HP FlexFabric 11900 Switch Series Layer 2 - LAN Switching Configuration Guide Part number: 5998-4059 Software version: Release 2105 and later Document version: 6W100-20130515
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring Ethernet interfaces ··································································································································· 1 Configuring the management Ethernet interface ··········································································································· 1 Ethernet interface naming conventions ··························································································································· 1 Configuring commo
Verifying the configurations ································································································································· 27 Configuring MAC Information ·································································································································· 28 Configuration guidelines ··············································································································································· 28 Enabling MAC In
Configuring spanning tree protocols ························································································································ 56 STP ··················································································································································································· 56 STP protocol packets ············································································································································· 56
Configuring protection functions ·································································································································· 88 Enabling BPDU guard ··········································································································································· 88 Enabling root guard ·············································································································································· 88 Enabling loop gu
Configuring basic QinQ features ······························································································································· 115 Enabling QinQ ···················································································································································· 115 Configuring transparent transmission for VLANs ····························································································· 115 Configuring the TPID for VLAN tags ·
Basic LLDP configuration example ······························································································································ 154 Network requirements ········································································································································· 154 Configuration procedure ···································································································································· 154 DCBX configuration examp
Configuring Ethernet interfaces The switch series supports Ethernet interfaces, management Ethernet interfaces, and console interfaces. For the support for the interface types and interface numbers, see the installation guide. This chapter describes the configurations for Ethernet interfaces and the management Ethernet interface. Configuring the management Ethernet interface The switch provides one management Ethernet interface. This interface uses an RJ-45 connector.
Configuring a combo interface A combo interface is a logical interface that physically comprises one fiber port and one copper port. The two ports share one forwarding channel and one interface view, so they cannot work simultaneously. When you activate one port, the other port is automatically disabled. In the interface view, you can activate the fiber or copper combo port, and configure other port attributes such as the interface rate and duplex mode.
Step 4. Reboot the corresponding interface card. Command Remarks N/A After creating the four 10-GE interfaces, the system removes the 40-GE interface. Combining four 10-GE interfaces into a 40-GE interface If you need higher bandwidth, you can combine the four split 10-GE interfaces into a 40-GE interface. After you combine the four 10-GE interfaces, replace the dedicated 1-to-4 cable with a dedicated 1-to-1 cable or 40-GE transceiver module cable.
Step Command Remarks The default setting is 10000 for 10-GE XFP fiber ports and auto for other Ethernet interfaces. 40-GE interfaces do not support the 10, 100, or 1000 keyword. 10-GE XFP fiber ports do not support the 10, 100, 1000, 40000, or auto keyword. 10-GE SFP+ fiber ports do not support the 10, 100, 1000, or 40000 keyword. 5. Set the port speed. speed { 10 | 100 | 1000 | 10000 | 40000 | auto } GE fiber ports do not support the 10, 10000, or 40000 keyword.
Configuring jumbo frame support An Ethernet interface might receive some frames larger than the standard Ethernet frame size (called "jumbo frames") during high-throughput data exchanges, such as file transfers. Usually, an Ethernet interface discards jumbo frames. Jumbo frame support allows the interface to process jumbo frames within the specified range. To configure jumbo frame support in interface view: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Ethernet interface view.
Step Command Remarks By default, each time the physical link of a port goes up or comes down, the interface immediately reports the change to the CPU. Set the link-up event suppression interval. 4. Set the link-updown event suppression interval. 5. link-delay delay-time mode up With this command configured, when the interface goes up, the link-up event is not reported to the CPU until the interface is still up when the suppression interval (delay-time) expires.
Step Command Remarks 2. Enter Ethernet interface view. interface interface-type interface-number N/A 3. Perform a loopback test. loopback { external | internal } By default, no loopback test is performed. Configuring generic flow control on an Ethernet interface To avoid packet drops on a link, you can enable generic flow control at both ends of the link.
Step Command Remarks • Enable TxRx mode generic Enable generic flow control. 3. flow control: flow-control • Enable Rx mode generic flow control: flow-control receive enable Use one of the commands. By default, Rx mode generic flow control is disabled on an Ethernet interface. Configuring PFC on an Ethernet interface PFC performs flow control based on 802.1p priorities. With PFC enabled, an interface requires its peer to suspend sending packets with certain 802.1p priorities when congestion occurs.
Step Command Remarks 3. Enable PFC for specific 802.1p priorities. priority-flow-control no-drop dot1p dot1p-list By default, PFC is disabled for all 802.1p priorities. 4. Enter Ethernet interface view. interface interface-type interface-number N/A 5. Enable PFC on the interface through automatic negotiation or forcibly. priority-flow-control { auto | enable } By default, PFC is disabled. Enable PFC for specific 802.1p priorities.
Setting the statistics polling interval To set the statistics polling interval on an Ethernet interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Ethernet interface view. interface interface-type interface-number N/A 3. Set the statistics polling interval. flow-interval interval The default setting is 300 seconds. To display the interface statistics collected in the last polling interval, use the display interface command.
Step Command Remarks 3. Enable broadcast suppression and set the broadcast suppression threshold. broadcast-suppression { ratio | pps max-pps | kbps max-kbps } By default, broadcast traffic is allowed to pass through an interface. 4. Enable multicast suppression and set the multicast suppression threshold. multicast-suppression { ratio | pps max-pps | kbps max-kbps } By default, multicast traffic is allowed to pass through an interface. 5.
Step Command Remarks system-view N/A 1. Enter system view. 2. (Optional.) Set the traffic polling interval of the storm control module. storm-constrain interval seconds 3. Enter Ethernet interface view. interface interface-type interface-number N/A 4. (Optional.) Enable storm control, and set the lower and upper thresholds for broadcast, multicast, or unknown unicast traffic.
When a crossover cable is used, set the interface to operate in the same MDIX mode as its peer, or set either end to operate in AutoMDIX mode. • To set the MDIX mode of an Ethernet interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Ethernet interface view. interface interface-type interface-number N/A 3. Set the MDIX mode of the Ethernet interface.
Step 3. Set the MTU. Command Remarks mtu size The default setting is 1500 bytes. Displaying and maintaining an Ethernet interface Execute display commands in any view and reset commands in user view. Task Command Display interface traffic statistics. display counters { inbound | outbound } interface [ interface-type [ interface-number ] ] Display traffic rate statistics of interfaces in up state over the last sampling interval.
Configuring loopback and null interfaces This chapter describes how to configure a loopback interface and a null interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state and link layer protocols of a loopback interface are always up unless the loopback interface is manually shut down.
To configure a null interface: Step 1. Enter system view. Command Remarks system-view N/A Interface Null 0 is the default null interface on the device and cannot be manually created or removed. 2. Enter null interface view. interface null 0 3. Set the interface description. description text The default setting is NULL0 Interface. 4. Restore the default settings for the null interface. default N/A Only one null interface, Null 0, is supported on the device.
Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces. Failure to apply a command on one member interface does not affect the application of the command on the other member interfaces.
Step 5. (Optional.) Verify the configuration.
Configuring the MAC address table Overview An Ethernet device uses a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which interfaces a MAC address (or host) can be reached. When forwarding a frame, the device first looks up the MAC address of the frame in the MAC address table for a match. If an entry is found, the device forwards the frame out of the outgoing interface.
• Dynamic entries—Dynamic entries can be manually configured or dynamically learned in order to forward frames with a specific destination MAC address out of their associated interfaces and might age out. • Blackhole entries—Blackhole entries are manually configured and never age out. Blackhole entries are configured for filtering out frames with a specific source or destination MAC address.
• A manually configured dynamic MAC address entry has the same priority as an automatically learned one. If a packet with such a source MAC address enters the device on a different interface from that in the static MAC address entry, the device learns a new MAC address entry and uses the learned one to overwrite the manually configured dynamic MAC address entry.
Step Command Remarks N/A 1. Enter system view. system-view 2. Add or modify a blackhole MAC address entry. mac-address blackhole mac-address vlan vlan-id By default, no blackhole MAC address entry is configured. Make sure you have created the VLAN.
