HP Switch Software Advanced Traffic Management Guide K/KA/KB.15.15 Abstract This switch software guide is intended for network administrators and support personnel, and applies to the switch models listed on this page unless otherwise noted. This guide does not provide information about upgrading or replacing switch hardware. The information in this guide is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents 1 Static Virtual LANs...................................................................................15 General steps for using VLANs.................................................................................................15 Configuring VLANs............................................................................................................15 Per-port static VLAN configuration options........................................................................
VLAN tagging considerations:........................................................................................55 Special VLAN types...........................................................................................................57 VLAN support and the default VLAN...............................................................................57 The primary VLAN........................................................................................................57 The secure Management VLAN.
Selecting MSTP as the spanning tree mode............................................................................79 Clearing spanning tree debug counters.................................................................................79 Resetting the configuration name of the MST region in which a switch resides............................79 Designating the revision number of the MST region for a switch...............................................79 Setting the spanning tree compatibility mode.........
Configuring loop protection...................................................................................................104 Enabling loop protection in port mode................................................................................105 Enabling loop protection in VLAN mode.............................................................................106 Changing modes for loop protection..................................................................................
Viewing status for a specific VLAN................................................................................144 Viewing status for a specific port list..............................................................................145 Viewing status per-port per-VLAN .................................................................................146 Viewing BPDU status and related information.......................................................................
Using QoS to classify and prioritize network traffic...............................................................188 Applying QoS to inbound traffic at the network edge...........................................................189 Preserving QoS in outbound traffic in a VLAN.....................................................................189 Using QoS to optimize existing network resources................................................................
VLAN and untagged VLAN environments.......................................................................243 Classifier-based traffic marking..........................................................................................244 No override....................................................................................................................244 Global QoS restrictions....................................................................................................245 All switches......
Viewing the status of all stack-enabled switches discovered in the IP subnet ..................................264 Viewing the status of the Commander and current members of the Commander’s stack..................265 Viewing stack status and configuring a Commander switch (Menu)..............................................265 Configuring a Commander switch...........................................................................................266 Making a switch a Commander...............................
Removing a Member or the Standby..............................................................................295 Removing the Commander...........................................................................................295 Renumbering stack members.............................................................................................295 Restoring the operation of a stack......................................................................................
Viewing the configuration for a particular VLAN.......................................................................331 Viewing the VLAN membership of one or more ports.................................................................332 Viewing spanning tree status..................................................................................................332 About QinQ........................................................................................................................
Show smart link flush-statistics............................................................................................376 Show receive control........................................................................................................376 Clear command...................................................................................................................376 Overview....................................................................................................................
Show spanning-tree instance IST...................................................................................412 Show spanning-tree instance 1.....................................................................................412 Show spanning-tree instance 2.....................................................................................412 Show spanning-tree MST-config.....................................................................................413 Cisco 3750 (IDF4WEST)...................
1 Static Virtual LANs NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. General steps for using VLANs VLANs enable grouping users by logical function instead of physical location.
Figure 1 Comparing per-port VLAN options with and without GVRP Table 1 Per-port VLAN configuration options Parameter Effect on port participation in designated VLAN Tagged Allows the port to join multiple VLANs. Untagged • Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN. • A port can be an untagged member of only one port-based VLAN. • A port can be an untagged member of only one protocol-based VLAN for any given protocol type.
Primary VLAN The Primary VLAN is the VLAN the switch uses to run and manage these features and data. Management VLAN Configuring a secure Management VLAN creates an isolated network for managing the HP switches that support this feature. 802.1Q VLAN ID The VLAN identification number, or VID. Name The default or specified name assigned to the VLAN. For a static VLAN, the default name consists of VLAN-x where x matches the VID assigned to that VLAN.
Displays VLAN information for an individual port or a group of ports, either cumulatively or on a detailed per-port basis. port-list Specifies a single port number or a range of ports (for example, a1-a16) , or all for which to display information. detail Displays detailed VLAN membership information on a per-port basis. Descriptions of items displayed by the command are: Port name The user-specified port name, if one has been assigned. 18 VLAN ID The VLAN identification number, or VID.
Example 2 Viewing VLAN ports (cumulative listing) HP Switch(config)#:show vlan ports a1-a24 Status and Counters - VLAN Information - for ports A1-A24 VLAN ID ------1 10 15 Name -------------------DEFAULT_VLAN VLAN_10 VLAN_15 | + | | | Status ---------Port-based Port-based Protocol Voice ----No Yes No Jumbo ----No No No Example 3 Viewing VLAN ports (detailed listing) HP Switch(config)#:show vlan ports a1-a3 detail Status and Counters - VLAN Information - for ports A1 VLAN ID ------1 10 Name ----------
Jumbo Indicates whether a VLAN is configured for Jumbo packets. Port Information Lists the ports configured as members of the VLAN. DEFAULT Shows whether a port is a tagged or untagged member of the listed VLAN. Unknown VLAN Shows whether the port can become a dynamic member of an unknown VLAN for which it receives an advertisement. GVRP must be enabled to allow dynamic joining to occur. Status Shows whether the port is participating in an active link.
Specifies the order you want information to display for the show vlans command. Displays information for one port or a range of ports. If port-list is not specified, all ports display.
Fields that can be included in the customized display: Field Display Example Default width id VLAN id 5 6 name VLAN name Vlan55 32 status Status Port-based 10 voice Voice enabled No 5 jumbo Jumbos enabled No 5 ipconfig How the IP address was configured Manual 10 ipaddr (IPv4) DHCP/BootP The IP addresses 10.10.10.3 ipaddr (IPv6) ipmask Disabled fe80::212:79ff:fe8d:8000 The subnet masks 255.255.255.
Example 7 Wrapping column headers The total output wraps if it is longer than the terminal width; it is not truncated.
If GVRP is enabled, this setting includes any dynamic VLANs on the switch. As part of implementing a new setting, you must execute a write memory command to save the new value to the startup-config file, and then reboot the switch. NOTE: If multiple VLANs exist on the switch, you cannot reset the maximum number of VLANs to a value smaller than the current number of VLANs. Example 9 Changing the number of allowed VLANs Shows the command sequence for changing the number of VLANs allowed to 10.
1. From the Main Menu select 2. Switch Configuration —> 8. VLAN Menu … —> 2. VLAN Names If multiple VLANs are not yet configured, you will see a screen similar to Figure 2 (page 25). Figure 2 The default VLAN names screen 2. Press A (for Add). You will be prompted for a new VLAN name and VLAN ID: 802.1Q VLAN ID : 1 Name : _ 3. Type a VID (VLAN ID number). This can be any number from 2 to 4094 that is not already being used by another VLAN (the switch reserves 1 for the default VLAN).
Changing VLAN support settings (Menu) The following procedure provides instructions for changing the maximum number of VLANs to support, changing the primary VLAN selection, and enabling or disabling dynamic VLANs. 1. From the Main Menu select: 2. Switch Configuration —> 8. VLAN Menu … —> 1. VLAN Support You see the following screen: Figure 4 The default VLAN Support screen 2.
Figure 5 VLAN menu screen indicating the need to reboot the switch 4. • If you changed the VLAN Support option, you must reboot the switch before the maximum VLANs change takes effect. You can go on to configure other VLAN parameters first, but you must reboot the switch when you finish. • If you did not change the VLAN Support option, a reboot is not necessary. Press 0 to return to the Main Menu.
NOTE: If you create an IPv4 protocol VLAN, you must assign the ARP protocol option to it to provide IP address resolution. Otherwise, IP packets are not deliverable. A Caution message appears in the CLI if you configure IPv4 in protocol VLAN that does not already include the ARP protocol option. The same message appears if you add or delete another protocol in the same VLAN. name ascii-name-string When included in a vlan command to create a new static VLAN, this command specifies a non-default VLAN name.
CAUTION: Prior to deleting a static VLAN, re-assign all ports in the VLAN to another VLAN. Example 13 Deleting a static VLAN Using Figure 3 (page 25), if ports B1-B5 belong to both VLAN 2 and VLAN 3, and ports B6-B10 belong to VLAN 3, deleting VLAN 3 causes the CLI to prompt you to approve moving ports B6 B10 to VLAN 1 (the default VLAN). (Ports B1-B5 are not moved because they still belong to another VLAN.
forbid port-list Used in port-based VLANs configures port-list as forbidden, to become a member of the specified VLAN, as well as other actions. Does not operate with option not allowed protocol VLANs. The no version sets the port to either No or (if GVRP is enabled) to Auto. auto port-list Available if GVRP is enabled on the switch. Returns the per-port settings for the specified VLAN to Auto operation. Auto is the default per-port setting for a static VLAN if GVRP is running on the switch.
Interaction with other features This feature affects management access to the switch as follows: • IP—SNMP, Telnet, SSH, HTTP, TFTP, SCP, SFTP • Routing—RIP, OSPF, PIM, VRRP When the disable layer3 command is configured on a VLAN, the behavior is as if no IP address were configured for that VLAN. There is no other change in behavior. Syntax: [no] disable layer3 vlan [ vid vid range] In config context, turns off Layer 3 routing for the specified VLAN or VLANs.
Example 19 Viewing IPv6 Layer 3 status for a VLAN HP Switch(config)#: show ipv6 Internet (IPv6) Service IPv6 Routing Default Gateway ND DAD DAD Attempts : Disabled : : Enabled : 3 Vlan Name IPv6 Status Layer 3 Status : DEFAULT_VLAN : Disabled : Enabled Vlan Name IPv6 Status Layer 3 Status : layer3_off_vlan : Disabled : Disabled Address Origin ---------- + manual autoconfig | Address | IPv6 Address/Prefix Length Status ------------------------------------------- ----------| abcd::1234/32 tentative | f
1. From the Main Menu select: 2. Switch Configuration —> 8. VLAN Menu … —> 3. VLAN Port Assignment You will see a screen similar to the following: Figure 6 Port-based VLAN port assignment screen in the menu interface NOTE: The "VLAN Port Assignment" screen displays up to 32 static, port-based VLANs in ascending order, by VID. If the switch configuration includes more than 32 such VLANs, use the following CLI command to list data on VLANs having VIDs numbered sequentially higher than the first 32.
Example 20 Viewing port-based VLAN assignments for specific ports Deleting multiple VLANs This command provides the ability to add or delete interfaces from multiple tagged or untagged VLANs or SVLANs using a single command. Interfaces can be added or deleted up to 256 VLANs at a time. If more than 256 VLANs are specified, an error displays. The command option forbid prevents specified ports from becoming members of specified VLANs or SVLANs when used with GVRP.
Syntax [no]interface > • The specified interfaces are added to existing VLANs or SVLANs. If a VLAN or SVLAN does not exist, an error message displays. • The [no] option removes the specified interfaces from the specified VLANs or SVLANs. • The forbid option prevents an interface from becoming a member of the specified VLANs or SVLANs. It is executed in interface context.
Configuring a secure Management VLAN Preparation 1. 2. 3. 4. 5. 6. Determine a VID and VLAN name suitable for your Management VLAN. Plan your topology to use HP switches that support Management VLANs. Include only the following ports: • Ports to which you will connect authorized management stations, such as Port A7 in Example 46 (page 58). • Ports on one switch that you will use to extend the Management VLAN to ports on other HP switches, such as ports A1 and Example 46 (page 58).
Example 26 Switch configuration You have configured a VLAN named My_VLAN with a VID of 100 and want to configure the switch to do the following: • Use My_VLAN as a Management VLAN (tagged, in this case) to connect port A1 on switch "A" to a management station. The management station includes a network interface card with 802.1Q tagged VLAN capability.
Example 28 DHCP server on a Management VLAN If Blue_VLAN is configured as the Management VLAN and the DHCP server is also on Blue_VLAN, Blue_VLAN receives an IP address. Because DHCP Relay does not forward onto or off of the Management VLAN, devices on Red_VLAN cannot get an IP address from the DHCP server on Blue_VLAN (Management VLAN) and Red_VLAN does not receive an IP address.
Example 30 No Management VLANs configured If no Management VLAN is configured, both Blue_VLAN and Red_VLAN receive IP addresses. Example 31 A client on a different Management VLAN from the DHCP server If Red_VLAN is configured as the Management VLAN and the client is on Red_VLAN, but the DHCP server is on Blue_VLAN, the client will not receive an IP address.
Example 32 A DHCP server and client on the Management VLAN If Blue_VLAN is configured as the Management VLAN, the client is on Blue_VLAN, and the DHCP server is on Blue_VLAN, the client receives an IP address. Disabling the Management feature You can disable the Secure Management feature without deleting the VLAN.
You also have the option of resetting the DSCP (DiffServe Codepoint) on tagged voice VLAN traffic moving through the switch. If all port memberships on the voice VLAN are tagged: • The priority level set for voice VLAN traffic is carried to the next device. • You can enforce a QoS priority policy moving through the switch and network.
Table 2 Comparative operation of port based and protocol based VLANs Function Port-Based VLANs IP Addressing Usually configured with at least one unique You can configure IP addresses on all protocol VLANs. IP address. However, IP addressing is used only on IPv4 and IPv6 VLANs. A port-based VLAN can have no IP address. However, this limits the switch features available to ports on that VLAN.
VLAN environments You can configure different VLAN types in any combination. The default VLAN will always be present. VLAN environment Elements The default VLAN (port-based; VID of 1) only In the default VLAN configuration, all ports belong to VLAN 1 as untagged members. Multiple VLAN environment In addition to the default VLAN, the configuration can include one or more other port-based VLANs, and one or more protocol VLANs. VLAN 1 is a port-based VLAN, for IPv4 traffic.
for switch management. In the default configuration, the Default VLAN is also the Primary VLAN. However, any port-based, non-default VLAN can be designated the Primary VLAN. Secure Management VLAN This optional, port-based VLAN establishes an isolated network for managing HP switches that support this feature. Access to this VLAN and to the switch's management functions are available only through ports configured as members.
Example 36 A switch with multiple VLANs configured and internal routing disabled Protocol VLAN environment Example 36 (page 45) illustrates a protocol VLAN environment also. In this case, VLANs W and X represent routable protocol VLANs. VLANs Y and Z can be any protocol VLAN. As noted for the discussion of multiple port-based VLANs, VLAN 1 is not shown.
For example, a port connected to a central server using a network interface card (NIC) that complies with the 802.1Q standard can be a member of multiple VLANs, allowing members of multiple VLANs to use the server. • Although these VLANs cannot communicate with each other through the server, they can all access the server over the same connection from the switch. • Where VLANs overlap in this way, VLAN "tags" are used in the individual packets to distinguish between traffic from different VLANs.
Example 39 Tagged and untagged VLAN technology in the same network VLAN Operating Rules Disabled overlapping subnet configuration Previous software versions allowed configuration of VLAN IP addresses in overlapping subnets, which can cause incorrect routing of packets and result in IP communication failure. As of software version K.15.09, overlapping subnet configurations are no longer allowed. An overlapping subnet is determined by the configuration order.
Example 40 An IP address that is not actually configured on the VLAN HP Switch(config)#: show running-config . . . vlan 5 name “VLAN5” ip address 11.22.33.1 255.0.0.0 exit vlan 6 name “VLAN6” ip address 11.23.34.1 255.255.255.0 exit The information is retained in the config file to allow you to boot up the switch and have it function as it did when it was configured with earlier software that allows overlapping subnets.
VLAN port assignments Any ports not specifically removed from the default VLAN remain in the DEFAULT_VLAN, regardless of other port assignments. Also, a port must always be a tagged or untagged member of at least one port-based VLAN. Voice-Over-IP (VoIP) VoIP operates only over static, port-based VLANs. Multiple VLAN types configured on the same port A port can simultaneously belong to both port-based and protocol-based VLANs.
Figure 7 Untagged VLAN operation Tagged packet forwarding If a port is a tagged member of the same VLAN as an inbound, tagged packet received on that port, then the switch forwards the packet to an outbound port on that VLAN. To enable the forwarding of tagged packets, any VLAN to which the port belongs as a tagged member must have the same VID as that carried by the inbound, tagged packets generated on that VLAN.
Figure 8 Tagged VLAN operation CAUTION: Rate limiting may behave unpredictably on a VLAN if the VLAN spans multiple modules or port-banks. This also applies if a port on a different module or port-bank is added to an existing VLAN. HP does not recommend configuring rate limiting on VLANs that include ports spanning modules or port-banks. In the following example, ports 2, 3, and 24 form one VLAN, with ports 1 through 24 in the same port-bank. Ports 28, 29, and 32 form a second VLAN.
assignment restrictions. The folloiwng table illustrates the functional difference between the two database types.
switch drops the packet. This is not a problem for a switch with a multiple forwarding database, because the switch allows multiple instances of a given MAC address; one for each valid destination. However, a switch with a single forwarding database allows only one instance of a given MAC address.
Example 42 Tagged and untagged VLAN port assignments If port 7 on an 802.1Q-compliant switch is assigned to only the Red VLAN, the assignment can remain "untagged" because the port will forward traffic only for the Red VLAN. However, if both the Red and Green VLANs are assigned to port 7, then at least one of those VLAN assignments must be "tagged" so that Red VLAN traffic can be distinguished from Green VLAN traffic.
Example 43 VLAN ID numbers assigned in the VLAN names screen VLAN tagging considerations: • Since the purpose of VLAN tagging is to allow multiple VLANs on the same port, any port that has only one VLAN assigned to it can be configured as "Untagged" (the default) if the authorized inbound traffic for that port arrives untagged. • Any port with two or more VLANs of the same type can have one such VLAN assigned as "Untagged.
Example 44 Networked 802.1Q-compliant devices with multiple VLANs on some ports Network, switches X and Y and servers S1, S2, and the AppleTalk server are 802.1Q-compliant. (Server S3 could also be 802.1Q-compliant. This network includes both protocol-based (AppleTalk) VLANs and port-based VLANs. • The VLANs assigned to ports X4 - X6 and Y2 - Y5 can all be untagged because there is only one VLAN assigned per port.
Special VLAN types VLAN support and the default VLAN In the factory default configuration, VLAN support is enabled and all ports on the switch belong to the port-based, default VLAN (named DEFAULT_VLAN). This places all ports in the switch into one physical broadcast domain. In the factory-default state, the default VLAN is also the Primary VLAN.
The secure Management VLAN Configuring a secure Management VLAN creates an isolated network for managing the HP switches that support this feature. Access to a secure Management VLAN and the switch's management functions (Menu and CLI), is available only through ports configured as members. • Multiple ports on the switch can belong to the Management VLAN.
Table 6 VLAN membership in Example 46 “Management VLAN control in a LAN” Switch A1 A3 A6 A7 B2 B4 B5 B9 C2 C3 C6 C8 Management VLAN (VID = 7) Y N N Y Y Y N N Y N N N Marketing VLAN (VID = 12) N N N N N N N N N Y Y Y Shipping Dept. VLAN N (VID = 20) Y Y N N N N N N N N N DEFAULT-VLAN (VID = 1) Y Y Y Y Y Y Y Y Y Y Y Y Operating notes for Management VLANs • Use only a static, port-based VLAN for the Management VLAN.
• Enabling Spanning Tree between a pair of switches where there are multiple links using separate VLANs, including the Management VLAN, will force the blocking of one or more links. This may include the link carrying the Management VLAN, which will cause loss of management access to some devices. This can also occur where meshing is configured and the Management VLAN is configured on a separate link.
Where multiple voice VLANs exist on the switch, you can use routing to communicate between telephones on different voice VLANs. • Tagged/Untagged VLAN Membership: If the appliances using a voice VLAN transmit tagged VLAN packets, then configure the member ports as tagged members of the VLAN. Otherwise, configure the ports as untagged members. Voice VLAN access security You can use port security configured on an individual port or group of ports in a voice VLAN.
Port monitoring If you designate a port on the switch for network monitoring, this port will appear in the PortVLAN Assignment screen and can be configured as a member of any VLAN. For information on how broadcast, multicast, and unicast packets are tagged inside and outside of the VLAN to which the monitor port is assigned, see the Management and Configuration Guide for your switch. Jumbo packet support Jumbo packet support is enabled per-VLAN and applies to all ports belonging to the VLAN.
When reconfiguring the MAC address, you may specify a keepalive timeout to transmit heartbeat packets that advertise the new MAC address By configuring the MAC address of the previously installed router as the MAC address of each VLAN interface on an HP Switch, you can swap the physical port of a router to the HP Switch after the switch has been properly configured in the network.
Heartbeat packets are sent at periodic intervals with a specific HP Switch unicast MAC address in the destination field. This MAC address is assigned to the HP Switch and is not used by other non-HP routers. Because the heartbeat packet contains a unicast MAC address, it does not interrupt host operation.
1. 2. 3. The packet enters VLAN 1 in the Switch 8000 with the 8212zl switch's MAC address in the destination field. Because the 8000M has not yet learned this MAC address, it does not find the address in its address table, and floods the packet out all ports, including the VLAN 1 link (port "A1") to the 8212zl switch. The 8212zl switch then routes the packet through the VLAN 2 link to the 8000M, which forwards the packet on to PC "B".
2 GVRP NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. Using GVRP When GVRP is enabled on a switch, the VID for any static VLAN configured on the switch is advertised, using BPDUs (Bridge Protocol Data Units), out all ports regardless of whether a port is up or assigned to any particular VLAN. A GVRP-aware port on another device that receives the advertisements over a link can dynamically join the advertised VLAN.
4. 5. 6. 7. 8. Determine security boundaries and how the individual ports in the segment will handle dynamic VLAN advertisements. (See Table 7 (page 70) and Table 8 (page 75) ) Enable GVRP on all devices to be used with dynamic VLANs and configure the appropriate "Unknown VLAN" parameter (Learn, Block, or Disable) for each port. Configure the static VLANs on the switches needed, along with the per-VLAN parameters (Tagged, Untagged, Auto, and Forbid—see Table 8 (page 75) )on each port.
