Professional Documents
Culture Documents
S2300&S3300 V100R006C05 Typical Configuration Examples 02
S2300&S3300 V100R006C05 Typical Configuration Examples 02
V100R006C05
Issue 02
Date 2013-04-20
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Related Versions
The following table lists the product versions related to this document.
S2300&S3300 V100R006C05
This document provides the typical configuration examples supported by the S2300&S3300
device.
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Symbol Description
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
&<1-n> The parameter before the & sign can be repeated 1 to n times.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
l Some contents are modified according to updates in the product such as features and
commands.
l Output information of some commands is modified.
Contents
9.1.4 Example for Associating the BFD Session Status with the Interface Status.........................................615
9.1.5 Example for Configuring Association Between a BFD Session and an Interface................................620
9.1.6 Example for Configuring the BFD Echo Function................................................................................627
9.2 DLDP Configuration......................................................................................................................................629
9.2.1 Example for Configuring DLDP to Detect a Disconnected Optical Fiber Link....................................629
9.2.2 Example for Configuring DLDP to Detect Cross-Connected Optical Fibers........................................631
9.3 MAC Swap Loopback Configuration.............................................................................................................634
9.3.1 Example for Configuring Local MAC Swap Loopback........................................................................634
9.3.2 Example for Configuring Remote MAC Swap Loopback....................................................................636
9.4 Smart Link Configuration...............................................................................................................................637
9.4.1 Example for Configuring Load Balancing on a Smart Link Instance...................................................638
9.4.2 Example for Configuring the Integrated Application of Monitor Link and Smart Link.......................642
9.4.3 Example for Configuring the Smart Link with the Function of Notifying the VPLS Module of Detecting
Link Switching...............................................................................................................................................647
9.5 Monitor Link Configuration...........................................................................................................................651
9.5.1 Example for Configuring the Integrated Application of Monitor Link and Smart Link.......................651
9.6 ERPS (G.8032) Configuration........................................................................................................................651
9.6.1 Example for Configuring ERPS............................................................................................................652
9.6.2 Example for Configuring ERPS Multi-Instance....................................................................................658
9.7 VRRP Configuration......................................................................................................................................666
9.7.1 Example for Configuring a VRRP Group in Active/Standby Mode.....................................................666
9.7.2 Example for Configuring a VRRP Group in Load Balancing Mode....................................................672
9.7.3 Example for Configuring Association Between VRRP and BFD to Implement a Rapid Active/Standby
Switchover......................................................................................................................................................677
9.7.4 Example for Configuring a VRRP6 Group in Active/Standby Mode...................................................682
9.7.5 Example for Configuring a VRRP6 Group in Load Balancing Mode..................................................689
9.8 RRPP Configuration.......................................................................................................................................694
9.8.1 Example for Configuring a Single RRPP Ring with a Single Instance.................................................694
9.8.2 Example for Configuring Intersecting RRPP Rings with a Single Instance (RRPP Defined by the National
Standard of China)..........................................................................................................................................699
9.8.3 Example for Configuring Intersecting RRPP Rings with a Single Instance.........................................710
9.8.4 Example for Configuring Tangent RRPP Rings....................................................................................720
9.8.5 Example for Configuring a Single RRPP Ring with Multiple Instances..............................................728
9.8.6 Example for Configuring Intersecting RRPP Rings with Multiple Instances (RRPP Defined by the
National Standard of China)...........................................................................................................................737
9.8.7 Example for Configuring Intersecting RRPP Rings with Multiple Instances.......................................753
9.8.8 Example for Configuring Tangent RRPP Rings with Multiple Instances.............................................770
9.9 EFM Configuration.........................................................................................................................................780
9.9.1 Example for Configuring Basic EFM Functions...................................................................................781
9.9.2 Example for Configuring Association Between an EFM Module and an Interface..............................786
9.9.3 Example for Configuring Association Between EFM Modules............................................................788
9.9.4 Example for Configuring Association between EFM and BFD............................................................791
9.10 CFM Configuration......................................................................................................................................797
This document describes methods to use command line interface and to log in to the device, file
operations, and system startup configurations.
1.1 CLI Overview
Users perform configuration and routine maintenance on devices by running commands.
1.2 Logging In to the System for the First Time
This section describes how to log in to a new device to configure the device. You can log in
through the console port.
1.3 Configuring a User Interface
When a user logs in to the device using the console port, Telnet, or SSH, the system manages
the session between the user and the device on the corresponding user interface.
1.4 Configuring User Login
Users can log in to the device through a console port, Telnet, STelnet, or web to perform local
or remote device maintenance. When there is no reachable route between user terminals and
remote devices, users can log in to these devices through Telnet or STelnet from reachable
devices to manage and configure the devices.
1.5 File Management
All files on the device are stored in storage devices and can be managed in multiple modes. The
current device can function as a client to access files on other devices.
1.6 Configuring System Startup
When the device is powered on, system software starts and configuration files are loaded. To
ensure smooth running of the device, you need to manage system software and configuration
files efficiently.
Configuration Roadmap
The configuration roadmap is as follows:
1. If there is only one match for the incomplete keyword, enter the incomplete keyword and
press Tab.
2. If there are several matches for the keyword, enter the incomplete keyword and press
Tab repeatedly until the desired keyword is displayed.
3. Enter the incorrect keyword and press Tab. In this case, the incorrect keyword remains
unchanged.
Use Tab if:
There Is Only One Match for an Incomplete Keyword
1. Enter an incomplete keyword.
[Quidway] info-
2. Press Tab.
The system replaces the entered keyword and displays it in a new line with the complete
keyword followed by a space.
[Quidway] info-center
2. Press Tab.
The system displays the prefixes of all the matched keywords. In this example, the prefix
is log.
[Quidway] info-center loghost
Press Tab to switch from one matched keyword to another. In this case, the cursor closely
follows the end of a word.
[Quidway] info-center logbuffer
2. Press Tab.
[Quidway] info-center loglog
The system displays information in a new line, but the keyword loglog remains unchanged
and there is no space between the cursor and the keyword, indicating that this keyword
does not exist.
Networking Requirements
After logging in to the device through the console port, set the user level for Telnet users 0
through 4 to 15, and set the authentication mode to AAA authentication.
Figure 1-1 Networking diagram for configuring the device through the console port
Console
Network
Configuration Roadmap
1. Log in to the device through the console port.
NOTE
The HyperTerminal of Windows XP can be used as the terminal emulation software on the PC.
2. Configure the device.
Procedure
Step 1 Log in to the device from PC1 through the console port. For details, see Logging In Through
the Console Port.
# Set the user level and authentication mode for Telnet users.
[Server] user-interface vty 0 4
[Server-ui-vty0-4] user privilege level 15
[Server-ui-vty0-4] authentication-mode aaa
[Server-ui-vty0-4] quit
[Server] aaa
[Server-aaa] local-user huawei password cipher huawei2012
[Server-aaa] local-user huawei privilege level 15
[Server-aaa] local-user huawei service-type telnet
[Server-aaa] quit
When completing the configuration, you can log in to the device through Telnet on PC2.
Access the command line interface of Windows XP and log in to the device through Telnet.
C:\Documents and Settings\Administrator> telnet 10.137.217.177
Press Enter. On the displayed login page, enter the user name and password. If the authentication
succeeds, the command line interface for the user view is displayed. (The following information
is only for reference.)
Login authentication
Username:huawei
Password:
Info: The max number of VTY users is 15, and the number
----End
Configuration Files
Configuration file of the device
#
sysname Server
#
vlan batch 10
#
aaa
local-user huawei password cipher %$%$~^Mg.QBcGS^}H.Q*w~#*,JA8%$%$
local-user huawei privilege level 15
local-user huawei service-type telnet
#
interface Vlanif10
ip address 10.137.217.177 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
#
return
Networking Requirements
When a user logs in to the device using the console user interface to maintain the device locally,
the user can configure the attributes of the console user interface to ensure the device security
as required.
