HP FlexFabric 11900 Switch Series Layer 2—LAN Switching Configuration Guide Part number: 5998-5257 Software version: Release 2111 and later Document version: 6W100-20140110
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring Ethernet interfaces ··································································································································· 1 Configuring a management Ethernet interface ·············································································································· 1 Ethernet interface naming conventions ··························································································································· 1 Configuring comm
Verifying the configuration ··································································································································· 31 Configuring MAC Information ·································································································································· 32 Configuration guidelines ··············································································································································· 32 Enabling MAC I
Configuration procedure ······································································································································ 60 Verifying the configuration ··································································································································· 61 Configuring spanning tree protocols ························································································································ 62 STP ······················
Configuration prerequisites ·································································································································· 93 Configuration procedure ······································································································································ 93 No Agreement Check configuration example···································································································· 93 Configuring protection functions ···········
Configuration guidelines ············································································································································· 122 Configuration procedure ············································································································································· 122 Displaying and maintaining the private VLAN ········································································································· 123 Private VLAN conf
Setting other LLDP parameters ···························································································································· 166 Setting an encapsulation format for LLDPDUs ·································································································· 167 Configuring CDP compatibility ··································································································································· 167 Configuration prerequisites ············
Configuring Ethernet interfaces The switch series supports Ethernet interfaces, management Ethernet interfaces, and Console interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide. This document describes how to configure management Ethernet interfaces and Ethernet interfaces. Configuring a management Ethernet interface A management interface uses an RJ-45 connector.
Splitting a 40-GE interface and combining split 10-GE interfaces This feature is not supported on non-default MDCs. Splitting a 40-GE interface into four 10-GE interfaces You can use a 40-GE interface as a single interface. To improve port density, reduce costs, and improve network flexibility, you can also split a 40-GE interface into four 10-GE interfaces.
Step Command Remarks By default, a 40-GE interface is not split and operates as a single interface. 3. 4. Combine the four 10-GE interfaces into a 40-GE interface. using fortygige Reboot the card that houses the interface. N/A After you combine the four 10-GE interfaces, use a dedicated 1-to-1 cable or a 40-GE transceiver module and fiber. For more information about the cable and transceiver module, see the installation guide.
Step 7. 8. Command Remarks Restore the default settings for the Ethernet interface. default N/A Bring up the Ethernet interface. undo shutdown By default, Ethernet interfaces are in up state. Configuring the link mode of an Ethernet interface CAUTION: After you change the link mode of an Ethernet interface, all commands (except the shutdown command) on the Ethernet interface are restored to their defaults in the new link mode.
Configuring physical state change suppression on an Ethernet interface The physical link state of an Ethernet interface is either up or down. Each time the physical link of a port goes up or comes down, the interface immediately reports the change to the CPU. The CPU then notifies the upper-layer protocol modules (such as routing and forwarding modules) of the change for guiding packet forwarding, and automatically generates traps and logs, informing the user to take corresponding actions.
Performing a loopback test on an Ethernet interface If an Ethernet interface does not work correctly, you can perform a loopback test on it to identify the problem. An Ethernet interface in a loopback test does not forward data traffic. Loopback tests include the following types: • Internal loopback test—Tests all on-chip functions related to Ethernet interfaces. • External loopback test—Tests the hardware of Ethernet interfaces.
As shown in Figure 1, when both Port A and Port B forward packets at the rate of 1000 Mbps, Port C will be congested. To avoid packet loss, enable flow control on Port A and Port B. Figure 1 Flow control on ports When TxRx mode generic flow control is enabled on Port B and Rx mode generic flow control is enabled on Port A: • When Port C is congested, Switch B buffers the packet.
If PFC is disabled for the 802.1p priority, the local port drops the packet. • To configure PFC on an Ethernet interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable PFC on the interface through automatic negotiation or forcibly. priority-flow-control { auto | enable } By default, PFC is disabled. 3. Enable PFC for specific 802.1p priorities. priority-flow-control no-drop dot1p dot1p-list By default, PFC is disabled for all 802.1p priorities. 4.
flow-control priority-flo w-control enable priority-flow-contr ol no-drop dot1p Remarks • On a port configured with the flow-control command, you can enable PFC, but you cannot enable PFC for specific 802.1p priorities. Configured Configurable Unconfigurable • Enabling both generic flow control and PFC on a port disables the port from sending common or PFC pause frames to inform the peer of congestion conditions. However, the port can still handle common and PFC pause frames from the peer.
Figure 2 Forcibly bring up a fiber port When Ethernet interfaces cannot be or are not forcibly brought up Correct fiber connection Device A When Ethernet interfaces are forcibly brought up Device A Device A XGE1/0/1 XGE1/0/1 XGE1/0/1 XGE1/0/1 XGE1/0/1 XGE1/0/1 Device B Fiber port Device B Tx end Rx end Device B Fiber link The fiber is disconnected. Packets The interface is down.
Step 3. Forcibly bring up the fiber port. Command Remarks port up-mode By default, a fiber Ethernet port is not forcibly brought up, and the physical state of a fiber port depends on the physical state of the fibers. Configuring a Layer 2 Ethernet interface Configuring storm suppression You can use the storm suppression function to limit the size of a particular type of traffic (broadcast, multicast, or unknown unicast traffic) on an interface.
Configuring storm control on an Ethernet interface About storm control Storm control compares broadcast, multicast, and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet interface. For each type of traffic, storm control provides a lower threshold and a higher threshold.
Step Command Remarks (Optional.) Enable storm control, and set the lower and upper thresholds for broadcast, multicast, or unknown unicast traffic. storm-constrain { broadcast | multicast | unicast } { pps | kbps | ratio } max-pps-values min-pps-values By default, storm control is disabled. 5. Set the control action to take when monitored traffic exceeds the upper threshold. storm-constrain control { block | shutdown } By default, storm control is disabled. 6. (Optional.
Step 2. 3. Command Remarks Enter Layer 2 Ethernet interface view. interface interface-type interface-number N/A Set the MDIX mode of the Ethernet interface. mdix-mode { automdix | mdi | mdix } By default, an Ethernet interface operates in auto mode to negotiate pin roles with its peer. Testing the cable connection of an Ethernet interface IMPORTANT: Fiber ports do not support this feature.
Task Command Display information about dropped packets on the specified interface or all interfaces. display packet-drop { interface [ interface-type [ interface-number ] ] | summary } Display information about storm control on the specified interface or all interfaces. display storm-constrain [ broadcast | multicast | unicast ] [ interface interface-type interface-number ] Display the Ethernet statistics. display ethernet statistics Clear the interface statistics.
Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down.
Configuring a null interface A null interface is a virtual interface and is always up, but you can neither use it to forward data packets nor can you configure it with an IP address or link layer protocol. The null interface provides a simpler way to filter packets than ACL. You can filter undesired traffic by transmitting it to a null interface instead of applying an ACL.
Task Command Clear the statistics on the inloopback interface.
Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces. Failure to apply a command on one member interface does not affect the application of the command on the other member interfaces.
Step 4. 5. Command Remarks Use available commands to configure the interfaces. Available commands vary by interface. N/A (Optional.) Verify the configuration. display this N/A Displaying and maintaining bulk interface configuration Execute display commands in any view. Task Command Display information about interface ranges configured through the interface range name command.
Configuring the MAC address table Overview An Ethernet device uses a MAC address table to forward frames. A MAC address entry contains a destination MAC address, an outgoing interface, and a VLAN ID. Upon receiving a frame, the device uses the destination MAC address of the frame to look for a match in the MAC address table. If a match is found, the device forwards the frame out of the outgoing interface in the matching entry.
• Static entries—Static entries are manually added in order to forward frames with a specific destination MAC address out of their associated interfaces and never age out. A static entry has higher priority than a dynamically learned one. • Dynamic entries—Dynamic entries can be manually configured or dynamically learned in order to forward frames with a specific destination MAC address out of their associated interfaces and might age out.
Type Description • Learns the MAC address (for example, MAC A) of the frame, adds a dynamic Multiport unicast MAC address entry MAC address entry for MAC A, and forwards the frame. • Forwards the frames destined for MAC A according to only the multiport unicast MAC address entry. • Learns the MAC address of the frame entered on a different interface from Dynamic MAC address entry that in the entry and overwrites the original entry.
Adding or modifying a blackhole MAC address entry Step Command Remarks N/A 1. Enter system view. system-view 2. Add or modify a blackhole MAC address entry. mac-address blackhole mac-address vlan vlan-id By default, no blackhole MAC address entry is configured. Make sure you have created the VLAN.
Step Command Remarks By default, no multiport unicast MAC address entry is configured globally. 2. Add or modify a multiport unicast MAC address entry. mac-address multiport mac-address interface interface-list vlan vlan-id Make sure you have created the VLAN and assigned the interface to the VLAN. Do not configure an interface as the output interface of a multiport unicast MAC address entry if the interface receives frames destined for the multiport unicast MAC address.