Disabling MAC address learning MAC address learning is enabled by default. To prevent the MAC address table from being saturated when the device is experiencing attacks, disable MAC address learning. For example, you can disable MAC address learning to prevent the device from being attacked by a large amount of frames with different source MAC addresses. Disabling global MAC address learning Step Command Remarks 1. Enter system view. system-view N/A 2. Disable global MAC address learning.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enable global MAC address learning. mac-address mac-learning enable By default, global MAC address learning is enabled. 3. Enter VLAN view. vlan vlan-id N/A 4. Disable MAC address learning on the VLAN. undo mac-address mac-learning enable By default, MAC address learning on the VLAN is enabled.
Step 3. Configure the MAC learning limit on the interface and configure the interface to forward frames with unknown source MAC addresses when the MAC learning limit is reached. Command Remarks mac-address max-mac-count { count | enable-forwarding } By default, no limit is configured.. When the MAC learning limit is reached, frames with unknown source MAC addresses are forwarded by default.
To enable MAC address synchronization: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable MAC address synchronization. mac-address mac-roaming enable By default, MAC address synchronization is disabled. Displaying and maintaining the MAC address table Execute display commands in any view. Task Command Display MAC address table information.
Verifying the configurations # Display the MAC address entry for interface Ten-GigabitEthernet 1/0/1. [Device] display mac-address interface ten-gigabitethernet 1/0/1 MAC Address VLAN ID State Port/NickName 000f-e235-dc71 1 Static XGE1/0/1 Aging N # Display information about the blackhole MAC address entries. [Device] display mac-address blackhole MAC Address VLAN ID State Port/NickName Aging 000f-e235-abcd 1 Blackhole N/A N # View the aging time of dynamic MAC address entries.
Configuring MAC Information The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor users leaving or joining the network and analyze network traffic. The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue.
Configuring the MAC Information mode The following MAC Information modes are available for sending MAC address changes: • Syslog—The device sends syslog messages to notify MAC address changes. In this mode, the device sends syslog messages to the information center, which then outputs them to the monitoring terminal. For more information about information center, see Network Management and Monitoring Configuration Guide. • Trap—The device sends SNMP notifications to notify MAC address changes.
Figure 2 Network diagram Device XGE1/0/1 Host A XGE1/0/2 XGE1/0/3 Server 192.168.1.1/24 192.168.1.3/24 Host B 192.168.1.2/24 Configuration procedure 1. Configure Device to send syslog messages to Host B (see Network Management and Monitoring Configuration Guide). 2. Enable MAC Information: # Enable MAC Information globally. system-view [Device] mac-address information enable # Configure the MAC Information mode as syslog.
Configuring Ethernet link aggregation This chapter gives an overview of Ethernet link aggregation and explains how to configure it. Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports. • Improved link reliability. The member ports dynamically back up one another.
Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key. In an aggregation group, all selected member ports are assigned the same operational key. Configuration types Every configuration setting on a port might affect its aggregation state.
• Dynamic aggregation mode—The peering system automatically maintains the aggregation state of the member ports, thus reducing the workload of administrators. An aggregation group in static mode is called a "static aggregation group" and an aggregation group in dynamic mode is called a "dynamic aggregation group.
Figure 4 Setting the aggregation state of a member port in a static aggregation group NOTE: • The maximum number of Selected ports in a static aggregation group is 16. • To ensure stable aggregation state and service continuity, do not change port attributes or class-two configurations on any member port. If you must, make sure you understand its impact on the live network.
other member ports. In this way, the two systems reach an agreement on which ports are placed in Selected state. LACP functions LACP offers basic LACP functions and extended LACP functions, as described in Table 4. Table 4 Basic and extended LACP functions Category Description Basic LACP functions Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port priority, port number, and operational key.
Choosing a reference port The system chooses a reference port from the member ports that are in up state and have the same attribute configurations as the aggregate interface. A Selected port must have the same operational key and attribute configurations as the reference port. The local system (the actor) and the remote system (the partner) negotiate a reference port by using the following workflow: 1. Compare the system IDs. (A system ID comprises the system LACP priority and the system MAC address.
Figure 5 Setting the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the remote system, sets the aggregation state of local member ports the same as their peer ports. When you aggregate interfaces in dynamic mode, follow these guidelines: • The maximum number of Selected ports in a dynamic aggregation group is 16.
• A port that joins a dynamic aggregation group after the Selected port limit has been reached is placed in Selected state if it is more eligible to be selected than a current member port. Load sharing criteria for link aggregation groups In a link aggregation group, traffic may be load-shared across the selected member ports based on a set of criteria, depending on your configuration.
• Removing an aggregate interface also removes its aggregation group and causes all member ports to leave the aggregation group. • You must configure the same aggregation mode on the two ends of an aggregate link. • This switch series supports up to 128 aggregation groups. To ensure the operation of the service loopback groups, HP recommends configuring no more than 126 aggregation groups.
Step Command Remarks 3. Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view. interface bridge-aggregation interface-number When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same. 4. Configure the aggregation group to operate in dynamic aggregation mode. link-aggregation mode dynamic By default, an aggregation group operates in static aggregation mode. Exit to system view. quit N/A 5. 6.
Step Command Remarks 2. Enter aggregate interface view. interface bridge-aggregation interface-number N/A 3. Configure the description of the aggregate interface description text By default, the description of an interface is in the format of interface-name Interface. Setting the minimum and maximum numbers of Selected ports for an aggregation group IMPORTANT: The minimum and maximum number of Selected ports must be the same for the local and peer aggregation groups.
Shutting down an aggregate interface Make sure no member port in an aggregation group is configured with the loopback command when you shut down the aggregate interface. Similarly, a port configured with the loopback command cannot be assigned to an aggregate interface already shut down. For more information about the loopback command, see Layer 2—LAN Switching Command Reference.
The load sharing criteria configuration takes effect on only known unicast packets, and can change the load sharing criteria for known unicast packets. Broadcast packets, multicast packets, and unknown unicast packets always use the default load sharing criteria. Configuring the global link-aggregation load sharing criteria Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the global link-aggregation load sharing criteria.
• Layer 1 MPLS label • Destination IP address and source IP address • Destination MAC address and source MAC address • Layer 1 MPLS label and Layer 2 MPLS label Enabling local-first load sharing for link aggregation Use the local-first load sharing mechanism in a multi-switch link aggregation scenario to distribute traffic preferentially across member ports on the ingress switch rather than all member ports.
With this feature, when you restart a card that contains Selected ports, traffic can be redirected to other cards. (In standalone mode.) With this feature, when you restart an IRF member device or its card that contains Selected ports, traffic can be redirected to other IRF member devices or other cards. (In IRF mode.) Configuration restrictions and guidelines • Link-aggregation traffic redirection applies only to dynamic link aggregation groups and takes effect on only known unicast packets.
Task Command Clear statistics for specific or all aggregate interfaces.
[DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/1] quit [DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/2] quit [DeviceA] interface ten-gigabitethernet 1/0/3 [DeviceA-Ten-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-Ten-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 a
Figure 8 Network diagram Configuration procedure 1. Configure Device A: # Create VLAN 10, and assign the port Ten-GigabitEthernet 1/0/4 to VLAN 10. system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/0/4 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Ten-GigabitEthernet 1/0/5 to VLAN 20.
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20 [DeviceA-Bridge-Aggregation1] quit 2. Configure Device B in the same way Device A is configured. (Details not shown.) 3. Verify the configurations by displaying detailed information about all aggregation groups on Device A.
Figure 9 Network diagram Configuration procedure 1. Configure Device A: # Create VLAN 10, and assign the port Ten-GigabitEthernet 1/0/5 to VLAN 10. system-view [DeviceA] vlan 10 [DeviceA-vlan10] port ten-gigabitethernet 1/0/5 [DeviceA-vlan10] quit # Create VLAN 20, and assign the port Ten-GigabitEthernet 1/0/6 to VLAN 20.
# Create and enable Layer 2 aggregate interface Bridge-Aggregation 2, and configure the load sharing criterion for the link aggregation group as the destination MAC addresses of packets. [DeviceA] interface bridge-aggregation 2 [DeviceA-Bridge-Aggregation2] undo shutdown [DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac [DeviceA-Bridge-Aggregation2] quit # Assign ports Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 to link aggregation group 2.