The level of console users is 15. The password authentication mode and authentication password
huawei2012 are configured for console users to log in to the device.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure the user level on the console user interface.
<Quidway> system-view
[Quidway] user-interface console 0
[Quidway-ui-console0] user privilege level 15
Step 2 Configure the authentication mode and password on the console user interface.
[Quidway-ui-console0] authentication-mode password
[Quidway-ui-console0] set authentication password cipher huawei2012
[Quidway-ui-console0] quit
After the console user interface is configured, users can use the console interface to log in to the
device in the password authentication mode to maintain the device locally. For details on how
to log in to the device see Logging In to the Device Through a Console Port.
----End
Configuration File
#
user-interface con 0
authentication-mode password
user privilege level 15
set authentication password cipher %%$%$RdF~Z+6N|0d^a3%v5`W~3.%ymjpAD#$u
[T'e#e32hd8G~4+&%$%$
#
return
Networking Requirements
A user can use the VTY interface to log in to a remote device using Telnet. The device
administrator can configure the attributes of the VTY user interface to ensure the device security
as required.
The level of VTY users is 15. The password authentication mode and authentication password
huawei2012 are configured for VTY users to log in to the device. Only the user whose IP address
is 10.1.1.1 can log in to the device.
If a user logs in to the device and does not perform any operation within 30 minutes, the user's
terminal disconnects from the device.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the maximum number of concurrent VTY user interfaces to 8.
2. Configure restrictions on call-in and call-out permissions on the VTY user interface to
allow users at a specified address or address segment to log in to the device.
3. Configure terminal attributes on the VTY user interface.
4. Configure the user level on the VTY user interface.
5. Configure the authentication mode and password of the VTY user interface.
Procedure
Step 1 Configure the maximum number of concurrent VTY user interfaces.
<Quidway> system-view
[Quidway] user-interface maximum-vty 8
Step 2 Configure restrictions on call-in and call-out permissions on the VTY user interface.
[Quidway] acl 2000
[Quidway-acl-basic-2000] rule deny source 10.1.1.1 0
[Quidway-acl-basic-2000] rule permit source any
[Quidway-acl-basic-2000] quit
[Quidway] user-interface vty 0 7
[Quidway-ui-vty0-7] acl 2000 inbound
Step 5 Configure the authentication mode and password of the VTY user interface.
[Quidway-ui-vty0-7] authentication-mode password
[Quidway-ui-console0] set authentication password cipher huawei2012
[Quidway-ui-vty0-7] quit
After the VTY user interface is configured, users can to log in to the device in the password
authentication mode using Telnet to maintain the device locally or remotely. For details on how
to log in to the device see Logging In to the Device Through Telnet.
Step 6 Verify the configuration.
# Run the quit command to disconnect the terminal from the device, connect the terminal to the
device using Telnet, and verify that the new password is valid.
# Use 10.1.1.1 to log in to the device using Telnet. The login fails.
# Run the user-interface vty 0 7 command to enter the VTY interface view, and run the display
this command to check the configurations on VTY interfaces.
[Quidway] user-interface vty 0 7
[Quidway-ui-console0] display this
#
user-interface maximum-vty 8
user-interface vty 0 7
acl 2000 inbound
authentication-mode password
user privilege level 15
set authentication password cipher %%$%$RdF~Z+6N|0d^a3%v5`W~3.%ymjpAD#$u
[T'e#e32hd8G~4+&%$%$
history-command max-size 20
idle-timeout 30 0
screen-length 30
#
return
----End
Configuration File
#
acl number 2000
rule 5 deny source 10.1.1.1 0
rule 10 permit
#
user-interface maximum-vty 8
user-interface vty 0 7
acl 2000 inbound
authentication-mode password
user privilege level 15
set authentication password cipher %%$%$RdF~Z+6N|0d^a3%v5`W~3.%ymjpAD#$u
[T'e#e32hd8G~4+&%$%$
history-command max-size 20
idle-timeout 30 0
screen-length 30
#
return
Networking Requirements
When you cannot remotely log in to the device, you can perform local login through a console
port. If you log in to the device through a console port, only password authentication is required.
To improve security, use AAA on the console user interface.
PC Switch
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the terminal simulation software to log in to the device through a console port.
Procedure
Step 1 Use the terminal simulation software to log in to the device through a console port. The Windows
XP HyperTerminal is used as an example in this section.
NOTE
The settings of the terminal communication parameters must be consistent with those of the physical
attribute parameters on the user interface of the console port. If the user authentication mode is set on the
user interface of the console port, you can log in to the device only after you are authenticated.
1. Insert the DB9 connector of the console cable delivered with the product to the 9-pin serial
port on the PC, and insert the RJ45 connector to the console port of the device, as shown
in Figure 1-3.
2. Choose Start > All Program > Accessories > Communications > HyperTerminal on
the PC to start the HyperTerminal. Set up a connection, as shown in Figure 1-4.
4. Set the port communication parameters. If the parameters on the user interface have been
set, you must set the port communication parameters to be consistent with the settings on
the user interface. If the parameters on the user interface have not been set, retain the default
settings on the device.
5. Press Enter until the system prompts you to enter the password. (The system will prompt
you to enter the user name and password in AAA authentication. The following information
is only for reference.)
Login authentication
Password:
You can run commands to configure the device. Enter a question mark (?) whenever you
need help.
Step 2 Configure the authentication mode of the console user interface.
<Quidway> system-view
[Quidway] user-interface console 0
[Quidway-ui-console0] authentication-mode aaa
[Quidway-ui-console0] user privilege level 15
[Quidway-ui-console0] quit
[Quidway] aaa
[Quidway-aaa] local-user huawei password cipher huawei2012
[Quidway-aaa] local-user huawei privilege level 3
[Quidway-aaa] local-user huawei service-type terminal
After the preceding operations, you can re-log in to the device on the console user interface only
by entering the user name huawei and password huawei2012.
----End
Configuration Files
#
aaa
10.1.1.1/32 10.137.217.177/24
Network
PC Telnet Server
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the Telnet login mode to implement remote network device maintenance.
2. Configure the administrator's user name and password and the AAA authentication mode
to ensure that only the administrator can log in to the device.
3. Configure the security policy to ensure that the administrator's PC can be used to log in to
the device.
Procedure
Step 1 Set the server listening port number and enable the server function.
<Quidway> system-view
[Quidway] sysname Telnet Server
[Telnet Server] telnet server enable
[Telnet Server] telnet server port 1025
# Set the IP address of the device to which the user is allowed to log in.
[Telnet Server] acl 2001
[Telnet Server-acl-basic-2001] rule permit source 10.1.1.1 0
# Configure the user authentication mode and user level of the VTY user interface.
[Telnet Server-ui-vty0-7] authentication-mode aaa
[Telnet Server-ui-vty0-7] user privilege level 15
[Telnet Server-ui-vty0-7] quit
Press Enter, and enter the user name and password in the login window. If the authentication
is successful, the command line prompt of the user view is displayed. The user view
configuration environment is displayed.
Login authentication
Username:huawei
Password:
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 2.
<Telnet Server>
----End
Configuration Files
Telnet server configuration file
#
sysname Telnet Server
#
telnet server port 1025
#
acl number 2001
rule 5 permit source 10.1.1.1 0
#
aaa
local-user huawei password cipher %$%$m}Dl9RZy2Y8'|X<>l&B,fRI@%$%$
local-user huawei privilege level 3
local-user huawei service-type telnet
#
user-interface maximum-vty 8
user-interface vty 0 7
acl 2001 inbound
authentication-mode aaa
user privilege level 15
history-command max-size 20
idle-timeout 20 0
screen-length 30
#
return
10.137.217.203/16
Network Network
Configuration Roadmap
The configuration roadmap is as follows:
1. Install the SSH server software on PC1. Install the key pair generation software, public key
conversion software, and SSH server login software on PC2.