Disabling global MAC address learning Step Command Remarks 1. Enter system view. system-view N/A 2. Disable global MAC address learning. undo mac-address mac-learning enable By default, global MAC address learning is enabled. Disabling global MAC address learning disables the learning function on all interfaces. The global MAC address learning configuration does not take effect in a TRILL network, in a VPLS VSI, or for an S-channel in an EVB.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enable global MAC address learning. mac-address mac-learning enable By default, global MAC address learning is enabled. 3. Enter VLAN view. vlan vlan-id N/A 4. Disable MAC address learning on the VLAN. undo mac-address mac-learning enable By default, MAC address learning on the VLAN is enabled.
Step 3. Configure the MAC learning limit on the interface. Command Remarks mac-address max-mac-count count By default, no maximum number of MAC addresses that can be learned on an interface is configured. Configuring the frame forwarding rule You can determine whether to allow the device to forward frames with unknown source MAC addresses after the upper limit is reached.
Step Command Remarks • Enter Layer 2 Ethernet interface 2. Enter interface view. view: interface interface-type interface-number • Enter Layer 2 aggregate interface N/A view: interface bridge-aggregation interface-number 3. Assign MAC learning priority. mac-address mac-learning priority { high | low } By default, low MAC learning priority is used.
Figure 5 MAC address tables of devices when Client A roams to AP D To enable MAC address synchronization: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable MAC address synchronization. mac-address mac-roaming enable By default, MAC address synchronization is disabled. Displaying and maintaining the MAC address table Execute display commands in any view. Task Command Display MAC address table information.
MAC address table configuration example Network requirements Host A at MAC address 000f-e235-dc71 is connected to interface Ten-GigabitEthernet 1/0/1 of Device and belongs to VLAN 1. Host B at MAC address 000f-e235-abcd, which once behaved suspiciously on the network, also belongs to VLAN 1. Configure the MAC address as follows: • To prevent MAC address spoofing, add a static entry for Host A in the MAC address table of Device.
Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor users leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.
Configuring the MAC Information mode The following MAC Information modes are available for sending MAC address changes: • Syslog—The device sends syslog messages to notify MAC address changes. In this mode, the device sends syslog messages to the information center, which then outputs them to the monitoring terminal. For more information about information center, see Network Management and Monitoring Configuration Guide. • Trap—The device sends SNMP notifications to notify MAC address changes.
MAC Information configuration example Network requirements Enable MAC Information on interface Ten-GigabitEthernet 1/0/1 on Device in Figure 6 to send MAC address changes in syslog messages to the log host, Host B, of the interface. Figure 6 Network diagram Configuration restrictions and guidelines When you edit the file /etc/syslog.conf, follow these restrictions and guidelines: • Comments must be on a separate line and must begin with a pound sign (#).
2. Configure the log host, Host B: The following configurations were performed on Solaris. Other UNIX operating systems have similar configurations. a. Log in to the log host as a root user. b. Create a subdirectory named Device in directory /var/log/, and then create file info.log in the Device directory to save logs from Device. # mkdir /var/log/Device # touch /var/log/Device/info.log c. Edit the file syslog.
Configuring Ethernet link aggregation Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports. • Improved link reliability. The member ports dynamically back up one another. When a member port fails, its traffic is automatically switched to other member ports.
• Unselected—An Unselected port cannot forward traffic. Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key. In an aggregation group, all Selected ports are assigned the same operational key. Configuration types Every configuration setting on a port might affect its aggregation state.
Link aggregation modes Link aggregation has dynamic and static modes: • Static aggregation mode—Aggregation is stable. The aggregation state of the member ports are not affected by the peer ports. • Dynamic aggregation mode—The peering system automatically maintains the aggregation state of the member ports, thus reducing the workload of administrators.
Figure 8 Setting the aggregation state of a member port in a static aggregation group To ensure stable aggregation state and service continuity, do not change port attributes or class-two configurations on any member port. If you need to make this change, make sure you understand its impact on the live network. Any port attribute or class-two configuration change might affect the aggregation state of link aggregation member ports and ongoing traffic.
LACP functions LACP offers basic LACP functions and extended LACP functions, as described in Table 3. Table 3 Basic and extended LACP functions Category Description Basic LACP functions Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port priority, port number, and operational key. Extended LACP functions Implemented by extending the LACPDU with new TLV fields. This is how the LACP MAD mechanism of the IRF feature is implemented.
The local system (the actor) and the remote system (the partner) negotiate a reference port by using the following workflow: 1. The systems compare their system IDs. A system ID contains the system LACP priority and the system MAC address. The lower the LACP priority, the smaller the system ID. If LACP priority values are the same, the two systems compare their MAC addresses. The lower the MAC address, the smaller the system ID. 2.
Figure 9 Setting the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the remote system, sets the aggregation state of local member ports the same as their peer ports.
A port that joins a dynamic aggregation group after the Selected port limit has been reached is placed in Selected state if it is more eligible to be selected than a current member port. • Load sharing criteria for link aggregation groups In a link aggregation group, traffic may be load-shared across the selected member ports based on a set of criteria, depending on your configuration.
{ 802.1X (see Security Configuration Guide) { Association between AC and cross connection (see MPLS Configuration Guide) { AC-VSI association (see MPLS Configuration Guide) • Removing an aggregate interface also removes its aggregation group and causes all member ports to leave the aggregation group. • You must configure the same aggregation mode on the two ends of an aggregate link.
Step Command Remarks By default, the system LACP priority is 32768. Set the system LACP priority. 3. Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view. interface bridge-aggregation interface-number When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same. 4. Configure the aggregation group to operate in dynamic aggregation mode.
Step Command Remarks 2. Enter Layer 2 aggregate interface view. interface bridge-aggregation interface-number N/A 3. Configure the description of the aggregate interface. description text By default, the description of an interface is in the format of interface-name Interface.
The maximum number of Selected ports allowed in an aggregation group is limited by either the configured maximum number or hardware capability, whichever value is smaller. You can configure backup between two ports by assigning two ports to an aggregation group and configuring the maximum number of Selected ports allowed in the aggregation group as 1. In this way, only one Selected port is allowed in the aggregation group at any point in time, while the Unselected port serves as a backup port.
Shutting down or bringing up an aggregate interface affects the aggregation state and link state of ports in the corresponding aggregation group in the following ways: • When an aggregate interface is shut down, all Selected ports in the corresponding aggregation group become unselected and their link state becomes down. • When an aggregate interface is brought up, the aggregation state of ports in the corresponding aggregation group is recalculated.
Configuring the global link-aggregation load sharing criteria Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the global link-aggregation load sharing criteria. link-aggregation global load-sharing mode { destination-ip | destination-mac | destination-port | ingress-port | source-ip | source-mac | source-port } * By default, the system automatically chooses link-aggregation load sharing criteria based on packet types.
Enabling local-first load sharing for link aggregation Use the local-first load sharing mechanism in a multi-device link aggregation scenario to distribute traffic preferentially across member ports on the ingress card or device rather than all member ports. When you aggregate ports on different member devices in an IRF fabric, you can use local-first load sharing to reduce traffic on IRF links, as shown in Figure 10. For more information about IRF, see IRF Configuration Guide.
Configuration restrictions and guidelines When you enable link-aggregation traffic redirection, follow these restrictions and guidelines: • Link-aggregation traffic redirection applies only to dynamic link aggregation groups and takes effect on only known unicast packets. • To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of the aggregate link.
Ethernet link aggregation configuration examples Layer 2 static aggregation configuration example Network requirements As shown in Figure 11, configure a Layer 2 static aggregation group on both Device A and Device B, and enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end. Figure 11 Network diagram Configuration procedure 1.
[DeviceA] interface ten-gigabitethernet 1/0/3 [DeviceA-Ten-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] port link-type trunk [DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 [DeviceA-Bridge-Aggregation1] quit 2. Configure Device B in the same way Device A is configured.
Figure 12 Network diagram Configuration procedure 1. Configure Device A: # Create VLAN 10, and assign the port Ten-GigabitEthernet 1/0/4 to VLAN 10. system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Ten-GigabitEthernet 1/0/5 to VLAN 20.
[DeviceA-Bridge-Aggregation1] quit 2. Configure Device B in the same way Device A is configured. Verifying the configuration # Display detailed information about all aggregation groups on Device A.
Figure 13 Network diagram Configuration procedure 1. Configure Device A: # Create VLAN 10, and assign the port Ten-GigabitEthernet 1/0/5 to VLAN 10. system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/0/5 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Ten-GigabitEthernet 1/0/6 to VLAN 20.
[DeviceA] interface bridge-aggregation 2 [DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac [DeviceA-Bridge-Aggregation2] quit # Assign ports Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 to link aggregation group 2.