# Display all the group-specific load sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode interface Bridge-Aggregation1 Load-Sharing Mode: source-mac address Bridge-Aggregation2 Load-Sharing Mode: destination-mac address The output shows that the load sharing criterion for link aggregation group 1 is the source MAC addresses of packets and that for link aggregation group 2 is the destination MAC addresses of packets.
Configuring port isolation The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another. The device supports multiple isolation groups, which can be configured manually. The number of ports assigned to an isolation group is not limited. Layer 2 traffic cannot be forwarded between ports in different VLANs.
Task Command Display isolation group information on a multiple-isolation-group device. display port-isolate group [ group-number ] [ | { begin | exclude | include } regular-expression ] Port isolation configuration example Network requirements As shown in Figure 10: • LAN users Host A, Host B, and Host C are connected to Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 on the device, respectively.
Verifying the configuration # Display information about isolation group 2.
Configuring spanning tree protocols Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP). STP STP was developed based on the 802.1d standard of IEEE to eliminate loops at the data link layer in a LAN.
Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called "leaf nodes". The root bridge is not permanent, but can change with changes of the network topology. Upon initialization of a network, each device generates and periodically sends configuration BPDUs, with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs.
Calculation process of the STP algorithm The spanning tree calculation process described in the following sections is a simplified process for example only. Calculation process The STP algorithm uses the following calculation process: 1. Initialize the network. Upon initialization of a device, each port generates a BPDU with the port as the designated port, the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge ID. 2. Select the root bridge.
Step Actions 2 The device compares the configuration BPDUs of all the ports and chooses the optimum configuration BPDU. The following are the principles of configuration BPDU comparison: a. The configuration BPDU with the lowest root bridge ID has the highest priority. b. If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S.
Device Device C 2. Port name Configuration BPDU on the port Port C1 {2, 0, 2, Port C1} Port C2 {2, 0, 2, Port C2} Compare the configuration BPDUs on each device. In Table 8, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID.
Device Configuration BPDU on ports after comparison Comparison process • Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}, finds that the received configuration BPDU is superior to its existing configuration BPDU {2, 0, 2, Port C1}, and updates its configuration BPDU.
Figure 13 The final calculated spanning tree The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded according to these guidelines: • Upon network initiation, every device regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.
The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded. RSTP RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster than STP. If the old root port on the device has stopped forwarding data and the upstream designated port has started forwarding data, a newly elected RSTP root port rapidly enters the forwarding state.
Figure 14 Basic concepts in MSTP VLAN 1 MSTI 1 MSTI 2 VLAN 2 MSTI 0 Other VLANs VLAN 1 MSTI 1 MSTI 2 VLAN 2 MSTI 0 Other VLANs MST region 1 MST region 4 MST region 2 MST region 3 VLAN 1 MSTI 1 MSTI 2 VLAN 2 MSTI 0 Other VLANs CST VLAN 1 MSTI 1 MSTI 2 VLAN 2&3 MSTI 0 Other VLANs Figure 15 Network diagram and topology of MST region 3 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them.
• Same VLAN-to-instance mapping configuration • Same MSTP revision level • Physically linked together Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region. In Figure 14, the switched network comprises four MST regions, MST region 1 through MST region 4, and all devices in each MST region have the same MST region configuration.
Port roles A port can play different roles in different MSTIs. As shown in Figure 16, an MST region comprises Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common root bridge. Port B2 and Port B3 of Device B form a loop. Port C3 and Port C4 of Device C connect to other MST regions. Port D3 of Device D directly connects to a host.
• Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user traffic. • Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user traffic. Learning is an intermediate port state. • Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward user traffic. NOTE: When in different MSTIs, a port can be in different states. A port state is not exclusively associated with a port role.
MSTP implementation on devices MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol packets.
Though the member ports of an aggregation group do not participate in spanning tree calculation, the ports still reserve their spanning tree configurations for participating in spanning tree calculation after leaving the aggregation group. • STP configuration task list Tasks at a glance Configuring the root bridge: • • • • • • • • • (Required.) Setting the spanning tree mode (Optional.) Configuring the root bridge or a secondary root bridge (Optional.) Configuring the device priority (Optional.
Tasks at a glance Configuring the root bridge: • • • • • • • • • • • (Required.) Setting the spanning tree mode (Optional.) Configuring the root bridge or a secondary root bridge (Optional.) Configuring the device priority (Optional.) Configuring the network diameter of a switched network (Optional.) Configuring spanning tree timers (Optional.) Configuring the timeout factor (Optional.) Configuring the maximum port rate (Optional.) Configuring edge ports (Optional.
Tasks at a glance Configuring the root bridge: • • • • • • • • • • • • • • (Required.) Setting the spanning tree mode (Required.) Configuring an MST region (Optional.) Configuring the root bridge or a secondary root bridge (Optional.) Configuring the device priority (Optional.) Configuring the maximum hops of an MST region (Optional.) Configuring the network diameter of a switched network (Optional.) Configuring spanning tree timers (Optional.) Configuring the timeout factor (Optional.
MSTP mode—All ports of the device send MSTP BPDUs. A port in this mode automatically transits to the STP mode when receiving STP BPDUs from the peer device, and a port in this mode does not transit to the RSTP mode when receiving RSTP BPDUs from the peer device. • MSTP mode is compatible with RSTP mode, and RSTP mode is compatible with STP mode. To set the spanning tree mode: Step Command Remarks 1. Enter system view. system-view N/A 2. Set the spanning tree mode.
Step Command Remarks 7. Manually activate MST region configuration. active region-configuration N/A 8. (Optional.) Display the activated configuration information of the MST region. display stp region-configuration Available in any view. Configuring the root bridge or a secondary root bridge You can have the spanning tree protocol determine the root bridge of a spanning tree through MSTP calculation, or you can specify the current device as the root bridge or as a secondary root bridge.
Step 1. Enter system view. 2. Configure the current device as a secondary root bridge. Command Remarks system-view N/A • In STP/RSTP mode: stp root secondary By default, a device does not function as a secondary root bridge. • In MSTP mode: stp [ instance instance-list ] root secondary Configuring the device priority Device priority is a factor in calculating the spanning tree. The priority of a device determines whether the device can be elected as the root bridge of a spanning tree.
Configuring the network diameter of a switched network Any two terminal devices in a switched network are connected through a specific path composed of a series of devices. The network diameter is the number of devices on the path composed of the most devices. The network diameter is a parameter that indicates the network size. A bigger network diameter indicates a larger network size.
Configuration restrictions and guidelines • The length of the forward delay timer is related to the network diameter of the switched network. The larger the network diameter is, the longer the forward delay time should be. If the forward delay timer is too short, temporary redundant paths might occur. If the forward delay timer is too long, network convergence might take a long time. HP recommends using the default setting.
Step Configure the timeout factor of the device. 2. Command Remarks stp timer-factor factor The default setting is 3. Configuring the maximum port rate The maximum rate of a port refers to the maximum number of BPDUs the port can send within each hello time. The maximum rate of a port is related to the physical status of the port and the network structure. The higher the maximum port rate, the more BPDUs are sent within each hello time, and the more system resources are used.
Step Command Remarks 2. Enter Layer 2 Ethernet or aggregate interface view. interface interface-type interface-number N/A 3. Configure the current ports as edge ports. stp edged-port By default, all ports are non-edge ports. Configuring path costs of ports Path cost is a parameter related to the rate of a port. On a spanning tree device, a port can have different path costs in different MSTIs.
Step 2. Specify a standard for the device to use when it calculates the default path costs of its ports. Command Remarks stp pathcost-standard { dot1d-1998 | dot1t | legacy } The default setting is legacy. Table 10 Mappings between the link speed and the path cost Path cost Link speed Port type IEEE 802.1d-1998 IEEE 802.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet or aggregate interface view. interface interface-type interface-number N/A 3. Configure the path cost of the ports. • In STP/RSTP mode: stp cost cost • In MSTP mode: stp [ instance instance-list ] cost cost By default, the system automatically calculates the path cost of each port. NOTE: When the path cost of a port changes, the system re-calculates the role of the port and initiates a state transition.
NOTE: When the priority of a port changes, the system re-calculates the port role and initiates a state transition. Configuring the port link type A point-to-point link directly connects two devices. If two root ports or designated ports are connected over a point-to-point link, they can rapidly transit to the forwarding state after a proposal-agreement handshake process.