Example 49 Viewing GVRP status with GVRP disabled HP Switch(config)#: show gvrp GVRP support Maximum VLANs to support [256] : 256 Primary VLAN : DEFAULT_VLAN GVRP Enabled [No] : No Example 50 Viewing GVRP status with GVRP enabled Displayed is the listing for the show gvrp command with GVRP enabled. It includes non-default settings for the Unknown VLAN field for some ports (see Port number 3, 4, 5 below).
Example 51 Default settings for handling advertisements 3. 4. Use the arrow keys to select the port you want, and the Space bar to select the Unknown VLAN option for any ports you want to change. When you finish making configuration changes, press Enter, then S (for Save) to save your changes to the Startup-Config file. Enabling and disabling GVRP on the switch Syntax: gvrp Enables GVRP on the switch. no gvrp Disables GVRP on the switch.
Example 52 Changing the Unknown VLAN field In the following example, the first command changes the configuration to Block, the second command requests to show the new configuration: HP Switch(config)#: interface 1-2 unknown-vlans block Switch(config)#: show gvrp GVRP support Maximum VLANs to support [256] : 256 Primary VLAN : DEFAULT_VLAN GVRP Enabled [No] : Yes Port ---1 2 3 4 Type --------10/100TX 10/100TX 10/100TX 10/100TX | + | | | | Unknown VLAN -----------Block Block Learn Learn Join ----20 20 20
Example 53 Using the show vlans command In the following illustration, switch B has one static VLAN (the default VLAN), with GVRP enabled and port 1 configured to Learn for Unknown VLANs. Switch A has GVRP enabled and has three static VLANs: the default VLAN, VLAN-222, and VLAN-333. In this scenario, switch B will dynamically join VLAN-222 and VLAN-333: The show vlans command lists the dynamic (and static) VLANs in switch B after it has learned and joined VLAN-222 and VLAN-333.
GVRP uses GVRP BPDUs (GVRP Bridge Protocol Data Units) to advertise static VLANs, and in this guide a GVRP BPDU is termed an advertisement. On a switch, advertisements are sent outbound from ports to the devices directly connected to those ports. GVRP operating notes • A dynamic VLAN must be converted to a static VLAN before it can have an IP address. • On the switches covered in this guide, GVRP can be enabled only if max vlans is set to no more than 256 VLANs.
Example 55 GVRP operation Options for a GVRP-aware port receiving advertisements • If there is not already a static VLAN with the advertised VID on the receiving port, such a port can dynamically create the VLAN and become a member. • If the switch already has a static VLAN assignment with the same VID as in the advertisement, and the port is configured to Auto for that VLAN, then the port will dynamically join the VLAN and begin moving that VLAN's traffic. . • Ignore the advertisement for that VID.
unknown VLANs, then the VLAN is dynamically created and the port becomes a tagged member of the VLAN. Example 56 GVRP unknown VLAN settings Suppose that in Example 55 (page 73), port 1 on switch A is connected to port 5 on switch C. Because switch A has VLAN 22 statically configured, while switch C does not have this VLAN statically configured (and does not "Forbid" VLAN 22 on port 5), VLAN 22 is handled as an "Unknown VLAN" on port 5 in switch C.
Table 8 Controlling VLAN behavior on ports with static VLANs Per-Port "Unknown VLAN" (GVRP) configuration Learn (the Default) Static VLAN Options—Per VLAN Specified on Each Port1 Port Activity: Tagged or Untagged (Per VLAN) Port Activity: Auto (Per VLAN) Port Activity: Forbid (Per VLAN) The port: The port: The port: • Belongs to specified VLAN. • Will become a member of specified VLAN if it receives advertisements for specified VLAN from another device.
NOTE: In Table 8 (page 75), the Unknown VLAN parameters are configured on a per-port basis using the CLI. The Tagged, Untagged, Auto, and Forbid options are configured per static VLAN on every port, using either the menu interface or the CLI. Because dynamic VLANs operate as Tagged VLANs, and because a tagged port on one device cannot communicate with an untagged port on another device, HP recommends that you use Tagged VLANs for the static VLANs you will use to generate advertisements.
3 Multiple instance spanning tree operation NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. Planning an MSTP application Before configuring MSTP, keep in mind the following tips and considerations: • Ensure that the VLAN configuration in your network supports all of the forwarding paths necessary for the desired connectivity.
1. Configure MSTP global parameters. This involves: • Selecting MSTP as the spanning tree mode:spanning-tree mode mstp • Clearing spanning tree debug counters: spanning-tree clear-debug-counters • Specifying required parameters for MST region identity: Region Name:spanning-tree config-name Region Revision Number:spanning-tree config-revision • Optionally, specifying MSTP parameter changes for region settings: HP recommends that you leave these parameters at their default settings for most networks.
5. Configure MST instance port parameters. HP recommends that you apply changes on a per-port basis only where a non-default setting is clearly indicated by the circumstances of individual links. For example, you might want to set the path cost value for the ist or for the ports used by a specific MST instance. Use the following command: spanning-tree instance ist | 1..16 port-list path-cost [ auto | 1..
same region. Use this setting to differentiate between region configurations in situations such as the following: • Changing configuration settings within a region where you want to track the configuration versions you use • Creating a new region from a subset of switches in a current region and want to maintain the same region name. • Using the pending option to maintain two different configuration options for the same physical region.
Sets the time the switch waits between transitions from listening to learning and from learning to forwarding states. Range: 4 - 30 Default: 15 seconds Setting spanning tree to operate in 802. ID legacy mode Syntax: [no] spanning-tree legacy-mode Forces spanning tree to operate in legacy (802.!D) mode. Default: MSTP-operation. The no form of this command returns the switch to the default 802.1s native mode (MSTP-operation.) Setting spanning tree to operate with 802.
Setting the maximum age of received STP information Syntax: spanning-tree maximum age Sets the maximum age time for received STP information before it is discarded. Default: 20 seconds Manipulating the pending MSTP configuration Syntax: spanning-tree pending [ apply | config-name | config-revision | instance | reset ] Manipulates the pending MSTP configuration. The command is useful in test or debug applications, and enables rapid reconfiguration of the switch for changes in spanning tree operation.
NOTE: If multiple switches in the same MST region have the same priority setting, then the switch with the lowest MAC address becomes the root switch for that region. Enabling SNMP traps Syntax: [no] spanning-tree trap { errant-bpdu | loop-guard | new-root | root-guard } Enables or disables SNMP traps for errant-BPDU, loop guard, new root, and root guard event notifications.
Enables automatic identification of edge ports for faster convergence. When enabled, the port looks for BPDUs for the first 3 seconds. If there are none, the port is classified as an edge port and immediately starts forwarding packets. If BPDUs are seen on the port, the port is classified as a non‐edge port and normal STP operation commences on that port. If admin-edge-port is enabled for a port, the setting for auto-edge-port is ignored whether set to yes or no.
100 Mbps 200000 1 Gbps 20000 Default: Auto Informing the switch of the device type to which a port connects Syntax: spanning-tree port-list point-to-point-mac [ true | false | auto ] Informs the switch of the type of device to which a specific port connects. true (Default) Indicates a point-to-point link to a device such as a switch, bridge, or end-node. false Indicates a connection to a half-duplex repeater (which is a shared LAN segment).
The superior BPDUs received on a port enabled as root-guard are ignored. All other BPDUs are accepted and the external devices may belong to the spanning tree as long as they do not claim to be the Root device. Use this command on MSTP switch ports that are connected to devices located in other administrative network domains to: • Ensure the stability of the core MSTP network topology so that undesired or damaging influences external to the network do not enter.
Example 57 Configuring BPDU filtering To configure BPDU filtering on port a9, enter: HP Switch(config)#: spanning-tree a9 bpdu-filter Viewing BPDU filtering Syntax: spanning-tree show port configuration Displays the BPDU filter state. Example 58 Viewing BPDU filter status using the show spanning tree command Example 59 Viewing BPDU filters using the show configuration command BPDU filters per port are displayed as separate entries of the spanning tree category within the configuration file.
Enables or disables the sending of errant BPDU traps. CAUTION: This command should only be used to guard edge ports that are not expected to participate in STP operations. Once BPDU protection is enabled, it will disable the port as soon as any BPDU packet is received on that interface.
Enabling and disabling PVST protection on ports Syntax: [no] spanning-tree port-list pvst-protection Enables or disables PVST protection on the port(s) specified. The command indicates which ports are not expected to receive any PVST BPDUs. Default: Disabled on all ports.
Viewing ports configured with PVST protection and filtering Example 63 Viewing all ports with PVST protection enabled HP Switch(config)#: show spanning-tree pvst-protection Status and Counters - PVST Port(s) BPDU Protection Information BPDU Protection Timeout (sec) : 0 PVST Protected Ports : 5-6 Example 64 Viewing all ports with PVST filtering enabled HP Switch(config)#: show spanning-tree pvst-filter Status and Counters - PVST Port(s) BPDU Filter Information PVST Filtered Ports : 8 Listing ports to see w
You must map at least one VLAN to an MSTI when you create it. You cannot map a VLAN ID to more than one instance. You can create up to 16 MSTIs in a region. The no form of the command removes one or more VLANs from the specified MSTI. If no VLANs are specified, the no form of the command deletes the specified MSTI. When you remove a VLAN from an MSTI, the VLAN returns to the IST instance, where it can remain or be re-assigned to another MSTI configured in the region. NOTE: Starting in software release 13.x.
Configuring MST instance per-port parameters Assigning a port cost for an MST instance Syntax: spanning-tree instance ist | 1..16 port-list path-cost [ auto | 1..200000000 ] Assigns an individual port cost for the IST or for the specified MST instance. For a given port, the path cost setting can be different for different MST instances to which the port may belong.
The priority component of the port's Port Identifier is set. The Port Identifier is a unique identifier that helps distinguish this switch's ports from all others. It consists of the priority value with the port number extension—PRIORITY:PORT_NUMBER. A port with a lower value of Port Identifier is more likely to be included in the active topology. This priority is compared with the priorities of other ports in the IST to determine which port is the root port for the IST instance.
When configuring or reconfiguring MSTP, the switch recalculates the corresponding network paths. This can have a ripple effect throughout your network as adjacent MSTP switches recalculate network paths to support the configuration changes invoked in a single switch. Although MSTP employs rapid spanning tree operation, the convergence time for implementing MSTP changes can be disruptive to your network.
Preconfiguring an MSTP regional topology Starting in software release 13.X.X , the MSTP VLAN configuration enhancement allows you to preconfigure an MSTP regional topology and ensure that the same VLAN ID-to-MSTI assignments exist on each MSTP switch in the region. CAUTION: When this software version is installed, the prior VLAN ID-to-MSTI mappings do not change. However, this enhancement is not backward-compatible.
Configuring MSTP on the switch automatically configures the IST instance and places all statically and dynamically configured VLANs on the switch into the IST instance. This command creates a new MST instance (MSTI) and moves the VLANs specified from the IST to the MSTI. You must map at least one VLAN to an MSTI when you create it. You cannot map a VLAN ID to more than one instance. You can create up to 16 MSTIs in a region. The no form of the command removes one or more VLANs from the specified MSTI.
Example 68 Mapping VLANs to MSTP Instance If VLANs 1, 5, and 7 are currently present and you enter the following command, all the VLANs from 1 through 10 are included, even those VLANs that are not present. HP Switch(config)#: spanning-tree instance 1 vlan 1-10 On HP switches other than those covered by this guide, only the VLANs that are present will be included, that is, only VLANs 1, 5, and 7.
3. Display the configuration files as shown in the following example. Note the newly created configuration file listed. HP Switch(config)#: show config files Configuration files: id | act pri sec | name ---+-------------+---------------------1 | * * * | config1 2 | | config2 3 | | configK1243.cfg 4. Update the switch to the desired version, for example, K.12.51. Enter the show flash command to see the results. The switch is now running the software version K.12.51.
Example 70 Viewing a common spanning tree status Viewing detailed port information The following commands display the MSTP statistics for the connections between MST regions in a network. Syntax: show spanning-tree detail Displays additional parameters concerning the CST ports. Syntax: show spanning-tree port-list detail Displays detailed spanning tree status for the designated ports.
Example 71 Viewing port information NOTE: This command gives information about the CST only. To view details of specific MST instances, use the show spanning tree instance commands. Viewing status for a specific MST instance The following commands display the MSTP statistics for a specified MST instance. Syntax: show spanning-tree instance [ ist | 1..16 ] Displays the MSTP statistics for either the IST instance or a numbered MST instance running on the switch.
Example 72 Viewing status for a specific instance of an MSTP This shows how to display detailed status for all active ports for a specific instance of MSTP. HP Switch(config)#: show spanning-tree instance 11 MST Instance Information Instance ID : 11 Mapped VLANs : 111,300 Switch Priority : 32768 Topology Change Count Time Since Last Change : 2 : 4 mins Regional Root MAC Address Regional Root Priority Regional Root Path Cost Regional Root Port Remaining Hops : : : : : Port ----1 2 3 4 .
Figure 15 Viewing the switch's global spanning tree configuration Viewing per-instance MSTP configurations These commands display the per-instance port configuration and current state, along with instance identifiers and regional root data. Syntax: show spanning-tree config instance [ ist | 1..16 ] The upper part of this output shows the instance data for the ist or for the specified instance. The lower part of the output lists the spanning tree port settings for the specified instance.
Example 73 Viewing port data To display data for ports A20-A24 and trk1, you would use the command: HP Switch(config)#: show spanning-tree a20-a24,trk1 config instance 1 Viewing the region-level configuration This command is useful for quickly verifying the allocation of VLANs in the switch's MSTP configuration, and for viewing the configured region identifiers.
Example 74 Viewing a region-level configuration HP Switch(config)#: show spanning-tree net-config MST Configuration Identifier Information MST Configuration Name : REGION_1 MST Configuration Revision : 1 MST Configuration Digest : 0xDAD6A13EC5141980B7EBDA71D8991E7C IST Mapped VLANs : 1,66 Instance -------1 2 ID Mapped VLANs --------------11,22 33,44,55 Viewing the pending MSTP configuration This command displays the MSTP configuration the switch will implement if you execute the spanning tree pending appl
Syntax: [no] loop-protect port-list [[receiver-action [[send-disable] | [no-disable]]] | [transmit-interval 1-10] | [disable-timer 0-604800] | [trap loop-detected]] [mode] [[port] | [vlan]] [vlan vid-list] Configures per-port loop protection on the switch. receiver-action Sets the action to be taken when a loop is detected on the specified ports. The port that send-disable | no-disable receives the loop protection packet determines what action is taken.
Enabling loop protection in VLAN mode VLANs can be configured for loop protection only when operating in VLAN mode. When loop-protect is enabled for a VLAN and a loop-protect enabled interface is a member of that VLAN, loop protect packets are sent on that VLAN to detect loops. To enable loop protection in VLAN mode: 1. Configure VLAN mode with the command: HP Switch(config)#: loop-protect mode vlan 2. Enter the loop-protect command and specify the VLANs on which loop protection should be enabled.
Example 78 Viewing loop protection information for VLAN mode HP Switch(config)#: show loop-protect 1-2 Status and Counters - Loop Protection Information Transmit Interval (sec) : 5 Port Disable Timer (sec) : 5 Loop Detected Trap : Enabled Loop Protect Mode : Vlan Loop Protect Enabled VLANs : 20,30 Port ---1 2 Loop Protect ------Yes Yes Loop Detected Detected on VLAN -------- --------Yes 20 No Loop Count -------1 0 Time Since Rx Last Loop Action ----------- ---------45s send-disable send-disable Port S
Example 79 Enabling spanning tree loop guard on Port 2 and Viewing the port's status HP Switch(config)#: spanning-tree 2 loop-guard HP Switch(config)#: show spanning-tree Multiple Spanning Tree (MST) Information STP Enabled : Yes Force Version : MSTP-operation IST Mapped VLANs : 1-4094 Switch MAC Address : 0024a8-d13a40 Switch Priority : 32768 Max Age : 20 Max Hops : 20 Forward Delay : 15 Topology Change Count : 1 Time Since Last Change : 20 mins CST CST CST CST Root Root Root Root MAC Address Priority Pa
Example 80 Viewing summary spanning tree configuration information HP Switch(config)#: show spanning-tree config Multiple Spanning Tree (MST) Configuration Information STP Enabled [No] : Yes Force Version [MSTP-operation] : MSTP-operation Default Path Costs [802.1t] : 802.1t MST Configuration Name : 0024a8d13a40 MST Configuration Revision : 0 Switch Priority : 32768 Forward Delay [15] : 15 Hello Time [2] : 2 Max Age [20] : 20 Max Hops [20] : 20 Port ---1 2 3 4 5 6 . . .
Example 82 Viewing spanning tree configuration information for a single port HP Switch(config)#: show spanning-tree 2 Multiple Spanning Tree (MST) Information STP Enabled : Yes Force Version : MSTP-operation IST Mapped VLANs : 1-4094 Switch MAC Address : 0024a8-d13a40 Switch Priority : 32768 Max Age : 20 Max Hops : 20 Forward Delay : 15 Topology Change Count : 1 Time Since Last Change : 58 mins CST CST CST CST Root Root Root Root MAC Address : 001083-847000 Priority : 0 Path Cost : 60000 Port : 1 IST IST
Viewing the change history of root bridges The show spanning-tree root-history command allows you to display change history information (up to 10 history entries) for a specified root bridge in any of the following MSTP topologies: • Common Spanning Tree (cst): Provides connectivity in a bridged network between MST regions, STP LANs, and RSTP LANs.
Example 83 Sample output of the show spanning-tree root-history command for different MSTP topologies The following examples show sample output of the show spanning-tree root-history command for different MSTP topologies.
Example 86 Viewing show spanning-tree root-history MSTI output Enabling traps and Viewing trap configuration Syntax [no] spanning-tree trap { errant-bpdu | loop-guard | new-root | root-guard } Enables or disables SNMP traps. Syntax show spanning-tree traps Displays the current spanning tree trap configuration on the switch.
Example 88 Viewing output for debug counters The following example shows sample output of the show spanning-tree debug-counters command for all ports.
Example 89 Viewing bug counters for a CIST instance The following example shows sample output of the show spanning-tree debug-counters instance command when applied to the Common and Internal Spanning Tree (CIST) instance (default MST instance 0) in the network.
Example 90 Viewing debug counters for a CIST and MST instance The following example shows sample output of the show spanning-tree debug-counters instance ports command for both the CIST (default MST instance 0) and an MST instance (instance 2) on port A15.
Table 9 MSTP debug command output: field descriptions Field Displays the number of... Invalid BPDUs Received BPDUs that failed standard MSTP (802.1Q-REV/D5.0 14.4) validation checks and were dropped. This counter is maintained by the CIST (default MST instance 0) on a per-port basis. Errant BPDUs Received BPDUs that were dropped on a port that is configured to not expect BPDU packets.
Table 9 MSTP debug command output: field descriptions (continued) Field Displays the number of... MST region and needs to be aged out. This counter is maintained on a per-MSTI per-port basis. Topology Changes Detected Times that a Topology Change event is detected by the CIST or MSTI port and the port triggers a topology change propagation throughout the network. A Topology Change event occurs when a non-edge port enters forwarding state.
Troubleshooting MSTP operation Table 10 Troubleshooting MSTP operation Problem Possible cause Duplicate packets on a VLAN, or packets not arriving on a LAN at all. The allocation of VLANs to MSTIs may not be identical among all switches in a region. A switch intended to operate in a region does not receive traffic from other switches in the region.
Example 93 A multiple spanning tree application MSTP structure MSTP maps active, separate paths through separate spanning tree instances and between MST regions. Each MST region comprises one or more MSTP switches. Note that MSTP recognizes an STP or RSTP LAN as a distinct spanning tree region.
Figure 17 An MSTP network with legacy STP and RSTP devices connected How MSTP operates In the factory default configuration, spanning tree operation is off. Also, the switch retains its currently configured spanning tree parameter settings when disabled. Thus, if you disable spanning tree, then later re-enable it, the parameter settings will be the same as before spanning tree was disabled. The switch also includes a "Pending"feature that enables you to exchange MSTP configurations with a single command.
VLANs can overload the switch's CPU. MSTP on the switches covered in this guide complies with the IEEE 802.1s standard, and extends STP and RSTP functionality to map multiple independent spanning tree instances onto a physical topology. With MSTP, each spanning tree instance can include one or more VLANs and applies a separate, per-instance forwarding topology. Thus, where a port belongs to multiple VLANs, it may be dynamically blocked in one spanning tree instance, but forwarding in another instance.
Figure 18 Active topologies built by three independent MST instances While allowing only one active path through a given instance, MSTP retains any redundant physical paths in the instance to serve as backups (blocked) paths in case the existing active path fails. Thus, if an active path in an instance fails, MSTP automatically activates (unblocks) an available backup to serve as the newactive path through the instance for as long as the original active path is down.
As a result, each individual instance (spanning tree) within a region determines its regional root bridge, designated bridges, and designated ports or trunks. Regions, legacy STP and RSTP switches, and the Common Spanning Tree (CST) The IST instance and any MST instances in a region exist only within that region. Where a link crosses a boundary between regions (or between a region and a legacy STP or RSTP switch), traffic is forwarded or blocked as determined by the Common Spanning Tree (CST).
Types of Multiple Spanning Tree Instances A multiple spanning tree network comprises separate spanning tree instances existing in an MST region. (There can be multiple regions in a network.) Each instance defines a single forwarding topology for an exclusive set of VLANs. By contrast, an STP or RSTP network has only one spanning tree instance for the entire network, and includes all VLANs in the network. (An STP or RSTP network operates as a single-instance network.
