN ID transparent transmission l It ...

Page 386: ... interface number bridge bridge id A static MAC address entry is configured for a bridge group By default no static MAC address entry is configured In a bridge group each MAC address entry can be configured as only one static entry If the MAC address entry is configured as a static entry repeatedly the last configuration overwrites the previous configuration l Run mac address blackhole mac address...

Page 387: ...oup is a virtual group It can forward packets only after interfaces have been added to the group Procedure Step 1 Run system view The system view is displayed Step 2 Run bridge bridge id A bridge group is created and the bridge group view is displayed If the bridge group specified by bridge id exists the bridge group view is displayed Multiple devices can use the same bridge number End 9 6 4 2 Add...

Page 388: ...od Figure 9 17 Networking diagram for adding users to bridge groups RouterB User 5 Network RouterA User 1 User 4 User 2 User 3 VLAN 11 Perform the following steps on the user side interface of the device Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The user side interface view is displayed Step 3 Run bridge bridge id An interfac...

Page 389: ...termediate link Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The view of the network side interface is displayed Step 3 Perform the following operations depending on the type of interface l Add an Ethernet interface to a bridge group 1 Run bridge bridge id The Ethernet interface is added to the bridge group l Add a PPP interface...

Page 390: ...ember interfaces in the bridge group has an IP address Before configuring the IP routing function delete the IP addresses of these member interfaces Step 4 Run quit Return to the system view Step 5 Run interface bridge if bridge id A Bridge if interface is created and the Bridge if interface view is displayed Step 6 Run ip address ip address mask mask length An IP address is configured for the Bri...

Page 391: ...idges all protocol packets End 9 6 4 6 Optional Configuring a MAC Address Table for a Bridge Group Context By default dynamic MAC address learning is enabled for a bridge group When a network is insecure and vulnerable to attacks you can disable dynamic MAC address learning and use static MAC address entries for traffic forwarding Procedure Step 1 Run system view The system view is displayed Step ...

Page 392: ...ed for a dynamic MAC entry The configured aging time takes effect on the dynamic MAC address entries of all bridge groups End 9 6 4 7 Checking the Configuration Prerequisites The configurations for remote bridging integrated with IP routing are complete Procedure l Run the display interface bridge if bridge id command to check information about the Bridge if interface l Run the display bridge brid...

Page 393: ...d in any view to check the static dynamic or blackhole MAC address entry of a specified bridge group l Run the display mac address mac address interface type interface number bridge bridge id verbose command or display mac address static dynamic interface type interface number bridge bridge id verbose command in any view to check the static or dynamic MAC address entry of a specified bridge group ...

Page 394: ...t floors As business expands for the enterprise data communication is required between terminals within the same department and between some departments To keep information secure information in some departments needs to be isolated from that in the other departments Users that require communication with each other need to be added to the same bridge group so that they can communicate with each ot...

Page 395: ...th2 0 1 and Eth2 0 2 to VLAN 11 RouterA vlan 11 RouterA vlan11 quit RouterA interface ethernet 2 0 1 RouterA Ethernet2 0 1 port link type access RouterA Ethernet2 0 1 port default vlan 11 RouterA Ethernet2 0 1 quit RouterA interface ethernet 2 0 2 RouterA Ethernet2 0 2 port link type access RouterA Ethernet2 0 2 port default vlan 11 RouterA Ethernet2 0 2 quit 3 Add VLANIF 11 and Eth4 0 0 to bridge...

Page 396: ...rface total 1 interface s in the bridge Ethernet3 0 0 Up After the preceding configuration is complete User 1 User 2 and User 3 can ping each other User 3 cannot ping User 4 Configuration Files Configuration file of RouterA sysname RouterA vlan batch 11 bridge 1 bridge 2 interface Vlanif11 bridge 1 interface Ethernet2 0 1 port link type access port default vlan 11 interface Ethernet2 0 2 port link...

Page 397: ...assigned IP addresses and the IP routing function is enabled the two hosts of Enterprise A can communicate with the hosts of Enterprises B Figure 9 19 Networking diagram of local bridging integrated with IP routing RouterA Eth2 0 1 User 1 User 2 10 1 1 1 24 10 1 1 2 24 Eth2 0 2 Eth3 0 0 User 3 10 1 3 3 24 Enterprise B Enterprise A Bridge if Configuration Roadmap The configuration roadmap is as fol...

Page 398: ...RouterA RouterA interface ethernet 3 0 0 RouterA Ethernet3 0 0 undo portswitch RouterA Ethernet3 0 0 ip address 10 1 3 1 255 255 255 0 RouterA Ethernet3 0 0 quit Create Bridge if interface 1 and configure an IP address for it RouterA interface bridge if 1 RouterA Bridge if1 ip address 10 1 1 3 255 255 255 0 RouterA Bridge if1 quit 2 Verify the configuration After the preceding configurations are c...