2. Generate a local key pair on the SSH server to implement secure data exchange between
the server and client.
3. Configure different authentication modes for the SSH users client001 and client002 on the
SSH server.
4. Enable the STelnet service on the SSH server.
5. Configure the STelnet server type for the SSH users client001 and client002 on the SSH
server.
6. Log in to the SSH server as the client001 and client002 users through STelnet.
Procedure
Step 1 Generate a local key pair on the server.
<Quidway> system-view
[Quidway] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
There are four authentication modes for an SSH user: password, RSA, password-RSA, and all.
l If the authentication mode is password or password-RSA, configure a local user on the server with the
same user name.
l If the authentication mode is RSA, password-RSA, or all, save the RSA public key generated on the
SSH client to the server.
After the key is generated, click save public key to save the key in the key.pub file.
Click save private key. The PuTTYgen Warning dialog box is displayed. Click
Yes. The private key is saved in the private.ppk file.
2. Run sshkey.exe on the client. Convert the generated public key to the character string
required for the device.
Open the key.pub file.
Click Convert(C). You can see the public keys before and after conversion.
# Enter the RSA public key generated on PC2 to the SSH server.
[SSH Server] rsa peer-public-key rsakey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[SSH Server-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH Server-rsa-key-code] 30818702 818100CD 1ACDD096 5E779319 F6A88F9E E7669F0A
[SSH Server-rsa-key-code] 5F898844 09961F38 7215B1D6 98380C6E B4A52BEF B421023D
[SSH Server-rsa-key-code] 3E6F9732 69FB08B8 2713BE30 8F587C07 80B37D5C 5D3D4E61
[SSH Server-rsa-key-code] 8F30F514 AEC917F8 F6D91F90 948D89CD F5E4ED58 E24AE5E7
[SSH Server-rsa-key-code] 6CA9CB13 713680AC C24265DA 33D4E7B2 B80A4CD9 FE897BC5
[SSH Server-rsa-key-code] 457A8D31 23B82692 93F3D7CE EFE74102 0125
[SSH Server-rsa-key-code] public-key-code end
[SSH Server-rsa-public-key] peer-public-key end
# Bind the RSA public key of the STelnet client to the SSH user client002 on the SSH server.
[SSH Server] ssh user client002 assign rsa-key rsakey001
Step 4 Configure the STelnet service type for the client001 and client002 users.
[SSH Server] ssh user client001 service-type stelnet
[SSH Server] ssh user client002 service-type stelnet
# Click Open. Enter the user name and password at the prompt, and press Enter. You have
logged in to the SSH server.
login as: client001
Sent username "client001"
client001@10.137.217.203's password:
l Log in to the SSH server as the client002 user from PC2 using the RSA authentication mode.
# Use the PuTTY software to log in to the device, enter the device IP address, and select the
SSH protocol type.
# Choose Connection > SSH in the navigation tree. The page shown in Figure 1-16 is
displayed. Select 2 for Preferred SSH protocol version
# Choose Connection > SSH > Auth in the navigation tree. The page shown in Figure
1-17 is displayed. Select the private.ppk file corresponding to the public key configured on
the server.
# Click Open. Enter the user name at the prompt, and press Enter. You have logged in to
the SSH server.
login as: client002
Authenticating with public key "rsa-key"
----End
Configuration Files
SSH server configuration file
#
sysname SSH Server
#
rsa peer-public-key rsakey001
public-key-code begin
308186
028180
Networking Requirements
As shown in Figure 1-18, the device is logged in through HTTP from a PC and the device works
as the web server to implement the graphical user management and device maintenance.
192.168.0.1/24
Network
PC HTTP Server
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Upload the web page file.
# Configure the FTP user verification information, and authentication mode and directory.
[HTTP-Server] aaa
[HTTP-Server-aaa] local-user huawei password cipher hello@123
[HTTP-Server-aaa] local-user huawei service-type ftp
[HTTP-Server-aaa] local-user huawei privilege level 15
[HTTP-Server-aaa] local-user huawei ftp-directory flash:
[HTTP-Server-aaa] quit
[HTTP-Server] quit
# Upload the web page file to the HTTP server from the user terminal. (The operation details
are not provided here.)
After the preceding operations are completed, run the dir command on the HTTP server to check
the web page file that have been uploaded.
<HTTP-Server> dir
Directory of flash:/
Open the web browser on the PC, enter http://192.168.0.1 in the address box, and press
Enter. The Login dialog box is displayed, as shown in Figure 1-19.
Enter the correct HTTP user name, password, and verification code, and click Login or press
Enter. The home page of the web system is displayed.
# Run the display http server command on the HTTP server to check the HTTP server status.
[HTTP-Server] display http server
HTTP Server Status : enabled
HTTP Server Port : 80(80)
HTTP Timeout Interval : 20
Current Online Users : 1
Maximum Users Allowed : 5
HTTP Secure-server Status : enabled
HTTP Secure-server Port : 443(443)
HTTP SSL Policy : Default
----End
Networking Requirements
HTTP enables the device supporting the web system to function as a web server. You can log
in to this device using HTTP and manage the device on web pages. HTTP cannot authenticate
web servers or encrypt data, so it cannot protect data privacy or security. HTTPS is used on
devices to provide encrypted communication and secure identification of web servers.
As shown in Figure 1-20, an SSL policy is configured on the device that works as an HTTP
server. After the digital certificate is loaded and the HTTPS service is enabled on the device,
you can log in to the device through HTTPS and manage the device on web pages.(Use the
certificate form the CA and manually configure an SSL policy.)
192.168.0.1/24
Network
PC HTTPS Server
Configuration Roadmap
The configuration roadmap is as follows:
1. Upload the digital certificate and web page file saved in the PC to the device that works as
the HTTPS server.
2. Copy the digital certificate from the root directory on the HTTPS server to the security
subdirectory, configure the SSL policy, and load the digital certificate.
3. Load the web page file.
4. Enable the HTTPS service and configure an HTTP user.
5. Log in to the web system.
Procedure
Step 1 Upload the digital certificate and web page file.
# Configure the FTP user verification information, and authentication mode and directory.
[HTTPS-Server] aaa
[HTTPS-Server-aaa] local-user huawei password cipher hello@123
[HTTPS-Server-aaa] local-user huawei service-type ftp
[HTTPS-Server-aaa] local-user huawei privilege level 15
[HTTPS-Server-aaa] local-user huawei ftp-directory flash:
[HTTPS-Server-aaa] quit
[HTTPS-Server] quit
# Open the command line window on the PC, run the ftp 192.168.0.1 command to set up an FTP
connection with the device, and then run the put command to upload the digital certificate and
web page file to the device.
You can run the dir command on the HTTP server to check the digital certificate and web page
file that have been uploaded.
<HTTPS-Server> dir
Directory of flash:/
Step 2 Configure the SSL policy and load the digital certificate.
# Create the security subdirectory and copy the certificates from the CA to the subdirectory.
<HTTPS-Server> mkdir security/
<HTTPS-Server> copy 1_servercert_pem_rsa.pem security/
<HTTPS-Server> copy 1_serverkey_pem_rsa.pem security/
You can run the dir command in the security subdirectory to check the digital certificate.
<HTTPS-Server> cd security/
<HTTPS-Server> dir
Directory of flash:/security/
# Create the SSL policy and load the digital certificate in the PEM format.
<HTTPS-Server> system-view
[HTTPS-Server] ssl policy http_server
[HTTPS-Server-ssl-policy-http_server] certificate load pem-cert
1_servercert_pem_rsa.pem key-pair rsa key-file 1_serverkey_pem_rsa.pem auth-code
cipher 123456
[HTTPS-Server-ssl-policy-http_server] quit
You can run the display ssl policy command on the HTTPS server to check the details about
the digital certificate that has been loaded.