• Within an MSTI, there is one physical communication path between any two nodes, regardless of how many VLANs belong to the MSTI. Within an IST instance, there is also one spanning tree across all VLANs belonging to the IST instance. • An MSTI comprises a unique set of VLANs and forms a single spanning tree instance within the region to which it belongs. • A dynamic VLAN learned by GVRP will always be placed in the IST instance and cannot be moved to any configured MST instance.
MSTP VLAN enhancement allows you to preconfigure MSTP topologies before the VLAN IDs associated with each instance exist on a switch. • When you use preconfigured VLAN ID-to-MSTI topologies, ensure that MSTP switches remain in the same region by mapping all VLAN IDs used in the region to the same MSTIs on each regional switch. • When you upgrade switch software to release K.13.XX and later, the existing MSTP topology configuration is automatically saved.
Example 95 BPDU protection enabled at the network edge PVST protection and filtering NOTE: These options are available for switches that support the MSTP protocol only. They are not supported for switches running RSTP. PVST protection If an HP switch in the core of a network receives Per Vlan Spanning Tree (PVST) BPDUs and forwards the unrecognized PVST BPDUs on to MSTP-only switches, those switches then disconnect themselves from the network. This can create instability in the network infrastructure.
PVST filtering If you configure a port for PVST filtering instead of PVST protection, the port remains in operation but traps are still generated and the BPDU counter hpSwitchStpPortErrantBpduCounter is incremented. CAUTION: Enabling the PVST filter feature allows the port to continuously forward packets without spanning tree intervention, which could result in loop formation.
Example 96 Loop protection enabled in preference to STP Operating notes • The receiver-action option can be configured on a per-port basis and can only be enabled after loop protection has been enabled on the port. All other configuration options (disable-timer, trap loop-detected, and transmit interval) are global. • The trap option refers to a SNMP trap. • Regardless of how the receiver-action and trap options are configured, all detected loops will be logged in the switch's event log.
4 Rapid per-VLAN spanning tree (RPVST+) operation NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. Overview RPVST+ is a proprietary spanning tree implementation that extends RSTP (802.1w) to run a separate spanning tree for each VLAN on the switch, and ensures that only one active, loop-free path exists between any two nodes on a given VLAN. Configuring RPVST+ at a glance The general steps for configuring RPVST+ via the CLI are: 1.
RPVST+ parameters can be configured even if the mode is MSTP and vice versa. This command does not enable/disable spanning tree. It sets the mode which is operational once spanning tree is enabled using spanning-tree enable.
Default: 15 Range: 4 - 30 Syntax: spanning-tree vlan vid-list maximum age 6...40 Sets the maximum age in seconds of received STP information before it is discarded for specified VLAN(s). Default: 20 Range: 6 - 40 NOTE: Maximum age must be within the following bounds: • greater than or equal to 2x (hello-time +1) • less than or equal to 2x (forward-delay - 1) Syntax: spanning-tree vlan vid-list priority 0...15 Sets the switch (bridge) priority for the designated VLAN.
NOTE: All devices in the network should be configure to use same pathcost mode for proper functioning. Syntax: [no] spanning-tree port port-#: vlan vid-list path-cost { auto | [1...200000000]} Sets the path cost for a single port on the specified VLAN(s). If the port is a member of more than one VLAN, the path-cost applies only where the port has traffic for the VLAN(s) specified. Default: auto Range: 1 - 200000000 The no form of the command returns path-cost to its default setting.
Syntax: [no] spanning tree port-list bpdu-filter Enables or disables BPDU filtering on the specified port(s). The bpdu-filter option forces a port to always stay in the forwarding state and be excluded from standard STP operation. Default: Disabled Syntax: Enables or disables BPDU protection on the specified port(s). Syntax: spanning tree port-list point-to-point-mac [ true | false | auto ] Informs the switch of the type of device to which a specific port connects.
To globally enable RPVST+ on all VLANs on the switch, use either of the following: spanning-tree [ enable ] [no] spanning-tree disable To globally disable RPVST+ on all VLANs on the switch, use any of the following: [no] spanning-tree spanning-tree disable [no] spanning-tree enable NOTE: This status will always be shown in show run to let you know whether the spanning-tree is enabled. Having spanning tree present but not enabled will lead to a change in the existing factory default settings.
a more secure alternative, implementing port shut down and a detection alert when errant BPDU frames are received. CAUTION: Ports configured with the BPDU filter mode remain active (learning and forward frames). However, spanning tree cannot receive or transmit BPDUs on the port. The port remains in a forwarding state, permitting all broadcast traffic. This can create a network storm if there are any loops (that is, redundant links) using these ports.
packets are received on a protected port, the feature will disable that port and alert the network manager via an SNMP trap as shown in Figure 20 (page 138). Figure 20 BPDU protection enabled at the network edge The following commands allow you to configure BPDU protection on VLANs for which the port is a member. Syntax: [no] spanning-tree port-list bpdu-protection Enables/disables the BPDU protection feature on a port. Default: Disabled.
Enables/disables the sending of errant BPDU traps. CAUTION: This command should only be used to guard edge ports that are not expected to participate in STP operations. Once BPDU protection is enabled, it will disable the port as soon as any BPDU packet is received on that interface. Viewing BPDU protection status Syntax: show spanning-tree bpdu-protection [port-list] Displays a summary listing of ports with BPDU protection enabled.
Default: Disabled Example 101 RPVST+ behavior Table 11 RPVST+ behavior with ignore-pvid-inconsistency enabled Switch “A” Port on VLAN X Switch “B” Peer port on VLAN Y RPVST+ behavior with ignore-pvid-inconsistency enabled Untagged on VLAN 10 Untagged on VLAN 10 Forward1 Untagged on VLAN 10 Untagged on VLAN 20 Forward1, 2 Untagged on VLAN X Tagged on VLAN X Drop Untagged on VLAN X Tagged on VLAN Y Drop (traffic from both VLANs) Tagged on VLAN X Tagged on VLAN X Forward1 Tagged on VLAN X Ta
Example 102 Before configuring loop guard Before configuring Loop Guard on port 20, the status of VLAN 20 appears as follows: HP Switch(config)#: show spanning-tree vlan 20 Spanning Tree Information STP Enabled [No] Mode Extended System ID Ignore PVID Inconsistency Switch MAC Address : : : : : Yes RPVST Enabled Disabled 002347-c651c0 VLAN ID RPVST Enabled : 20 : Enabled Root MAC Address : 0024a8-d13a40 Root Priority : 32,768 Root Path Cost : 20,000 Root Port : 1 Operational Hello Time (secs) : 2 Topolo
Example 104 Switch ceasing to send BPDUs With switch 1 ceasing to send BPDUs through port 20 to switch 2, port 20 goes into the “inconsistent” state and ceases to forward traffic, as displayed in the following show spanning-tree output for VLAN 20.
Example 105 Viewing config file with loop guard enabled The following example displays show spanning-tree config output with loop guard enabled on Port 20: HP Switch(config)#: show spanning-tree config Spanning Tree Information STP Enabled [No] Mode Extended System ID Ignore PVID Inconsistency RPVST Enabled VLANs : : : : : Yes RPVST Enabled Disabled 100 Switch MAC Address : 002347-c651c0 Root Guard Ports Loop Guard Ports TCN Guard Ports BPDU Protected Ports BPDU Filtered Ports Auto Edge Ports Admin Edg
Example 106 Viewing the switch's global and VLAN spanning tree status HP Switch#: show spanning-tree Spanning Tree Information STP Enabled [No] Mode Extended System ID Ignore PVID Inconsistency RPVST Enabled VLANs : : : : : Yes RPVST Disabled Disabled 10,20 Switch MAC Address Root Guard Ports Loop Guard Ports TCN Guard Ports BPDU Protected Ports BPDU Filtered Ports Auto Edge Ports Admin Edge Ports : : : : : : : : 0024a8-d13a40 VLAN ID ----10 20 Root Mac Address --------------0024a8-d13a40 0024a8-d13a
Example 107 Viewing status for a specific VLAN HP Switch#: show spanning-tree vlan 20 Spanning Tree Information STP Enabled [No] : Yes Mode : RPVST Extended System ID : Disabled Ignore PVID Inconsistency : Disabled Switch MAC Address : 0024a8-d13a40 VLAN ID RPVST Enabled : 20 : Enabled Root MAC Address : 0024a8-d13a40 Root Priority : 32,768 Root Path Cost : 0 Root Port : This switch is root Operational Hello Time (secs) : 2 Topology Change Count : 38 Time Since Last Change : 23 hours Port ----9 21 22 23
Example 108 Viewing status for a specific port list HP Switch#: show spanning-tree 22 Spanning Tree Information STP Enabled [No] : Yes Mode : RPVST RPVST Enabled VLANs : 10,20 Switch MAC Address : 0024a8-d13a40 Port Status BPDU Protection Root Guard Loop Guard Admin PointToPoint MAC VLAN ID -----20 25 Port Path-Cost ---------20000 200000 : : : : : : 22 Up No No No Yes Port Priority --------128 128 Port Type BPDU Filtering TCN Guard Admin Edge Port Port State ---------Forwarding Forwarding Designat
Example 109 Viewing status per-port per-VLAN HP Switch#: show spanning-tree 22 vlan 20 Spanning Tree Information STP Enabled [No] : Yes Mode : RPVST RPVST Enabled VLANs : 10,20 Switch MAC Address : 0024a8-d13a40 Port Status BPDU Protection Root Guard Loop Guard Admin PointToPoint MAC VLAN ID -----20 Port Path-Cost ---------20000 : : : : : : 22 Up No No No Yes Port Priority --------128 Port Type BPDU Filtering TCN Guard Admin Edge Port Port State ---------Forwarding Designated Bridge ------------00
Example 110 Viewing BPDU status in show spanning tree output HP Switch#: show spanning-tree 22 Spanning Tree Information STP Enabled [No] : Yes Mode : RPVST RPVST Enabled VLANs : 10,20 Switch MAC Address : 0024a8-d13a40 Port Status BPDU Protection Root Guard Loop Guard Admin PointToPoint MAC VLAN ID -----20 Port Path-Cost ---------20000 : : : : : : 22 Up No No No Yes Port Priority --------128 Port Type BPDU Filtering TCN Guard Admin Edge Port Port State ---------Forwarding Designated Bridge ------
Example 112 Viewing RPVST+ VLAN and vPort system limits HP Switch#: show spanning-tree system-limits rapid-pvst Spanning Tree Information STP Enabled Mode RPVST Enabled VLANs : Yes : RPVST : 20 Switch MAC Address Count of RPVST Enabled VLANs Maximum Allowed RPVST Enabled VLANs Count Of Total Virtual Ports Maximum Allowed Virtual Ports : : : : : 002347-c651c0 1 400 24 424 Current Ports Virtual Ports -------------------- --------------Ports 1-24 24 Operational Virtual Ports --------------2 Recommended
Example 113 Configuring vPorts Virtual ports on a switch are calculated as ports per-VLAN. Also, a trunk membership on one or more VLANs counts as one vPort per-VLAN, regardless of how many physical ports belong to the trunk. For example, the following configuration on a modular chassis results in 26 vPorts. trunk 1,2 trk1 vlan 1 name "DEFAULT_VLAN" untagged 3-24 no untagged trk1 exit vlan 20 ip address 10.243.230.75 255.255.255.248 name "VLAN20" tagged trk1 exit vlan 30 ip address 10.243.230.83 255.255.
Example 114 Exceeding a vPort recommended maximum In a modular switch, if the vPort count for a given module exceeds the recommended limit for that module, a warning message is displayed in the CLI and an Event Log message is generated. Also, the total vPort count on a switch cannot exceed the maximum vPort count for the switch.
Example 116 Calculating per-module vPorts on chassis switches In addition to the switch-wide active vPort count, there is a vPort count per port module determined by the number of ports per line card that are members of each VLAN. Also, on modular switches, if a VLAN includes a trunk configured with ports on more than one module, then one vPort is counted for each module on which the trunk exists (regardless of how many ports are included in the trunk.
Example 117 Viewing the global RPVST+ configuration HP Switch#: show spanning-tree config Spanning Tree Information STP Enabled [No] Mode Extended System ID Ignore PVID Inconsistency RPVST Enabled VLANs : : : : : Switch MAC Address : 002347-587b80 Root Guard Ports Loop Guard Ports TCN Guard Ports BPDU Protected Ports BPDU Filtered Ports Auto Edge Ports Admin Edge Ports : : : : : : 1-24 : VLAN ---1 10 20 Priority -------32768 32768 32768 Max Age (sec) ------20 20 20 Yes RPVST Enabled Disabled 10,20
Example 118 Viewing the global RPVST+ configuration per VLAN HP Switch(config)#: show spanning-tree config vlan 20 Spanning Tree Information STP Enabled [No] Mode Extended System ID Ignore PVID Inconsistency Switch MAC Address : : : : : Yes RPVST Enabled Disabled 002347-587b80 RPVST Enabled VLAN ID Switch Priority Forward Delay Hello Time Max Age Admin Root Bridge : : : : : : : Enabled 20 32768 15 2 20 Not Configured Port ----9 20 21 Type ---------100/1000T 100/1000T 100/1000T Path Cost --------2000
Example 119 Viewing the global RPVST+ configuration per port HP Switch#: show spanning-tree 9,11,12,21,22 2 trk1 config Spanning Tree Information STP Enabled [No] Mode Switch MAC Address RPVST Enabled VLANs Port ----9 11 12 21 Trk1 Admin Edge ----No No No No No Auto Edge ---Yes Yes Yes Yes Yes : : : : Admin PtP ----True True True True True Yes RPVST 002347-587b80 10,20 Root Grd ---No No No No No Loop Grd ---No No No No No TCN Grd --No No No No No BPDU Flt ---No No No No No BPDU Guard ----No No No
NOTE: The show spanning-tree commands described in this section allow you to troubleshoot RPVST+ activity in your network by focusing on increasingly specific levels of operation. For example, you can display debug information for: • All VLANs • All ports of one VLAN • A specific port or several ports used in one VLAN Viewing the change history of root bridges Syntax: show spanning-tree root-history vlan vlan-id Displays he last 10 root bridge changes on a specified VLAN configured with RPVST+.
root-guard Enables SNMP notifications when a root-guard inconsistency is detected. Enables notifications sent when a topology change occurs. topology-change topology-change-history Shows the spanning tree topology history changes. Default for all of the above options: Disabled The no form of the command disables traps on the switch. Syntax: show spanning-tree traps Displays the current spanning tree trap configuration on the switch.
Example 123 Viewing debug counters for all VLANs HP Switch#: show spanning-tree debug-counters Status and Counters - RPVST Debug Counters Information Counter Name -----------------------------Invalid BPDUs Errant BPDUs Looped-back BPDUs Starved BPDUs Exceeded Max Age BPDUs Topology Changes Detected Topology Changes Tx Topology Changes Rx Topology Change ACKs Tx Topology Change ACKs Rx TCN BPDUs Tx TCN BPDUs Rx CFG BPDUs Tx CFG BPDUs Rx RST BPDUs Tx RST BPDUs Rx RPVST BPDUs Tx RPVST BPDUs Rx Aggregated Val
Example 124 Viewing debug counters for a specific VLAN HP Switch(config)#: show spanning-tree debug vlan 20 Status and Counters - RPVST Debug Counters Information VLAN ID : 20 Counter Name -----------------------------Invalid BPDUs Errant BPDUs Looped-back BPDUs Starved BPDUs Exceeded Max Age BPDUs Topology Changes Detected Topology Changes Tx Topology Changes Rx Topology Change ACKs Tx Topology Change ACKs Rx TCN BPDUs Tx TCN BPDUs Rx CFG BPDUs Tx CFG BPDUs Rx RST BPDUs Tx RST BPDUs Rx RPVST BPDUs Tx RPVS
Example 125 Viewing debug counters for a specific port on a VLAN Switch_A(config)#: show spanning-tree debug ports 9 vlan 20 Status and Counters - RPVST Debug Counters Information VLAN ID : 20 Port : 9 Counter Name -----------------------------Invalid BPDUs Errant BPDUs Looped-back BPDUs Starved BPDUs Exceeded Max Age BPDUs Topology Changes Detected Topology Changes Tx Topology Changes Rx Topology Change ACKs Tx Topology Change ACKs Rx TCN BPDUs Tx TCN BPDUs Rx CFG BPDUs Tx CFG BPDUs Rx RST BPDUs Tx RST BPD
Field Shows the number of — Topology Changes Tx Times that Topology Change information is propagated (sent out) through the port to the rest of the network. For a VLAN port running PVST (non-rapid), the counter is the number of times that a CFG or RST BPDU with the TC flag set is transmitted out of the port. This counter is maintained on a per-VLAN per-port basis. Topology Changes Rx Times that Topology Change information is received from the peer port.
Event Log message LLDP subsystem tries to dynamically change port VLAN assignments when mode is RPVST LLDP unable to assign port port-number to VLAN vlan-id because spanning-tree is running in RPVST+ mode VPORT counts exceed 200 The number of vPorts on slot slot-number exceeds the recommended limit of vport-count. PVST BPDUs may be dropped.
About RPVST+ Comparing spanning tree options Without spanning tree, having more than one active path between a pair of nodes causes loops in the network, which can result in duplication of messages, leading to a “broadcast storm” that can bring down the network. The 802.1D spanning tree protocol operates without regard to a network's VLAN configuration, and maintains one common spanning tree throughout a bridged network. This protocol maps one loop-free, logical topology on a given physical topology.
Figure 22 RSTP forming a single spanning tree across all VLANs The topology has four switches running RSTP. Switch “A” is the root switch. In order to prevent a loop, RSTP blocks the link between switch “B” and switch “D”. There are two VLANs in this network (VLAN 10 and VLAN 20). Since RSTP does not have VLAN intelligence, it forces all VLANs in a layer 2 domain to follow the same spanning tree.
Figure 24 RPVST+ creating a spanning tree for VLAN 20 The two topologies above are the same as the first topology, but now the switches run RPVST+ and can span different trees for different VLANs. Switch “A” is the root switch for the VLAN 10 spanning tree and switch “D” is the root switch for the VLAN 20 spanning tree. The link between switch “B” and switch “D” is only blocked for VLAN 10 traffic but VLAN 20 traffic goes through that link.
Figure 25 Sample RPVST+ network Working with the default RPVST+ configuration In the factory default configuration, spanning tree operation is disabled. Configuring the spanning tree mode as RPVST+ on a switch and then enabling spanning tree automatically creates a spanning tree instance for each VLAN on the switch. Configuration with default settings is automatic, and in many cases does not require any adjustments.
Single spanning tree applications One spanning tree variant can be run on the switch at any given time. On a switch running RPVST+, MSTP cannot be enabled. However, any MSTP-specific configuration settings in the startup configuration file will be maintained. Exclusions The following features cannot run concurrently with RPVST+: • GVRP Features that dynamically assign ports to VLANs: ◦ GVRP ◦ RADIUS-based VLAN assignments (802.
5 Switch meshing NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. Introduction Switch meshing is a load-balancing technology that enhances reliability and performance in these ways: • Provides significantly better bandwidth utilization than either Spanning Tree Protocol (MSTP) or standard port trunking.
node A has traffic for node B, the assigned path between these nodes may be through switch 3 if network conditions have changed significantly. NOTE: The mac-age-time parameter determines how long an inactive path assignment remains in memory. See the Basic Operations Guide for your switch. Because redundant paths are active, meshing adjusts quickly to link failures.
Example 127 Configuring meshing To configure meshing on ports A1-A4, B3, C1, and D1-D3: HP Switch(config)#: mesh a1-a4, b3, c1, d1-d3 Command will take effect after saving configuration and reboot. HP Switch(config)#: write memory HP Switch(config)#: boot Device will be rebooted, do you want to continue [y/n]? Y Example 128 Removing a port from meshing To remove a port from meshing, use the no version of mesh, followed by write memory and rebooting the switch.
5. Use the up-arrow or down-arrow key to select the next port you want to include in your mesh domain, then press M again. For example, if you were adding ports A1 and A2 to your mesh domain, the screen would appear similar to Example 130 (page 171): Example 130 Mesh group assignments for several ports 6. Repeat Step 5 for all ports you want in the mesh domain. NOTE: As meshed ports do not accept a Type setting, leave the Type setting blank.
Configuring concurrent meshing and routing Concurrent meshing and routing is only supported on the HP 5400 series and HP 8200 series switches using these modules.
Example 131 A router mesh Switches and routers can be meshed together to create more complex local area networks with many redundant mesh links. Load balancing utilizes redundant links in the mesh to deliver traffic efficiently. Packets arriving at Router A’s non-mesh port at VLAN X may be routed to VLAN Y, then switched through the mesh to a host connected to Switch B.
The following example shows two routers and one switch that are meshed together. Packets arriving at the non-mesh ports on VLAN X on Router A may be routed to VLAN Y. Load balancing determines which port Router A should send the packets to in order for the packets to reach Router B.
adjacent switch and direct connection port on the adjacent switch. Not Established The port may be linked to a switch on a port that is not configured for meshing or has gone down. Initial The port has just come up as a meshed port and is trying to negotiate meshing. Disabled The port is configured for meshing but is not connected to another device. Error Error caused by external traffic that also happens to be an apparent duplicate MAC address.
Example 135 A mesh topology Syntax: show mesh mac-address Lists information about devices connected to the switch mesh in the following format. MAC Address VLAN ------------ ---- Port ---- Owner Switch Hostname ------ ------- ---------- MAC Address The MAC address of the device connected to the switch mesh. VLAN The VLAN of the switch mesh. Port The port on the originating switch through which the device’s MAC address was obtained.