You can configure the MSTP packet format on a port. When operating in MSTP mode after the configuration, the port sends only MSTP packets of the format that you have configured to communicate with devices that send packets of the same format. A port in auto mode sends 802.1s MSTP packets by default. When the port receives an MSTP packet of a legacy format, the port starts to send packets only of the legacy format. This prevents the port from frequently changing the format of sent packets.
Step Command Remarks 3. Enter Layer 2 Ethernet or aggregate interface view. interface interface-type interface-number N/A 4. (Optional.) Enable the spanning tree feature for the port. stp enable By default, the spanning tree feature is enabled on all ports. Performing mCheck The mCheck feature enables user intervention in the port status transition process.
Configuring Digest Snooping As defined in IEEE 802.1s, connected devices are in the same region only when their MST region-related configurations (region name, revision level, and VLAN-to-instance mappings) are identical. A spanning tree device identifies devices in the same MST region by determining the configuration ID in BPDU packets.
Step Command Remarks 4. Return to system view. quit N/A 5. Enable Digest Snooping globally. stp global config-digest-snooping By default, Digest Snooping is disabled globally. Digest Snooping configuration example Network requirements As shown in Figure 17, Device A and Device B connect to Device C, which is a third-party device. All these devices are in the same region.
Configuring No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: • Proposal—Sent by designated ports to request rapid transition. • Agreement—Used to acknowledge rapid transition requests. Both RSTP and MSTP devices can perform rapid transition on a designated port only when the port receives an agreement packet from the downstream device.
You can enable the No Agreement Check feature on the downstream device's port to enable the designated port of the upstream device to transit its state rapidly. Configuration prerequisites Before you configure the No Agreement Check function, complete the following tasks: • Connect a device to a third-party upstream device that supports spanning tree protocols through a point-to-point link.
Configuring protection functions A spanning tree device supports the following protection functions: • BPDU guard • Root guard • Loop guard • Port role restriction • TC-BPDU transmission restriction • TC-BPDU guard Enabling BPDU guard For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers. The access ports are configured as edge ports to allow rapid transition.
this port in the MSTI. If the port receives no BPDUs with a higher priority within twice the forwarding delay, it reverts to its original state. On a port, the loop guard function, the root guard function, and the edge port setting are mutually exclusive, and the one configured first takes effect. Configure root guard on a designated port. To enable root guard: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet or aggregate interface view.
The change to the bridge ID of a device in the user access network might cause a change to the spanning tree topology in the core network. To avoid this problem, you can enable port role restriction on a port. With this feature enabled, when the port receives a superior BPDU, it becomes an alternate port rather than a root port. Make this configuration on the port that connects to the user access network. To configure port role restriction: Step Command Remarks 1. Enter system view.
To enable TC-BPDU guard: Step 1. Enter system view. Command Remarks system-view N/A 2. Enable the TC-BPDU guard function. stp tc-protection 3. (Optional.) Configure the maximum number of forwarding address entry flushes that the device can perform every 10 seconds. stp tc-protection threshold number By default, TC-BPDU guard is enabled. HP recommends not disabling this feature. The default setting is 6.
Spanning tree configuration example Network requirements As shown in Figure 21, all devices on the network are in the same MST region. Device A and Device B work at the distribution layer. Device C and Device D work at the access layer.
[DeviceA-mst-region] instance 4 vlan 40 [DeviceA-mst-region] revision-level 0 # Activate MST region configuration. [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Specify the current device as the root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Enable the spanning tree feature globally. [DeviceA] stp global enable 3.
# Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively, and configure the revision level of the MST region as 0. system-view [DeviceD] stp region-configuration [DeviceD-mst-region] region-name example [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 3 vlan 30 [DeviceD-mst-region] instance 4 vlan 40 [DeviceD-mst-region] revision-level 0 # Activate MST region configuration.
1 Ten-GigabitEthernet1/0/1 ROOT FORWARDING NONE 1 Ten-GigabitEthernet1/0/2 ALTE DISCARDING NONE 4 Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D.
Configuring loop detection Overview Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts, waste network resources, and sometimes even paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations. You can even configure loop detection to shut down the looped port.
The inner frame header for loop detection contains the following fields: • Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol. • Version—Protocol version, which is always 0x0000. • Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header. • Reserved—This field is reserved. Frames for loop detection are encapsulated as TLV triplets. Table 11 TLVs supported by loop detection TLV Description Remarks End of PDU End of a PDU.
NOTE: Incorrect recovery can occur when loop detection frames are discarded to reduce the load. To avoid this, use the shutdown action, or manually remove the loop. Loop detection configuration task list Tasks at a glance (Required.) Enabling loop detection (Optional.) Configuring the loop protection action (Optional.) Setting the loop detection interval Enabling loop detection You can enable loop detection globally or on specific ports. The global configuration applies to all ports in the specified VLAN.
Configuring the loop protection action You can configure the loop protection action globally or on specific ports. The global configuration applies to all ports. The per-port configuration applies to the individual ports. The per-port configuration takes precedence over the global configuration. Configuring the global loop protection action Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the global loop protection action.
To set the loop detection interval: Step Command Remarks 1. Enter system view. system-view N/A 2. Set the loop detection interval. loopback-detection interval-time interval The default setting is 30 seconds. Displaying and maintaining loop detection Execute display commands in any view. Task Command Display the loop detection configuration and status.
[DeviceA] loopback-detection global enable vlan 100 # Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100.
Verifying the configuration After the configurations are complete, Device A detects loops on ports Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 within a loop detection interval. Consequently, Device A automatically shuts down the ports and generates the following log messages: [DeviceA] %Feb 24 15:04:29:663 2012 DeviceA LPDT/4/LOOPED:Slot=1; Loopback exists on Ten-GigabitEthernet1/0/1. %Feb 24 15:04:29:667 2012 DeviceA LPDT/4/LOOPED:Slot=1; Loopback exists on Ten-GigabitEthernet1/0/2.
Configuring VLANs This chapter provides an overview of VLANs and explains how to configure them. Overview Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. As the medium is shared, collisions and broadcasts are common in an Ethernet LAN.
Figure 27 VLAN tag placement and format A VLAN tag includes the following fields: • TPID—16-bit tag protocol identifier that indicates whether a frame is VLAN-tagged. By default, the TPID value is 0x8100, indicating that the frame is VLAN-tagged. However, device vendors can set TPID to different values. For compatibility with neighbor devices, configure the TPID value on the device to be the same as the neighbor device.
Step 4. Configure a name for the VLAN. 5. Configure the description of the VLAN. Command Remarks name text By default, VLAN names are in the format VLAN vlan-id. For example, the name of VLAN 100 is VLAN 0100 by default. description text The default setting is VLAN vlan-id, which is the ID of the VLAN. For example, the description of VLAN 100 is VLAN 0100 by default. NOTE: • As the default VLAN, VLAN 1 cannot be created or removed.
Configuring port-based VLANs Introduction to port-based VLAN Port-based VLANs group VLAN members by port. A port forwards packets for a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid. The link types use the following VLAN tag handling methods: • An access port belongs to only one VLAN and sends packets untagged.
Actions In the inbound direction for a tagged frame Access Trunk Hybrid • Receives the frame if its VLAN ID is the same as the PVID. • Drops the frame if its VLAN ID is different from the PVID. • Receives the frame if its VLAN is permitted on the port. • Drops the frame if its VLAN is not permitted on the port. • Removes the tag and sends In the outbound direction Removes the VLAN tag and sends the frame. the frame if the frame carries the PVID tag and the port belongs to the PVID.
Step Command Remarks Use one of the commands. • The configuration made in Layer 2 Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate Enter interface view. 2. interface view: interface bridge-aggregation interface-number • Enter S-channel interface view: interface s-channel interface-number.
Step Command Remarks Use one of the commands. • The configuration made in Layer 2 Ethernet interface view applies only to the port. • The configuration made in • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate Enter interface view. 2. interface view: interface bridge-aggregation interface-number • Enter S-channel interface view: interface s-channel interface-number.