[HTTPS-Server] display ssl policy
SSL Policy Name: http_server
Policy Applicants:
Key-pair Type: RSA
Certificate File Type: PEM
Certificate Type: certificate
Certificate Filename: 1_servercert_pem_rsa.pem
Key-file Filename: 1_serverkey_pem_rsa.pem
Auth-code: 123456
MAC:
CRL File:
Trusted-CA File:
Enter the correct HTTP user name, password, and verification code, and click Login or press
Enter. The home page of the web system is displayed.
Step 6 Verify the configuration.
# Run the display http server command on the HTTPS server to check the SSL policy name
and HTTPS server status.
[HTTPS-Server] display http server
HTTP Server Status : disabled
HTTP Server Port : 80(80)
HTTP Timeout Interval : 20
Current Online Users : 1
----End
1.4.6 Example for Configuring the Device as the Telnet Client to Log
In to Another Device
Networking Requirements
As shown in Figure 1-22, the PC and Switch1 have reachable routes to each other; Switch1 and
Switch2 have reachable routes to each other. The user needs to manage and maintain Switch2
remotely. However, the PC cannot directly log in to Switch2 through Telnet because it has not
reachable route to Switch2. The user can log in Switch1 through Telnet, and then log in to
Switch2 from Switch1. To prevent unauthorized devices from logging in to Switch2 through
Telnet, an ACL needs to be configured to allow only the Telnet connection from Switch1 to
Switch2.
Figure 1-22 Networking diagram of configuring the device as the Telnet client to log in to
another device
Session Session
1.1.1.1/24 2.1.1.1/24
Network Network
PC Switch1 Switch2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the Telnet authentication mode and password on Switch2.
2. Configure the Switch2 to allow Switch1 access with ACL.
3. Log in to Switch2 from Switch1 through Telnet.
Procedure
Step 1 Configure the Telnet authentication mode and password on Switch2.
<Quidway> system-view
[Quidway] sysname Switch2
[Switch2] user-interface vty 0 4
[Switch2-ui-vty0-4] user privilege level 15
[Switch2-ui-vty0-4] authentication-mode password
[Quidway-ui-console0] set authentication password cipher huawei2012
[Switch2-ui-vty0-4] quit
NOTE
Login authentication
Password:
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 2.
<Switch2>
----End
Configuration Files
Switch2 configuration file
#
sysname Switch2
#
acl number 2000
rule 5 permit source 1.1.1.1 0
#
user-interface vty 0 4
acl 2000 inbound
authentication-mode password
user privilege level 15
set authentication password cipher %$%$]*6iWr7EVM|uc:"B/A=FF}tk%$%$
#
return
10.1.1.1/16
10.1.2.2/16 10.1.3.3/16
Client001 Client002
Configuration Roadmap
The configuration roadmap is as follows:
1. Generate a local key pair on the SSH server to implement secure data exchange between
the server and client.
2. Configure different authentication modes for the SSH users client001 and client002 on the
SSH server.
3. Enable the STelnet service on the SSH server.
4. Configure the STelnet server type for the SSH users client001 and client002 on the SSH
server.
5. Set the SSH server listening port number on the SSH server to prevent attackers from
accessing the SSH service standard port and ensure security.
6. Log in to the SSH server as the client001 and client002 users through STelnet.
Procedure
Step 1 Generate a local key pair on the server.
<Quidway> system-view
[Quidway] sysname SSH Server
There are four authentication modes for an SSH user: password, RSA, password-RSA, and all.
l If the authentication mode is password or password-RSA, configure a local user on the server with the
same user name.
l If the authentication mode is RSA, password-RSA, or all, save the RSA public key generated on the
SSH client to the server.
# Check the public key in the RSA key pair generated on the STelnet client.
[client002] display rsa local-key-pair public
=====================================================
Time of Key pair created: 2012-05-03 17:07:29+00:00
Key name: client002_Host
Key type: RSA encryption Key
=====================================================
Key code:
308188
028180
B21315DD 859AD7E4 A6D0D9B8 121F23F0 006BB1BB
A443130F 7CDB95D8 4A4AE2F3 D94A73D7 36FDFD5F
411B8B73 3CDD494A 236F35AB 9BBFE19A 7336150B
40A35DE6 2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5
1987178B 8C364D57 DD0AA24A A0C2F87F 474C7931
A9F7E8FE E0D5A1B5 092F7112 660BD153 7FB7D5B2
171896FB 1FFC38CD
0203
010001
=====================================================
Time of Key pair created: 2012-05-03 17:07:45+00:00
Key name: client002_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
D1792921 5DFF9F87 EB606267 227BD303 379EF5F9
E987B7BC A408A692 14E71149 FC32F8FB A790684E
0441DFB0 1C3125D8 4E097F47 76E57B18 65CF46FC
914DBF53 43F5AAA3 BAB1A6D9 5C0EBA4F 16DC4A36
D54EE51E C91E08E4 93127550 874EA1BB
0203
010001
# Configure the RSA public key generated on the STelnet client to the SSH server.
(Information in bold in the display command output is the RSA public key of client002.
Copy the information to the server.)
[SSH Server] rsa peer-public-key rsakey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[SSH Server-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH Server-rsa-key-code] 308188
[SSH Server-rsa-key-code] 028180
[SSH Server-rsa-key-code] B21315DD 859AD7E4 A6D0D9B8 121F23F0 006BB1BB
[SSH Server-rsa-key-code] A443130F 7CDB95D8 4A4AE2F3 D94A73D7 36FDFD5F
[SSH Server-rsa-key-code] 411B8B73 3CDD494A 236F35AB 9BBFE19A 7336150B
[SSH Server-rsa-key-code] 40A35DE6 2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5
[SSH Server-rsa-key-code] 1987178B 8C364D57 DD0AA24A A0C2F87F 474C7931
[SSH Server-rsa-key-code] A9F7E8FE E0D5A1B5 092F7112 660BD153 7FB7D5B2
[SSH Server-rsa-key-code] 171896FB 1FFC38CD
[SSH Server-rsa-key-code] 0203
[SSH Server-rsa-key-code] 010001
[SSH Server-rsa-key-code] public-key-code end
[SSH Server-rsa-public-key] peer-public-key end
# Bind the RSA public key of the STelnet client to the SSH user client002 on the SSH server.
[SSH Server] ssh user client002 assign rsa-key rsakey001
Step 4 Configure the STelnet service type for the client001 and client002 users.
[SSH Server] ssh user client001 service-type stelnet
[SSH Server] ssh user client002 service-type stelnet
# Log in to the SSH server from Client001 in password authentication mode by entering the user
name and password.
[client001] stelnet 10.1.1.1 1025
Please input the username:client001
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it?[Y/N]:y
Save the server's public key?[Y/N]:y
The server's public key will be saved with the name 10.1.1.1. Please wait...
Enter password:
Enter the password. The following information indicates that you have logged in successfully:
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 2.
<SSH Server>
If the user view is displayed, you have logged in successfully. If the message "Session is
disconnected" is displayed, the login fails.
Step 7 Verify the configuration.
Attackers fail to log in to the SSH server using the default listening port number 22.
Run the display ssh server status and display ssh server session commands. You can see that
the STelnet service has been enabled and the STelnet clients have logged in to the server
successfully.