Example 136 Viewing device information For the mesh topology shown in Example 135 (page 176), the show mesh mac-address command issued from the North switch displays the following device information. This listing shows the MAC addresses of the clients connected to the South, East, and West switches.
About switch meshing Switch mesh domain This is a group of meshed switch ports exchanging meshing protocol packets. Paths between these ports can have multiple redundant links without creating broadcast storms. Example 138 A switch mesh domain in a network Edge switch This is a switch that has some ports in the switch meshing domain and some ports outside of the domain. (See Example 138 (page 178).
• Meshing is not supported on ports configured with 802.1X access control. • On a port configured for meshing, if you subsequently remove meshing from the port's configuration and reboot the switch, the port returns to its default configuration. (It does not revert to any non-default configuration it had before being configured for meshing). • In a given mesh domain, switches in the same product family must run the same switch software version.
NOTE: • A switch mesh domain cannot include either a switch that is not configured for meshing, or other sources of traffic. • Where a given pair of switches are linked with meshed ports, you must not also link the pair together through non-meshed ports unless you have also enabled STP, RSTP, or MSTP to prevent a loop from forming. Figure 28 A unsupported topology • The switch blocks traffic on a meshed port connected to a non-meshed port on another switch.
Operating notes for switch meshing In a switch mesh domain traffic is distributed across the available paths with an effort to keep latency the same from path to path.
Unicast packets with unknown destinations A meshed switch receiving a unicast packet with an unknown destination does not flood the packet onto the mesh. Instead, the switch sends a query on the mesh to learn the location of the unicast destination. The meshed switches then send 802.2 test packets through their non-meshed ports. After the unicast destination is found and learned by the mesh, subsequent packets having the same destination address will be forwarded.
Example 141 Using STP without and with switch meshing Example 142 Connecting a switch mesh domain to non-meshed devices If you are going to use spanning tree in a switch mesh, all switches in the mesh should be configured with the same type of spanning tree: 802.1d/STP, 802.1w/RSTP, or 802.1s/MSTP. spanning tree interprets a meshed domain as a single link. However, on edge switches in the domain, MSTP will manage non-meshed redundant links from other devices.
Example 143 Interconnecting switch mesh domains with redundant links MSTP should be configured on non-mesh devices that use redundant links to interconnect with other devices or with multiple switch mesh domains. For example: In the above case of multiple switch meshes linked with redundant trunks, there is the possibility that spanning tree will temporarily block a mesh link.
A for any other host (such as C or D) will be dropped because only hosts B and E are in the same VLAN as host A. Figure 29 VLAN operation with a switch mesh domain Dynamic VLANs If GVRP is enabled, meshed ports in a switch become members of any dynamic VLANs created in the switch in the same way that they would if meshing was not configured in the switch. Jumbo packets If you enable jumbo traffic on any VLAN, then all meshed ports on the switch will be enabled to support jumbo traffic.
conservative approach when designing new mesh implementations is to use the two-tier design and limit the mesh domain to eight switches where possible. Example 144 A two-tier mesh design Example 145 A fully interconnected mesh with the maximum switch count Other factors affecting the performance of mesh networks include the number of destination addresses that have to be maintained, and the overall traffic levels and patterns.
x.15.09 and later allow a VRRP virtual router MAC address to move from the master to the backup without being blocked by meshing on connected switches in the mesh. • Using 5300 series switches in the same mesh domain that implements VRRP with concurrent meshing and routing is not recommended. Other requirements and restrictions Mesh support within the domain All switches in the mesh domain, including edge switches, must support the HP witch meshing protocol.
6 Quality of Service: Managing bandwidth effectively NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. Overview A Quality of Service (QoS) network policy refers to the network-wide controls available to: • Ensure uniform and efficient traffic-handling throughout your network, while keeping the most important traffic moving at an acceptable speed, regardless of current bandwidth usage.
Figure 31 Application of Differentiated Services Codepoint (DSCP) policies Applying QoS to inbound traffic at the network edge At the edge switch, QoS classifies certain traffic types and in some cases applies a DSCP policy. At the next hop (downstream switch) QoS honors the policies established at the edge switch. Further downstream, another switch may reclassify some traffic by applying new policies, and yet other downstream switches can be configured to honor the new policies.
Classifier-based QoS policies provide greater control for managing network traffic. Using multiple match criteria, you can finely select and define the classes of traffic that you want to manage. QoS-specific actions determine how you can handle the selected traffic. Configuring QoS globally To globally configure a QoS policy on the switch, follow these steps: 1.
4. Determine the global QoS policy required for each QoS-capable device in the network and configure the necessary settings. For downstream devices to recognize and use DSCP codepoints in IP packets sent from the switch, enable ToS (Type-of-Service) Differentiated Service mode on the devices and configure the appropriate DSCP policies. Note that certain DSCP policies have a default 802.1p priority automatically assigned.
The 802.1p priority determines the packet's queue in the outbound port on the switch. If the packet leaves the switch on a tagged VLAN port, it carries the 802.1p priority with it to the next downstream device. Default: Disabled — No 802.1p priority is assigned. The no form of the command deletes the specified UDP or TCP port number or range of port numbers as a QoS classifier.
Options This command is required only if an 802.1p priority is not already assigned to the specified codepoint in the DSCP Policy table. Valid values for a DSCP codepoint are as follows: • A binary value for the six-bit codepoint from 000000 to 111111.
4. Configure the switch to assign the DSCP policy to packets with the specified TCP or UDP port number or range of port numbers. Syntax: qos [ udp-port | tcp-port ] [ ipv4 | ipv6 | ip-all ] [ port-number | range start end ] dscp codepoint Assigns a DSCP policy to outbound packets having the specified TCP or UDP application-port number or port range, and overwrites the DSCP in these packets with the assigned codepoint value, where: • ipv4 marks only IPv4 packets (default).
Assigning DSCP policies to packets matching specified TCP and UDP port applications (Example) Port Applications DSCP Policies DSCP Priority 23-UDP 000111 7 80-TCP 000101 5 914-TCP 000010 1 1001-UDP 000010 1 1. Determine whether the DSCP codepoints that you want to use to mark matching packets already have an 802.1p priority assigned, which could indicate use by existing applications (show qos dscp-map command).
3. Assign the DSCP policies to the selected TCP/UDP port applications and display the result. Figure 33 Configuring a DSCP policy for global TCP/UDP port classifiers The switch applies the DSCP policies in Figure 33 (page 196) to IP packets with the specified TCP/UDP port applications that are received in the switch. The switch manages the packets as follows: 1. Overwrites the original DSCPs in the selected packets with the new DSCPs specified in the above policies. 2. Assigns the 802.
Example 147 Viewing the hardware resources used by currently configured QoS policies HP Switch(config)#: show qos resources Resource usage in Policy Enforcement Engine | Rules | Rules Used Slots | Available | ACL | QoS | IDM | VT | Mirror | PBR | Other | ------+-------------+-----+-----+-----+-----+--------+-----+-------| A | 3014 | 15 | 11 | 0 | 1 | 0 | 0 | 3 | | Meters | Meters Used Slots | Available | ACL | QoS | IDM | VT | Mirror | PBR | Other | ------+-------------+-----+-----+-----+-----+--------+----
Marks an 802.1p priority in outbound packets with the specified IP address or subnet mask in the source or destination field in a packet header, where: • ipv4-address or ipv6-address is an IPv4 or IPv6 address used to match the source or destination address in packet headers. NOTE: An IPv6 local-link address (such as fe80::110:252%vlan20) that is automatically generated on a VLAN interface is not supported as an ipv6-address value.
Example 148 Configuring and Viewing 802.1p priority configuring and Viewing the 802.1p priority used to mark packets that match each global IP-device classifier: IP Address / Mask or Prefix Length 802.1p Priority 10.28.31.1 7 10.28.31.130 5 10.28.31.100/24 1 2001:db8:2:1:212:79ff:fe88:a100 3 2001:db8:3:3::/64 1 HP HP HP HP HP HP Switch(config)#: Switch(config)#: Switch(config)#: Switch(config)#: Switch(config)#: Switch(config)#: qos device-priority 10.28.31.1 priority 7 qos device-priority 10.
column of the DSCP Policy table (show qos dscp-mapcommand), first configure a priority for the codepoint before proceeding (qos dscp-map priority command). Syntax: qos dscp-map codepoint priority 0 - 7 Optional: this command is required only if an 802.1p priority is not already assigned to the specified codepointin the DSCP Policy table, see Table 15 (page 234). When the switch applies this policy to a packet, the priority determines the packet's queue in the outbound port to which it is sent.
4. Configure the switch to assign the DSCP policy to packets with the specified IP address or subnet mask.
Assigning DSCP policies to packets matching specified global classifiers Assigning the following DSCP policies to the packets that match the specified global IP-device classifiers: DSCP Policy IP address DSCP codepoint 802.1p priority 10.28.31.1 000111 7 10.28.31.130 000101 5 10.28.31.100/24 000010 1 2001:db8:2:1:212:79ff:fe88:a100 000101 3 2001:db8:3:3::/64 000010 1 1. Determine whether the DSCP codepoints that you want to use to mark matching packets already have an 802.
3. Assign the DSCP policies to the specified IP-device addresses and display the result. HP HP HP HP HP HP Switch(config)#: Switch(config)#: Switch(config)#: Switch(config)#: Switch(config)#: Switch(config)#: qos device-priority 10.28.31.1 dscp 000111 qos device-priority 10.28.31.130 dscp 000101 qos device-priority ipv4 10.28.32.
Figure 36 Enabling ToS IP-precedence prioritization To change from IP-precedence to IP-Diffserv mode, follow the procedure in “Assigning a priority for a global IP-device classifier” (page 197), which automatically disables IP-Precedence. To disable IP-Precedence without enabling the IP-Diffserv option, enter the no qos type-of-service command. Using a global IP-Diffserv classifier to mark matching packets with an 802.1p priority 1. 2. 3. 4.
Examples Example 149 show qos type-of-service An edge switch A in an untagged VLAN assigns a DSCP of 000110 on IP packets it receives on port A6, and handles the packets with high priority (7). When these packets reach interior switch B you want the switch to handle them with the same high priority. To enable this operation you would configure an 802.1p priority of 7 for packets received with a DSCP of 000110, and then enable diff-services: Figure 37 Viewing the codepoints available for 802.
3. Use the qos type-of-service diff-services incoming-DSCP dscp outgoing-DSCP command to change the policy on packets coming from the edge or upstream switch with the specified incoming DSCP. Figure 56 (page 252) illustrates this scenario. Syntax: qos type-of-service diff-services Enables ToS Diff-services.
Example 150 Configuring new DSCP policies The following example shows how to configure new DSCP policies on matching packets with the specified DSCP codepoints. Received DSCP Policy DSCP 802.1p Priority Policy Name (Optional) 001100 000010 6 Level 6 001101 000101 4 Level 4 1. Determine if the DSCP codepoints that you want to use to mark matching packets already have an 802.1p priority assigned, which could indicate use by existing applications (show qos dscp-mapcommand).
3. Assign the new policies to mark matching packets with the specified codepoints. Figure 40 Assigning DSCP policies to outbound packets based on the DSCP codepoint from upstream devices Assigning a priority for a global layer 3 protocol classifier This global QoS packet-marking option assigns an 802.1p priority to outbound packets having the specified Layer-3 protocol. Syntax: qos protocol [ ip | ipx | arp | appletalk | sna | netbeui ] priority 0 - 7 Configures an 802.
Example 152 Configuring global Layer-3 protocol classifiers To configure the following global Layer-3 protocol classifiers: 1. Configure QoS protocol classifiers with IP at 0 (normal), ARP at 5 (medium), and AppleTalk at 7 (high) and display the QoS protocol configuration. 2. Disable the QoS IP protocol classifier, downgrade the ARP priority to 4, and again display the QoS protocol configuration. The following example shows the necessary configuration commands.
Example 153 Viewing the VLANs available for QoS prioritization 802.1p priorities are assigned to packets received in VLANs 1, 20, 30, and 40: Enter the following commands to mark VLAN packets that match the specified VLAN IDs with an 802.
4. Forwards the packet through the appropriate outbound port queue. Creating a policy based on the VLAN-ID classifier 1. 2. Determine the VLAN-ID classifier to which you want to assign a DSCP policy. Determine the DSCP policy for packets carrying the selected VLAN-ID. a. Determine the DSCP you want to assign to the selected packets. (This codepoint will be used to overwrite the DSCP carried in packets received from upstream devices.) b. Determine the 802.1p priority you want to assign to the DSCP. 3.
Syntax: show qos device-priority Displays a listing of all QoS VLAN-ID classifiers currently in the running-config file. Example 155 Assigning DSCP policies to packets Assigning DSCP policies (codepoint and associated 802.1p priority) to packets with the specified VLAN IDs: VLAN-ID DSCP Priority 40 000111 7 30 000101 5 20 000010 1 1 000010 1 1. Determine if the DSCP codepoints that you want to use to mark matching packets already have an 802.
3. Assign the DSCP policies to the selected VLAN IDs and display the result.
Example 156 Prioritizing inbound traffic on source-ports Prioritizing inbound traffic on the following source-ports: Source-Port Priority A1 - A3 2 A4 3 B1, B4 5 C1-C3 6 Enter the following commands to prioritize packets received from the specified source ports: Figure 44 Configuring and Viewing source-port QoS priorities If you later decided to remove source-port A1 from QoS prioritization, you would enter the following command: Figure 45 Returning a QoS-prioritized VLAN to "No-override" status
1. 2. Identify the source-port classifier to which you want to assign a DSCP policy. Determine the DSCP policy for packets having the selected source-port: a. Determine the DSCP you want to assign to the selected packets. (This codepoint will be used to overwrite the DSCP carried in packets received through the source-port from upstream devices.) b. Determine the 802.1p priority you want to assign to the DSCP. 3.
4. Configure the switch to assign the DSCP policy to packets from the specified source-port. Syntax: interface port-list qos dscp codepoint Assigns a DSCP policy to IP packets from the specified source-ports, and overwrites the DSCP in these packets with the assigned codepoint value. • A binary value for the six-bit codepoint from 000000 to 111111.
2. Configure the priorities for the DSCPs that you want to use to mark matching packets.
3. Assign the DSCP policies to the selected source-ports and display the result. Figure 48 Viewing global source-port classifier with DSCP-priority marking Configuring classifier-based QoS To use the classifier-based model to configure a QoS policy and apply it to a selected class of traffic on a port or VLAN interface, follow these steps: 1. Evaluate the types of traffic in your network and identify the traffic types that you want to prioritize or rate limit. 2.
3. • Layer 3 IP protocol • Layer 3 IP precedence bits • Layer 3 DSCP codepoint • Layer 4 TCP/UDP application port • VLAN ID Enter one or more match or ignore commands from the class configuration context to filter traffic and determine the packets on which policy actions will be performed. Context: Class configuration Syntax: 4.
executed, and specifies whether the QoS policy is applied to IPv4 or IPv6 traffic in the class. The classname is a text string (64 characters maximum). NOTE: Multiple class action statements can be configured for different traffic classes in the same policy. The execution of QoS actions is performed in the order in which the actions are numerically listed in the policy. action qos-action [action qos-action ...] Configures the QoS action specified by the qos-action replaceable.
6. Apply the QoS policy to inbound traffic on a port (interface service-policy in command) or VLAN (vlan service-policy in command) interface. The following restrictions apply to a QoS service policy: • Only one QoS policy is supported on a port or VLAN interface. • If you apply a QoS policy to a port or VLAN interface on which a QoS policy is already configured, the new policy replaces the existing one. • A QoS policy is supported only on inbound traffic.
priority Configures the 802.1p class of service (CoS) priority in Layer 2 frame headers. For information on the difference between the DSCP bits and precedence bits in the ToS byte of an IPv4 header and the Traffic Class byte of an IPv6 header. Context: Global configuration Syntax: [no] [seq-number ]class [ ipv4 | ipv6 ] classname action qos-action [ action qosaction ...
NOTE: Rate limiting usage Rate limit values below 13 kbps may result in unpredictable rate limiting behavior. Configuring a rate limit of 0 (zero) kilobits on a port blocks all traffic on the port. If blocking all traffic is the desired behavior, HP recommends that you configure deny ACL instead configuring a rate limit of 0. A rate limit that you apply with a classifier-based policy overrides any globally-configured per-port rate limit on the selected packets.
is calculated on a pem r- oduel or per portb - ank basis. If trunked ports or VLANs with a configured rate limit span multiple modules or porb t- anks, the configured rate limit is not guaraneted.
A QoS policy that uses the class action rate-limit command is not suppore td on a port interface on which ICMP rate limiting has already been globally configured. To apply the QoS policy, you must first disable the ICMP rate limiting cong ifurao itn.
In cases where you want to maintain an ICMP rate limiting cong ifurao itn, configure a class in which you specify the necessary match statements for ICMP traffic, and a QoS policy in which you configure the rate limit action for the class.
For informaio tn on golba ycl-ong ifue rd ICMP, see the Multicast and Routing Guide for your switch. priority priority-value Configures the 802.1p class of service (CoS) bits in Layer 2 frames of matching packets in a specified traffic class. Valid CoS values range from 0 to 7. The 802.1p CoS value controls the outbound port-queue priority for traffic leaving the switch. In an 802.1Q VLAN network, downstream devices may honor or change the 802.1p priority in incoming packets.
4 flash-override 5 critical 6 internet (for internetwork control) 7 network (for network control) Table 17 (page 242) shows how the Layer 2 802.1p priority value determines to which outbound port queue a packet is sent. Table 22 (page 251) shows the 802.1p priority value (0 to 7) associated, by default, with each IP Precedence three-bit setting and automatically assigned by the switch to the Layer 2 header of matching packets.
Reconfiguring the 802.1p priority value currently assigned to a DSCP codepoint To reconfigure the 802.
show class config ipv4 classname Lists the statements that make up the IPv4 class identified by classname. ipv6 classname Lists the statements that make up the IPv6 class identified by classname. config Displays all classes, both IPv4 and IPv6, and lists the statements that make up each class. Additional variants of the show class command provide information on classes that are members of policies that have been applied to ports or VLANs.
port-num Specifies the number of the port on which the policy is applied (single port only, not a range). vid Specifies the number or name of the vlan on which the policy is applied. VLAN ID numbers range fro 1 to 4094. in Specifies that statistics are shown for inbound traffic only.
Example 162 Viewing show policy resources output for all currently configured QoS policies HP Switch(config)#: show policy resources Resource usage in Policy Enforcement Engine | Rules | Rules Used Slots | Available | ACL | QoS | IDM | VT | Mirror | PBR | Other | ------+-------------+-----+-----+-----+-----+--------+-----+-------| A | 3014 | 15 | 11 | 0 | 1 | 0 | 0 | 3 | | Meters | Meters Used Slots | Available | ACL | QoS | IDM | VT | Mirror | PBR | Other | ------+-------------+-----+-----+-----+-----+----
Figure 49 A QoS policy for voice over IP and data traffic Configuring a QoS policy for layer 4 TCP/UDP traffic (Example) The following example shows how to configure a rate limiting policy for TCP/UDP application streams and apply the policy on all inbound switch ports.
In the default state, most of the 64 codepoints do not assign an 802.1p priority, as indicated by No-override in Table 15 (page 234). However, some codepoints, such as Assured Forwarding and Expedited Forwarding, have a default 802.1p priority setting. Use the following commands to display the DSCP Policy table, configure the codepoint-priority assignments, and assign optional names to the codepoints. Syntax: show qos dscp-map Displays the DSCP Policy table.
Viewing non-default codepoint settings (Example) Default priority settings for selected codepoints In a few cases, such as 001010 and 001100, a default DSCP policy (implied by the DSCP standards for Assured-Forwarding and Expedited-Forwarding) is used. You can change the priorities for the default policies by using the qos dscp-map codepointpriority 0 - 7 command. The currently configured DSCP policies (codepoint and associated 802.
1. Identify the global and classifier-based QoS policies that use the codepoint whose DSCP-priority mapping you want to change. Figure 52 Identifying the QoS policies that use a codepoint 2. Change each QoS configuration by assigning a different DSCP policy or a different 802.1p priority, or by removing the currently configured DSCP policy and restore the default No-override setting; for example: a.
Syntax: qos queue-config 2-queues | 4-queues | 8-queues Configures the number of outbound priority queues for all ports on the switch using one of the following options: 2-queues, 4-queues, or 8-queues. Default: 8-queues The new configuration will: • Remove any previously configured bandwidth-min output settings • Set the new number of outbound port queues If you select anything but yes for this operation, the operation is aborted and a message stating Operation aborted appears.
HP Switch#: show qos queue-config Queue ----1 2 3 4 802.1p Priority -------1–2 0,3 4–5 6–7 Memory % -------10 70 10 10 Using the outbound queue monitor NOTE: Outbound queue monitoring is not supported on HP 3800 switches. When QoS is used to prioritize traffic, different kinds of traffic can be assigned to different egress queues. If there is a great deal of traffic, it is desirable to be able determine if some traffic to the lower priority queues was dropped.