Bridge-Aggregation1 Load-Sharing Mode: source-mac address Bridge-Aggregation2 Load-Sharing Mode: destination-mac address The output shows that the load sharing criterion for link aggregation group 1 is the source MAC addresses of packets and that for link aggregation group 2 is the destination MAC addresses of packets.
Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another. The device supports multiple isolation groups, which can be configured manually. The number of ports assigned to an isolation group is not limited. Within the same VLAN, ports in an isolation group can communicate with those outside the isolation group at Layer 2.
Task Command Display isolation group information display port-isolate group [ group-number ] [ | { begin | exclude | include } regular-expression ] Port isolation configuration example Network requirements As shown in Figure 14, LAN users Host A, Host B, and Host C are connected to Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 on the device, respectively. The device connects to the Internet through Ten-GigabitEthernet 1/0/4.
Verifying the configuration # Display information about isolation group 2.
Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP). STP STP was developed based on the 802.1d standard of IEEE to eliminate loops at the data link layer in a LAN.
Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called "leaf nodes". The root bridge is not permanent, but can change with changes of the network topology. Upon initialization of a network, each device generates and periodically sends configuration BPDUs, with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs.
Calculation process of the STP algorithm The spanning tree calculation process described in the following sections is a simplified process for example only. Calculation process The STP algorithm uses the following calculation process: 1. Network initialization. Upon initialization of a device, each port generates a BPDU with the port as the designated port, the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge ID. 2. Root bridge selection.
Step Actions 2 The device compares the configuration BPDUs of all the ports and chooses the optimum configuration BPDU. The following are the principles of configuration BPDU comparison: a. The configuration BPDU with the lowest root bridge ID has the highest priority. b. If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S.
Device Device B Device C 2. Port name Configuration BPDU on the port Port B1 {1, 0, 1, Port B1} Port B2 {1, 0, 1, Port B2} Port C1 {2, 0, 2, Port C1} Port C2 {2, 0, 2, Port C2} Configuration BPDUs comparison on each device. In Table 7, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID.
Device Configuration BPDU on ports after comparison Comparison process • Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}, finds that the received configuration BPDU is superior to its existing configuration BPDU {2, 0, 2, Port C1}, and updates its configuration BPDU.
Figure 17 The final calculated spanning tree The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded according to these guidelines: • Upon network initiation, every device regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.
The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded. RSTP RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster than STP. If the old root port on the device has stopped forwarding data and the upstream designated port has started forwarding data, a newly elected RSTP root port rapidly enters the forwarding state.
Figure 18 Basic concepts in MSTP VLAN 1 MSTI 1 MSTI 2 VLAN 2 MSTI 0 Other VLANs VLAN 1 MSTI 1 MSTI 2 VLAN 2 MSTI 0 Other VLANs MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1 MSTI 1 MSTI 2 VLAN 2 MSTI 0 Other VLANs CST VLAN 1 MSTI 1 MSTI 2 VLAN 2&3 MSTI 0 Other VLANs To MST region 2 Figure 19 Network diagram and topology of MST region 3 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them.
• Same VLAN-to-instance mapping configuration • Same MSTP revision level • Physically linked together Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region. In Figure 18, the switched network comprises four MST regions, MST region 1 through MST region 4, and all devices in each MST region have the same MST region configuration.
Port roles A port can play different roles in different MSTIs. As shown in Figure 20, an MST region comprises Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common root bridge. Port B2 and Port B3 of Device B form a loop. Port C3 and Port C4 of Device C connect to other MST regions. Port D3 of Device D directly connects to a host.
• Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user traffic. • Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user traffic. Learning is an intermediate port state. • Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward user traffic. NOTE: When in different MSTIs, a port can be in different states. A port state is not exclusively associated with a port role.
MSTP implementation on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol packets.
Though the member ports of an aggregation group do not participate in spanning tree calculation, the ports still reserve their spanning tree configurations for participating in spanning tree calculation after leaving the aggregation group. • STP configuration task list Tasks at a glance Configuring the root bridge: • • • • • • • • • (Required.) Setting the spanning tree mode (Optional.) Configuring the root bridge or a secondary root bridge (Optional.) Configuring the device priority (Optional.
Tasks at a glance Configuring the leaf nodes: • • • • • • • • • • (Required.) Setting the spanning tree mode (Optional.) Configuring the device priority (Optional.) Configuring the timeout factor (Optional.) Configuring the BPDU transmission rate (Optional.) Configuring edge ports (Optional.) Configuring path costs of ports (Optional.) Configuring the port priority (Optional.) Configuring the port link type (Optional.) Enabling outputting port state transition information (Required.
Tasks at a glance Configuring the leaf nodes: • • • • • • • • • • • • (Required.) Setting the spanning tree mode (Required.) Configuring an MST region (Optional.) Configuring the device priority (Optional.) Configuring the timeout factor (Optional.) Configuring the BPDU transmission rate (Optional.) Configuring edge ports (Optional.) Configuring path costs of ports (Optional.) Configuring the port priority (Optional.) Configuring the port link type (Optional.
NOTE: • In STP or RSTP mode, do not specify an MSTI. Otherwise, the spanning tree configuration does not take effect. • In MSTP mode, if you specify an MSTI, the spanning tree configuration takes effect on the specified MSTI. If you do not specify an MSTI, the spanning tree configuration takes effect on the CIST.
Configuring the root bridge or a secondary root bridge You can have the spanning tree protocol determine the root bridge of a spanning tree through calculation, or you can specify the current device as the root bridge or as a secondary root bridge. A device has independent roles in different spanning trees. It can act as the root bridge in one spanning tree and as a secondary root bridge in another. However, one device cannot be the root bridge and a secondary root bridge in the same spanning tree.
Configuring the device priority Device priority is a factor in calculating the spanning tree. The priority of a device determines whether the device can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority. You can set the priority of a device to a low value to specify the device as the root bridge of the spanning tree. A spanning tree device can have different priorities in different spanning trees.
devices. The network diameter is a parameter that indicates the network size. A bigger network diameter indicates a larger network size. Based on the network diameter you configured, the system automatically sets an optimal hello time, forward delay, and max age for the device. Each MST region is considered a device and the configured network diameter is effective only on the CIST (or the common root bridge) but not on other MSTIs.
loss for a link failure and triggers a new spanning tree calculation process. If the hello time is too short, the device frequently sends the same configuration BPDUs, which waste device and network resources. HP recommends using the default setting. If the max age timer is too short, the device frequently begins spanning tree calculations and might mistake network congestion as a link failure.
Configuring the BPDU transmission rate The maximum number of BPDUs a port can send within each hello time equals the BPDU transmission rate plus the hello timer value. Configure an appropriate BPDU transmission rate based on the physical status of the port and the network structure. The higher the BPDU transmission rate, the more BPDUs are sent within each hello time, and the more system resources are used.
Configuring path costs of ports Path cost is a parameter related to the rate of a port. On a spanning tree device, a port can have different path costs in different MSTIs. Setting appropriate path costs allows VLAN traffic flows to be forwarded along different physical links, achieving VLAN-based load balancing. You can have the device automatically calculate the default path cost, or you can configure the path cost for ports.
Table 9 Mappings between the link speed and the path cost Path cost Link speed Port type IEEE 802.1d-1998 IEEE 802.
Step Command • In STP/RSTP mode: 3. Configure the path cost of the ports. stp cost cost • In MSTP mode: stp [ instance instance-list ] cost cost Remarks By default, the system automatically calculates the path cost of each port. NOTE: When the path cost of a port changes, the system re-calculates the role of the port and initiates a state transition. Configuration example # In MSTP mode, configure the device to calculate the default path costs of its ports by using IEEE 802.
Configuring the port link type A point-to-point link directly connects two devices. If two root ports or designated ports are connected over a point-to-point link, they can rapidly transit to the forwarding state after a proposal-agreement handshake process. Configuration restrictions and guidelines • You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that operates in full duplex mode.
A port in auto mode sends 802.1s MSTP packets by default. When the port receives an MSTP packet of a legacy format, the port starts to send packets only of the legacy format. This prevents the port from frequently changing the format of sent packets. To configure the port to send 802.1s MSTP packets, shut down and then bring up the port. To configure the MSTP packet format to be supported on a port: Step Command Remarks 1. Enter system view. system-view N/A 2.
Step (Optional.) Enable the spanning tree feature for the port. 4. Command Remarks stp enable By default, the spanning tree feature is enabled on all ports. Performing mCheck The mCheck feature enables user intervention in the port status transition process. If a port on a device that is running MSTP or RSTP connects to an STP device, this port automatically transits to STP mode when the port receives STP BPDUs.
Configuring Digest Snooping As defined in IEEE 802.1s, connected devices are in the same region only when their MST region-related configurations (region name, revision level, and VLAN-to-instance mappings) are identical. A spanning tree device identifies devices in the same MST region by determining the configuration ID in BPDU packets.