# Check the status of the SSH server.
[SSH Server] display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH authentication retries :3 times
SFTP server :Disable
Stelnet server :Enable
Scp server :Disable
SSH server port :1025
User-public-key-name : rsakey001
Sftp-directory : -
Service-type : stelnet
Authorization-cmd : No
----End
Configuration Files
l SSH server configuration file
#
sysname SSH Server
#
rsa peer-public-key rsakey001
public-key-code begin
308188
028180
B21315DD 859AD7E4 A6D0D9B8 121F23F0 006BB1BB A443130F 7CDB95D8 4A4AE2F3
D94A73D7 36FDFD5F 411B8B73 3CDD494A 236F35AB 9BBFE19A 7336150B 40A35DE6
2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5 1987178B 8C364D57 DD0AA24A A0C2F87F
474C7931 A9F7E8FE E0D5A1B5 092F7112 660BD153 7FB7D5B2 171896FB 1FFC38CD
0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password cipher %$%$S${AA4{(~(t-#&J%{$_Q,ulcf0!
`>I~Bk6~S&89Bb`rO.{rm%$%$
local-user client001 privilege level 3
local-user client001 service-type ssh
#
stelnet server enable
ssh server port 1025
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type stelnet
ssh user client002
ssh user client002 authentication-type rsa
ssh user client002 assign rsa-key rsakey001
ssh user client002 service-type stelnet
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 5
protocol inbound ssh
#
return
Configuration Requirements
After logging in to the device through the console interface, Telnet, or STelnet, perform the
following operations:
l View files and subdirectories in the current directory.
l Create the test directory, copy the vrpcfg.zip file to test, and rename vrpcfg.zip as
backup.zip.
l View files in the test directory.
Procedure
Step 1 View files and subdirectories in the current directory.
<Quidway> dir
Directory of flash:/
Step 2 Create the test directory, copy the vrpcfg.zip file to test, and rename vrpcfg.zip as
backup.zip.
# Create the test directory.
<Quidway> mkdir test
Info: Create directory flash:/test......Done.
NOTE
If no destination file name is specified, the destination file is set to the source file name by default.
<Quidway> pwd
flash:/test
----End
Configuration File
None
Networking Requirements
As shown in Figure 1-24, routes between the PC and the device functioning as an FTP server
are reachable. 10.136.23.5 is the management IP address on the FTP server. To upgrade the
device, you must upload the system software devicesoft.cc to and download the configuration
file vrpcfg.zip from the FTP server.
Figure 1-24 Network for managing files when the device functions as an FTP server
10.136.23.5/24
Network
PC FTP Server
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the FTP function and FTP user information including user name, password, user
level, service type, and authorized directory on the FTP server.
2. Save the vrpcfg.zip file on the FTP server.
3. Connect to the FTP server on the PC.
4. Upload devicesoft.cc to and download vrpcfg.zip from the FTP server.
Procedure
Step 1 Configure the FTP function and FTP user information on the FTP server.
<Quidway> system-view
[Quidway] ftp server enable
[Quidway] aaa
[Quidway-aaa] local-user huawei password cipher huawei@123
[Quidway-aaa] local-user huawei privilege level 15
[Quidway-aaa] local-user huawei service-type ftp
[Quidway-aaa] local-user huawei ftp-directory flash:/
[Quidway-aaa] quit
[Quidway] quit
Step 3 Connect to the FTP server on the PC as the huawei user whose password is huawei@123.
Assume that the PC runs the Window XP operating system.
C:\Documents and Settings\Administrator> ftp 10.136.23.5
Connected to 10.136.23.5.
220 FTP service ready.
User (10.136.23.5:(none)): huawei
331 Password required for huawei.
Password:
230 User logged in.
ftp>
Step 4 Upload devicesoft.cc to and download vrpcfg.zip from the FTP server.
# Upload the devicesoft.cc file to the FTP server.
ftp> put devicesoft.cc
200 Port command okay.
150 Opening ASCII mode data connection for devicesoft.cc.
226 Transfer complete.
ftp: 6721804 bytes sent in 98.05Seconds 560.79Kbytes/sec.
NOTE
The devicesoft.cc file to upload and the vrpcfg.zip file to download are stored in the local directory on the
FTP client. Before uploading and downloading files, obtain the local directory on the client. The default
FTP user's local directory on the Windows XP operating system is C:\Documents and Settings
\Administrator.
# Access the FTP user's local directory on the PC and check the vrpcfg.zip file.
----End
Configuration File
#
sysname Quidway
#
FTP server enable
#
aaa
local-user huawei password cipher %$%$k$Xg7H;w4HZP5nE4-E4(FcZQ%$%$
local-user huawei privilege level 15
local-user huawei ftp-directory flash:/
local-user huawei service-type ftp
#
return
1.5.3 Example for Managing Files Using SFTP When the Device
Functions as an SSH Server
Networking Requirements
As shown in Figure 1-25, routes between the PC and the device functioning as an SSH server
are reachable. 10.136.23.4 is the management IP address on the SSH server.
Configure the device as an SSH server so that the server can authenticate the client and encrypts
data in bidirectional mode, preventing man-in-middle attacks and MAC/IP address spoofing to
ensure secure file transfer.
Figure 1-25 Network for managing files using SFTP when the device functions as an SSH server
10.136.23.4/24
Network
PC SSH Server
Configuration Roadmap
The configuration roadmap is as follows:
1. Generate a local key pair and enable the SFTP server function on the SSH server so that
the server and client can securely exchange data.
2. Configure the VTY user interface on the SSH server.
3. Configure SSH user information including the authentication mode, service type,
authorized directory, user name, and password.
4. Connect to the SSH server using the third-party software OpenSSH on the PC.
Procedure
Step 1 Generate a local key pair on the SSH server.
<Quidway> system-view
[Quidway] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:768
Generating keys...
...........++++++++++++
..................++++++++++++
...++++++++
...........++++++++
[SSH Server] sftp server enable
Step 3 Configure SSH user information including the authentication mode, service type, authorized
directory, user name, and password.
[SSH Server] ssh user client001 authentication-type password
[SSH Server] ssh user client001 service-type sftp
[SSH Server] ssh user client001 sftp-directory flash:
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password cipher huawei@123
[SSH Server-aaa] local-user client001 privilege level 15
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
Step 4 Connect to the SSH server using the third-party software OpenSSH on the PC.
The Windows CLI can identify OpenSSH commands only when the OpenSSH is installed on
the PC.
After connecting to the SSH server, the SFTP view is displayed. Users can run SFTP commands
to perform file-related operations in the SFTP view.
----End
Configuration File
#
sysname SSH Server
#
aaa
local-user client001 password cipher %$%$c|-D8KO4/,B[(FR.r!LHg]TK%$%$
local-user client001 privilege level 15
local-user client001 service-type ssh
#
sftp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type sftp
ssh user client001 sftp-directory flash:
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
return
Networking Requirements
As shown in Figure 1-27, the remote device at 10.1.1.1/24 functions as the TFTP server. The
device at 10.2.1.1/24 functions as the TFTP client. Routes between the device and the server are
reachable.
The device needs to be upgraded. To upgrade the device, you must download system software
devicesoft.cc from and upload the configuration file vrpcfg.zip to the TFTP server.
Figure 1-27 Network for managing files when the device functions as a TFTP client
10.2.1.1/24 10.1.1.1/24
Network
Configuration Roadmap
The configuration roadmap is as follows:
1. Run the TFTP software on the TFTP server and configure the working directory.
2. Run TFTP commands to download devicesoft.cc from and upload vrpcfg.zip to the TFTP
server.
Procedure
Step 1 Run the TFTP software on the TFTP server and configure the working directory. (For details,
see the appropriate third-party documentation.)
Step 2 Run TFTP commands to download devicesoft.cc from and upload vrpcfg.zip to the TFTP
server.
<Quidway> tftp 10.1.1.1 get devicesoft.cc
Info: Transfer file in binary mode.
Downloading the file from the remote TFTP server. Please wait...\
TFTP: Downloading the file successfully.
6721804 bytes received in 199 seconds.
<Quidway> tftp 10.1.1.1 put vrpcfg.zip
Info: Transfer file in binary mode.