Example 163 Monitoring egress queues on a port HP Switch(config)#: show interface queues 5 Status and Counters - Queue Counters for port 5 Name : MAC Address : 001c2e-95ab3f Link Status : Up Port Totals (Since boot or last clear) : Rx Ucast Pkts : 142,181 Tx Ucast Pkts : 552 Rx B/Mcast Pkts : 10,721,488 Tx B/Mcast Pkts : 11,765 Rx Bytes : 1,267,216,218 Tx Bytes : 2,652,372 Rx Drop Packets : 0 Tx Drop Packets : 0 Egress Queue Totals (Since boot or last clear) : Queue CoS Dropped Packets 1 1-2 123456789012345
• • Source port on the switch • VLAN ID Traffic marking options are as follows: • Setting the Layer 2 802.1p priority value in VLAN-tagged and untagged packet headers • Setting the Layer 3 Differentiated Services Codepoint (DSCP) bits in the ToS byte of IPv4 packet headers and Traffic Class byte of IPv6 headers. Classifier-based QoS Starting in release K.14.01, classifier-based QoS operation provides additional QoS actions on a per-port and per-VLAN basis.
given packet. When a match between a packet and a classifier is found, the switch applies the QoS policy configured for the classifier and the packet is handled accordingly.
in the IPv4 ToS byte and IPv6 Traffic Class byte of packet headers. Layer 2802.1p prioritization By setting a new 802.1p priority value, QoS allows you to control the priority of outbound packets moving through the switch. The Layer 2 802.1p priority setting in a packet header determines the outbound port queue to which the packet is sent. By default, the switches covered in this guide have eight outbound traffic queues (0 through 7).
Table 18 Mapping 802.1p priorities to outbound port queues on the switch and downstream devices Configured 802.1p priority Outbound port queue in the switch 802.
In a tagged or untagged VLAN, you can also ensure that IPv4/IPv6 packets carry an 802.1p priority to downstream devices by configuring DSCP marking in the ToS/Traffic Class byte. The following table summarizes the QoS options for traffic-marking in VLAN-tagged and untagged environments. Table 19 QoS traffic marking supported in tagged and untagged VLANs QoS marking supported on outbound packets Port membership in VLANs Tagged Untagged Assign an 802.
command No-override means that the global QoS policy used to mark matching packets does not assign an 802.1p value. • IP packets received through a VLAN-tagged port are managed using the 802.1p priority they carry in the 802.1Q field in their headers. • VLAN-tagged packets received through an untagged port are handled by the switch with normal priority.
Maximum global QoS remarking entries The switches covered in this guide accept the maximum number of configured outbound 802.1p priority and DSCP entries shown in the following table. Table 21 Maximum number of QoS entries. Switch Maximum QoS remarking 3800 Switches Switch 8212zl Series 5400zl 1 250 configured entries Series 5300yl 1 Notes • Each IP Device (IP address) QoS configuration uses two entries. • Each TCP/UDP Port QoS configuration uses two entries.
Options for assigning priority The packet-marking options for global TCP/UDP port-number classifiers include: • 802.1p priority • DSCP policy (Assigning a new DSCP and an associated 802.1p priority; inbound packets can be IPv4 or IPv6.) For a given TCP or UDP port number, you can use only one of the above options at a time. However, for different port numbers, you can use different options.
Example 165 Configuration for TCP and UDP port prioritization The following example displays the following configuration for TCP and UDP port prioritization: TCP/UDP port 802.1p priority for TCP 802.1p priority for UDP TCP Port 23 (Telnet) 7 7 UDP Port 23 (Telnet) 7 7 TCP Port 80 (World Wide Web HTTP) 2 2 UDP Port 80 (World Wide Web HTTP) 1 1 Figure 54 Configuring 802.
Options for assigning priority The packet-marking options for global IP-device classifiers include: • 802.1p priority • DSCP policy: Assigning a new DSCP and 802.1p priority For a given IP address or subnet mask, you can assign only one of the above options at a time. However, for different IP addresses, you can use different options.
Global VLAN-ID classifier Global QoS Classifier Precedence: 5 The global VLAN-ID (VID) classifier allows you to use up to 4094 VLAN IDs to match packets. When a particular VLAN-ID classifier has the highest precedence in the switch, traffic received in the VLAN is marked with the configured priority level. You can configure different global VLAN-ID classifiers to mark packets with different priority levels.
In the switches covered in this guide, the default QoS configuration includes some codepoints, such as Assured Forwarding and Expedited Forwarding, that are preconfigured with an 802.1p priority setting. All other codepoints are not configured with an 802.1p priority and display No-override. Use the qos dscp map command to configure the switch to assign different 802.1p priorities to IP packets with different codepoints.
Figure 55 IPv4 ToS/IPv6 traffic class byte with DSCP codepoint and precedence bits Assigning an 802.1p priority for a global IP-diffserv classifier One of the best uses for this global QoS packet-marking option is on an interior switch to honor (continue) a policy set on an edge switch. The IP-diffserv classifier enables selecting incoming packets having a specific DSCP and forwards these packets with the desired 802.1p priority.
NOTE: Different applications may use the same DSCP in their IP packets. Also, the same application may use multiple DSCPs if the application originates on different clients, servers, or other devices. Using an edge switch enables you to select the desired packets and mark them with predictable DSCPs that can be used by downstream switches to honor policies set in the edge switch. When enabled, the switch applies direct 802.
Comparing global IP type-of-service classifiers The next table shows the difference in how global IP-Precedence and IP-Diffserv classifiers are implemented in the switch.
Classifier-based policies take precedence over, and may override, globally-configured QoS settings that apply to all traffic on the switch. Classifier-based QoS policies provide greater control for managing network traffic. Using multiple match criteria, you can finely select and define the classes of traffic that you want to manage. QoS-specific policy actions determine how you can handle the selected traffic. See the Advanced Traffic Management Guide.
Table 23 Order of precedence for classifier-based QoS over global QoS (continued) Precedence order QoS feature 4 Globally-configured IP-device priority 5 Globally-configured IP Type-of-Service priority 6 Globally-configured Layer 3-Protocol priority 7 Globally-configured VLAN-ID priority 8 Globally-configured Source-Port priority 9 802.1p CoS in Layer 2 VLAN header1 1 In a tagged VLAN environment, the incoming 802.
Interaction with other software features After applying a QoS policy to an interface, an error message appears if there are not sufficient hardware resources to support the policy. In this case, use the show resources command to verify the amount of resources that are currently in use and the resources available on the switch. QoS policies share the same hardware resources with other software features, such as mirroring policies, ACLs, virus throttling, the management VLAN, and so on.
Example 166 Changing the priority of a codepoint If codepoint 000001 is currently mapped to priority 6, and several global QoS policies use this codepoint to assign a priority to their respective types of matching traffic, you can change the priority associated with the codepoint using the following procedure. 1. Identify the global and classifier-based QoS policies that use the codepoint. 2. Do one of the following: a.
Table 24 Error messages generated by DSCP policy changes Error message Description DSCP Policy decimal-codepoint not configured You have tried to configure a codepoint in a global or classifier-based QoS policy for which there is no associated priority (No-override). Use the qos dscp-map command to configure a priority for the codepoint, then re-enter the codepoint in the QoS configuration.
Impact of QoS queue configuration on guaranteed minimum bandwidth (GMB) Changing the number of queues removes any bandwidth-min output settings in the startup configuration, and automatically re-allocates the GMB per queue as shown in the following table. Table 26 Default GMB percentage allocations per QoS queue configuration 802.
7 Stack management for the 3500, 3500yl, 6200yl and 6600 switches NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. Introduction This feature is available on the 3500, 3500yl, 6200yl and 6600 switches, but not on the 5400zl and 8200zl switches. HP Switch Stack Management (stacking) enables you to use a single IP address and standard network cabling to manage a group of up to 16 total switches in the same IP subnet (broadcast domain).
Table 27 Stacking configuration guidelines Join Method 1 Commander (IP Addressing Required) Candidate (IP Addressing Optional) Auto Grab Auto Join Passwords Automatically add Yes Candidate to Stack Causes the first 15 eligible, discovered switches in the subnet to automatically join a stack.
Creating a stack (Overview) 1. Determine the naming conventions for the stack. A stack name is necessary. To help distinguish one switch from another in the stack, configure a unique system name for each switch. Otherwise, the system name for a switch appearing in the Stacking Status screen appears as the stack name plus an automatically assigned switch number. For example: Figure 57 Using the system name to help identify individual switches 2. Configure the Commander switch.
8. If you need to do specific configuration or monitoring tasks on a Member, use the console interface on the Commander to access the Member. Viewing stack status Syntax: show stack [ candidates | view | all ] Lists the stack status for an individual switch or other switches discovered in the same subnet. Viewing the status of an individual switch Syntax: show stack Lists the stacking configuration for an individual switch.
Example 169 Using the show stack all command to list discovered switches in the IP subnet The switch on which the show stack all command is executed is a Candidate; it is included in the Others category.
Figure 59 The default Stack Configuration screen 4. 5. Move the cursor to the Stack State field by pressing E (for Edit). Then use the Space bar to select the Commander option. Press the down arrow key to display the Commander configuration fields in the Stack Configuration screen. Figure 60 The default Commander configuration on the Stack Configuration screen 6. 7. 8. 9. Enter a unique stack name (up to 15 characters; no spaces) and press the down arrow key.
2. Configure a Manager password on the switch intended for commander. (The Commander's Manager password controls access to stack Members.) For more on passwords, see the Access Security Guide for your switch. Making a switch a Commander Syntax: stack commander name-str Assigns a stack name to a switch makes it a Commander and automatically creates a stack.
Example 172 Using a member's CLI to convert the member to the commander of a new stack Suppose an HP switch named Bering Sea is a Member of a stack named Big_Waters. To use the switch's CLI to convert it from a stack Member to the Commander of a new stack named "Lakes", use the following commands: Adding to a stack, or moving switches between stacks You can add switches to a stack by adding discovered Candidates or by moving switches from other stacks that may exist in the same subnet.
Example 173 Determining available switch numbers (SNs) To display all discovered Candidates with their MAC addresses, execute the show stack candidates command from the Commander's CLI.
Example 174 Viewing the stack after adding a new member Manually adding a Candidate to a stack (Menu) In the default configuration, you must manually add stack Members from the Candidate pool. Reasons for a switch remaining a Candidate instead of becoming a Member include any of the following: • Auto Grab in the Commander is set to No (the default). • Auto Join in the Candidate is set to No.
2. Press A (for Add) to add a Candidate. You will then see this screen listing the available Candidates: Example 176 A Candidate list on the Stack Management screen 3. 4. 5. 6. Either accept the displayed switch number or enter another available number. (The range is 0 - 15, with 0 reserved for the Commander.) Use the down arrow key to move the cursor to the MAC Address field, then enter the MAC address of the desired Candidate from the Candidate list in the lower part of the screen.
Moving a Member from one stack to another (Menu) Where two or more stacks exist in the same subnet, it is easy to move a Member of one stack to another stack if the destination stack is not full. This procedure is nearly identical to manually adding a Candidate to a stack. If the stack from which you want to move the Member has a Manager password, you will need to know it to make the move. 1.
9. Press Enter to return to the Actions line, then press S (for Save) to complete the Add process for the selected Member. You will then see a screen similar to the one in Example 175 (page 270) and Example 178 (page 275), with the newly added Member listed. NOTE: If the message Unable to add stack member: Invalid Password appears in the console menu's Help line, then you either omitted the Manager password for the stack containing the Member or incorrectly entered the Manager password.
Example 177 Pushing a candidate into a stack Suppose a Candidate named North Sea with Auto Join off and a valid IP address of 10.28.227.104 is running on a network. You could Telnet to the Candidate, use show stack all to determine the Commander's MAC address, and then push the Candidate into the desired stack. To verify that the Candidate successfully joined the stack, execute show stack all again to view the stacking status.
Example 178 Stack listing with two stacks in the subnet Suppose you create a new Commander with a stack name of Cold_Waters and want to move a switch named Bering Sea into this new stack: You would then execute the following command to pull the desired switch into the new stack: HP Switch(config)#: stack member 1 mac-address 0060b0-df1a00 Where 1 is an unused switch number (SN). Since a password is not set on the Candidate, a password is not needed.
Example 179 Converting a Commander to a Member Suppose you have a switch operating as the Commander for a temporary stack named Test. When it is time to eliminate the temporary Test stack and convert the switch into a member of an existing stack named Big_Waters, execute the following commands in the switch's CLI: Split stacking policy Sets the split policy of the stack.
Syntax Stacking merge-policy no-merge | uptime | winning-stack Converting a Commander or Member to a Member of another stack (Commander Menu) When moving a Commander, the following procedure returns the stack members to Candidate status (with Auto-Join set to No), and converts the stack Commander to a Member of another stack. When moving a member, the procedure simply pulls a Member out of one stack and pushes it into another. 1.
Example 181 A commander and three switches in a stack Suppose you want to use the Commander to remove the North Sea member from the following stack: Execute this command to remove the North Sea switch from the stack: HP Switch(config)#: no stack member 3 mac-address 0030c1-7fc700 where: • 3 is the North Sea member's switch number (SN) • 0030c1-7fc700 is the North Sea member's MAC address Removing a stack Member using the Member’s CLI Syntax: no stack join mac-addr To use this method you need the Comma
add to the stack. The default switch number used for an add is the lowest unassigned number in the Member range (1 - 15; 0 is reserved for the Commander). To remove a Member from a stack, use the Stack Management screen. 1. From the Main Menu, select 9. Stacking... —> 4. Stack Management You will then see the Stack Management screen. Figure 62 The stack management screen with stack members listed 2. 3. Use the down arrow key to select the Member to remove from the stack.
Example 183 A stack showing switch number (SN) assignments Suppose you want to configure a port trunk on the switch named North Sea in the stack named Big_Waters.
2. 3. You can now make configuration changes and view status data for the selected Member in the same way t you would if you were directly connected or telnetted into the switch. When you finish accessing the selected Member, do the following to return to the Commander's Stack Access screen: a. Return to the Member's Main Menu. b. Press 0 (for Logout), then Y (for Yes). c. Press Return. You should now see the Commander's Stack Access screen.
Table 28 Candidate configuration options in the menu interface Parameter Default setting Other settings Stack State Candidate Commander, Member, or Disabled Auto Join Yes No Transmission Interval 60 Seconds Range: 1 to 300 seconds Pushing a switch into a stack, modifying the switch’s configuration, or disabling stacking on the switch (Menu) Use Telnet or the WebAgent to access the Candidate if it has an IP address.
5. 6. Press Enter to return the cursor to the Actions line. Press S (for Save) to save your configuration changes and return to the Stacking menu. Using the Commander to manage the stack The Commander normally operates as your stack manager and point of entry into other switches in the stack.
Figure 66 Stacking status for all detected switches configured for stacking Viewing Commander status (Menu) This procedure displays the Commander and stack configuration, plus information identifying each stack member. To display the status for a Commander, go to the console Main Menu for the switch and select 9. Stacking ... —> 1. Stacking Status (This Switch).
3. In the Member's Main Menu screen, select 9. Stacking ... —> 1. Stacking Status (This Switch). You will see the Member's Stacking Status screen: Figure 68 A Member's stacking status screen Viewing Candidate status (Menu) This procedure displays the Candidate's stacking configuration. To display the status for a Candidate: Use Telnet (if the Candidate has a valid IP address for your network) or a direct serial port connection to access the menu interface Main Menu for the Candidate switch and select 9.
Figure 70 A switch moving from Candidate to Member General stacking operation After you configure one switch to operate as the Commander of a stack, additional switches can join the stack by either automatic or manual methods. After a switch becomes a Member, you can work through the Commander switch to further configure the Member switch as necessary for all of the additional software features available in the switch.
• If multiple VLANs are configured, stacking uses only the primary VLAN on any switch. In the factory-default configuration, the DEFAULT_VLAN is the primary VLAN. • Stacking allows intermediate devices that do not support stacking. This enables you to include switches that are distant from the Commander.
Specific rules Table 31 Specific rules for commander, candidate, and member switch IP Addressing and Stack Name Commander Number Allowed Per Stack Passwords IP Addr: Requires an Only one Commander switch is allowed per stack. assigned IP address and mask for access via the network. Stack Name: Required The Commander's Manager and Operator passwords are assigned to any switch becoming a Member of the stack.
NOTE: In the default stack configuration, the Candidate Auto Join parameter is enabled, but the Commander Auto Grab parameter is disabled. This prevents Candidates from automatically joining a stack prematurely or joining the wrong stack (if more than one stack Commander is configured in a subnet or broadcast domain). If you plan to install more than one stack in a subnet, HP recommends that you leave Auto Grab disabled on all Commander switches and manually add Members to their stacks.
SNMP community operation in a stack Community Membership In the default stacking configuration, when a Candidate joins a stack, it automatically becomes a Member of any SNMP community to which the Commander belongs, even though any community names configured in the Commander are not propagated to the Member's SNMP Communities listing. However, if a Member has its own (optional) IP addressing, it can belong to SNMP communities to which other switches in the stack, including the Commander, do not belong.
8 Stack management for the 3800 switches NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. Introduction This feature is available on the HP 3800 switches only. See the HP 3800 Switch Installation and Getting Started Guide for information on supported stacking topologies. NOTE: This feature is different from the stacking feature that is implemented on some other HP Networking switches.
Using a deterministic method 1. 2. 3. Install a Stacking Module into an HP 3800 switch and then boot the switch, as described in the HP 3800 Switch Installation and Getting Started Guide. Make sure that stacking is enabled for the switch: a. Enter the show stacking command. b. If stacking is disabled, enter stacking enable (in global config context). This command causes the switch to reboot. When the switch finishes booting, enter the show stacking command again.
8. Install Stacking Modules into the other switches that will be members of the stack, but do not boot them yet. NOTE: It is highly recommended that you create a mesh topology for maximum throughput and resiliency of the stack. At a minimum, a ring topology should be created. A chain topology is not recommended because any hardware or software failure in the stack results in lost ports, which increases the amount of time for the recovery of full stack operation due to multiple reboots.
Adding a switch to a stack as a new member HP Networking stacking allows for switches to be added to the stack while the stack is operational (as long as the maximum number of ten switches in the stack is not exceeded). 1. Provision the stack for the new switch by entering the following command: HP Switch(config)#: stacking member N type JxxxxA [mac MAC-Addr] where: • N is the stacking member number for the switch • JxxxxA is the product number of the switch (required).
When you add the switch to the stack, the following occurs: • The Stack Revision Number is incremented by one. • The Commander verifies that the new switch has the same switch software as the other switches in the stack, and downloads the software to the new switch if it does not. When downloading new software, there will be an automatic reboot during this process. • A stack ID is assigned, even if the switch is later disconnected from the stack.
1. In the global config context, enter the remove command option for switch B (member 3) and switch C (member 2): HP Stack 3800(config)#: stack member 3 remove HP Stack 3800(config)#: stack member 2 remove All configurations on the removed member switch are deleted, not just the stacking configuration. 2.
◦ Both fragments will have a Commander and a Standby selected (if there is more than one switch in each fragment). ◦ When the stacking cable is reconnected to reform the chain: – The Commander and Standby of the Active fragment retain those roles for the resulting stack. If the original Commander was not in that fragment, then the stack will have a new Commander when the stack is reformed. – The switches in the Inactive fragment reboot and assume their new roles in the reformed chain.
If both fragments are Inactive, then an election process occurs. The two (or more) Commanders in the fragments are compared. The Commander is selected using the following criteria: 1. Highest Stack Rev 2. If the stack rev is the same for both, then choose the switch with the highest configured priority 3. If the priorities are the same for both, then choose the switch with the highest OS revision 4. If the OS revisions are the same, then choose the switch with the longest uptime 5.
Syntax: show stacking Shows the current state of the stack. Example 187 Viewing show stacking summary output HP-Stack-3800#: show stacking Stack ID : 00011cc1-de4d4740 MAC Address Stack Topology Stack Status Split Policy Uptime Software Version : : : : : : Mbr ID --1 2 3 Mac Address ------------1cc1de-4d4740 1cc1de-4d7400 1cc1de-4ddc00 1cc1de-4d474b Unknown Fragment Active All-Fragments-Up 0d 8h 6m KA.15.11.
Example 188 Viewing show stacking detail output HP Stack 3800(config)#: show stacking detail Stack ID : 00031cc1-de4d48c0 MAC Address : 1cc1de-4d48c9 Stack Topology : Mesh Stack Status : Active Uptime : 4d 8h 50m Software Version : KA.15.05.
Example 189 Viewing show stacking stack-ports output HP Stack 3800#: show stacking stack-ports Member -----1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 Stack Port ----1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 State ----Up Up Up Down Up Up Down Up Up Up Up Down Up Down Up Up Peer Member -----2 3 4 0 1 3 0 4 2 1 4 0 3 0 1 2 Peer Port ---1 2 3 0 1 1 0 4 2 2 1 0 3 0 3 4 If you specify specific stack members in the command, then the stacking port information for those members displays.
Example 190 Viewing stacking member status HP Stack 3800#: show stacking Stack ID : 00011cc1-de4d87c0 MAC Address Stack Topology Stack Status Active Uptime Software Version Mbr ID --1 2 3 4 5 : : : : : 1cc1de -4d87e5 Chain Fragment 0d 0h 5m KA.15.03.
Example 193 Viewing missing stack members HP Stack 3800#: show stacking Stack Topology Stack Status Uptime Software Version Mbr ID --1 2 3 4 5 Mac Address ------------1cc1de-4d87c0 1cc1de-4dc740 1cc1de-4dbd40 1cc1de-4d79c0 1cc1de-4da900 : : : : Chain Fragment Inactive 0d 0h 7m KA.15.03.
Using fault recovery/troubleshooting tools Stacking provides tools and logging information to aid in troubleshooting problems specific to stacking.
Solution: Identify root cause. Possible reasons for a member not joining an existing stack are: • The switch being added has already been a member of another stack and has a different stack ID. • The maximum number of switches is already configured. • The switch being added has been statically provisioned, but switch type and MAC address in the configuration do not match the switch being added. • There is a problem with the stack cable. • There is a problem with the stack physical cabling.
Troubleshooting a strictly provisioned, mismatched MAC address When switches are strictly provisioned, it is possible to enter an incorrect type or incorrect MAC address. If this occurs, the switch does not match the intended configuration entry and stacking attempts to add this switch as a new “plug-and-go” switch. If the stacking configuration already has 10 switches, then the “plug-and-go” fails. The following example shows a stack with 9 members.