Step Command Remarks 3. Enable Digest Snooping on the interface. stp config-digest-snooping By default, Digest Snooping is disabled on ports. 4. Return to system view. quit N/A 5. Enable Digest Snooping globally. stp global config-digest-snooping By default, Digest Snooping is disabled globally. Digest Snooping configuration example Network requirements As shown in Figure 21, Device A and Device B connect to Device C, which is a third-party device. All these devices are in the same region.
[DeviceB-Ten-GigabitEthernet1/0/1] quit [DeviceB] stp global config-digest-snooping Configuring No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: • Proposal—Sent by designated ports to request rapid transition • Agreement—Used to acknowledge rapid transition requests Both RSTP and MSTP devices can perform rapid transition on a designated port only when the port receives an agreement packet from the downstream device.
device receives no agreement packet from the upstream device and sends no agreement packets to the upstream device. As a result, the designated port of the upstream device fails to transit rapidly, and can only change to the forwarding state after a period twice the Forward Delay. You can enable the No Agreement Check feature on the downstream device's port to enable the designated port of the upstream device to transit its state rapidly.
Configuration procedure # Enable No Agreement Check on Ten-GigabitEthernet 1/0/1 of Device A.
region during network design. However, due to possible configuration errors or malicious attacks in the network, the legal root bridge might receive a configuration BPDU with a higher priority. Another device supersedes the current legal root bridge, causing an undesired change of the network topology. The traffic that should go over high-speed links is switched to low-speed links, resulting in network congestion. To prevent this situation, MSTP provides the root guard function.
Step 3. Enable the loop guard function for the ports. Command Remarks stp loop-protection By default, loop guard is disabled. Configuring port role restriction CAUTION: Use this feature with caution, because enabling port role restriction on a port might affect the connectivity of the spanning tree topology. The change to the bridge ID of a device in the user access network might cause a change to the spanning tree topology in the core network.
Enabling TC-BPDU guard When a device receives topology change (TC) BPDUs (the BPDUs that notify devices of topology changes), it flushes its forwarding address entries. If someone forges TC-BPDUs to attack the device, the device will receive a large number of TC-BPDUs within a short time and be busy with forwarding address entry flushing. This affects network stability.
Task Command Display the statistics of TC/TCN BPDUs sent and received by all ports in the specified MSTI or all MSTIs (in IRF mode). display stp [ instance instance-list ] tc [ chassis chassis-number slot slot-number ] Display the spanning tree status and statistics (in standalone mode). display stp [ instance instance-list ] [ interface interface-list | slot slot-number ] [ brief ] Display the spanning tree status and statistics (in IRF mode).
Configuration procedure 1. 2. Configure VLANs and VLAN member ports: (Details not shown.) { Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B. { Create VLAN 10, VLAN 20, and VLAN 40 on Device C. { Create VLAN 20, VLAN 30, and VLAN 40 on Device D. { Configure the ports on these devices as trunk ports and assign them to related VLANs. Configure Device A: # Enter MST region view, configure the MST region name as example.
# Enter MST region view, configure the MST region name as example. system-view [DeviceC] stp region-configuration [DeviceC-mst-region] region-name example # Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively. [DeviceC-mst-region] instance 1 vlan 10 [DeviceC-mst-region] instance 3 vlan 30 [DeviceC-mst-region] instance 4 vlan 40 # Configure the revision level of the MST region as 0. [DeviceC-mst-region] revision-level 0 # Activate MST region configuration.
0 Ten-GigabitEthernet1/0/2 DESI FORWARDING NONE 0 Ten-GigabitEthernet1/0/3 ROOT FORWARDING NONE 1 Ten-GigabitEthernet1/0/1 DESI FORWARDING NONE 1 Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE 3 Ten-GigabitEthernet1/0/2 DESI FORWARDING NONE 3 Ten-GigabitEthernet1/0/3 ROOT FORWARDING NONE # Display brief spanning tree information on Device B.
Figure 26 MSTIs mapped to different VLANs A B A C B C MSTI 1 mapped to VLAN 10 A MSTI 0 mapped to VLAN 20 B D C MSTI 3 mapped to VLAN 30 Root bridge D D MSTI 4 mapped to VLAN 40 Normal link Blocked link 102
Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts, waste network resources, and sometimes even paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations. You can even configure loop detection to shut down the looped port.
Figure 28 Inner frame header for loop detection The inner frame header for loop detection contains the following fields: • Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. • Reserved—This field is reserved. Frames for loop detection are encapsulated as TLV triplets.
Port status auto recovery Port status auto recovery applies only to the block and no-learning loop protection actions. If the device receives no loop detection frame three loop detection intervals after a loop is detected on a port, the device does the following: • Automatically sets the port to the forwarding state. • Notifies the user of the event. NOTE: Incorrect recovery can occur when loop detection frames are discarded to reduce the load.
Step 2. 3. Command Remarks Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. interface interface-type interface-number N/A Enable loop detection on the port. loopback-detection enable vlan { vlan-list | all } Disabled by default. Configuring the loop protection action You can configure the loop protection action globally or on specific ports. The global configuration applies to all ports. The per-port configuration applies to the individual ports.
Step 3. Configure the loop protection action on the interface. Command Remarks loopback-detection action shutdown By default, the device generates a log but performs no action on the port on which a loop is detected. Setting the loop detection interval With loop detection enabled, the device sends loop detection frames at a specified interval. A shorter interval offers more sensitive detection but consumes more resources.
Figure 29 Network diagram 1 /0/ E1 XG XG E1 /0/ 2 2 /0/ E1 XG XG E1 /0/ 1 Device A XGE1/0/1 XGE1/0/2 Device B Device C VLAN 100 Configuration procedure 1. Configure Device A: # Create VLAN 100, and globally enable loop detection for the VLAN. system-view [DeviceA] vlan 100 [DeviceA-vlan100] quit [DeviceA] loopback-detection global enable vlan 100 # Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100.
# Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100.
The output shows that the device has removed the loops from Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 according to the shutdown action. Use the display interface command to display the status of Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 on Device A. # Display the status of Ten-GigabitEthernet 1/0/1 on Device A. [DeviceA] display interface ten-gigabitethernet 1/0/1 Ten-GigabitEthernet1/0/1 current state: DOWN (Loop detection down) ...
Configuring VLANs This chapter provides an overview of VLANs and explains how to configure them. Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. As the medium is shared, collisions and broadcasts are common in an Ethernet LAN.
Figure 31 VLAN tag placement and format A VLAN tag includes the following fields: • TPID—16-bit tag protocol identifier that indicates whether a frame is VLAN-tagged. By default, the TPID value is 0x8100, indicating that the frame is VLAN-tagged. However, device vendors can set TPID to different values. For compatibility with neighbor devices, configure the TPID value on the device to be the same as the neighbor device. • Priority—3-bit long 802.1p priority of the frame.
Step Configure the description of the VLAN. 5. Command Remarks description text The default setting is VLAN vlan-id, which is the ID of the VLAN. For example, the description of VLAN 100 is VLAN 0100 by default. NOTE: • As the default VLAN, VLAN 1 cannot be created or removed. • You cannot use the undo vlan command to delete a dynamic VLAN, a VLAN with a QoS policy applied, or a VLAN locked by an application. To delete such a VLAN, first remove the configuration from the VLAN.
Step Command Remarks 7. Configure the expected bandwidth of the interface. bandwidth bandwidth-value By default, the expected bandwidth (in kbps) is the interface baud rate divided by 1000. 8. (Optional.) Restore the default settings for the VLAN interface. default N/A undo shutdown By default, a VLAN interface is not manually shut down. The VLAN interface is up if one or more ports in the VLAN is up, and goes down if all ports in the VLAN go down. 9. (Optional.
Make sure a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the PVID or untagged frames, the port filters out these frames. How ports of different link types handle frames Actions Access In the inbound direction for an untagged frame Tags the frame with the PVID tag. In the inbound direction for a tagged frame Trunk Hybrid • If the PVID is permitted on the port, tags the frame with the PVID tag. • If not, drops the frame.
Step Command Remarks • The configuration made in Layer 2 • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate Enter interface view. 2. interface view: interface bridge-aggregation interface-number • Enter S-channel interface view: interface s-channel interface-number.channel-id • Enter S-channel aggregate interface view: interface schannel-aggregation interface-number:channel-id Ethernet interface view applies only to the port.
Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate Enter interface view. 2. interface view: interface bridge-aggregation interface-number • Enter S-channel interface view: interface s-channel interface-number.
Step Command Remarks • The configuration made in Layer 2 Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate 2. Enter interface view. interface view: interface bridge-aggregation interface-number • Enter S-channel interface view: interface s-channel interface-number.
Port-based VLAN configuration example Network requirements As shown in Figure 32, Host A and Host C belong to Department A, and access the enterprise network through different devices. Host B and Host D belong to Department B. They also access the enterprise network through different devices. To ensure communication security and avoid broadcast storms, VLANs are configured in the enterprise network to isolate Layer 2 packets of different departments.