Uploading the file to the remote TFTP server. Please wait...|
TFTP: Uploading the file successfully.
7717 bytes send in 1 second.
# Access the working directory on the TFTP server and check the vrpcfg.zip file.
----End
Configuration File
None
Networking Requirements
As shown in Figure 1-28, the remote device at 10.1.1.1/24 functions as the FTP server. The
device at 10.2.1.1/24 functions as the FTP client. Routes between the device and the server are
reachable.
The device needs to be upgraded. To upgrade the device, you must download system software
devicesoft.cc from and upload the configuration file vrpcfg.zip to the FTP server.
Figure 1-28 Network for managing files when the device functions as an FTP client
10.2.1.1/24 10.1.1.1/24
Network
Configuration Roadmap
The configuration roadmap is as follows:
1. Run the FTP software on the FTP server and configure FTP user information.
2. Connect to the FTP server.
3. Run FTP commands to download devicesoft.cc from and upload vrpcfg.zip to the FTP
server.
Procedure
Step 1 Run the FTP software on the FTP server and configure FTP user information. (For details, see
the appropriate third-party documentation.)
Step 2 Connect to the FTP server.
<Quidway> ftp 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1.
220 FTP service ready.
User(10.1.1.1:(none)):admin
331 Password required for admin.
Enter password:
230 User logged in.
[ftp]
Step 3 Run FTP commands to download devicesoft.cc from and upload vrpcfg.zip to the FTP server.
[ftp] get devicesoft.cc
[ftp] put vrpcfg.zip
[ftp] quit
# Access the working directory on the FTP server and check the vrpcfg.zip file.
----End
Configuration File
None
Networking Requirements
SSH secures file transfer on a traditional insecure network by authenticating the client and
encrypting data in bidirectional mode. The client uses SFTP to securely connect to the SSH
server and transfer files.
As shown in Figure 1-29, routes between the SSH server and clients client001 and client002
are reachable. In this example, Huawei device functions as an SSH server.
Client001 connects to the SSH server using the password authentication mode, and client002
using the RSA authentication mode.
Figure 1-29 Example for managing files when the device functions as an SFTP client
10.2.1.1/24
client001 10.1.1.1/24
Network
SSH Server
10.3.1.1/24
client002
Configuration Roadmap
The configuration roadmap is as follows:
1. Generate a local key pair and enable the SFTP server function on the SSH server so that
the server and client can securely exchange data.
2. Create users client001 and client002 and set their authentication modes on the SSH server.
3. Generate a local key pair on client002 and configure the RSA public key of client002 on
the SSH server so that the server can authenticate the client when the client connects to the
server.
4. Log in to the SSH server as users client001 and client002 using SFTP and manage files.
Procedure
Step 1 Generate a local key pair and enable the SFTP server function on the SSH server.
<Quidway> system-view
[Quidway] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:1024
Generating keys...
...........++++++++++++
..................++++++++++++
...++++++++
...........++++++++
[SSH Server] sftp server enable
The system supports the following authentication modes: password, RSA, password-rsa, and all.
l If the authentication mode is password, or password-rsa, a local user named local-user must be
configured.
l If the authentication mode is RSA, password-rsa, or all, save the RSA public key generated on the SSH
client to the server.
# Create the client001 user and set the authentication mode to password for the user.
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password cipher huawei@123
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client001
[SSH Server] ssh user client001 authentication-type password
[SSH Server] ssh user client001 service-type sftp
[SSH Server] ssh user client001 sftp-directory flash:
# Create an SSH user named client002 and set the authentication mode to rsa for the user.
[SSH Server] ssh user client002
[SSH Server] ssh user client002 authentication-type rsa
[SSH Server] ssh user client002 service-type sftp
[SSH Server] ssh user client002 sftp-directory flash:
Step 3 Generate a local key pair on client002 and configure the RSA public key of client002 on the
SSH server.
# Generate a local key pair on client002.
<Quidway> system-view
[Quidway] sysname client002
[client002] rsa local-key-pair create
The key name will be: client002_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
=====================================================
Time of Key pair created: 2012-05-03 17:07:45
Key name: client002_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB
D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
# Configure the RSA public key of client002 on the SSH server. (Information in bold in the
display command output is the RSA public key of client002. Copy the information to the server.)
[SSH Server] rsa peer-public-key rsakey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[SSH Server-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH Server-rsa-key-code] 3048
[SSH Server-rsa-key-code] 0241
[SSH Server-rsa-key-code] DD9A793D 4B231FDB 7BEF8545 0B466FB5 1A1EA9CE
[SSH Server-rsa-key-code] F345E468 56948790 18244678 D2264734 AA8135BE
[SSH Server-rsa-key-code] 7F8FA0BC 2A4F600E C8622818 A994698F 0F45E870
[SSH Server-rsa-key-code] 8EC551DA 4B
[SSH Server-rsa-key-code] 0203
[SSH Server-rsa-key-code] 010001
[SSH Server-rsa-key-code] public-key-code end
[SSH Server-rsa-public-key] peer-public-key end
Enter password:
sftp-client>
sftp-client>
Session 1:
Conn : VTY 1
Version : 2.0
State : started
Username : client001
Retry : 1
CTOS Cipher : aes128-cbc
STOC Cipher : aes128-cbc
CTOS Hmac : hmac-sha1-96
STOC Hmac : hmac-sha1-96
CTOS Compress : none
STOC Compress : none
Kex : diffie-hellman-group1-sha1
Service Type : sftp
Authentication Type : password
Session 2:
Conn : VTY 2
Version : 2.0
State : started
Username : client002
Retry : 1
CTOS Cipher : aes128-cbc
STOC Cipher : aes128-cbc
CTOS Hmac : hmac-sha1-96
STOC Hmac : hmac-sha1-96
CTOS Compress : none
STOC Compress : none
Kex : diffie-hellman-group1-sha1
Service Type : sftp
Authentication Type : rsa
User 2:
User Name : client002
Authentication-type : rsa
User-public-key-name : rsakey001
Sftp-directory : flash:
Service-type : sftp
Authorization-cmd : No
----End
Configuration Files
l Configure file on the SSH server
#
sysname SSH Server
#
rsa peer-public-key rsakey001
public-key-code begin
3048
0241
DD9A793D 4B231FDB 7BEF8545 0B466FB5 1A1EA9CE F345E468 56948790 18244678
D2264734 AA8135BE 7F8FA0BC 2A4F600E C8622818 A994698F 0F45E870 8EC551DA
4B
0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password cipher %$%$c|-D8KO4/,B[(FR.r!LHg]TK%$%$
local-user client001 service-type ssh
#
sftp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type sftp
ssh user client001 sftp-directory flash:
ssh user client002
ssh user client002 authentication-type rsa
ssh user client002 assign rsa-key rsakey001
ssh user client002 service-type sftp
ssh user client002 sftp-directory flash:
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound ssh
#
return
Networking Requirements
Compared to the SFTP protocol, the SCP protocol combines the process of authenticating user
identity and transferring files, improving configuration efficiency.
As shown in Figure 1-30, routes between the device functioning as the SCP client and the SSH
server are reachable. The SCP client can download files from the SSH server.
Figure 1-30 Network for managing files when the device functions as an SCP client
10.2.1.1/24 10.1.1.1/24
Network
Configuration Roadmap
The configuration roadmap is as follows:
1. Generate a local key pair on the SSH server.
2. Create an SSH user on the SSH server.
3. Enable the SCP function on the SSH server.
4. Download the backup.cfg file from the SSH server.
Procedure
Step 1 Generate a local key pair on the SSH server.
<Quidway> system-view
[Quidway] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]: 1024
Generating keys...
.....++++++++++++
....++++++++++++
......++++++++
................................++++++++
# Create an SSH user named client001 and set the authentication mode to password and service
type to all.