Example 195 Viewing a stack with 9 members This shows the stack before boot. HP Stack 3800(stacking)#: show stacking Stack ID MAC Address Stack Topology Stack Status Uptime Software Version Mbr ID --1 2 3 4 5 6 7 8 9 Mac Address ------------1cc1de-4d87c0 1cc1de-4dc740 1cc1de-4dbd40 1cc1de-444444 1cc1de-000005 1cc1de-000006 1cc1de-000007 1cc1de-000008 1cc1de-000009 : : : : : : 00031cc1-de4d87c0 1cc1de-4dc765 Ring021560 Active 0d 0h 56m KA.15.05.
Example 197 Removing a member and updating the entry with a MAC address HP Stack 3800(config)#: stacking member 10 remove reboot The specified stack member will be removed from the stack and its configuration will be erased. The resulting configuration will be saved. The stack member will be rebooted and join as a new member. Continue [y/n]? Y HP Stack 3800(config)#: stacking member 4 type J9576A mac-address Example 198 Viewing that member 4 joined the stack This shows that member 4 has joined the stack.
The stack ports for the new switch appear online, however, the show stacking command shows that the switch has not been recognized.
Troubleshooting logging The show logging command troubleshoots problems in stacking. Syntax show logging The options a|r|substringcan be used in combination with an event class option. a Instructs the switch to display all recorded log events, which includes events from previous boot cycles. b Display log events as time since boot instead of date/time format.
The switch that fails to join automatically reboots. Execute the show stacking command to view the mis-configured entry. Example 204 Viewing the mis-configured entry HP Stack 3800(config)#: show stacking Stack ID MAC Address Stack Topology Stack Status Uptime Software Version Mbr ID --1 2 3 4 5 Mac Address ------------1cc1de-4d87c0 1cc1de-4dc740 1cc1de-4dbd40 1cc1de-4d79c0 1cc1de-4da900 : : : : : : 00011cc1-de4d87c0 1cc1de-4d87e5 Mesh Active 4d 0h 2m KA.15.05.
Example 206 Removing a stack member and reconfiguring HP Stack 3800(config)#: stacking member 5 remove The specified stack member configuration will be erased. The resulting configuration will be saved. Continue [y/n]? Y HP Stack 3800(config)#: stacking member 5 type J9576A mac 1cc1de-4da900 This will save the current configuration.
attempts to “plug-and-go” to add the switch, however, since the maximum number of membership has already been reached, the switch cannot join the stack. The following example shows the show stacking output before the switch attempts to join.
Example 209 Viewing a disabled stack port HP Stack 3800$ show stacking stack-ports Member Stacking Port State Peer Member Peer Port -----------------------------------------------------1 1 Up 5 2 1 2 Up 2 1 1 3 Up 3 3 1 4 Up 4 3 2 1 Up 1 2 2 2 Up 3 1 2 3 Up 4 4 2 4 Up 5 3 3 1 Up 2 2 3 2 Down 0 0 3 3 Up 1 3 3 4 Up 5 4 4 1 Disabled 0 0 4 2 Up 5 1 4 3 Up 1 4 4 4 Up 2 3 5 1 Up 4 2 5 2 Up 1 1 5 3 Up 2 4 5 4 Up 3 4 If the cable failure is more solid, the port is in the DOWN state. The logs show any transition.
Example 210 Viewing that two ports are down due to a bad connection HP Stack 3800#: show stacking stack-ports Member Stacking Port State Peer Member Peer Port -----------------------------------------------------1 1 Up 5 2 1 2 Up 2 1 1 3 Up 3 3 1 4 Up 4 3 2 1 Up 1 2 2 2 Up 3 1 2 3 Up 4 4 2 4 Up 5 3 3 1 Up 2 2 3 2 Down 0 0 3 3 Up 1 3 3 4 Up 5 4 4 1 Down 0 0 4 2 Up 5 1 4 3 Up 1 4 4 4 Up 2 3 5 1 Up 4 2 5 2 Up 1 1 5 3 Up 2 4 5 4 Up 3 4 The solution in both cases is to ensure that the cable is firmly connected
Example 211 Viewing show tech output Port Number : 1 State : Available Last Event : Available Start Req : 1 NE Present : 1 HPID Good : 1 HPID Fails : 0 FE Present : 1 Rem Dev Rdy : 1 ESSI Link : 1 ESSI Good : 1 ESSI Fails : 0 ESSI TX En : 1 ICL Good : 1 ICL Enabled : 1 LP Local RDY: 1 LP Rem RDY : 1 LP DONE : 1 ICL FailCnt : 0 (10 second interval) ICL FailCnt : 0 (10 minute interval) NE Presence HW : 1 FE Presence HW : 1 Rem Dev Rdy HW : 1 Local Dev Rdy HW : 1 Asserted NE Presence HW : 1 Asserted FE Presenc
The following table describes how the stack reacts to the crashing switch, depending on what role the switch had when the crash occurred. The assumption in this table is that the topology is a resilient topology (that is, a mesh or ring).
Example 214 Viewing the running configuration with priority HP Switch(config)#: show running-config ; hpStack Configuration Editor; Created on release #:KA.15.05.
Example 215 Viewing show interfaces brief output for port 3/10 HP Switch(config)#: show interfaces brief 3/10 Status and Counters - Port Status | Intrusion MDI Port Type | Alert Enabled Status Mode Mode ------------ --------- + --------- ------- ------ ---------- ---3/10 100/1000T | No Yes Down 1000FDx Flow Ctrl ---off Bcast Limit ----0 Similarly, CLI commands requiring specific port (interface) numbers on an HP 3800 switch configured for stacking require the modified port designations.
After switchover/failover of control from the Commander to the Standby, the OOBM port IP address of the new Commander is the Global IP address. This change in address causes some undesirable behavior (after failover): • When using DHCP or DHCPv6, the new Commander requests a new lease and typically receives a new network address (IPv4 or IPv6). With OOBM high availability (HA), it will seem as if a new link has come up requesting a network address. • IPV6 link-local or auto-config addresses will change.
NOTE: It is possible for the Standby to have a higher priority than the Commander, if the priority of the Standby was increased after the Commander becomes the Commander. (The Commander is not changed unless it fails or is on the Inactive fragment side of a stack that becomes split). 3. 4. If there are two or more switches whose priority is equally high, then the Commander will look at the topology of the stack and pick a switch that is the most hops away from the Commander.
9 QinQ (Provider bridging) NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. Introduction This chapter describes how to enable QinQ operations on the switch and how to configure provider bridge S-VLANs and port assignments. The IEEE 802.1ad specification, commonly known as QinQ or provider bridging, extends the IEEE 802.1Q standard by providing for a second tier of VLANs in a bridged network.
Figure 75 VLANs in a QinQ configuration Customer VLANs (referred to as C-VLANs by the IEEE 802.1ad specification) are not used to make any forwarding decisions inside the provider network where customer frames get assigned to service VLANs (S-VLANs). Inside the provider cloud, frames are forwarded based on the S-VLAN tag only, while the C-VLAN tag remains shielded during data transmission. The S-VLAN tag is removed when the frame exits the provider network, restoring the original customer frame.
5. (Optional) Assign priorities to traffic passing through the provider network. CAUTION: A reboot is required to enable/disable QinQ operations on the switch. When moving between QinQ modes (qinq mixedvlan to qinq svlan or vice versa), the switch boots up with a default configuration for the new qinq mode and the configuration parameters of the current mode will be erased. QinQ Configuration example This configuration example uses four HP switches to establish a QinQ tunnel through the provider network.
At the end of the configuration, the following settings will apply: • All customer A site traffic received on port A1 will be associated with S-VLAN 100. This is independent of the C-VLAN tag information that the customer frames may carry. • All customer B Site 1 traffic will be associated with S-VLAN 200 and be switched out to the core (uplinks A3, A4) with the S-VLAN tag-id of 200. • The frame size will increase by 4 since ports A3 and A4 are tagged members of S-VLAN 100 and 200.
Edge2(config)#: svlan 200 Edge2(svlan-200)#: untagged A2 Edge2(svlan-200)#: exit Edge2(config)#: int A2 qinq port-type customer-network 4. Configure the provider ports leading to the core of the provider network. Edge1(config)#: svlan 100 tagged A3, A4 Edge1(config)#: svlan 200 tagged A3, A4 Edge1(config)#: interface A3,A4 qinq port-type provider-network Configuring example: provider core 1 switch Figure 78 Configuration example: Core 1 Switch To configure the Core 1 switch: 1.
and site 2 and ping them. If everything has been configured correctly, traffic will flow through the provider network cloud and reach the other site seamlessly. Enabling QinQ By default, QinQ is disabled on the switch. To enable QinQ, the switch must be put into either in mixed VLAN mode or QinQ SVLAN mode by issuing one of the following commands from configuration mode on the CLI.
tagged port-list Configures the indicated ports as Tagged for the specified S-VLAN. The no version sets the ports to either No or (if GVRP is enabled) to Auto. untagged port-list Configures the indicated ports as Untagged for the specified S-VLAN.The no version sets the ports to either No or (if GVRP is enabled) to Auto forbid port-list Dynamic trunks cannot be involved as a part of any static configurations like forbid. Forbid can only be applied on ports and static trunks .
Figure 79 Customer or provider ports in the provider network All ports of a QinQ-enabled device default to provider-network. Any ports participating in the provider bridge that are used to connect to customer equipment, must be manually configured as port-type customer-network. In a mixed mode device, ports that are members of C-VLANs and that do not participate in the provider-bridge cannot be configured to any port-type. The following command allows you to configure the appropriate port-type.
The warning prompt is displayed only when there is at least one port in the port list that needs to be moved out from the C-VLAN space to the S-VLAN domain. Similarly, if ports being added to the C-VLAN are already members of an S-VLAN, the CLI issues a warning that the port's membership with its existing VLANs will be removed and will prompt for a confirmation before continuing. If all ports are just being added or removed from within the same VLAN type domain, no prompt will appear.
Example 217 Viewing show qinq output (QinQ S-VLAN mode) HP Switch(config)#: show qinq QinQ Global Configuration: ----------------------------------------------Bridge-mode : svlan bridge QinQ Interface Configuration: -------------------------------------------------interface port-type -----------------A1 provider-network A2 provider-network Trk1 customer-network Viewing a switch VLAN configuration The following show commands are a subset of those listed in the chapter on Static Virtual LANs (VLANs) highligh
Changes to parameters when QinQ is enabled: VLAN ID Field name changes from 802.1Q VLAN ID to VLAN ID only. Type In a QinQ enabled environment, the VLAN type can be either a regular customer VLAN CVLAN, or it can be a tunnel VLAN in the provider network S-VLAN. Figure 81 Viewing show vlan output with QinQ enabled Viewing the VLAN membership of one or more ports This command shows to which VLAN a port belongs. Once QinQ is enabled, an additional field showing the VLAN Type is added to the display output.
About QinQ Operating rules and guidelines This section provides an overview of QinQ operations and restrictions on the switch. Enabling QinQ and configuring QinQ modes By default, QinQ is disabled. WhenQinQ is enabled via the CLI, an operating mode is globally configured on the switch.
Figure 83 HP Switch in mixed-VLAN mode Configuring VLANs • A VLAN created on a QinQ mixed VLAN mode device can be either a regular VLAN (C-VLAN) or a tunnel VLAN (S-VLAN). C-VLANs have no mapping/relation whatsoever to the S-VLANs on the device. • VLANs created on a QinQ S-VLAN mode device can be S-VLANs only. S-VLANs provide QinQ tunneling of customer frames and behave like a port-based/s-tagged interface.
ports will be configured as untagged members of S-VLANs while provider-network ports will be configured as tagged members of S-VLANs. Note the following configuration rules and guidelines: • All ports of a device that is QinQ enabled (in S-VLAN mode or mixed VLAN mode) are provider-network ports by default—if there are any ports that connect to a customer device, they must be manually configured as customer-network ports.
VLAN configuration restrictions in mixed VLAN mode VLAN configuration restrictions in S-VLAN mode Port-based restrictions 336 QinQ (Provider bridging) • Both C-VLANs and S-VLANs can be configured on the switch. In a mixed mode device, the default VLAN is always a C-VLAN. • VLAN types cannot be updated dynamically. A VLAN can be classified only as an S-VLAN or a C-VLAN at the time its created. Once created, the VLAN cannot be moved between being a C-VLAN and an S-VLAN.
Interoperating with other vendor devices When enabling QinQ, you can configure a unique tpid value, such as 0x8100, to allow the device to interoperate with devices that require this value for the inner and outer VLAN-tag. If the provider tag-type is configured as 0x8100, then: • Customer-network ports cannot be configured as tagged-S-VLAN members • Tagged-S-VLAN members cannot be configured as customer-network ports.
Table 33 Impacts of QinQ configurations on other switch features Switch feature Impacts of QinQ configurations and allowed operations ACLs In QinQ mixed VLAN or S-VLAN modes: • On double-tagged frames , the VID applicable when applying ACLs will be the S-VLAN tag and not the C-VLAN tag. aaa In QinQ mixed VLAN mode: • auth-vid/unauth-vid configuration is not supported on S-VLAN ports; the auth-vid/unauth-vid cannot be an S-VLAN id.
Table 33 Impacts of QinQ configurations on other switch features (continued) Switch feature Impacts of QinQ configurations and allowed operations In QinQ S-VLAN mode: • GVRP is supported on S-VLAN ports if the qinq mode is S-VLAN. igmp-proxy In QinQ mixed VLAN mode: • IGMP-proxy cannot be configured on S-VLANs. In QinQ S-VLAN mode: • IGMP-proxy is not supported. IPv6 In QinQ mixed VLAN mode: • IPv6 features are not supported on S-VLANs.
Table 33 Impacts of QinQ configurations on other switch features (continued) Switch feature Impacts of QinQ configurations and allowed operations load-sharing In QinQ S-VLAN mode: • Equal cost multi-path (ECMP) is not supported on provider core devices. management VLAN In QinQ mixed VLAN mode: Meshing In QinQ mixed VLAN mode: • The management VLAN cannot be an S-VLAN. • Meshing is not supported on the device.
Table 33 Impacts of QinQ configurations on other switch features (continued) Switch feature Impacts of QinQ configurations and allowed operations In QinQ S-VLAN mode: • Provider (S-VLAN) spanning tree is supported—both provider-network ports and customer-network ports will receive/transmit provider STP BPDUs. • Customer (VLAN) spanning tree tunneling is supported on S-VLAN interfaces—customer-network or provider-network ports will tunnel customer STP BPDUs through the appropriate S-VLAN.
10 Classifier-based software configuration NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. Introduction Classifier-based service policies are designed to work with existing globally configured switch-wide and port-wide settings by allowing you to select a subset of: • Traffic sent to or from certain ports • VLAN traffic Once the traffic is selected, you can further manage it.
match/ignore statements in a class configuration, use the resequence command. match | ignore Defines the classifier criteria used to determine which packets belong to the traffic class. If a packet matches a match criterion, it becomes a member of the traffic class and is forwarded according to the actions configured with the policy command. If a packet matches an ignore criterion, no policy action is performed on the packet. You can enter one or more match/ignore statements in a traffic class.
source-address destination-address Defines the source IP address (SA) and destination IP address (DA) that a packet must contain to match a match/ignore statement in an IPv4 or IPv6 traffic class. Both the source and destination address parameters are required entries in a match/ignore statement. Valid values for source-address and destination-address are as follows: • any: Matches IPv4 or IPv6 packets from, or destined to, any SA or DA.
length. Enter the prefix length for an IPv6 SA/DA in CIDR format by using the number of significant bits; for example: 2001:db8:2620:212::01b4/64. An IPv6 prefix-length is applied to an SA/DA in a match/ignore statement to define which bits in a packet's SA/DA must exactly match the specified SA/DA and which bits need not match.
Valid values for precedence-value are either the numeric value (0 to 7) or corresponding name of an IP precedence bit set: 0 1 2 3 4 5 6 7 routine priority immediate flash flash-override critical internet (for internetwork control) network (for network control) To display a list of valid precedence-value entries when you enter precedence in a match/ignore statement, enter ?.
101010), and ToS/Traffic Class (10101000) bits. The rightmost two bits are reserved as 00. 3. A ToS/traffic class field. To display a class configuration, enter the following command. show class [ ipv4 | ipv6 ] [classname] To edit a class configuration, re-enter the class configuration context (class command) and enter new match/ignore statements as follows: • If you do not enter a sequence number, a new statement is inserted at the end of the class configuration.
Figure 85 A ToS/traffic class field Syntax: [no] [seq—number] [ match | ignore ] [icmp] source—address destination—address [ icmp—type—number | icmpv4—type—name | icmpv6—type—name ] [ ip—dscp codepoint ] [ precedence precedence—value ] [ tos tos—value ] [ vlan—id ] If you enter icmp as the IP protocol type in a match/ignore statement, you can optionally specify an ICMP packet type to more precisely define match criteria for a traffic class.
icmpv6-type-name • host-tos-redirectredirect • host-tos-unreachablerouter-advertisement • host-unknownrouter-solicitation • host-unreachablesource-quench • information-replysource-route-failed • information-requesttime-exceeded • mask-replytimestamp-reply • mask-requesttimestamp-request • mobile-redirecttraceroute • net-redirectttl-exceeded • net-tos-redirectunreachable You can also enter any of the following ICMPv6 packet-type names to configure more precise match criteria for ICMP p
Syntax: [no] [seq—number] [ match | ignore ] igmp source—address destination—address [ igmp—type ] [ ip—dscp codepoint ] [ precedence precedence—value ] [ tos tos—value ] [ vlan vlan—id ] If you enter igmp as the IP protocol type in a match/ignore statement, you can optionally specify an IGMP packet type to more precisely define match criteria for a traffic class.
Equal To matches a packet with the same TCP or UDP source port number as tcp/udp-port-number. • gt tcp/udp-port-number Greater Than matches any packet with a TCP or UDP source port number greater than tcp/udp-port-number. • lt tcp/udp-port-number Less Than matches any packet with a TCP or UDP source port number less than tcp/udp-port-number. • neq tcp/udp-port-number Not Equal matches any packet with a TCP or UDP source port number that is not equal to tcp/udp-port-number .
direction on a port or VLAN, and matches all other IP traffic in the opposite direction. For example, a Telnet connection requires TCP traffic to move both ways between a host and the target device. If you configure a match statement for inbound Telnet traffic, policy actions are normally applied to Telnet traffic in both directions because responses to outbound requests are also matched.
Table 34 How IPv4 mask defines a match (continued) Location of octet Bit position in the octet NOTE: Only one octet in an IPv4 address is used as a match criterion. The mask in a match/ignore statement may apply a packet filter to all four octets of a source/destination address in IPv4 packet headers.
Example 219 How IPv6 mask bit settings define a match For an example in which an IPv6 prefix-length of 126 is used to select four IPv6 addresses in a match statement, see Figure 86. The specified source IPv6 address is: 2001:DB8:0000:0000:244:17FF:FEB6:D37D. The IPv6 prefix-length (/126) results in the IPv6 mask: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFC.
match/ignore statements. Resequencing match/ignore statements is useful when you want to insert a new match/ignore statement between two numbered entries. Context: Global configuration Syntax: class resequence [ ipv4 | ipv6 ] nameseq-number interval resequence Resets the sequence numbers for all match/ignore statements in the class. name Specifies the name of the class that contains the match/ignore statements that you want to resequence.
NOTE: Policy Based Routing (PBR) is available on the 3800 Series switch and the 5400/8200 series switch which all have v2 or higher modules. Any v1 modules will prevent PBR from functioning. PBR is not available on the 3500, 3500yl, 6200yl, nor 6600 Series switches. For example, QoS policies support QoS-specificactions, such as rate limiting, 802.1p-priority, IP-precedence, and DSCP-codepoint assignment. Port and VLAN mirroring policies support mirror-destination assignment for matching packets.
NOTE: You can configure multiple class-action statements to include different classes in a policy. The execution of actions is performed in the order in which the class-actions are numerically listed. action action-name [action action-name ...] The action keyword configures the action specified by the action-name parameter. The action is executed on any packet that matches the match criteria in the class. The action is not executed on packets that match ignore criteria.
Example 221 A policy configuration In the following QoS policy configuration, matching HTTP packets are rate limited to 10000 kbps. All unmatched packets are managed by the default class, which assigns a slightly higher 802.1p priority (4) and a new DSCP codepoint (5).
the next action is tried, and so on, until an interface null or the end of the list of configured actions is encountered. If the end of the list is reached, the policy action for that class behaves as if no PBR policy is applied. • The maximum combined number of unique IP next-hops and default-next-hops supported is 256. Example 222 TCP and UDP traffic routing The following example shows TCP and UDP traffic routed on different network paths.
( 2 ) 30 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 23 110 class ipv4 voice action ( 4 ) 10 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 80 To enable debug logging for PBR, enter the debug ip pbr command. A message will be logged when a PBR policy is applied, when the action in a class becomes inactive, and when an action in a class becomes active. See the Management and Configuration Guide for your switch.
Syntax: policy resequence name seq-number interval resequence Resets the sequence numbers for all class-action statements in the policy. name Specifies the name of the policy that contains the class-action statements that you want to resequence. seq-number Specifies the sequence number of the first class-action-statement in the policy. Default: 10. interval Specifies the interval between sequence numbers of class-action statements in the policy to allow additional statements to be inserted.