Page 399: ...e in a different location than User 1 and User 2 Configuring remote bridging allows User 1 and User 2 to communicate with User 3 and User 4 Figure 9 20 Networking diagram of remote bridging RouterB RouterA Serial3 0 0 Serial3 0 0 Eth2 0 1 IP Core Network User 1 10 1 1 1 24 User 2 10 1 1 2 24 User 4 10 1 1 4 24 User 3 10 1 1 3 24 Eth2 0 2 Eth2 0 1 Eth2 0 2 Configuration Roadmap The configuration ro...

Page 400: ... 2 Configure RouterB Create bridge group 1 Huawei system view Huawei sysname RouterB RouterB bridge 1 RouterB bridge1 quit Add Eth2 0 2 and Eth2 0 1 to VLAN 11 to allow the communication between User 3 and User 4 RouterB vlan 11 RouterB vlan11 quit RouterB interface ethernet 2 0 2 RouterB Ethernet2 0 2 port link type access RouterB Ethernet2 0 2 port default vlan 11 RouterB Ethernet2 0 2 quit Rout...

Page 401: ...outerB vlan batch 11 bridge 1 interface Vlanif11 bridge 1 interface Ethernet2 0 1 port link type access port default vlan 11 interface Ethernet2 0 2 port link type access port default vlan 11 interface Serial3 0 0 bridge 1 link protocol ppp return 9 8 4 Example for Configuring Remote Bridging with IP Routing Configuring remote bridging with IP routing allows LANs in different geographical location...

Page 402: ...f Eth2 0 1 RouterB Eth3 0 0 User 4 User 1 User 2 10 1 1 1 24 10 1 1 2 24 10 1 2 4 24 Network Eth2 0 2 Eth2 0 0 Enterprise A Enterprise C Configuration Roadmap The configuration roadmap is as follows 1 Configure bridge groups on RouterA and RouterB 2 Add Ethernet 2 0 1 and Ethernet 2 0 2 on Router A to a bridge group so that the two hosts of Enterprise A can communicate with each other 3 Add Ethern...

Page 403: ... then configure IP addresses for the two Bridge if interfaces RouterA interface bridge if 1 RouterA Bridge if1 ip address 10 1 1 3 255 255 255 0 RouterA Bridge if1 quit RouterA interface bridge if 2 RouterA Bridge if2 ip address 10 1 2 3 255 255 255 0 RouterA Bridge if2 quit 2 Configure RouterB Create bridge group 2 and enable the IP routing function for the bridge groups Huawei system view Huawei...

Page 404: ...s port default vlan 11 interface Bridge if1 ip address 10 1 1 3 255 255 255 0 interface Bridge if2 ip address 10 1 2 3 255 255 255 0 interface Ethernet3 0 0 bridge 2 return Configuration file of RouterB sysname RouterB vlan batch 11 bridge 2 routing ip interface Vlanif11 bridge 2 interface Ethernet2 0 0 port link type access port default vlan 11 interface Ethernet3 0 0 bridge 2 return Huawei AR530...

Page 405: ...4 belong to the other VLAN To allow users in the same VLAN to communicate with each other and isolate users in different VLANs remote bridging and VLAN ID transparent transmission can be enabled In this manner User 1 can only communicate with User 3 and User 2 can only communicate with User 4 Figure 9 22 Networking diagram for remote bridging RouterB User 2 User 1 RouterA Eth2 0 0 User 3 User 4 Et...

Page 406: ...ge 1 RouterA Ethernet2 0 0 bridge vlan transmit enable RouterA Ethernet2 0 0 quit 2 Configure Switch 1 Create VLANs Huawei system view Huawei sysname Switch1 Switch1 vlan 11 Switch1 vlan11 quit Switch1 vlan 12 Switch1 vlan12 quit Add Ethernet1 0 1 to VLAN 11 and Ethernet1 0 2 to VLAN 12 Switch1 interface ethernet 1 0 1 Switch1 Ethernet1 0 1 port link type access Switch1 Ethernet1 0 1 port default ...

Page 407: ... Ethernet1 0 1 quit Switch2 interface ethernet 1 0 2 Switch2 Ethernet1 0 2 port link type access Switch2 Ethernet1 0 2 port default vlan 12 Switch2 Ethernet1 0 2 quit Configure Ethernet1 0 3 to allow the packets from VLAN 11 and VLAN 12 to pass through Switch2 interface ethernet 1 0 3 Switch2 Ethernet1 0 3 port link type trunk Switch2 Ethernet1 0 3 port trunk allow pass vlan 11 to 12 Switch2 Ether...

Page 408: ...lan 12 interface Ethernet1 0 3 port link type trunk port trunk allow pass vlan 11 to 12 return Configuration file of Switch 2 sysname Switch2 vlan batch 11 to 12 interface Ethernet1 0 1 port link type access port default vlan 11 interface Ethernet1 0 2 port link type access port default vlan 12 interface Ethernet1 0 3 port link type trunk port trunk allow pass vlan 11 to 12 return Huawei AR530 AR5...

Reviews:

No comments

Brands by name

Popular brands

Load more brands