Step Command Remarks Use one of the commands. • The configuration made in Layer 2 Ethernet interface view applies only to the port. • The configuration made in • Enter Layer 2 Ethernet interface view: interface interface-type interface-number 2. Enter interface view. • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number • Enter S-channel interface view: interface s-channel interface-number.
Port-based VLAN configuration example Network requirements As shown in Figure 28, Host A and Host C belong to Department A, and access the enterprise network through different devices. Host B and Host D belong to Department B. They also access the enterprise network through different devices. To ensure communication security and avoid broadcast storms, VLANs are configured in the enterprise network to isolate Layer 2 packets of different departments.
Verifying the configuration # Verify that Host A and Host C can ping each other, but they both fail to ping Host B. # Verify that Host B and Host D can ping each other, but they both fail to ping Host A. # Verify that VLANs 100 and 200 are correctly configured on Device A.
Configuring QinQ This document uses the following terms: • CVLAN—Customer network VLANs, also called "inner VLANs," refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called "outer VLANs," refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers. Overview 802.1Q-in-802.
For correct transmission of tagged frames, HP recommends that you set the MTU of each interface on the service provider network to at least 1504 bytes, which is the sum of the default interface MTU (1500 bytes) and the size of a VLAN tag (4 bytes). The devices in the service provider network forward a tagged frame according to its SVLAN tag only, and they transmit the CVLAN tag as part of the frame's payload.
To set the 802.1p priority in SVLAN tags, configure a QoS policy as described in "Setting the 802.1p priority in SVLAN tags." • Protocols and standards • IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks • IEEE 802.
Step 2. 3. Command Remarks Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. interface interface-type interface-number N/A Configure the link type. port link-type { hybrid | trunk } By default, a port is an access port. • On a hybrid port: By default: port hybrid vlan vlan-id-list { tagged | untagged } • A trunk port is only in Assign the port to the transparent VLANs and the PVID. • On a trunk port: 5. Enable QinQ on the port.
On a QinQ-enabled port, you cannot configure the SVLAN TPID. EVB and SVLAN TPID configuration are mutually exclusive. Do not configure the two features both on a port. To configure the SVLAN TPID on a service provider-side port: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. interface interface-type interface-number N/A Configure the SVLAN TPID.
Step Command Remarks 8. Create a QoS policy and enter QoS policy view. qos policy policy-name N/A 9. Associate the traffic class with the traffic behavior in the QoS policy. classifier classifier-name behavior behavior-name N/A 10. Return to system view. quit N/A 11. Enter Layer 2 Ethernet interface view. interface interface-type interface-number N/A By default, the device trusts the 802.1p priority carried in frames. 12. Configure the interface to trust the 802.
Figure 31 Network diagram Configuration procedure 1. Configure PE 1: a. Configure Ten-GigabitEthernet 1/0/1: # Configure Ten-GigabitEthernet 1/0/1 as a trunk port and assign it to VLAN 100 and VLANs 10 through 70. system-view [PE1] interface ten-gigabitethernet 1/0/1 [PE1-Ten-GigabitEthernet1/0/1] port link-type trunk [PE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 10 to 70 # Configure VLAN 100 as the PVID for the port.
# Configure Ten-GigabitEthernet 1/0/3 as a trunk port and assign it to VLAN 200 and VLANs 30 through 90. [PE1] interface ten-gigabitethernet 1/0/3 [PE1-Ten-GigabitEthernet1/0/3] port link-type trunk [PE1-Ten-GigabitEthernet1/0/3] port trunk permit vlan 200 30 to 90 # Configure VLAN 200 as the PVID for the port. [PE1-Ten-GigabitEthernet1/0/3] port trunk pvid vlan 200 # Enable QinQ on the port. [PE1-Ten-GigabitEthernet1/0/3] qinq enable [PE1-Ten-GigabitEthernet1/0/3] quit 2. Configure PE 2: a.
3. On the third-party devices between PE 1 and PE 2, configure the port that connects to PE 1 and the port that connects to PE 2 to allow tagged frames from VLAN 100 and VLAN 200 to pass through. (Details not shown.) VLAN transparent transmission configuration example Network requirements As shown in Figure 32, the two branches of a company, Site 1 and Site 2, are connected through the service provider network and use VLANs 10 through 50 and VLAN 3000. VLAN 3000 is the dedicated VLAN of the company.
[PE1-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 3000 [PE1-Ten-GigabitEthernet1/0/1] quit b. Configure Ten-GigabitEthernet 1/0/2 as a trunk port and assign it to VLANs 100 and 3000. [PE1] interface ten-gigabitethernet 1/0/2 [PE1-Ten-GigabitEthernet1/0/2] port link-type trunk [PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 3000 [PE1-Ten-GigabitEthernet1/0/2] quit 2. Configure PE 2: a.
Configuring VLAN mapping Overview VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. HP provides the following types of VLAN mapping: • One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN mapping to sub-classify traffic from a particular VLAN for granular QoS control. • One-to-two VLAN mapping—Tags single-tagged packets with an outer VLAN tag.
Figure 33 Application scenario of one-to-one VLAN mapping ... ... ... ... ... In Figure 33, the network is planned as follows: • Each home gateway uses different VLANs to transmit the PC, VoD, and VoIP services. • To further sub-classify each type of traffic by customer, perform one-to-one VLAN mapping on the wiring-closet switches, assigning a separate VLAN for each type of traffic from each customer.
Figure 34 Application scenario of one-to-two and two-to-two VLAN mapping Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively. The VLAN assigned to VPN A is VLAN 10 in the SP 1 network and VLAN 20 in the SP 2 network. When the packet from Site 1 arrives at the edge of network SP 1, PE 1 tags the packet with outer VLAN 10 by using one-to-two VLAN mapping. With one-to-two VLAN mapping, a VPN user can plan the VLAN IDs in the network without conflicting with SVLANs.
Figure 35 Basic concepts of VLAN mapping SP Network-side port Customer-side port Uplink traffic Downlink traffic One-to-one VLAN mapping Figure 36 One-to-one VLAN mapping implementation In Figure 36, after you configure one-to-one VLAN mapping on the customer-side port, the device replaces the CVLAN with the SVLAN for the uplink traffic and replaces the SVLAN with the CVLAN for the downlink traffic.
• For the uplink traffic, after you configure one-to-two VLAN mapping on the customer-side port, the device tags the packet from a CVLAN with a SVLAN. • For the downlink traffic, you can configure the customer-side port as a hybrid port and assign the port to the SVLAN as an untagged member, so that the device strips the SVLAN tags before sending packets.
Configuring one-to-one VLAN mapping Perform one-to-one VLAN mapping on wiring-closet switches (see Figure 33) to isolate traffic by both user and traffic type. Before configuring one-to-one VLAN mapping, first create the original VLAN and the translated VLAN. One-to-one VLAN mapping must be configured on the customer-side port. To configure one-to-one VLAN mapping: Step 1. Enter system view. Command Remarks system-view N/A • Enter Layer 2 Ethernet interface 2.
Step 1. Enter system view. Command Remarks system-view N/A • Enter Layer 2 Ethernet interface 2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. view: interface interface-type interface-number • Enter Layer 2 aggregate interface N/A view: interface bridge-aggregation interface-number 3. Configure the link type of the port as hybrid. port link-type hybrid By default, the link type of a port is access. 4. Assign the port to the original VLANs.
Step Command Remarks Use one of the commands. 4. Assign the port to the original VLANs and the translated VLANs. • port trunk permit vlan vlan-list • port hybrid vlan vlan-list tagged 5. Configure two-to-two VLAN mapping. vlan mapping tunnel outer-vlan-id inner-vlan-id translated-vlan outer-vlan-id inner-vlan-id By default, a trunk port is assigned to only VLAN 1, and a hybrid port is only an untagged member of VLAN 1. By default, VLAN mapping is not configured on an interface.