[SSH Server] ssh user client001
[SSH Server] ssh user client001 authentication-type password
[SSH Server] ssh user client001 service-type all
# Use the 3des encryption algorithm to download the backup.cfg file from the SSH server to
the local user's directory.
----End
Configuration File
l Configuration file on the SSH server
#
sysname SSH Server
#
aaa
local-user client001 password cipher %$%$bn[j7'Fn>3x[kk-R+jx%f*!u%$%$
local-user client001 privilege level 3
local-user client001 service-type ssh
#
scp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type all
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
return
Networking Requirements
As shown in Figure 1-31, a user logs in to the device and backs up the configuration file to the
TFTP server. So the configuration file can be recovered in case that the device is damaged.
Network
Configuration Roadmap
The configuration roadmap is as follows:
1. Save the configuration file.
2. Back up the configuration file through TFTP.
Procedure
Step 1 Save configurations to the config.cfg file.
<Quidway> save config.cfg
----End
Networking Requirements
As shown in Figure 1-32, a user logs in to the device and finds that some incorrect configurations
cause errors in the system. To recover the original configuration, the user downloads the
configuration file saved in the TFTP server to the device and specifies the configuration file for
the next startup.
Network
Configuration Roadmap
The configuration roadmap is as follows:
1. Recover the configuration file that is backed up on the PC through TFTP.
2. Specify the recovered configuration file for the next startup.
Procedure
Step 1 Recover the configuration file that is backed up on the PC through TFTP.
1. Start the TFTP server program.
Start the TFTP server program on the PC. Set the path for transmitting the configuration
file, and the IP address and port number of the TFTP server.
2. Transfer the configuration file.
Run the tftp command in the user view.
<Quidway> tftp 10.110.24.254 get backup.cfg config.cfg
Step 2 Specify the recovered configuration file for the next startup.
<Quidway> startup saved-configuration config.cfg
----End
10.1.1.1/24
Network
PC Switch
Configuration Roadmap
The configuration roadmap is as follows:
1. Upload the new system software to the root directory of the device.
2. Save the current configuration so that it remains active after upgrade.
3. Specify the system software for next startup.
4. Specify the configuration file for next startup of the device.
5. Restart the device to complete upgrade.
Procedure
Step 1 Upload the new system software to the root directory of the device.
Before configuration, run the display startup command to view the files for next startup.
<Quidway> display startup
MainBoard:
Configured startup system software: flash:/basicsoft.cc
Startup system software: flash:/basicsoft.cc
Next startup system software: flash:/basicsoft.cc
Startup saved-configuration file: flash:/vrpcfg.zip
Next startup saved-configuration file: flash:/vrpcfg.zip
Startup paf file: NULL
Next startup paf file: NULL
Startup license file: NULL
Next startup license file: NULL
Startup patch package: NULL
Next startup patch package: NULL
Upload the new system software to the device. This example uses FTP to transfer the system
software. Configure the device as an FTP server and upload the system software to the device
from the FTP client. Make sure there is enough space in the storage device before uploading
files. If the space is insufficient, delete unnecessary files to free up space in the storage device.
<Quidway> system-view
[Quidway] ftp server enable
[Quidway] aaa
[Quidway-aaa] local-user huawei password cipher huawei@123
[Quidway-aaa] local-user huawei service-type ftp
[Quidway-aaa] local-user huawei ftp-directory flash:
[Quidway-aaa] local-user huawei privilege level 15
[Quidway-aaa] quit
[Quidway] quit
Run the ftp 10.1.1.1 command in the command line window of the PC to set up an FTP
connection with the device. Run the put command to upload new system software
newbasicsoft.cc. After the upload completes, run the dir command to check the system software.
<Quidway> dir
Directory of flash:/
The system displays a message indicating that the current configuration will be saved and asks
you whether to continue. Enter y and the configuration will be saved to the device.
NOTE
In step 1, you can run the display startup command to check the configuration file for next startup. The
message "Next startup saved-configuration file: flash:/vrpcfg.zip" will be displayed. This means the
vrpcfg.zip configuration file has been specified for next startup, so you do not need to perform this step.
To specify another file for next startup, perform this step.
Run the following command to view the system software and configuration file for next startup.
<Quidway> display startup
MainBoard:
Configured startup system software: flash:/basicsoft.cc
Startup system software: flash:/basicsoft.cc
Next startup system software: flash:/newbasicsoft.cc
Startup saved-configuration file: flash:/vrpcfg.zip
Next startup saved-configuration file: flash:/vrpcfg.zip
Startup paf file: NULL
Next startup paf file: NULL
Startup license file: NULL
Next startup license file: NULL
Startup patch package: NULL
Next startup patch package: NULL
# Since the configuration file has been saved, run the reboot fast command to restart the device
quickly.
<Quidway> reboot fast
When the system asks you whether to start the device, enter y.
# Wait for several minutes until the device restart is complete. Run the display version command
to check the current system version. If the current system software is new, the upgrading has
succeeded.
----End
Configuration File
#
sysname Quidway
#
FTP server enable
#
vlan batch 10
#
aaa
local-user huawei password cipher %$%$thp#,S-+/%=\Ko*Q2&~6Tzqh%$%$
local-user huawei privilege level 15
local-user huawei ftp-directory flash:
local-user huawei service-type ftp
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
Networking Requirements
As shown in Figure 2-1, PC1, PC2, and PC3 belong to VLAN 10. PC1 and PC2 are not allowed
to communicate with each other but are allowed to communicate with PC3.
Eth0/0/1 Eth0/0/3
Eth0/0/2
VLAN10
Configuration Roadmap
The configuration roadmap is as follows:
1. By default, interfaces are isolated at Layer 2 but can communicate at Layer 3. You can add
interfaces to an isolation group to implement Layer 2 isolation between these interfaces.
Procedure
Step 1 Configure interface isolation.
# Configure interface isolation for Eth0/0/1.
<Quidway> system-view
[Quidway] vlan 10
[Quidway-vlan10] quit
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] port link-type access
----End
Configuration Files
Configuration file of Switch
#
vlan batch 10
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
port-isolate enable group 1
#
interface Ethernet0/0/2
port link-type access
port default vlan 10
port-isolate enable group 1
#
interface Ethernet0/0/3
port link-type access
port default vlan 10
#
return
Networking Requirements
As shown in Figure 2-2, SwitchA connects PC1 in VLAN10 to the Ethernet through the Eth1/0/0
interface, and SwitchB connects PC2 in VLAN20 to the Ethernet through the Eth1/0/1 interface.
The packets sent to the Layer 3 Ethernet interface are discarded as unauthorized packets because
the Layer 3 Ethernet interface does not support VLAN packets. Therefore, PC1 and PC2 cannot
communicate.
Due to service requirement, PC1 and PC2 in different VLANs and different network segments
are required to communicate.
SwitchA SwitchB
PC1 PC2
10.10.10.2/24 20.20.20.2/24
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure the interface connecting the Switch to Switch A.
----End
Configuration Files
Only the configuration file of the Switch is provided.
#
sysname Switch
#
interface Ethernet1/0/0.1
dot1q termination vid 10
ip address 10.10.10.1 255.255.255.0
arp broadcast enable
#
interface Ethernet1/0/1.1
dot1q termination vid 20
ip address 20.20.20.1 255.255.255.0
arp broadcast enable
#
return
Serial1/0/0 RouterB
202.38.160.2
DLCI=70
Serial1/0/0.1
RouterA 202.38.160.1
DLCI=50
Frame Relay
network
Serial1/0/0.2
202.38.161.1
DLCI=60
Serial1/0/0
LAN1:129.9.0.0/16 202.38.161.2
DLCI=80
RouterC
LAN3:129.11.0.0/16
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the link protocol of the interface that accesses the FR network on switchA.