{ Configure Host B and Host D to be on the same IP subnet. For example, 192.168.200.0/24. Verifying the configuration # Verify that Host A and Host C can ping each other, but they both fail to ping Host B. # Verify that Host B and Host D can ping each other, but they both fail to ping Host A. # Verify that VLANs 100 and 200 are correctly configured on Device A.
Configuring the private VLAN The private VLAN feature uses a two-tier VLAN structure, including a primary VLAN and secondary VLANs. This feature simplifies the network configuration and saves VLAN resources. A primary VLAN is used for upstream data exchange. A primary VLAN can be associated with multiple secondary VLANs. Because the upstream device identifies only the primary VLAN and not the secondary VLANs, network configuration is simplified and VLAN resources are saved.
VLAN associated with the secondary VLAN. For more information about promiscuous mode, trunk promiscuous mode, and host mode, see Layer 2—LAN Switching Command Reference. 4. Associate the secondary VLANs with the primary VLAN.
Step 9. Return to system view. 10. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. Command Remarks quit N/A interface interface-type interface-number N/A a. Set the link type of the port: port link-type { access | hybrid | trunk } b. Assign the access port to the specified VLAN: port access vlan vlan-id 11. Assign the downlink port to secondary VLANs. c.
• On Device B, VLAN 5 is a primary VLAN which contains uplink port Ten-GigabitEthernet 1/0/5 and is associated with secondary VLANs VLAN 2 and VLAN 3. VLAN 2 contains member port Ten-GigabitEthernet 1/0/2, and VLAN 3 contains member port Ten-GigabitEthernet 1/0/1. • On Device C, VLAN 6 is a primary VLAN which contains uplink port Ten-GigabitEthernet 1/0/5 and is associated with secondary VLANs VLAN 3 and VLAN 4.
[DeviceB-Ten-GigabitEthernet1/0/2] quit # Associate the secondary VLANs 2 and 3 with the primary VLAN 5. [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan secondary 2 to 3 [DeviceB-vlan5] quit 2. Configure Device C: # Configure VLAN 6 as a primary VLAN. system-view [DeviceC] vlan 6 [DeviceC–vlan6] private-vlan primary [DeviceC–vlan6] quit # Create VLANs 3 and 4, which are to be configured as secondary VLANs.
Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/5 Ten-GigabitEthernet1/0/2 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/5 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: None Untagged Ports: Ten-GigabitEthernet1/0/1 Ten-Gigab
0/ XG E1 / /8 /0 E1 XG 2 Figure 35 Network diagram Configuration procedure 1. Configure Device B: # Configure VLAN 5 and VLAN 10 as primary VLANs. system-view [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan primary [DeviceB-vlan5] quit [DeviceB] vlan 10 [DeviceB-vlan10] private-vlan primary [DeviceB-vlan10] quit # Create VLANs 2, 3, 6, and 8, which are to be configured as secondary VLANs.
[DeviceB] interface ten-gigabitethernet 1/0/3 [DeviceB-Ten-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-Ten-GigabitEthernet1/0/3] port private-vlan host [DeviceB-Ten-GigabitEthernet1/0/3] quit # Associate the secondary VLANs 2 and 3 with the primary VLAN 5. [DeviceB] vlan 5 [DeviceB-vlan5] private-vlan secondary 2 to 3 [DeviceB-vlan5] quit # Assign the downlink port Ten-GigabitEthernet 1/0/6 to VLAN 6, and configure the port to operate in host mode.
Name: VLAN 0005 Tagged ports: Ten-GigabitEthernet1/0/1 Untagged ports: Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: Ten-GigabitEthernet1/0/1 Untagged ports: Ten-GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0003 Name: VLAN 0003 Tagged ports: Ten-GigabitEthernet1/0/1 Untag
Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called "inner VLANs," refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called "outer VLANs," refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers. Overview 802.1Q-in-802.
Figure 36 Single-tagged Ethernet frame header and double-tagged Ethernet frame header For correct transmission of tagged frames, HP recommends that you set the MTU of each interface on the service provider network to at least 1504 bytes, which is the sum of the default interface MTU (1500 bytes) and the size of a VLAN tag (4 bytes). The devices in the service provider network forward a tagged frame according to its SVLAN tag only, and they transmit the CVLAN tag as part of the frame's payload.
Implementations of QinQ QinQ is enabled on a per-port basis. The link type of a QinQ-enabled port can be access, hybrid, or trunk. The QinQ tagging behaviors are the same across these types of ports. A QinQ-enabled port tags all incoming frames (tagged or untagged) with the PVID tag. If an incoming frame already has one tag, it becomes a double-tagged frame. If the frame does not have any 802.1Q tag, it becomes a frame tagged with the PVID.
Configuring QinQ Enable QinQ on customer-side ports of PEs. Enabling QinQ A QinQ-enabled port tags an incoming frame with its PVID. To enable QinQ: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. interface interface-type interface-number N/A Enable QinQ. qinq enable By default, QinQ is disabled. 3.
Configuring the TPID for VLAN tags TPID identifies a frame as an 802.1Q tagged frame. On the device, the TPID in the 802.1Q tag added on a QinQ-enabled port is 0x8100 by default, in compliance with IEEE 802.1Q. However, the TPID value varies with vendors. In a multi-vendor network, you must make sure the TPID setting is the same across all devices so 802.1Q tagged frames can be identified correctly. TPID settings include CVLAN TPID and SVLAN TPID.
Setting the 802.1p priority in SVLAN tags By default, a QinQ-enabled port copies the 802.1p priority in the CVLAN tag to the SVLAN tag. For untagged frames, the port adds the port priority as the 802.1p priority. To set the 802.1p priority in SVLAN tags: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a traffic class and enter traffic class view. traffic classifier classifier-name [ operator { and | or } ] By default, no traffic class is configured.
Step Command Remarks By default, the device trusts the priority carried in frames. 12. Configure the port to trust the 802.1p priority in incoming frames. qos trust dot1p Skip this step if the remark dot1p customer-dot1p-trust command is configured. 13. Enable QinQ. qinq enable N/A 14. Apply the QoS policy to the inbound direction of the port. qos apply policy policy-name inbound N/A For more information about QoS policies, see ACL and QoS Configuration Guide.
Figure 38 Network diagram Configuration procedure This example assumes that the CVLANs have been configured correctly on the CEs. Configuring PE 1 1. Configure Ten-GigabitEthernet 1/0/1 (a customer-side port): # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLAN 100 and VLANs 10 through 70.
3. Configure Ten-GigabitEthernet 1/0/3 (a customer-side port): # Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign it to VLAN 200 and VLANs 30 through 90. [PE1] interface ten-gigabitethernet 1/0/3 [PE1-Ten-GigabitEthernet1/0/3] port link-type trunk [PE1-Ten-GigabitEthernet1/0/3] port trunk permit vlan 200 30 to 90 # Set the PVID to 200 on the port. [PE1-Ten-GigabitEthernet1/0/3] port trunk pvid vlan 200 # Enable QinQ on the port.
Configuring devices in the service provider network All ports on the path between PE 1 and PE 2 must allow frames from VLAN 100 and VLAN 200 to pass through without removing the VLAN tag. (Details not shown.) VLAN transparent transmission configuration example Network requirements As shown in Figure 39, the two branches of a company, Site 1 and Site 2, are connected through the service provider network and use VLANs 10 through 50 and VLAN 3000. VLAN 3000 is the dedicated VLAN of the company.
# Enable QinQ on the port. [PE1-Ten-GigabitEthernet1/0/1] qinq enable # Configure the port to transparently transmit frames from VLAN 3000. [PE1-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 3000 [PE1-Ten-GigabitEthernet1/0/1] quit 2. Configure Ten-GigabitEthernet 1/0/2 (the service provider-side port) as a trunk port, and assign it to VLAN 100 and VLAN 3000.
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. • One-to-two VLAN mapping—Tags single-tagged packets with an outer VLAN tag. • Two-to-two VLAN mapping—Replaces the outer and inner VLAN IDs of double tagged traffic with a new pair of VLAN IDs.
Figure 40 Application scenario of one-to-one VLAN mapping DHCP client PC VLAN 1 Home gateway VoD VoIP VLAN 2 VLAN 1 - > VLAN 101 VLAN 2 - > VLAN 201 VLAN 3 - > VLAN 301 VLAN 3 Wiring - closet switch PC VoD VLAN 1 VLAN 1 - > VLAN 102 VLAN 2 - > VLAN 202 VLAN 3 - > VLAN 302 DHCP server VLAN 2 Home gateway VoIP VLAN 3 Campus switch PC VLAN 1 Home gateway VoD VoIP VLAN 2 VLAN 1 - > VLAN 199 VLAN 2 - > VLAN 299 VLAN 3 - > VLAN 399 VLAN 3 Distribution network Wiring-closet switch PC VoD V
Figure 41 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively. The VLAN assigned to VPN A is VLAN 10 in the SP 1 network and VLAN 20 in the SP 2 network. When the packet from Site 1 arrives at the edge of network SP 1, PE 1 tags the packet with outer VLAN 10 by using one-to-two VLAN mapping. With one-to-two VLAN mapping, a VPN user can plan the VLAN IDs in the network without conflicting with SVLANs.