Figure 39 Network diagram DHCP client PC VLAN 1 Home gateway VoD VoIP VLAN 2 VLAN 3 XGE1/0/1 Wiring-closet Switch A PC VoD VLAN 1 XGE1/0/2 VLAN 1 -> VLAN 101 VLAN 2 -> VLAN 201 VLAN 3 -> VLAN 301 XGE1/0/3 VLAN 1 -> VLAN 102 VLAN 2 -> VLAN 202 VLAN 3 -> VLAN 302 DHCP server VLAN 2 Home gateway VoIP VLAN 3 XGE1/0/1 Campus switch Switch C PC VLAN 1 XGE1/0/3 XGE1/0/1 Switch D XGE1/0/2 Home gateway VoD VoIP VLAN 2 VLAN 3 XGE1/0/1 Wiring-closet Switch B PC VoD VLAN 1 XGE1/0/2 VLAN 1
# Configure customer-side port Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to original VLANs and translated VLANs.
Figure 40 Network diagram SP 1 SP 2 PE 1 PE 2 XGE1/0/1 XGE1/0/2 XGE1/0/1 VLAN 100 VLAN 5 VLAN 5 PE 3 XGE1/0/2 XGE1/0/1 Data PE 4 XGE1/0/2 VLAN 200 Data CE 1 XGE1/0/1 VLAN 6 VLAN 6 VPN A Site 1 VPN A Site 2 XGE1/0/2 Data Data CE 2 Configuration procedure 1. Configure PE 1: # Configure one-to-two VLAN mapping on customer-side port Ten-GigabitEthernet 1/0/1 to add outer VLAN tag 100 to packets from VLAN 5.
3. Configure PE 3: # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLANs 100 and 200. system-view [PE3] interface ten-gigabitethernet 1/0/1 [PE3-Ten-GigabitEthernet1/0/1] port link-type trunk [PE3-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 200 # Configure two-to-two VLAN mapping on Ten-GigabitEthernet 1/0/1 to map outer VLAN 100 and inner VLAN 5 to outer VLAN 200 and inner VLAN 6.
[PE4] display vlan mapping Interface Ten-GigabitEthernet1/0/2: Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN 6 N/A 200 6 The output shows that one-to-two VLAN mapping is successfully configured on PE 1 and PE 4, and two-to-two VLAN mapping is successfully configured on PE 3.
Configuring LLDP Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Figure 42 Ethernet II-encapsulated LLDPDU Table 12 Fields in an Ethernet II-encapsulated LLDPDU Field Description Destination MAC address MAC address to which the LLDPDU is advertised. To distinguish between LLDP packets sent and received by different agent types on the same interface, LLDP specifies different multicast MAC addresses as destination MAC addresses for LLDP packets to different agent types.
Table 13 Fields in a SNAP-encapsulated LLDPDU Field Description Destination MAC address MAC address to which the LLDPDU is advertised. It is fixed at 0x0180-C200-000E, a multicast MAC address. Source MAC address MAC address of the sending port. Type SNAP type for the upper layer protocol. It is 0xAAAA-0300-0000-88CC for LLDP. Data LLDPDU. FCS Frame check sequence, a 32-bit CRC value used to determine the validity of the received Ethernet frame. LLDPDUs LLDP uses LLDPDUs to exchange information.
Type Description End of LLDPDU Marks the end of the TLV sequence in the LLDPDU. Port Description Specifies the port description of the sending port. System Name Specifies the assigned name of the sending device. System Description Specifies the description of the sending device. System Capabilities Identifies the primary functions of the sending device and the enabled primary functions.
Type Description Power Stateful Control Indicates the power state control configured on the sending port, including the power type of the PSE/PD, PoE sourcing/receiving priority, and PoE sourcing/receiving power. NOTE: The power stateful control TLV is defined in IEEE P802.3at D1.0 and is not supported in later versions. HP devices send this type of TLVs only after receiving them. 4.
Management address The network management system uses the management address of a device to identify and manage the device for topology maintenance and network management. The management address is encapsulated in the management address TLV. Work mechanism LLDP operating modes LLDP can operate in one of the following modes: • TxRx mode—A port in this mode can send and receive LLDPDUs. • Tx mode—A port in this mode can only send LLDPDUs. • Rx mode—A port in this mode can only receive LLDPDUs.
Tasks at a glance Performing basic LLDP configuration: • • • • • • • • (Required.) Enabling LLDP (Optional.) Setting the LLDP operating mode (Optional.) Setting the LLDP re-initialization delay (Optional.) Enabling LLDP polling (Optional.) Configuring the advertisable TLVs (Optional.) Configuring the management address and its encoding format (Optional.) Setting other LLDP parameters (Optional.) Setting an encapsulation format for LLDPDUs (Optional.) Configuring CDP compatibility (Optional.
Step Command Remarks 2. Enter Layer 2 or Layer 3 Ethernet interface view. interface interface-type interface-number N/A 3. (Optional.) Set the LLDP operating mode. lldp admin-status { disable | rx | tx | txrx } The default setting is txrx. 4. Set the operating mode for the LLDP nearest non-TPMR bridge. lldp agent nearest-nontpmr admin-status The default setting is disable.
Step 2. 3. 4. Command Remarks Enter Layer 2 or Layer 3 Ethernet interface view. interface interface-type interface-number N/A Configure the advertisable TLVs (in Layer 2 Ethernet interface view).
Step Command Remarks By default, the management address is sent through LLDPDUs. 3. Allow LLDP to advertise the management address in LLDPDUs and configure the advertised management address. lldp tlv-enable basic-tlv management-address-tlv [ ip-address ] For a Layer 2 Ethernet port, the management address is the main IP address of the VLAN interface that is in up state and whose corresponding VLAN ID is the lowest among the VLANs permitted on the port.
If the LLDPDU transmit delay is greater than the LLDPDU transmit interval, the device uses the LLDPDU transmit delay as the transmit interval. • To change LLDP parameters: Step Command Remarks 1. Enter system view. system-view N/A 2. Set the TTL multiplier. lldp hold-multiplier value The default setting is 4. 3. Set the LLDPDU transmit interval. lldp timer tx-interval interval The default setting is 30 seconds. 4. Set the LLDPDU transmit delay.
lowest among the VLANs permitted on the port. If none of the VLAN interfaces of the permitted VLANs is assigned an IP address or all VLAN interfaces are down, no port IP address will be advertised. The CDP neighbor-information-related fields in the output of the display lldp neighbor-information command show the CDP neighboring device information that can be recognized by the switch. For more information about the display lldp neighbor-information command, see Layer 2—LAN Switching Command Reference.
• Detects configuration errors on peer devices. • Remotely configures the peer device if the peer device accepts the configuration. NOTE: HP devices support only the remote configuration function. Figure 45 DCBX application scenario DCBX enables lossless packet transmission on DCE networks. As shown in Figure 45, DCBX applies to an FCoE based data center network, and operates on an access switch.
Step Command Remarks 3. Enter Layer 2 Ethernet interface view. interface interface-type interface-number N/A 4. Enable LLDP. lldp enable By default, LLDP is enabled on an interface. 5. Enable the interface to advertise DCBX TLVs. lldp tlv-enable dot1-tlv dcbx By default, DCBX TLV advertising is disabled on an interface. Configuring APP parameters The device negotiates with the server adapter by using the APP parameters to control the 802.
Step Command Remarks remark dot1p 8021p N/A 10. Return to system view. quit N/A 11. Create a QoS policy and enter QoS policy view. qos policy policy-name N/A 12. Associate the class with the traffic behavior in the QoS policy, and apply the association to DCBX. classifier classifier-name behavior behavior-name mode dcbx In a QoS policy, you can configure multiple class-behavior associations. A packet might be configured with multiple 802.
To configure ETS parameters, you must configure the 802.1p-to-local priority mapping and group-based WRR queuing. Configuring the 802.1p-to-local priority mapping You can configure the 802.1p-to-local priority mapping either in the MQC approach or in the priority mapping table approach. If you configure the 802.1p-to-local priority mapping in both approaches, the configuration made in the former approach applies. To configure the 802.1p-to-local priority mapping in the MQC approach: Step Command 1.
For more information about the qos map-table and import commands, see ACL and QoS Command Reference. Configuring group-based WRR queuing You can configure group-based WRR queuing to allocate bandwidth. To configure group-based WRR queuing: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view. interface interface-type interface-number N/A 3. Enable WRR queuing. qos wrr byte-count By default, WRR queuing is disabled.