NOTE: Policy Based Routing (PBR) is available on the 3800 Series switch and the 5400/8200 series switch which all have v2 or higher modules. Any v1 modules will prevent PBR from functioning. PBR is not available on the 3500, 3500yl, 6200yl, nor 6600 Series switches. • If you apply a policy to a port or VLAN interface on which a policy of the same type (for example, QoS) is already configured, an error message is displayed. The new policy does not overwrite the existing one.
Example 224 Applying a QoS policy to a port range and a VLAN interface The following example shows how to apply a QoS policy to a port range and a VLAN interface: HP Switch(config)#: interface a4 service-policy RateLimitPrioritizeSuspectTraffic in HP Switch(config)#: vlan 10 service-policy RateLimitPrioritizeSuspectTraffic in Checking resource usage Syntax: show policy resources After applying service policies to an interface, use the show policy resources command to verify the amount of additional resourc
Example 226 Statistical output for a policy with active redirects HP Switch(vlan-111)#: show statistics policy TCP_UDP vlan 111 in HitCounts for Policy TCP_UDP Total 100 class ipv4 TCP action 0 ) 10 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 80 0 ) 20 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 22 0 ) 30 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 23 ( ( ( ( 110 class ipv4 voice action 0 ) 10 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.
Creating a zone class To use Transparent Mode, you create a zone class and use the port-list command to specify the ports that belong to a zone class. By default, the HP 5400zl or 8200zl switch supports a maximum of ten zones. Two are created automatically—BYPASS and SWITCH_SELF. • BYPASS—contains the ports that should not be included in your Transparent Mode configuration. That is, the switch will not intercept traffic sent to or from the ports in the BYPASS zone.
Zone class configuration examples The following example shows several class configurations: • Ports A10-A24 belong to the internal zone class. • Port A1 belongs to the external zone class. Example 227 A zone class configuration HP HP HP HP HP HP Switch(config)#: class Switch(config-class)#: Switch(config-class)#: Switch(config)#: class Switch(config-class)#: Switch(config-class)#: zone internal port-list a10-a24 exit zone external port-list a1 exit Creating a zone policy 1.
The configured actions are executed on packets that arrive on the ports associated with the source zone and are destined for ports associated with the destination zone. You cannot configure intercept rules for the BYPASS zone class. As such, traffic to and from the BYPASS zone cannot be intercepted. 3. 4. Enter the exit command to exit the policy configuration context. To display a policy configuration, enter the show policy policy-name command.
Applying a zone policy to a ONE application To apply a zone policy to a ONE Application, you can complete one of the following steps: • Enter the zone-service-policy command on the HP 8200zl or 5400zl switch • Use the ONE application's management interface to apply the zone policies To apply zone policies through the ONE application, consult the HP Installation and Getting Started Guide for that application.
Example 229 Applying a zone policy The following example shows how to apply a zone policy: HP Switch(config)#: zone-service-policy Firewall zone enable bind F1 appname Verify that the zone policy is associated with the ONE application by entering the following command: hostswitch#: show ONE_app slot_ID Replace slot_ID with the slot in which the AllianceONE Extended Services zl Module is installed.
When the switch uses a match/ignore statement to compare an IP address and corresponding mask/prefix length to the IP source/destination address carried in a packet, the IPv4 mask-bit settings and IPv6 prefix-bit settings select packets in different ways. • An IPv4 mask length creates a mask in which: • A mask-bit setting set to 0 (off) requires the corresponding bit in a packet's IPv4 source/destination address to be the same binary value as the mask-bit in the matching IPv4 source/destination address.
NOTE: Although IPv4 and IPv6 masks are applied in opposite directions: ◦ An IPv4 mask-length is applied from right to left, starting from the rightmost bits. ◦ An IPv6 prefix-length is applied from left to right, starting from the leftmost bits. The behavior of IPv4 and IPv6 masks as match criteria and wildcards is the same. Where to go from here Classifier-based service policies are designed to work with your existing globally-configured software settings.
Figure 91 Traffic class-based configuration model Creating a traffic class In the traffic class-based configuration model, you use match criteria to create a class of IPv4 or IPv6 traffic and select the packets you want to manage. In a traffic class configuration, match criteria consist of match and ignore commands. These commands determine the packets that belong to a class. (Match/ignore criteria are modelled on the permit/deny criteria used in ACLs.
match is found. Be sure to enter match/ignore statements in the precise order in which you want their criteria to be used to check packets. • As soon as a field in a packet header matches the criteria in a match statement, the sequential comparison of match criteria in the class stops, and the policy actions configured for the class are executed on the packet.
NOTE: Check the release notes for the switch software you are using to ensure it supports the ONE application that is running on your AllianceONE Extended Services zl Module. You will configure Transparent Mode commands only when your ONE application supports this functionality.
11 Smart Link NOTE: All commands previously in the Summary of commands table are indexed under the entry Command syntax. Configuration commands Create a smart link group Create a smart link group. When the command is entered without any parameters, it enters into Smart link group context.
smart-link group 2 preemption-mode role smart-link group 2 preemption-delay 15 Show commands Smart link supports the following show commands. Show smart link group Show the Smart link group information. Detailed output is displayed if group is specified, otherwise only basic information is displayed for all groups. Syntax HP-Switch# show smart-link group Show smart link flush-statistics Show statistics of received flush packets.
• In the figure above, ports A1 and A2 are configured as part of a Smart link group. The connection from the access switch to Distribution Switch A is the master, and the connection from the access switch to Distribution Switch B is the slave. • Only the master interface forwards traffic for a group of vlans (referred to as protected vlan group). • The other interface is in standby mode for this protected group. If port A1 goes down, port A2 starts forwarding traffic for this protected vlan group.
A Spanning tree interoperability between HP and Cisco switches Introduction This appendix explains and provides step-by-step configuration instructions for implementing multiple instance spanning-tree protocol (MSTP) and virtual router redundancy protocol (VRRP) on specific HP and Cisco Catalyst switches. By combining both MSTP and VRRP you create a highly available network with layer 2 and layer 3 redundancies and the ability to load-balance network traffic, optimizing network performance.
Path cost parameter values Port Type RSTP and MSTP Path Cost 10Mbps 2,000,000 100 Mbps 200,000 1Gbps 20,000 10Gbps 2,000 Cisco switches reduce the path costs on aggregated links. For example on the 3750 switch, the path cost on an etherchannel group with two gigabit links is 10,000. One gigabit link is 20,000. HP Switches do not reduce path cost on aggregated links. Equipment and software versions Tables 37 and 38 list equipment and specified software version for each switch in this scenario.
Network scenario with spanning tree configurations Figure Figure 92 (page 381) shows which ports are forwarded and which ports are blocked for the following VLAN scenarios listed in table Table 39 (page 380): Table 39 VLAN scenarios Location 8200A Instance 1 8200A VRRP Configuration 8200B VRRP Configuration 8200B Instance 2 8200A VRRP Configuration 8200B VRRP Configuration IDF 1 3,4,5 Master Backup 7,8,9 Backup Master IDF 2 23,24,25 Master Backup 27,28,29 Backup Master IDF 3 33,34,35
Figure 92 MST Instance 1 Introduction 381
Figure 93 MST Instance 1 Legend VLANs that end with 3, 4, and 5 are blocked between 8200B and EAST IDFs. The ports connecting the 8200A and WEST IDFs are forwarding. Only if the active Trunk between the 8200A and WEST IDFs fail will the links between the 8200B and EAST IDFs become active.
Figure 94 MST Instance 2 Introduction 383
Figure 95 MST Instance 2 Legend VLANs that end with 7,8, and 9 are blocked between 8200A and WEST IDFs. The ports connecting the 8200B and EAST IDFs are forwarding. Only if the active Trunk between the 8200B and EAST IDFs fail will the links between the 8200A and WEST IDFs become active.
Figure 96 IST/CST Introduction 385
Figure 97 IST/CST Legend VLANs that end with 7,8, and 9 are blocked between 8200A and WEST IDFs. The ports connecting the 8200B and EAST IDFs are forwarding. Only if the active Trunk between the 8200B and EAST IDFs fail will the links between the 8200A and WEST IDFs become active. For consistency purposes configure the IST/CST to Block on the same ports as Instance 1. This way you only have to remember two configurations.
HP Switch 5400zl#: configure HP Switch 5400zl(config)#: hostname IDF1WEST IDF1WEST(config)#: trunk b23-b24 Trk1 Trunk IDF1WEST(config)#: trunk b21-b22 Trk2 Trunk IDF1WEST(config)#: vlan 1 IDF1WEST(vlan-1)#: ip address 10.1.1.21 255.255.255.
Edge port configuration For this configuration no edge ports were configured. Be aware if edge ports are not configured. It will increase convergence times. Below is an example of the commands required to configure a range of ports for untagged VLAN 23. Be sure to edit command for correct ports and VLANS.
no ip address exit vlan 25 name "VLAN25" no ip address exit vlan 27 name "VLAN27" no ip address exit vlan 28 name "VLAN28" no ip address exit vlan 29 name "VLAN29" no ip address exit vlan 33 name "VLAN33" no ip address exit vlan 34 name "VLAN34" no ip address exit vlan 35 name "VLAN35" no ip address exit vlan 37 name "VLAN37" no ip address exit vlan 38 name "VLAN38" no ip address exit vlan 39 name "VLAN39" no ip address exit vlan 43 name "VLAN43" no ip address exit vlan 44 name "VLAN44" no ip address exit v
exit spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree Trk1 priority 4 Trk2 priority 4 config-name "mstp-vrrp" config-revision 1 instance 1 vlan 3-5 23-25 33-35 43-45 instance 2 vlan 7-9 27-29 37-39 47-49 Show spanning-tree instance IST In order to save space for this document all show spanning-tree statistics will be specific to trunks only. If interested in edge ports the command is “show span ins IST”.
Show spanning-tree instance 2 IDF1WEST(config)#: show span trk1-trk2 in 2 MST Instance Information Instance ID : 2 Mapped VLANs : 7-9,27-29,37-39,47-49 Switch Priority : 32768 Topology Change Count Time Since Last Change : 1 : 12 mins Regional Root MAC Address Regional Root Priority Regional Root Path Cost Regional Root Port Remaining Hops : : : : : Port Type ----- --------Trk1 Trk2 Priority -------128 128 Cost --------20000 20000 001871-b9e400 0 40000 Trk2 18 Role ---------Alternate Root State -
IDF1EAST(vlan-1)#: vlan 3 IDF1EAST(vlan-3)#: tagged trk1-trk2 IDF1EAST(vlan-3)#: vlan 4 IDF1EAST(vlan-4)#: tagged trk1-trk2 IDF1EAST(vlan-4)#: vlan 5 IDF1EAST(vlan-5)#: tagged trk1-trk2 IDF1EAST(vlan-5)#: vlan 7 IDF1EAST(vlan-7)#: tagged trk1-trk2 IDF1EAST(vlan-7)#: vlan 8 IDF1EAST(vlan-8)#: tagged trk1-trk2 IDF1EAST(vlan-8)#: vlan 9 IDF1EAST(vlan-9)#: tagged trk1-trk2 IDF1EAST(vlan-9)#: vlan 23 IDF1EAST(vlan-23)#: vlan 24 IDF1EAST(vlan-24)#: vlan 25 IDF1EAST(vlan-25)#: vlan 27 IDF1EAST(vlan-27)#: vlan 28 I
untagged 1-44,Trk1-Trk2 ip address 10.1.1.22 255.255.255.
vlan 35 name "VLAN35" no ip address exit vlan 37 name "VLAN37" no ip address exit vlan 38 name "VLAN38" no ip address exit vlan 39 name "VLAN39" no ip address exit vlan 43 name "VLAN43" no ip address exit vlan 44 name "VLAN44" no ip address exit vlan 45 name "VLAN45" no ip address exit vlan 47 name "VLAN47" no ip address exit vlan 48 name "VLAN48" no ip address exit vlan 49 name "VLAN49" no ip address exit spanning-tree spanning-tree Trk1 priority 4 spanning-tree Trk2 priority 4 spanning-tree config-name "m
Regional Root Port Remaining Hops : Trk2 : 18 Port Type ----- --------Trk1 Trk2 Priority -------64 64 Cost --------20000 20000 Role ---------Alternate Root State ---------Blocking Forwarding Designated Bridge ------------001871-b9e400 0017a4-b2e100 State ---------Blocking Forwarding Designated Bridge ------------001871-b9e400 0017a4-b2e100 State ---------Forwarding Forwarding Designated Bridge ------------001871-b9e400 001635-f0f800 Show spanning-tree instance 1 IDF1EAST(config)#: show span trk1
MST MST MST IST Configuration Name : mstp-vrrp Configuration Revision : 1 Configuration Digest : 0x1936FB656D900E359ED1D09A34AC0AAC Mapped VLANs : 1 Instance ID ----------1 2 Mapped VLANs -----------------------------------------------3-5,23-25,33-35,43-45 7-9,27-29,37-39,47-49 Cisco 3550 (IDF2WEST) Configure the switch name >enable #:configure terminal (config)#: hostname IDF2WEST (configures system name) Configure VLANs on the switch This switch will be configured with VLANs 1, 23, 24, 25, 27, 28, a
IDF2WEST(config-if-range)#: switchport trunk allowed vlan 1,23-25,27-29 IDF2WEST(config-if-range)#: spanning-tree cost 20000 IDF2WEST(config-if-range)#: exit Configure MST and enable MSTP globally IMPORTANT: It is very important that all switch MST configurations match exactly. The name, revision, and instance VLAN mappings must be identical on all switches participating in MSTP configuration.
Show running-config IDF2WEST#:show run Building configuration... Current configuration : 4683 bytes ! version 12.
channel-group 2 mode on ! interface FastEthernet0/46 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,23-25,27-29 switchport mode trunk channel-group 2 mode on ! interface FastEthernet0/47 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,23-25,27-29 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/48 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,23-25,27-29 switchport mode trunk channel-group 1 mode on ! interface GigabitE
MST1 Spanning tree enabled protocol mstp Root ID Priority 1 Address 0018.71b8.0a00 Cost 20000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000d.bd43.1580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface --------Po1 Po2 Role ---Root Desg Sts --FWD FWD Cost ----20000 20000 Prio.Nbr -------128.65 128.66 Type ----P2p P2p MST2 Spanning tree enabled protocol mstp Root ID Priority 2 Address 0018.
IDF2EAST(config-vlan)#: exit IDF2EAST(config)#: interface vlan 1 IDF2EAST(config-if)#: ip address 10.1.1.30 255.255.255.0 IDF2EAST(config-if)#: exit IDF2EAST(config)#: ip default-gateway 10.1.1.
instance 2 vlan 7-9, 27-29, 37-39, 47-49 ! vlan internal allocation policy ascending ! interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,23-25,27-29 switchport mode trunk spanning-tree cost 20000 ! interface Port-channel2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,23-25,27-29 switchport mode trunk spanning-tree cost 20000 ! interface FastEthernet0/1 switchport mode dynamic desirable ! interface FastEthernet0/2 switchport mode dynamic desir
ip http server ip http secure-server ! control-plane ! line con 0 line vty 0 4 no login line vty 5 15 no login ! end Show spanning-tree IDF2EAST#:show span MST0 Spanning tree enabled protocol mstp Root ID Priority 0 Address 0018.71b8.0a00 Cost 0 Port 66 (Port-channel2) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 000d.65ae.
Hello Time Interface --------Po1 Po2 Role ---Root Desg Sts --FWD FWD 2 sec Cost ----20000 20000 Max Age 20 sec Prio.Nbr -------128.65 128.
IDF3WEST(vlan-34)#: vlan 35 IDF3WEST(vlan-35)#: tagged trk1-trk2 IDF3WEST(vlan-35)#: vlan 37 IDF3WEST(vlan-37)#: tagged trk1-trk2 IDF3WEST(vlan-37)#: vlan 38 IDF3WEST(vlan-38)#: tagged trk1-trk2 IDF3WEST(vlan-38)#: vlan 39 IDF3WEST(vlan-39)#: tagged trk1-trk2 IDF3WEST(vlan-39)#: vlan 43 IDF3WEST(vlan-43)#: vlan 44 IDF3WEST(vlan-44)#: vlan 45 IDF3WEST(vlan-45)#: vlan 47 IDF3WEST(vlan-47)#: vlan 48 IDF3WEST(vlan-48)#: vlan 49 IDF3WEST(vlan-49)#: exit IDF3WEST(config)#: ip default-gateway 10.1.1.
name "VLAN8" no ip address exit vlan 9 name "VLAN9" no ip address exit vlan 23 name "VLAN23" no ip address exit vlan 24 name "VLAN24" no ip address exit vlan 25 name "VLAN25" no ip address exit vlan 27 name "VLAN27" no ip address exit vlan 28 name "VLAN28" no ip address exit vlan 29 name "VLAN29" no ip address exit vlan 33 name "VLAN33" no ip address tagged Trk1-Trk2 exit vlan 34 name "VLAN34" no ip address tagged Trk1-Trk2 exit vlan 35 name "VLAN35" no ip address tagged Trk1-Trk2 exit vlan 37 name "VLAN37"
vlan 44 name "VLAN44" no ip address exit vlan 45 name "VLAN45" no ip address exit vlan 47 name "VLAN47" no ip address exit vlan 48 name "VLAN48" no ip address exit vlan 49 name "VLAN49" no ip address exit spanning-tree spanning-tree Trk1 priority 4 spanning-tree Trk2 priority 4 spanning-tree config-name "mstp-vrrp" spanning-tree config-revision 1 spanning-tree instance 1 vlan 3-5 23-25 33-35 43-45 spanning-tree instance 2 vlan 7-9 27-29 37-39 47-49 Show spanning-tree instance IST IDF3WEST#: show span trk1-
Topology Change Count Time Since Last Change : 3 : 103 mins Regional Root MAC Address Regional Root Priority Regional Root Path Cost Regional Root Port Remaining Hops Port Type ----- ----Trk1 Trk2 Cost ------20000 20000 : : : : : 001871-b80a00 0 20000 Trk1 19 Designated Role State Bridge --------- ---------- ----------------Root Forwarding 001871-b80a00 Designated Forwarding 001708-2361c0 Priority -------128 128 Show spanning-tree instances 2 IDF3WEST#: show span trk1-trk2 in 2 MST Instance Informat
HP Switch 2900(config)#: max-vlans 50 Command will take effect after saving configuration and reboot. HP Switch 2900(config)#: write memory HP Switch 2900(config)#: reload Device will be rebooted, do you want to continue [y/n]? Y After the device reboots, enter the following commands: HP Switch 2900#: configure HP Switch 2900(config)#: hostname IDF3EAST IDF3EAST(config)#: trunk 47-48 Trk1 Trunk IDF3EAST(config)#: trunk 45-46 Trk2 Trunk IDF3EAST(config)#: vlan 1 IDF3EAST(vlan-1)#: ip address 10.1.1.28 255.
IDF3EAST(config)#: spanning-tree instance 2 vlan 7-9 27-29 37-39 47-49 IDF3EAST(config)#: spanning-tree Show running-config IDF3EAST#: show run Running configuration: ; J9050A Configuration Editor; Created on release #:T.12.03 hostname "IDF3EAST" max-vlans 50 module 3 type J90XXA trunk 47-48 Trk1 Trunk trunk 45-46 Trk2 Trunk snmp-server community "public" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged 1-44,A1-A4,Trk1-Trk2 ip address 10.1.1.28 255.255.255.
no ip address exit vlan 33 name "VLAN33" tagged Trk1-Trk2 no ip address exit vlan 34 name "VLAN34" tagged Trk1-Trk2 no ip address exit vlan 35 name "VLAN35" tagged Trk1-Trk2 no ip address exit vlan 37 name "VLAN37" tagged Trk1-Trk2 no ip address exit vlan 38 name "VLAN38" tagged Trk1-Trk2 no ip address exit vlan 39 name "VLAN39" tagged Trk1-Trk2 no ip address exit vlan 43 name "VLAN43" no ip address exit vlan 44 name "VLAN44" no ip address exit vlan 45 name "VLAN45" no ip address exit vlan 47 name "VLAN47"
Show spanning-tree instance IST IDF3EAST#: show span trk1-trk2 in ist IST Instance Information Instance ID : 0 Mapped VLANs : 1 Switch Priority : 32768 Topology Change Count Time Since Last Change : 10 : 11 mins Regional Root MAC Address Regional Root Priority Regional Root Path Cost Regional Root Port Remaining Hops Port Type ----- ----Trk1 Trk2 Cost ------20000 20000 : : : : : 001871-b80a00 0 40000 Trk2 18 Priority -------64 64 Role --------Alternate Root Designated Bridge ----------------00187
Regional Root MAC Address Regional Root Priority Regional Root Path Cost Regional Root Port Remaining Hops Port Type ----- ----Trk1 Trk2 Cost ------20000 20000 : : : : : 001871-b9e400 0 20000 Trk1 19 Priority -------128 128 Role --------Root Designated State ---------Forwarding Forwarding Designated Bridge ----------------001871-b9e400 0019bb-ad6fc0 Show spanning-tree MST-config IDF3EAST#: show spanning-tree mst MST Configuration Identifier Information MST Configuration Name : mstp-vrrp MST Configu
IDF4WEST(config-if)#: exit IDF4WEST(config)#: spanning-tree mst configuration IDF4WEST(config-mst)#: name mstp-vrrp IDF4WEST(config-mst)#: revision 1 IDF4WEST(config-mst)#: instance 1 vlan 3-5,23-25,33-35,43-45 IDF4WEST(config-mst)#: instance 2 vlan 7-9,27-29,37-39,47-49 IDF4WEST(config-mst)#:exit IDF4WEST(config)#: spanning-tree mode mst Show running-config IDF4WEST#:show run Building configuration... Current configuration : 2491 bytes ! version 12.
interface GigabitEthernet1/0/21 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,43-45,47-49 switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet1/0/22 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,43-45,47-49 switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet1/0/23 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,43-45,47-49 switchport mode trunk channel-group 1 mode on ! interface GigabitEthernet1/0/
Interface --------Po1 Po2 Role ---Root Desg Sts --FWD FWD Cost ----10000 10000 Prio.Nbr -------128.616 128.624 Type ----P2p P2p MST1 Spanning tree enabled protocol mstp Root ID Priority 1 Address 0018.71b8.0a00 Cost 10000 Port 616 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0018.1928.