Figure 42 Basic concepts of VLAN mapping SP Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping Figure 43 One-to-one VLAN mapping implementation In Figure 43, after you configure one-to-one VLAN mapping on the customer-side port, the device replaces the CVLAN with the SVLAN for the uplink traffic and replaces the SVLAN with the CVLAN for the downlink traffic.
• For the uplink traffic, after you configure one-to-two VLAN mapping on the customer-side port, the device tags the packets from a CVLAN with a SVLAN. • For the downlink traffic, you can configure the customer-side port as a hybrid port and assign the port to the SVLAN as an untagged member, so that the device strips the SVLAN tags before sending packets.
Task Remarks Configuring one-to-one VLAN mapping Configure one-to-one VLAN mapping on the wiring-closet switch as shown in Figure 40. Configuring one-to-two VLAN mapping Configure one-to-two VLAN mapping on PE1 and PE4, through which traffic from customer networks enter the service provider networks, as shown in Figure 41. Configuring two-to-two VLAN mapping Configure two-to-two VLAN mapping on PE3, edge device of the SP 2 network, as shown in Figure 41.
Configuring one-to-two VLAN mapping Perform one-to-two VLAN mapping on the edge devices from which customer traffic enters SP networks, on PE 1 and PE 4 in Figure 41 for example. One-to-two VLAN mapping enables the edge devices to add an outer VLAN tag to each incoming packet. Before configuring one-to-two VLAN mapping, first create the original VLAN and the translated VLAN. The MTU of an interface is 1500 bytes by default. After a VLAN tag is added to a packet, the packet length is added by four bytes.
Step Enter system view. 1. Command Remarks system-view N/A • Enter Layer 2 Ethernet interface Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. 2. view: interface interface-type interface-number • Enter Layer 2 aggregate interface N/A view: interface bridge-aggregation interface-number • Configure the port as a trunk port: port link-type trunk Set the link type of the port. 3. • Configure the port as a hybrid By default, the link type of a port is access.
Figure 46 Network diagram Configuration procedure 1. Configure Switch A: # Configure customer-side port Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to original VLANs and translated VLANs.
# Configure customer-side port Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to original VLANs and translated VLANs.
Figure 47 Network diagram SP 1 SP 2 PE 1 PE 2 XGE1/0/1 XGE1/0/2 XGE1/0/1 VLAN 100 VLAN 5 VLAN 5 PE 3 XGE1/0/2 XGE1/0/1 Data PE 4 XGE1/0/2 VLAN 200 Data CE 1 XGE1/0/1 VLAN 6 VLAN 6 VPN A Site 1 VPN A Site 2 XGE1/0/2 Data Data CE 2 Configuration procedure 1. Configure PE 1: # Configure one-to-two VLAN mapping on customer-side port Ten-GigabitEthernet 1/0/1 to add outer VLAN tag 100 to packets from VLAN 5.
3. Configure PE 3: # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLANs 100 and 200. system-view [PE3] interface ten-gigabitethernet 1/0/1 [PE3-Ten-GigabitEthernet1/0/1] port link-type trunk [PE3-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 200 # Configure two-to-two VLAN mapping on Ten-GigabitEthernet 1/0/1 to map outer VLAN 100 and inner VLAN 5 to outer VLAN 200 and inner VLAN 6.
[PE4] display vlan mapping Interface Ten-GigabitEthernet1/0/2: Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN 6 N/A 200 6 The output shows that one-to-two VLAN mapping is successfully configured on PE 1 and PE 4, and two-to-two VLAN mapping is successfully configured on PE 3.
Configuring LLDP You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see "Configuring Ethernet interfaces"). Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB.
LLDPDU formats LLDP sends device information in LLDPDUs. LLDPDUs are encapsulated in Ethernet II or SNAP frames. 1. LLDPDU encapsulated in Ethernet II Figure 49 Ethernet II-encapsulated LLDPDU Table 11 Fields in an Ethernet II-encapsulated LLDPDU Field Description Destination MAC address MAC address to which the LLDPDU is advertised.
Table 12 Fields in a SNAP-encapsulated LLDPDU Field Description Destination MAC address MAC address to which the LLDPDU is advertised. It is the same as that for Ethernet II-encapsulated LLDPDUs. Source MAC address MAC address of the sending port. Type SNAP type for the upper layer protocol. It is 0xAAAA-0300-0000-88CC for LLDP. Data LLDPDU. FCS Frame check sequence, a 32-bit CRC value used to determine the validity of the received Ethernet frame.
Type Description Time to Live Specifies the life of the transmitted information on the receiving device. End of LLDPDU Marks the end of the TLV sequence in the LLDPDU. Port Description Specifies the port description of the sending port. System Name Specifies the assigned name of the sending device. System Description Specifies the description of the sending device. System Capabilities Identifies the primary functions of the sending device and the enabled primary functions.
Table 15 IEEE 802.3 organizationally specific TLVs Type Description MAC/PHY Configuration/Status Contains the bit-rate and duplex capabilities of the sending port, support for autonegotiation, enabling status of autonegotiation, and the current rate and duplex mode. Power Via MDI Contains the power supply capability of the port, including the PoE type (PSE or PD), PoE mode, whether PSE power supply is supported, whether PSE power supply is enabled, and whether the PoE mode is controllable.
Type Description Location Identification Allows a network device to advertise the appropriate location identifier information for a terminal device to use in the context of location-based applications. NOTE: If the MAC/PHY configuration/status TLV is not advertisable, none of the LLDP-MED TLVs will be advertised even if they are advertisable. If the LLDP-MED capabilities TLV is not advertisable, the other LLDP-MED TLVs will not be advertised even if they are advertisable.
Receiving LLDPDUs An LLDP agent that is operating in TxRx mode or Rx mode checks the validity of TLVs carried in every received LLDPDU. If valid, the information is saved and an aging timer is set for it based on the TTL value in the TTL TLV carried in the LLDPDU. If the TTL value is zero, the information ages out immediately. Protocols and standards • IEEE 802.1AB-2005, Station and Media Access Control Connectivity Discovery • IEEE 802.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enable LLDP globally. lldp global enable By default, LLDP is disabled globally. 3. Enter Layer 2 or Layer 3 Ethernet interface view or Layer 2 aggregate interface view. interface interface-type interface-number N/A (Optional.) Enable LLDP. lldp enable By default, LLDP is enabled on a port. 4. Configuring the LLDP bridge mode The following LLDP bridge modes are available: service bridge mode and customer bridge mode.
Step 2. Enter Layer 2 or Layer 3 Ethernet interface view or Layer 2 aggregate interface view. Command Remarks interface interface-type interface-number N/A • In Layer 2 or Layer 3 Ethernet interface 3. Set the LLDP operating mode.
Step 2. Enter Layer 2 or Layer 3 Ethernet interface view or Layer 2 aggregate interface view. Command Remarks interface interface-type interface-number N/A • In Layer 2 or Layer 3 Ethernet interface 3. Enable LLDP polling and set the polling interval. view: lldp [ agent { nearest-customer | nearest-nontpmr } ] check-change-interval interval • In Layer 2 aggregate interface view: By default, LLDP polling is disabled.
Step Command Remarks • lldp tlv-enable { basic-tlv { all | 3. Configure the advertisable TLVs (in Layer 2 Ethernet interface view).
Step Command Remarks By default: • lldp agent nearest-nontpmr tlv-enable { basic-tlv { all | management-address-tlv [ ip-address ] | port-description | system-capability | system-description | system-name } | dot1-tlv { all | evb | port-vlan-id } } 5. Configure the advertisable TLVs (in Layer 2 aggregate interface view). • Nearest non-TPMR bridge agents can advertise only EVB TLVs. • Nearest customer bridge agents can advertise basic TLVs and IEEE 802.
Step Command Remarks • In Layer 2 or Layer 3 Ethernet 3. Allow LLDP to advertise the management address in LLDPDUs and configure the advertised management address.
Step Command Remarks 5. Set the LLDPDU transmit delay. lldp timer tx-delay delay The default setting is 2 seconds. 6. Set the number of LLDPDUs sent each time fast LLDPDU transmission is triggered. lldp fast-count count The default setting is 4. Set an interval for fast LLDPDU transmission. lldp timer fast-interval interval The default setting is 1 second. 7. Setting an encapsulation format for LLDPDUs LLDPDUs can be encapsulated in the following formats: Ethernet II or SNAP frames.
is assigned an IP address or all VLAN interfaces are down, no port IP address will be advertised. The CDP neighbor-information-related fields in the output of the display lldp neighbor-information command show the CDP neighboring device information that can be recognized by the switch. For more information about the display lldp neighbor-information command, see Layer 2—LAN Switching Command Reference.