Step Command Remarks By default, PFC is disabled for all 802.1p priorities. 4. Enable PFC for specific 802.1p priorities. priority-flow-control no-drop dot1p dot1p-list 5. Configure the interface to trust the 802.1p priority carried in packets. undo qos trust HP recommends that you enable PFC for the 802.1p priority of FCoE traffic. If you enable PFC for multiple 802.1p priorities, packet loss might occur during periods of congestion. By default, the port priority of the incoming port is trusted.
Task Command Display the information contained in the LLDP TLVs sent from neighboring devices. display lldp neighbor-information [ interface interface-type interface-number [ verbose ] | list [ system-name system-name ] | verbose ] Display LLDP statistics. display lldp statistics [ global | interface interface-type interface-number ] Display LLDP status of a port. display lldp status [ interface interface-type interface-number ] Display types of advertisable optional LLDP TLVs.
2. Configure Switch B: # Enable LLDP globally. system-view [SwitchB] lldp global enable # Enable LLDP on Ten-GigabitEthernet 1/0/1. (You can skip this step because LLDP is enabled on ports by default.) Set the LLDP operating mode to Tx. [SwitchB] interface ten-gigabitethernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] lldp enable [SwitchB-Ten-GigabitEthernet1/0/1] lldp admin-status tx [SwitchB-Ten-GigabitEthernet1/0/1] quit 3.
The sample output shows that: { Ten-GigabitEthernet 1/0/1 of Switch A connects to an MED device. { Ten-GigabitEthernet 1/0/2 of Switch A connects to a non-MED device. { Both ports operate in Rx mode, and they can receive LLDPDUs but cannot send LLDPDUs. # Remove the link between Switch A and Switch B, and then display the global LLDP status and port LLDP status on Switch A.
DCBX configuration example Network requirements As shown in Figure 47, in a data center network, interface Ten-GigabitEthernet 1/0/1 of the access switch (Switch A) connects to the FCoE adapter of the data center server (DC server). Configure Switch A to implement lossless FCoE and FIP packet transmission to DC server. NOTE: Suppose that both Switch A and DC server support DCBX Rev 1.01. Figure 47 Network diagram Configuration procedure 1. Enable LLDP and DCBX TLV advertising: # Enable LLDP globally.
# Create a QoS policy named plcy, associate class app_c with traffic behavior app_b in the QoS policy, and apply the association to DCBX. [SwitchA] qos policy plcy [SwitchA-qospolicy-plcy] classifier app_c behavior app_b mode dcbx [SwitchA-qospolicy-plcy] quit # Apply the policy named plcy to the outgoing traffic of interface Ten-GigabitEthernet 1/0/1. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy plcy outbound [SwitchA-Ten-GigabitEthernet1/0/1] quit 3.
Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 2 Priority Group ID of Priority 3: 15 Priority Group ID of Priority 2: 1 Priority Group ID of Priority 5: 5 Priority Group ID of Priority 4: 4 Priority Group ID of Priority 7: 7 Priority Group ID of Priority 6: 6 Priority Group 0 Percentage: 2 Priority Group 1 Percentage: 4 Priority Group 2 Percentage: 6 Priority Group 3 Percentage: 0 Priority Group 4 Percentage: 10 Priority Group 5 Percentage: 18 Priority Group 6 Percentage: 27 Priority Gr
Priority Group 6 Percentage: 27 Priority Group 7 Percentage: 31 Number of Traffic Classes Supported: 8 DCBX Parameter Information Parameter Type: Local Pad Byte Present: Yes DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data Priority Group ID of Priority 1: 0 Priority Group ID of Priority 0: 0 Priority Group ID of Priority 3: 1 Priority Group ID of Priority 2: 0 Priority Group ID of Priority 5: 0 Priority Group ID of Priority 4: 0 Priority Group ID of Priority 7: 0 Priority Group ID of Priority 6:
DCBX Parameter Data PFC Enabled on Priority 0: No PFC Enabled on Priority 1: No PFC Enabled on Priority 2: No PFC Enabled on Priority 3: Yes PFC Enabled on Priority 4: No PFC Enabled on Priority 5: No PFC Enabled on Priority 6: No PFC Enabled on Priority 7: No Number of Traffic Classes Supported: 6 DCBX Parameter Information Parameter Type: Remote Pad Byte Present: No DCBX Parameter Valid: Yes Reserved: 0 DCBX Parameter Data PFC Enabled on Priority 0: No PFC Enabled on Priority 1: No PFC Enabled on Priorit
The output shows that DC server performs PFC for packets carrying 802.1p priority 3 after negotiating with Switch A.
Configuring service loopback groups The service loopback group is a logical group of one or more Ethernet ports that are used to loop packets that are sent out by the device back to the device. This feature must work with other features, such as GRE. A service loopback group provides one of the following services: • Tunnel—Supports unicast tunnel traffic. • Multicast tunnel—Supports multicast tunnel traffic. For each service type, the device supports only one service loopback group.
Displaying and maintaining service loopback groups Execute display commands in any view. Purpose Command Display information about service loopback groups. display service-loopback group [ number ] Service loopback group configuration example Network requirements All Ethernet ports on Device A support the unicast tunnel service. Assign Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to a service loopback group to support the tunnel service.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index 802.x access port to a VLAN, 107 802.1 LLDPDU TLV types, 139 hybrid port to a VLAN, 109 802.1p priority (LLDP PFC), 153 MAC address table learning priority, 25 802.1p-to-local priority mapping, 152 port to isolation group, 53 802.
Ethernet link aggregation reference port, 33, 36 LLDP agent nearest bridge, 137 Cisco LLDP agent non-TPMR bridge, 137 LLDP CDP compatibility, 147 MST common root bridge, 65 CIST MST regional root, 65 MSTP root bridge configuration, 73 calculation, 67 MSTP secondary root bridge configuration, 73 network device connection, 65 RSTP root bridge configuration, 73 STP max age timer, 75 combo interface RSTP secondary root bridge configuration, 73 STP designated bridge, 57 configuring a combo interface
LLDP APP parameter, 150 MTU, 13 LLDP basics, 143, 155 null interface, 15 LLDP CDP compatibility, 147 one-to-one VLAN mapping, 129 LLDP DCBX, 148, 158 one-to-two VLAN mapping, 129 LLDP ETS parameter, 151 port isolation, 53 LLDP group-based WRR queuing, 153 QinQ, 114, 116, 119 LLDP management address, 145 QinQ CVLAN TPID, 117 LLDP management address encoding format, 145 QinQ SVLAN TPID, 117 QinQ VLAN tag TPID value, 117 LLDP PFC parameter, 153 QinQ VLAN transparent transmission, 116, 122 LLD
DCBX STP TC-BPDU transmission restriction, 90 STP timeout factor, 76 configuration, 148, 158 STP timer, 75 LLDP APP parameter configuration, 150 two-to-two VLAN mapping, 130 LLDP ETS parameter configuration, 151 VLAN (port-based), 106, 111 LLDP PFC parameter configuration, 153 VLAN basic settings, 104 LLDP+DCBX TLV advertisement, 149 default VLAN interface basic settings, 105 Ethernet link aggregate interface default settings, 42 VLAN mapping, 124, 131 Converged Enhanced Ethernet.
edge port STP secondary root bridge configuration, 73 STP TC-BPDU guard, 90 MST, 66 STP TC-BPDU transmission restriction, 90 STP, 77 enabling Digest Snooping (STP), 84, 85 Ethernet link aggregation traffic redirection, 45 disabling LLDP, 143 MAC address learning, 23 LLDP polling, 144 discarding LLDP+DCBX TLV advertisement, 149 MST discarding port state, 66 loop detection, 98 displaying Ethernet interface, 14 loop detection (global), 98 Ethernet link aggregation, 45 loop detection (port-spe
LLDP trapping, 154 configuring the link mode, 4 LLDP+DCBX TLV advertisement, 149 configuring the MTU, 13 LLDPDU encapsulated in Ethernet II, 137 displaying, 14 LLDP-MED trapping, 154 loopback testing, 6 loop detection configuration, 96, 100 maintaining, 14 MAC address table configuration, 19, 20, 26 naming convention, 1 MAC Information configuration, 28, 29 setting the MDIX mode, 12 MAC Information global enable, 28 splitting a 40-GE interface, 2 MAC Information interface enable, 28 testing
reference port choosing, 33, 36 frame encapsulation, VLAN, 103 setting aggregate group min/max number Selected ports, 41 generic flow control configuring an Ethernet interface, 7 shutting down aggregate interface, 42 group static group configuration, 39 assigning port (Layer 2), 53 static mode, 33 Ethernet link aggregation aggregation group, 31 traffic redirection, 45 Ethernet link aggregation group configuration, 38 traffic redirection restrictions, 45 ETS parameter (LLDP), 151 Ethernet link a
configuring storm control (Ethernet interface), 11 Ethernet aggregate interface configuration, 40 configuring storm interface), 10 Ethernet link aggregate interface default settings, 42 suppression (Ethernet Ethernet link aggregation configuration, 31, 38, 46 configuring the MTU, 13 Ethernet aggregate interface (description), 40 Ethernet link aggregation group configuration, 38 Ethernet aggregate interface configuration, 40 Ethernet link aggregate interface default settings, 42 Ethernet link aggre
configuration, 4 VLAN interface basic configuration, 105 LLDP VLAN mapping configuration, 124 VLAN port-based configuration, 106, 111 802.