STP version was changed. To activate the change you must save the configuration to flash and reboot the device.
IDF4EAST(config)#: spanning-tree IDF4EAST(config)#: wr mem IDF4EAST(config)#: Show running-config IDF4EAST(config)#: show run Running configuration: ; J4906A Configuration Editor; Created on release #:M.10.30 hostname "IDF4EAST" max-vlans 50 interface 45 no lacp exit interface 46 no lacp exit interface 47 no lacp exit interface 48 no lacp exit trunk 47-48 Trk1 Trunk trunk 45-46 Trk2 Trunk ip default-gateway 10.1.1.
vlan 25 name "VLAN25" no ip address exit vlan 27 name "VLAN27" no ip address exit vlan 28 name "VLAN28" no ip address exit vlan 29 name "VLAN29" no ip address exit vlan 33 name "VLAN33" no ip address exit vlan 34 name "VLAN34" no ip address exit vlan 35 name "VLAN35" no ip address exit vlan 37 name "VLAN37" no ip address exit vlan 38 name "VLAN38" no ip address exit vlan 39 name "VLAN39" no ip address exit vlan 43 name "VLAN43" no ip address tagged Trk1-Trk2 exit vlan 44 name "VLAN44" no ip address tagged T
vlan 49 name "VLAN49" no ip address tagged Trk1-Trk2 exit spanning-tree spanning-tree protocol-version MSTP spanning-tree Trk1 priority 4 spanning-tree Trk2 priority 4 spanning-tree config-name "mstp-vrrp" spanning-tree config-revision 1 spanning-tree instance 1 vlan 3-5 23-25 33-35 43-45 spanning-tree instance 2 vlan 7-9 27-29 37-39 47-49 Show spanning-tree instance IST IDF4EAST(config)#: show span trk1-trk2 in ist IST Instance Information Instance ID : 0 Mapped VLANs : 1 Switch Priority : 32768 Topolog
Show spanning-tree instance 2 IDF4EAST(config)#: show span trk1-trk2 in 2 MST Instance Information Instance ID : 2 Mapped VLANs : 7-9,27-29,37-39,47-49 Switch Priority : 32768 Topology Change Count Time Since Last Change : 3 : 61 mins Regional Root MAC Address Regional Root Priority Regional Root Path Cost Regional Root Port Remaining Hops Port Type ----- ----Trk1 Trk2 Cost ------20000 20000 : : : : : Priority -------128 128 001871-b9e400 0 20000 Trk1 19 Role --------Root Designated State -------
for a given vlan, that trunk must be named at the vlan configuration level. In this configuration, Trk6 represents the MDF-MDF trunk, and carries all vlans. Other trunks carry the vlans corresponding to the appropriate IDF. For example, IDF2 uses TRK2, and is added to all of the vlans configured for IDF2. Vlan 1 is assigned to all ports as an untagged vlan by default. This can be verified with “show config” and “show vlan 1”. All other vlans require port assignments.
8200A(config)#: vlan 34 8200A(vlan-34)#: ip address 10.1.34.1 8200A(vlan-34)#: tagged Trk3,Trk6 8200A(config)#: vlan 35 8200A(vlan-35)#: ip address 10.1.35.1 8200A(vlan-35)#: tagged Trk3,Trk6 8200A(config)#: vlan 37 8200A(vlan-37)#: ip address 10.1.37.2 8200A(vlan-37)#: tagged Trk3,Trk6 8200A(config)#: vlan 38 8200A(vlan-38)#: ip address 10.1.38.2 8200A(vlan-38)#: tagged Trk3,Trk6 8200A(config)#: vlan 39 8200A(vlan-39)#: ip address 10.1.39.
8200A(config)#: spanning-tree Configure the VRRP instances First, IP routing and VRRP must be enabled globally: 8200A(config)#: ip routing 8200A(config)#: router vrrp A VRRP instance must be declared for each vlan. 1 VRID is used in this configuration. The VRRP owner has a default priority of 255, and the backup has a default priority of 100. The virtual ip of the owner is configured in each vlan instance, and then each VRID instance must be set with the “enable” command.
8200A(vlan-23-vrid-1)#: virtual-ip-address 8200A(vlan-23-vrid-1)#: enable 8200A(vlan-23-vrid-1)#: vlan 24 8200A(vlan-24)#: vrrp vrid 1 8200A(vlan-24-vrid-1)#: owner 8200A(vlan-24-vrid-1)#: virtual-ip-address 8200A(vlan-24-vrid-1)#: enable 8200A(vlan-24-vrid-1)#: vlan 25 8200A(vlan-25)#: vrrp vrid 1 8200A(vlan-25-vrid-1)#: owner 8200A(vlan-25-vrid-1)#: virtual-ip-address 8200A(vlan-25-vrid-1)#: enable 8200A(vlan-25-vrid-1)#: vlan 27 8200A(vlan-27)#: vrrp vrid 1 8200A(vlan-27-vrid-1)#: backup 8200A(vlan-27-vr
8200A(vlan-38)#: vrrp vrid 1 8200A(vlan-38-vrid-1)#: backup 8200A(vlan-38-vrid-1)#: virtual-ip-address 8200A(vlan-38-vrid-1)#: enable 8200A(vlan-38-vrid-1)#: vlan 39 8200A(vlan-39)#: vrrp vrid 1 8200A(vlan-39-vrid-1)#: backup 8200A(vlan-39-vrid-1)#: virtual-ip-address 8200A(vlan-39-vrid-1)#: enable 8200A(vlan-39-vrid-1)#: vlan 43 8200A(vlan-43)#: vrrp vrid 1 8200A(vlan-43-vrid-1)#: owner 8200A(vlan-43-vrid-1)#: virtual-ip-address 8200A(vlan-43-vrid-1)#: enable 8200A(vlan-43-vrid-1)#: vlan 44 8200A(vlan-44)#
module 3 type J8702A trunk A14,C14 Trk1 Trunk trunk A16,C16 Trk2 Trunk trunk A18,C18 Trk3 Trunk trunk A20,C20 Trk4 Trunk trunk A23,C23 Trk6 Trunk ip routing snmp-server community "public" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged A1-A13,A15,A17,A19,A21-A22,A24, C1-C13,C15,C17,C19,C21-C22,C24,Trk1-Trk4,Trk6 ip address 10.1.1.1 255.255.255.0 exit vlan 3 name "VLAN3" ip address 10.1.3.1 255.255.255.0 tagged Trk1,Trk6 exit vlan 4 name "VLAN4" ip address 10.1.4.1 255.255.255.
name "VLAN28" ip address 10.1.28.2 tagged Trk2,Trk6 exit vlan 29 name "VLAN295" ip address 10.1.29.2 tagged Trk2,Trk6 exit vlan 33 name "VLAN33" ip address 10.1.33.1 tagged Trk3,Trk6 exit vlan 34 name "VLAN34" ip address 10.1.34.1 tagged Trk3,Trk6 exit vlan 35 name "VLAN35" ip address 10.1.35.1 tagged Trk3,Trk6 exit vlan 37 name "VLAN37" ip address 10.1.37.2 tagged Trk3,Trk6 exit vlan 38 name "VLAN38" ip address 10.1.38.2 tagged Trk3,Trk6 exit vlan 39 name "VLAN39" ip address 10.1.39.
name "VLAN49" ip address 10.1.49.2 255.255.255.
exit exit vlan 9 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 23 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 24 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 25 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 27 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 28 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 29 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 33 vrrp vrid 1 owner
virtual-ip-address priority 255 enable exit exit vlan 35 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 37 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 38 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 39 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 43 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 44 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 45 vrrp vrid 1 owner virtual-ip-address prio
vlan 48 vrrp vrid 1 backup virtual-ip-address 10.1.48.1 255.255.255.0 enable exit exit vlan 49 vrrp vrid 1 backup virtual-ip-address 10.1.49.1 255.255.255.0 enable exit exit NOTE: Vlans appear in the running config in the order in which they were configured. If any edits are made to a vlan, that VLAN will appear last in the running config. Also, the spanning-tree trk1 prio 4 command appears by default.
Regional Root Port Remaining Hops Port Type ----- ----Trk1 Trk2 Trk3 Trk4 Trk6 Cost ------20000 200000 20000 20000 30000 : This switch is root : 20 Priority -------128 128 128 128 128 Role ---------Designated Designated Designated Designated Designated State ---------Forwarding Forwarding Forwarding Forwarding Forwarding Designated Bridge ----------------001871-b80a00 001871-b80a00 001871-b80a00 001871-b80a00 001871-b80a00 Show spanning-tree instance 2 8200A(config)#: show span trk1-trk6 instance 2
8200B(config)#: trunk A16,C16 Trk2 Trunk 8200B(config)#: trunk A18,C18 Trk3 Trunk 8200B(config)#: trunk A20,C20 Trk4 Trunk 8200B(config)#: trunk A23,C23 Trk6 Trunk 8200B(config)#: vlan 1 8200B(vlan-1)#: ip address 10.1.1.2 255.255.255.0 8200B(config)#: vlan 3 8200B(vlan-3)#: ip address 10.1.3.2 255.255.255.0 8200B(vlan-3)#: tagged Trk1,Trk6 8200B(config)#: vlan 4 8200B(vlan-4)#: ip address 10.1.4.2 255.255.255.0 8200B(vlan-4)#: tagged Trk1,Trk6 8200B(config)#: vlan 5 8200B(vlan-5)#: ip address 10.1.5.2 255.
8200B(config)#: vlan 35 8200B(vlan-35)#: ip address 10.1.35.2 255.255.255.0 8200B(vlan-35)#: tagged Trk3,Trk6 8200B(config)#: vlan 37 8200B(vlan-37)#: ip address 10.1.37.1 255.255.255.0 8200B(vlan-37)#: tagged Trk3,Trk6 8200B(config)#: vlan 38 8200B(vlan-38)#: ip address 10.1.38.1 255.255.255.0 8200B(vlan-38)#: tagged Trk3,Trk6 8200B(config)#: vlan 39 8200B(vlan-39)#: ip address 10.1.39.1 255.255.255.0 8200B(vlan-39)#: tagged Trk3,Trk6 8200B(config)#: vlan 43 8200B(vlan-43)#: ip address 10.1.43.2 255.255.
8200B(vlan-1-vrid-1)#: enable 8200B(vlan-1-vrid-1)#: vlan 3 8200B(vlan-3)#: vrrp vrid 1 8200B(vlan-3-vrid-1)#: backup 8200B(vlan-3-vrid-1)#: virtual-ip-address 8200B(vlan-3-vrid-1)#: enable 8200B(vlan-3-vrid-1)#: vlan 4 8200B(vlan-4)#: vrrp vrid 1 8200B(vlan-4-vrid-1)#: backup 8200B(vlan-4-vrid-1)#: virtual-ip-address 8200B(vlan-4-vrid-1)#: enable 8200B(vlan-4-vrid-1)#: vlan 5 8200B(vlan-5)#: vrrp vrid 1 8200B(vlan-5-vrid-1)#: backup 8200B(vlan-5-vrid-1)#: virtual-ip-address 8200B(vlan-5-vrid-1)#: enable 82
8200B(vlan-27-vrid-1)#: owner 8200B(vlan-27-vrid-1)#: virtual-ip-address 8200B(vlan-27-vrid-1)#: enable 8200B(vlan-27-vrid-1)#: vlan 28 8200B(vlan-28)#: vrrp vrid 1 8200B(vlan-28-vrid-1)#: owner 8200B(vlan-28-vrid-1)#: virtual-ip-address 8200B(vlan-28-vrid-1)#: enable 8200B(vlan-28-vrid-1)#: vlan 29 8200B(vlan-29)#: vrrp vrid 1 8200B(vlan-29-vrid-1)#: owner 8200B(vlan-29-vrid-1)#: virtual-ip-address 8200B(vlan-29-vrid-1)#: enable 8200B(vlan-29-vrid-1)#: vlan 33 8200B(vlan-33)#: vrrp vrid 1 8200B(vlan-33-vri
8200B(vlan-43-vrid-1)#: vlan 44 8200B(vlan-44)#: vrrp vrid 1 8200B(vlan-44-vrid-1)#: backup 8200B(vlan-44-vrid-1)#: virtual-ip-address 8200B(vlan-44-vrid-1)#: enable 8200B(vlan-44)#: vlan 45 8200B(vlan-45)#: vrrp vrid 1 8200B(vlan-45-vrid-1)#: backup 8200B(vlan-45-vrid-1)#: virtual-ip-address 8200B(vlan-45-vrid-1)#: enable 8200B(vlan-45-vrid-1)#: vlan 47 8200B(vlan-47)#: vrrp vrid 1 8200B(vlan-47-vrid-1)#: owner 8200B(vlan-47-vrid-1)#: virtual-ip-address 8200B(vlan-47-vrid-1)#: enable 8200B(vlan-47-vrid-1)#
vlan 4 name "VLAN4" ip address 10.1.4.2 255.255.255.0 tagged Trk1,Trk6 exit vlan 5 name "VLAN5" ip address 10.1.5.2 255.255.255.0 tagged Trk1,Trk6 exit vlan 7 name "VLAN7" ip address 10.1.7.1 255.255.255.0 tagged Trk1,Trk6 exit vlan 8 name "VLAN8" ip address 10.1.8.1 255.255.255.0 tagged Trk1,Trk6 exit vlan 9 name "VLAN9" ip address 10.1.9.1 255.255.255.0 tagged Trk1,Trk6 exit vlan 23 name "VLAN23" ip address 10.1.23.2 255.255.255.0 tagged Trk2,Trk6 exit vlan 24 name "VLAN24" ip address 10.1.24.2 255.255.
vlan 35 name "VLAN35" ip address 10.1.35.2 255.255.255.0 tagged Trk3,Trk6 exit vlan 37 name "VLAN37" ip address 10.1.37.1 255.255.255.0 tagged Trk3,Trk6 exit vlan 38 name "VLAN38" ip address 10.1.38.1 255.255.255.0 tagged Trk3,Trk6 exit vlan 39 name "VLAN39" ip address 10.1.39.1 255.255.255.0 tagged Trk3,Trk6 exit vlan 43 name "VLAN43" ip address 10.1.43.2 255.255.255.0 tagged Trk4,Trk6 exit vlan 44 name "VLAN44" ip address 10.1.44.2 255.255.255.0 tagged Trk4,Trk6 exit vlan 45 name "VLAN45" ip address 10.1.
spanning-tree instance spanning-tree priority vlan 1 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 3 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 4 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 5 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 7 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 8 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 9 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit e
enable exit exit vlan 25 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 27 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 28 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 29 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 33 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 34 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 35 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 37 vrrp vrid
owner virtual-ip-address priority 255 enable exit exit vlan 39 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 43 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 44 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 45 vrrp vrid 1 backup virtual-ip-address enable exit exit vlan 47 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 48 vrrp vrid 1 owner virtual-ip-address priority 255 enable exit exit vlan 49 vrrp vrid 1 owner virtual-ip-addres
Instance ID : 0 Mapped VLANs : 1 Switch Priority : 4096 Topology Change Count Time Since Last Change : 144 : 41 secs Regional Root MAC Address Regional Root Priority Regional Root Path Cost Regional Root Port Remaining Hops Port Type ----- ----Trk1 Trk2 Trk3 Trk4 Trk6 Cost ------20000 200000 20000 20000 30000 : : : : : 001871-b80a00 0 30000 Trk6 19 Priority -------64 64 64 64 64 Role ---------Designated Designated Designated Designated Root Designated Bridge ------------001871-b9e400 001871-b9e40
Regional Root MAC Address Regional Root Priority Regional Root Path Cost Regional Root Port Remaining Hops Port Type ----- ----Trk1 Trk2 Trk3 Trk4 Trk6 Cost ------20000 200000 20000 20000 30000 : : : : : 001871-b9e400 0 0 This switch is root 20 Priority -------128 128 128 128 128 Role ---------Designated Designated Designated Designated Designated Designated Bridge ------------001871-b9e400 001871-b9e400 001871-b9e400 001871-b9e400 001871-b9e400 State ---------Forwarding Forwarding Forwarding Forwar
Test and verification Diagram 446 Spanning tree interoperability between HP and Cisco switches
Figure 98 Test and verification diagram Test and verification 447
Test and verification methods to verify convergence results Below are the test and verification methods used to verify convergence results. Three tests were performed: 1. Break active link while downloading a file using FTP protocol. 2. Break active link during continuous ping of gateway; record convergence time. 3. Simulate Core box failure (8200); time how fast VRRP and spanning tree converge.
Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 988ms, Average = 68ms Control-C ^C Simulate 8200 (core) failure test This 1. 2. 3. 4. 5. 6. test simulates an 8200 chassis failure and validates network convergence recovery time. Setup FTP server on 8200B on port A1. Setup FTP server on VLAN 1 with IP address 10.1.1.30. Configure a port on one of the switches in IDF 1 for a VLAN (VLAN 3) on Instance 1. Connect client to port with IP address 10.1.3.100 and gateway 10.1.3.1.
of MSTP-capable switches. However, it is not necessary to do this. You can just enable MSTP on an MSTP-capable switch and a spanning tree instance is created automatically. This instance always exists by default when spanning tree is enabled, and is the spanning tree instance that communicates with STP and RSTP environments. 802.1s MSTP on Cisco switches You must run the latest versions of IOS to support MSTP on Cisco switches (check the Cisco web site for details).
that instance. However, if there are different paths in different instances, all such paths are available for traffic. Separate forwarding paths exist through separate spanning tree instances. • A port can have different states (forwarding or blocking) for different instances (which represent different forwarding paths.) Tips for planning an MSTP application • Ensure that the VLAN configuration in your network supports all of the forwarding paths necessary for the desired connectivity.
includes all VLANs in the network. (An STP or RSTP network operates as a single-instance network.) A region can include two types of STP instances: 1. Internal Spanning-Tree Instance (IST Instance): This is the default spanning tree instance in any MST region. It provides the root switch for the region and comprises all VLANs configured on the switches in the region that are not specifically assigned to Multiple Spanning Tree Instances (MSTIs, described below).
Index Symbols 802.1ad QinQ, 322 802.1p priority classifier, 244 determining outbound port queue, 221 mapped to DSCP codepoint, 233 DSCP policy table, 228 packet marking, 227, 242, 244, 255 global QoS, 191, 197, 203, 208, 209, 213 priority, 244 802.
no zone service policy, 368 policy , 361 primary vlans, 24 QinQ, 327 qos device priority, 201 device-priority, 197 dscp map, 192 dscp mapping, 200, 211, 215 prioirty, 213 protocol, 208 queue configure, 237 tcp/udp, 191, 194 type of service, 203, 204, 206 show bpdu protection, 139 class, 230 flush statistics, 376 gvrp, 67 logging, 310 loop protect, 106 mac address, 41 mesh, 174, 176, 177 policy, 230, 363 policy resources, 231 QinQ, 330 qos, 191, 192, 194, 201, 206, 212, 216, 234 receive control vlans, 376 sm
mapped to 802.
Type of Service, 249 match criteria, global QoS DSCP codepoint, 249 mesh 802.
GVRP, 330 impacts on LACP, 330 impacts on mirroring/monitoring, 330 impacts on other features , 336, 337 interoperating with non-HP devices, 337 IP support, 335 management VLAN, 336 meshing, 336 mixed VLAN mode, 333, 335 port moving from C-VLANs to S-VLANs, 330 port S-VLAN membership, 327 primary VLAN, 336 provider edge bridge, 335 provider edge bridge and core bridge, 324 purpose, 322 restrictions, 335 S-VLAN mode, 333 S-VLANs and C-VIDs, 324 service provider, 322 show commands, 330 tpid value, 337 updatin
spanning tree MSTP active path, 123 BPDU, 78, 81, 84, 123 broadcast storm, 119 change VLAN instance, 78 CIST, 81 CIST root, 84 compatability with RSTP or STP, 127 compatibility mode, 80 configuration steps, 77 CST, 124 CST status, 99 debug counters, 113, 114, 115 default settings, 78 display statistics and configuration, 98 enabling a region, 93 enabling, disabling, 93 fault tolerance, 122 forward delay, 80 forwarding state, 83 general operation, 119 hop count, 81 in a switch mesh, 122 instance, 78, 90 inst
unable to add stack member, 271 with multiple VLANs, 289 3800 switches adding a new member, 294 adding and removing members solutions, 304 bad cable solutions, 313 benefits, 291 creating a stack, 291 deterministic method, 292 downloading new software, 298 electing a commander, 320 electing a standby, 320 fault recovery tools, 304 installation and deployment solutions, 304 managing OOBM ports, 319 managing port-level configuration interactions, 318 managing SSH or Telnet sessions, 318 managing switch-level c
IPv4 routing, 42 non-routable, 42, 53 primary VLAN not allowed, 57 router, external, 43 routing, 43 tagged member, 42 tagging, 43 traffic separation, 15 untagged packet forwarding, 49 protocol compared to port-based, 42 protocol routing, 62 Protocol-based VLAN, 17 restrictions, 62 routing between VLANs, 43 show VLAN ports detail, 17 single forwarding database, 51 static, 15, 16, 57 subnet, 43 switch mesh, 179 tagged, 16 tagging, 53, 55 untagged, 33 untagged legacy VLAN, 46 untagged operation, 50 untagged,,