Transmission Selection for Bandwidth Sharing Between Traffic Classes). DCBX offers the following functions: • Discovers the peer devices' capabilities and determines whether devices at both ends support these capabilities. • Detects configuration errors on peer devices. • Remotely configures the peer device if the peer device accepts the configuration. NOTE: HP devices support only the remote configuration function.
To enable LLDP and DCBX TLV advertising: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable LLDP globally. lldp global enable By default, LLDP is disabled globally. 3. Enter Layer 2 Ethernet interface view. interface interface-type interface-number N/A 4. Enable LLDP. lldp enable By default, LLDP is enabled on an interface. 5. Enable the interface to advertise DCBX TLVs. lldp tlv-enable dot1-tlv dcbx By default, DCBX TLV advertising is disabled on an interface.
Step Command Remarks 6. Use the specified ACL as the match criterion of the class. if-match acl acl-number N/A 7. Return to system view. quit N/A 8. Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name N/A 9. Configure the behavior to mark packets with the specific 802.1p priority. remark dot1p 8021p N/A 10. Return to system view. quit N/A 11. Create a QoS policy and enter QoS policy view. qos policy policy-name N/A 12.
Configuring ETS parameters ETS provides committed bandwidth. The device uses ETS parameters to negotiate with the server adapter, controls the server adapter's transmission speed of the specific type of traffic, and guarantees that the transmission speed is within the committed bandwidth of the interface. In this way, no traffic loss occurs due to congestion. To configure ETS parameters, you must configure the 802.1p-to-local priority mapping and group-based WRR queuing. Configuring the 802.
Step Command Remarks 5. Enter Ethernet interface view. interface interface-type interface-number N/A 6. Configure the interface to trust the 802.1p priority carried in packets. qos trust dot1p By default, an interface trusts the 802.1p priority carried in packets. For more information about the qos map-table, qos map-table color, and import commands, see ACL and QoS Command Reference. Configuring group-based WRR queuing You can configure group-based WRR queuing to allocate bandwidth.
Step 3. Command Remarks By default, PFC is disabled. Enable the Ethernet interface to automatically negotiate with its peer to decide whether to enable PFC. priority-flow-control auto To advertise the PFC data, you must enable PFC in autonegotiation mode. By default, PFC is disabled for all 802.1p priorities. 4. Enable PFC for specific 802.1p priorities. priority-flow-control no-drop dot1p dot1p-list 5. Configure the interface to trust the 802.1p priority carried in packets.
Step 6. (Optional.) Set the LLDP trap transmit interval. Command Remarks lldp timer notification-interval interval The default setting is 30 seconds. Displaying and maintaining LLDP Execute display commands in any view. Task Command Display local LLDP information. display lldp local-information [ global | interface interface-type interface-number ] Display the information contained in the LLDP TLVs sent from neighboring devices.
Figure 53 Network diagram Configuration procedure 1. Configure Switch A: # Enable LLDP globally. system-view [SwitchA] lldp global enable # Enable LLDP on Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2. (You can skip this step because LLDP is enabled on ports by default.) Set the LLDP operating mode to Rx.
Transmit credit max : 5 Hold multiplier : 4 Reinit delay : 2s Trap interval : 30s Fast start times : 4 LLDP status information of port 1 [Ten-GigabitEthernet1/0/1]: LLDP agent nearest-bridge: Port status of LLDP : Enable Admin status : RX_Only Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors : 1 Number of MED neighbors : 1 Number of CDP neighbors : 0 Number of sent optional TLV : 21 Number of received unknown TLV : 0 LLDP agent nearest-customer: P
MED trap flag : No Polling interval : 0s Number of LLDP neighbors : 0 Number of MED neighbors : 0 Number of CDP neighbors : 0 Number of sent optional TLV : 1 Number of received unknown TLV : 0 LLDP agent nearest-customer: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors : 0 Number of MED neighbors : 0 Number of CDP neighbors : 0 Number of sent optional TLV : 16 Number of received unknown TLV :
Number of CDP neighbors : 0 Number of sent optional TLV : 0 Number of received unknown TLV : 5 LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : Disable Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors : 0 Number of MED neighbors : 0 Number of CDP neighbors : 0 Number of sent optional TLV : 1 Number of received unknown TLV : 0 LLDP status information of port 2 [Ten-GigabitEthernet1/0/2]: LLDP agent nearest-bridge: Port status of L
Number of MED neighbors : 0 Number of CDP neighbors : 0 Number of sent optional TLV : 16 Number of received unknown TLV : 0 The sample output shows that Ten-GigabitEthernet 1/0/2 of Switch A does not connect to any neighboring devices. DCBX configuration example Network requirements As shown in Figure 54, in a data center network, interface Ten-GigabitEthernet 1/0/1 of the access switch (Switch A) connects to the FCoE adapter of the data center server (DC server).
[SwitchA-classifier-app_c] if-match acl 4000 [SwitchA-classifier-app_c] quit # Create a traffic behavior named app_b, and configure the traffic behavior to mark packets with 802.1p priority value 3. [SwitchA] traffic behavior app_b [SwitchA-behavior-app_b] remark dot1p 3 [SwitchA-behavior-app_b] quit # Create a QoS policy named plcy, associate class app_c with traffic behavior app_b in the QoS policy, and apply the association to DCBX.
DCBX Parameter Length: 13 DCBX Parameter Type: 2 DCBX Parameter Information Parameter Type: Current Pad Byte Present: Yes DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 2 Priority Group ID of Priority 3: 15 Priority Group ID of Priority 2: 1 Priority Group ID of Priority 5: 5 Priority Group ID of Priority 4: 4 Priority Group ID of Priority 7: 7 Priority Group ID of Priority 6: 6 Priority Group 0 Percentage: 2 Priority Group 1
Priority Group ID of Priority 7: 7 Priority Group ID of Priority 6: 6 Priority Group 0 Percentage: 2 Priority Group 1 Percentage: 4 Priority Group 2 Percentage: 6 Priority Group 3 Percentage: 0 Priority Group 4 Percentage: 10 Priority Group 5 Percentage: 18 Priority Group 6 Percentage: 27 Priority Group 7 Percentage: 31 Number of Traffic Classes Supported: 8 DCBX Parameter Information Parameter Type: Local Pad Byte Present: Yes DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data Priority Group ID of
DCBX Parameter Type: 3 DCBX Parameter Information Parameter Type: Current Pad Byte Present: No DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data PFC Enabled on Priority 0: No PFC Enabled on Priority 1: No PFC Enabled on Priority 2: No PFC Enabled on Priority 3: Yes PFC Enabled on Priority 4: No PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No PFC Enabled on Priority 7: No Number of Traffic Classes Supported: 6 DCBX Parameter Information Parameter Type: Remote Pad Byte Present: No DCBX
PFC Enabled on Priority 3: Yes PFC Enabled on Priority 4: No PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No PFC Enabled on Priority 7: No Number of Traffic Classes Supported: 1 The output shows that DC server performs PFC for packets carrying 802.1p priority 3 after negotiating with Switch A.
Configuring service loopback groups A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the device back to the device. This feature must work with other features, such as GRE. The device supports only one service loopback group. This group provides services only for unicast tunnel traffic. You can use the service loopback group with multiple features. Member ports in a service loopback group are load balanced.
Task Command Display information about the service loopback group. display service-loopback group [ number ] Service loopback group configuration example Network requirements All Ethernet ports on Device A support the tunnel service. Assign Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to a service loopback group to loop GRE packets sent out by the device back to the device. Configuration procedure # Create service loopback group 1, and specify its service type as Tunnel.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index Numerics APP parameter (LLDP), 170 802.X assigning MAC address table learning priority, 28 LAN switching QinQ SVLAN tag 802.1p priority, 135 port to isolation group (multiple), 59 port-based VLAN access port, 115 802.x port-based VLAN hybrid port, 117 802.1 LLDPDU TLV types, 156 port-based VLAN trunk port, 116 802.1p-to-local priority mapping, 172 802.3 LLDPDU TLV types, 156 attribute Ethernet link aggregation attribute configuration, 37 LLDP PFC 802.1p priority, 173 802.X 802.1Q-in-802.