logging protocols and standards, 142 loop detection configuration, 96, 98, 100 re-initialization delay, 144 loop trapping configuration, 154 MSTP configuration, 56, 68, 92 LLDPDU encapsulated in Ethernet II format, 137 RSTP configuration, 56, 68, 92 encapsulated in SNAP format, 137 STP configuration, 56, 68, 92 encapsulation format, 147 STP loop guard, 89 loop detection LLDP basic configuration, 143, 155 LLDP configuration, 137, 142 configuration, 96, 98, 100 LLDP parameters, 146 displaying,
MSTP VLAN-to-instance mapping table, 65 dynamic aging timer, 24 entry configuration, 20 master port (MST), 66 entry creation, 19 maximum STP max age timer, 62 entry types, 19 learning priority assignment, 25 mCheck (STP), 83 MAC address learning disable, 23 MDIX mode configuration, 12 manual entries, 19 MED (LLDP-MED trapping), 154 multiport unicast entry, 22 MIB MAC Information change send interval, 29 LLDP basic configuration, 143, 155 configuration, 28, 29 LLDP configuration, 137, 142 mod
region, 64 Ethernet link aggregation dynamic mode, 34 region configuration, 72 Ethernet link aggregation LACP, 34 region max hops, 74 Ethernet link aggregation member port state, 33, 36 regional root, 65 Ethernet link aggregation modes, 32 MSTI Ethernet link aggregation operational key, 32 calculation, 67 Ethernet link aggregation choosing, 33, 36 MST instance, 65 MSTP.
STP loop guard, 89 LLDP configuration, 137, 142 STP max port rate, 77 LLDP DCBX configuration, 148, 158 STP mode set, 71 loop detection, 96 STP No Agreement Check, 86, 87 loop detection configuration, 98, 100 STP path cost, 57 loopback interface configuration, 15 STP port link type, 81 MAC address table configuration, 19, 20, 26 STP port mode, 81 MAC Information configuration, 28, 29 STP port path cost, 78, 79 many-to-one VLAN scenario, 124 STP port priority, 80 mapping application MSTP c
parameter one-to-one VLAN mapping application scenario, 124 LLDP APP configuration, 150 configuration, 129 LLDP ETS configuration, 151 configuration example, 131 LLDP PFC configuration, 153 STP timeout factor, 76 one-to-two VLAN mapping application scenario, 125 per-flow load-sharing, 38 configuration, 129 performing STP mCheck, 83 configuration example, 133 operational key (Ethernet link aggregation), 32 STP mCheck globally, 83 organization-specific LLDPDU TLV types, 139 STP mCheck in interfa
Ethernet link aggregation choosing, 33, 36 reference MAC address table entry configuration, 20 port MAC address table multiport unicast entry, 22 Ethernet link aggregation static mode, 33 MAC Information configuration, 28, 29 Ethernet link aggregation traffic redirection, 45 MST port roles, 66 Ethernet link dynamic aggregation group configuration, 39 Ethernet link static configuration, 39 aggregation MST port states, 66 QinQ implementation, 115 group service loopback group configuration, 164, 1
port link type, 106 assigning VLAN hybrid port, 109 port-based VLAN assigning VLAN trunk port, 108 access port assignment, 107 bulk configuring interfaces, 17 configuration, 106, 111 combining 10-GE interfaces, 2 configuration example, 111 configuring a combo interface (single combo interface), 2 configuration procedure, 111 configuring an Ethernet interface, 7 how ports of different link types handle frames, 106 configuring Ethernet aggregate interface, 40 configuring Ethernet (description), 4
configuring MSTP secondary root bridge device, 73 configuring LLDP DCBX, 148, 158 configuring LLDP ETS parameters, 151 configuring null interface, 15 configuring LLDP group-based WRR queuing, 153 configuring one-to-one VLAN mapping, 129 configuring LLDP management address, 145 configuring one-to-two VLAN mapping, 129 configuring LLDP management encoding format, 145 configuring PFC on Ethernet interface, 8 address configuring LLDP PFC parameters, 153 configuring physical state change suppression,
configuring STP port priority, 80 displaying STP, 91 configuring STP port role restriction, 89 displaying VLAN, 110 configuring STP protection functions, 88 displaying VLAN mapping, 131 configuring STP root bridge, 73 enabling Ethernet link aggregation local-first load sharing, 44 configuring STP root bridge device, 73 enabling Ethernet link aggregation traffic redirection, 45 configuring STP secondary root bridge, 73 configuring STP secondary root bridge device, 73 enabling LLDP, 143 enabling LL
performing STP mCheck, 83 application scenario, 114 performing STP mCheck globally, 83 configuration, 114, 116, 119 performing STP mCheck in interface view, 83 CVLAN tag, 114 port isolation configuration, 54 CVLAN TPID, 117 restoring Ethernet link aggregate interface default settings, 42 displaying, 119 enable, 116 setting 802.
No Agreement Check, 86, 87 MST regional root, 65 re-initialization delay (LLDP), 144 root bridge configuration, 73 restoring root bridge device configuration, 73 secondary root bridge configuration, 73 Ethernet link aggregate interface default settings, 42 secondary root bridge device configuration, 73 restrictions STP basic concepts, 57 Ethernet link aggregation traffic redirection, 45 selected state (Ethernet link aggregation), 31 STP Digest Snooping configuration, 84 selecting STP edge port
displaying, 91 SNMP MAC Information configuration, 28, 29 edge port configuration, 77 MAC Information global enable, 28 edge port configuration restrictions, 77 MAC Information interface enable, 28 feature enable, 82 IST, 65 snooping loop detection, 56 STP Digest Snooping, 84, 85 spanning tree.
switching protocol packets, 56 root bridge, 57 assigning port to isolation group (Layer 2), 53 root bridge configuration, 73 Ethernet interface configuration, 1 root bridge device configuration, 73 Layer 2 port isolation configuration, 53 root guard enable, 88 loopback interface configuration, 15 root port, 57 MAC address table configuration, 19, 20, 26 secondary root bridge configuration, 73 null interface configuration, 15 secondary root bridge device configuration, 73 port isolation configu
Ethernet link aggregation traffic redirection, 45 two-to-two VLAN mapping application scenario, 125 transmitting two-to-two VLAN mapping configuration, 130 LLDPDUs, 142 two-to-two VLAN mapping implementation, 128 transparent transmission (QinQ for VLAN), 116, 122 VLAN mapping configuration, 124, 131 trapping VLAN tag TPID value, 117 LLDP configuration, 154 TC-BPDU LLDP-MED configuration, 154 STP TC-BPDU guard, 90 MAC Information configuration, 28, 29 STP TC-BPDU transmission restriction, 90
LLDP CDP compatibility, 147 displaying, 131 loop detection configuration, 96, 98, 100 many-to-one application scenario, 124 maintaining, 110 many-to-one VLAN example, 131 MSTP VLAN-to-instance mapping table, 65 mapping configuration one-to-one application scenario, 124 port isolation configuration (Layer 2), 54 one-to-one configuration, 129 port link type, 106 one-to-one VLAN example, 131 port-based configuration, 106, 111 port-based VLAN configuration example, 111 mapping configuration one