MSTP root bridge configuration, 79 Ethernet interface basic settings, 3 MSTP secondary root bridge configuration, 79 Ethernet interface common settings, 1 RSTP root bridge configuration, 79 Ethernet interface generic flow control, 6 RSTP secondary root bridge configuration, 79 Ethernet interface jumbo frame support, 4 STP designated bridge, 63 Ethernet interface link mode, 4 STP loop guard, 95 Ethernet interface PFC, 7 STP root bridge, 63 Ethernet interface physical state change suppression, 5
LLDP-MED trapping, 174 STP No Agreement Check, 92, 93 loop detection, 103, 105, 107 STP port link type, 87 loop detection protection action, 106 STP port mode, 87 loop detection protection action (global), 106 STP port path cost, 84, 85 loop detection protection action (Layer 2 aggregate interface), 106 STP port priority, 86 STP port role restriction, 96 loop detection protection action (Layer 2 Ethernet interface), 106 STP protection functions, 94 STP root bridge, 79 loopback interface, 16, 16
LLDP APP parameter configuration, 170 Ethernet interface, 14 LLDP ETS parameter configuration, 172 Ethernet link aggregation, 51 LLDP PFC parameter configuration, 173 inloopback interface, 17 LLDP+DCBX TLV advertisement, 169 LAN switching QinQ, 136 LLDP, 175 default loop detection, 107 Ethernet link aggregate interface default settings, 48 loopback interface, 17 designated MAC address table, 30 MST port, 72 MSTP, 97 STP bridge, 63 null interface, 17 STP port, 63 port isolation, 59 device
VLAN interface basic configuration, 113 STP BPDU guard, 94 VLAN port-based configuration, 114, 119 STP feature, 88 STP loop guard, 95 Ethernet interface STP port state transition information output, 88 basic settings configuration, 3 STP root guard, 94 common settings configuration, 1 STP TC-BPDU guard, 97 configuration, 1 configuring management Ethernet interface, 1 encapsulating LLDPDU encapsulated in Ethernet II, 155 displaying, 14 LLDPDU encapsulated in SNAP format, 155 generic flow contro
loop detection interval, 104 Layer 2 group (static), 44 load sharing configuration, 48 MAC address learning, 21 load sharing criteria, 43 MAC address table blackhole entry, 24 local-first load sharing, 50 MAC address table configuration, 21, 22, 31 maintaining, 51 MAC address table entry configuration, 22 member port, 36 MAC address table frame forwarding rule, 28 member port state, 36, 38, 41 MAC address table multiport unicast entry, 24 modes, 38 MAC Information configuration, 32, 34 operat
maintaining, 17 Ethernet link aggregation traffic redirection, 50 interface port-based VLAN access port assignment, 115 bulk configuration, 19 port-based VLAN hybrid port assignment, 117 configuring inloopback, 16 port-based VLAN trunk port assignment, 116 configuring loopback, 16 private VLAN configuration, 121, 122, 123 configuring null, 16 private VLAN configuration (promiscuous mode), 123 Ethernet aggregate interface (description), 45 private VLAN configuration (trunk promiscuous mode), 126
loop detection no-learning action, 104 LLDP basic configuration, 175 LLDP group-based WRR queuing, 173 MAC address, 21 LLDP trapping, 174 MAC address learning disable, 25 LLDP+DCBX TLV advertisement, 169 MAC address table learning priority, 28 LLDP-MED trapping, 174 MST learning port state, 72 loop detection configuration, 103, 105, 107 legacy port isolation configuration, 59 STP port mode, 87 port isolation configuration (on LAN), 60 STP port path cost calculation, 84 port-based VLAN access
operating mode (Rx), 159, 161 logging operating mode (Tx), 159, 161 operating mode (TxRx), 159, 161 loop detection configuration, 103, 105, 107 loop operating mode set, 161 MSTP configuration, 62, 74, 98 parameter set, 166 RSTP configuration, 62, 74, 98 PFC parameter configuration, 173 STP configuration, 62, 74, 98 polling enable, 162 STP loop guard, 95 protocols and standards, 160 loop detection re-initialization delay, 162 configuration, 103, 105, 107 trapping configuration, 174 displayin
Ethernet link aggregation dynamic, 38 manual entries, 21 Ethernet link aggregation dynamic mode, 39 multiport unicast entry, 24 MAC addressing Ethernet link aggregation load sharing criteria, 43 Ethernet link aggregation static, 38 VLAN frame encapsulation, 111 MAC Information Ethernet link aggregation static mode, 38 change send interval, 33 Layer 2 Ethernet interface Auto MDIX mode, 13 configuration, 32, 34 Layer 2 Ethernet interface MDI mode, 13 enable, 32 Layer 2 Ethernet interface MDIX mode
Layer 2 Ethernet interface cable connection, 14 mode set, 77 MSTI calculation, 73 Layer 2 Ethernet interface configuration, 11 No Agreement Check, 92, 93 Layer 2 Ethernet interface fiber port, 9 protocols and standards, 74 Layer 2 Ethernet interface mode, 13 relationship to RSTP and STP, 69 Layer 2 Ethernet interface storm control configuration, 12 root bridge configuration, 79 Layer 2 Ethernet interface storm suppression configuration, 11 root bridge device configuration, 79 secondary root bridg
port isolation configuration (on LAN), 60 STP port mode, 87 STP port path cost, 84, 85 private VLAN configuration, 121, 122 STP port priority, 86 RSTP configuration, 62, 74, 98 STP port role restriction, 96 service loopback group configuration, 186 STP port state transition, 88 STP configuration, 62, 74, 98 STP protection functions, 94 VLAN configuration, 111 STP root bridge, 63 VLAN mapping configuration, 141, 145, 148 STP root guard, 94 VLAN mapping configuration (one-to-one), 146, 148 STP
VLAN mapping configuration, 141, 145, 148 Ethernet link aggregation load sharing criteria, 43 VLAN mapping configuration (one-to-one), 146, 148 Ethernet link aggregation local-first load sharing, 50 VLAN mapping configuration (one-to-two), 147, 150 Ethernet link aggregation member port, 36 Ethernet link aggregation member port state, 36, 38, 41 VLAN mapping configuration (two-to-two), 147, 150 Ethernet link aggregation modes, 38 parameter Ethernet link aggregation operational key, 37 LLDP APP conf
MAC address table multiport unicast entry, 24 LAN switching QinQ SVLAN tag 802.1p priority, 135 MAC Information configuration, 32, 34 LLDP PFC 802.
configuring Ethernet link aggregation group, 43 configuring LLDP PFC parameters, 173 configuring Ethernet link aggregation group load sharing criteria, 48 configuring LLDP trapping, 174 configuring Ethernet link aggregation group-specific load sharing criteria, 49 configuring loop detection, 105, 107 configuring Ethernet link aggregation load sharing, 48 configuring loop detection protection action (global), 106 configuring LLDP-MED trapping, 174 configuring loop detection protection action, 106 co
configuring RSTP secondary root bridge device, 79 displaying loopback interface, 17 configuring service loopback group, 186, 187 displaying MSTP, 97 displaying MAC address table, 30 configuring STP, 74, 75, 98 displaying null interface, 17 configuring STP BPDU transmission rate, 83 displaying port isolation, 59 configuring STP device priority, 80 displaying private VLAN, 123 configuring STP Digest Snooping, 90, 91 displaying RSTP, 97 configuring STP edge port, 83 displaying service loopback gr
modifying MAC address table multiport unicast entry, 24 QinQ configuration, 130, 133, 136 performing Ethernet interface loopback test, 6 configuration restrictions, 132 performing STP mCheck, 89 CVLAN tag, 130 performing STP mCheck globally, 89 displaying, 136 performing STP mCheck in interface view, 89 enable, 133 restoring Ethernet link aggregate interface default settings, 48 how it works, 130 implementation, 132 setting Ethernet interface statistics polling interval, 9 loop detection config
Ethernet link aggregation traffic redirection, 51 sending LAN switching QinQ configuration, 132 Layer 2 Ethernet interface fiber port, 10 MAC Information change send interval, 33 service STP Digest Snooping configuration, 90 STP edge port configuration, 83 LLDP service bridge mode, 161 service loopback group STP mCheck configuration, 89 configuration, 186, 186, 187 STP port link type configuration, 87 displaying, 186 STP port role restriction, 96 setting STP TC-BPDU transmission restriction, 96
No Agreement Check, 92, 93 Layer 2 Ethernet link aggregation group, 44 path cost, 63 MAC address table entry, 21 port link type configuration, 87 statistics port link type configuration restrictions, 87 polling interval, 9 port mode configuration, 87 storm Layer 2 Ethernet interface storm control, 12 port path cost calculation standard, 84 Layer 2 Ethernet interface storm suppression, 11 port path cost configuration, 84, 85 port priority configuration, 86 STP algorithm calculation, 64 port rol
inloopback interface configuration, 16, 17 LLDP advertisable TLV configuration, 163 loopback interface configuration, 16, 16 LLDP management address configuration, 165 MAC address table configuration, 21, 22, 31 LLDP management address encoding format, 165 null interface configuration, 16, 17 LLDP parameters, 166 port isolation configuration, 59 LLDP+DCBX TLV advertisement, 169 port isolation configuration (on LAN), 60 LLDPDU basic management types, 156 LLDPDU LLDP-MED types, 156 synchronizing
LAN switching QinQ CVLAN tag, 130 W LAN switching QinQ implementation, 132 WRR queuing LAN switching QinQ SVLAN tag, 130 LLDP group-based WRR queuing, 173 LAN switching QinQ SVLAN tag 802.