2. Configure sub-interfaces and allocate IP addresses and VC.
3. Configure the static route to the peer LAN.
Procedure
Step 1 Configure SwitchA.
# Configure link layer protocol as FR on Serial 1/0/0 of SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface serial 1/0/0
[SwitchA-Serial1/0/0] link-protocol fr
[SwitchA-Serial1/0/0] fr interface-type dte
[SwitchA-Serial1/0/0] quit
# Configure the sub-interface Serial 1/0/0.1 on SwitchA, and assign VC for it.
[SwitchA] interface serial 1/0/0.1 p2mp
[SwitchA-Serial1/0/0.1] ip address 202.38.160.1 255.255.255.0
[SwitchA-Serial1/0/0.1] fr dlci 50
[SwitchA-fr-dlci-Serial1/0/0.1-50] quit
# Configure the sub-interface Serial 1/0/0.2 on SwitchA, and assign VC for it.
[SwitchA] interface serial 1/0/0.2 p2mp
[SwitchA-Serial1/0/0.2] ip address 202.38.161.1 255.255.255.0
[SwitchA-Serial1/0/0.2] fr dlci 60
[SwitchA-fr-dlci-Serial1/0/0.2-60] quit
# Configure the IP address on Serial 1/0/0 of SwitchB, and assign VC for it.
[SwitchB-Serial1/0/0] ip address 202.38.160.2 255.255.255.0
[SwitchB-Serial1/0/0] fr dlci 70
[SwitchB-fr-dlci-Serial1/0/0-70] quit
# Configure the IP address on Serial 1/0/0 of SwitchC, and assign VC for it.
[SwitchC-Serial1/0/0] ip address 202.38.161.2 255.255.255.0
[SwitchC-Serial1/0/0] fr dlci 80
[SwitchC-fr-dlci-Serial1/0/0-80] quit
----End
Configuration Files
l Configuration files of SwitchA
#
sysname SwitchA
#
interface Serial1/0/0
link-protocol fr
#
interface Serial1/0/0.1 p2mp
fr dlci 50
ip address 202.38.160.1 255.255.255.0
#
interface Serial1/0/0.2 p2mp
fr dlci 60
ip address 202.38.161.1 255.255.255.0
#
ip route-static 129.10.0.0 255.255.0.0 202.38.160.2
ip route-static 129.11.0.0 255.255.0.0 202.38.161.2
#
return
#
ip route-static 129.9.0.0 255.255.0.0 202.38.161.1
#
return
Serial1/0/0
RouterA RouterB
10.1.1.2/30
Configuration Roadmap
The configuration roadmap is as follows:
Configure the Serial interface of RouterA to borrow the IP address of the loopback1 interface.so
that RouterA can communicate with RouterB.
Procedure
Step 1 Create a loopback interface on Switch A and allocate an IP address for it.
<Switch> system-view
[Switch] sysname SwitchA
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip address 10.1.1.1 32
[SwitchA-LoopBack1] quit
Step 2 Configure 1/0/0 of Switch A to borrow the IP address of the created loopback1 interface.
[SwitchA] interface serial 1/0/0
[SwitchA-Serial1/0/0] ip address unnumbered interface loopback 1
[SwitchA-Serial1/0/0] quit
The information in bold shows that Serial1/0/0 borrows the IP address of loopback1.
If Switch A can ping Switch B, Switch A can communicate with Switch B.
----End
Configuration Files
l Configuration files of Switch A.
#
sysname SwitchA
#
interface Serial1/0/0
link-protocol ppp
ip address unnumbered interface LoopBack1
#
interface LoopBack1
ip address 10.1.1.1 255.255.255.255
#
return
l Basic MPLS functions and MPLS LDP have been configured on the MPLS backbone
network to set up LDP LSPs.
l MP-IBGP peer relationships have been set up between PEs.
l The LAN switches are configured to add inner VLAN tags to received packets.
To save VLAN IDs on the public network, the CEs are configured with QinQ to add outer VLAN
tags to the received packets. Therefore, the user packets sent from CEs to PEs have two VLAN
tags. The QinQ termination sub-interfaces on PEs need to connect to the L3VPN so that CE1
and CE3 can communicate and CE2 and CE4 can communicate.
VPN-A VPN-A
LAN LAN
Switch Switch
CE1 CE3
Eth1/0/0.1 Eth1/0/0.1
MPLS
PE1 backbone PE2
Eth2/0/0.1
Eth2/0/0.1
CE2 CE4
LAN LAN
Switch Switch
VPN-B VPN-B
Configuration Roadmap
The configuration roadmap is as follows:
NOTE
This example only provides the configurations related to this task. For details about L3VPN configuration, see
the S2300&S3300 Series Ethernet Switches Configuration Guide-VPN Configuration.
Procedure
Step 1 Configure VPN instances on PEs and bind the VPN instances to QinQ sub-interfaces.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] ipv4-family
[PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE1-vpn-instance-vpna-af-ipv4] quit
[PE1-vpn-instance-vpna] quit
[PE1] interface ethernet 1/0/0.1
[PE1-Ethernet1/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE1-Ethernet1/0/0.1] ip binding vpn-instance vpna
[PE1-Ethernet1/0/0.1] ip address 10.1.1.1 24
[PE1-Ethernet1/0/0.1] arp broadcast enable
[PE1-Ethernet1/0/0.1] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] ipv4-family
[PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2
[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE1-vpn-instance-vpnb-af-ipv4] quit
[PE1-vpn-instance-vpnb] quit
[PE1] interface ethernet 2/0/0.1
[PE1-Ethernet2/0/0.1] qinq termination pe-vid 200 ce-vid 20
[PE1-Ethernet2/0/0.1] ip binding vpn-instance vpnb
[PE1-Ethernet2/0/0.1] ip address 10.2.1.1 24
[PE1-Ethernet2/0/0.1] arp broadcast enable
[PE1-Ethernet2/0/0.1] quit
# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] ip vpn-instance vpna
[PE2-vpn-instance-vpna] ipv4-family
[PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE2-vpn-instance-vpna-af-ipv4] quit
[PE2-vpn-instance-vpna] quit
[PE2] interface ethernet 1/0/0.1
[PE2-Ethernet1/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE2-Ethernet1/0/0.1] ip binding vpn-instance vpna
[PE2-Ethernet1/0/0.1] ip address 10.3.1.1 24
[PE2-Ethernet1/0/0.1] arp broadcast enable
[PE2-Ethernet1/0/0.1] quit
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-vpnb] ipv4-family
[PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2
[PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE2-vpn-instance-vpnb-af-ipv4] quit
[PE2-vpn-instance-vpnb] quit
[PE2] interface ethernet 2/0/0.1
[PE2-Ethernet2/0/0.1] qinq termination pe-vid 200 ce-vid 20
[PE2-Ethernet2/0/0.1] ip binding vpn-instance vpnb
[PE2-Ethernet2/0/0.1] ip address 10.4.1.1 24
[PE2-Ethernet2/0/0.1] arp broadcast enable
[PE2-Ethernet2/0/0.1] quit
Step 2 Set up EBGP peer relationships between PEs and CEs and import VPN routes. The detailed
configurations are not provided here.
Step 3 Verify the configuration.
# Run the display ip vpn-instance verbose command on the PEs to view VPN instance
configurations.
# Run the display qinq information termination command, and you can see that the QinQ
termination sub-interface is bound to the L3VPN.
After the preceding configurations, PEs will remove the two VLAN tags from the packets from
users and forward the packets to L3VPN. The users in the same VPN can communicate with
each other. Hosts connected to CE1 and CE3 can ping each other, and hosts connected to CE2
and CE4 can ping each other. However, hosts connected to CE1 and CE3 cannot communicate
with hosts connected to CE2 and CE4 because they are in different VPN instances.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
ip vpn-instance
vpna
ipv4-
family
route-distinguisher
100:1
vpn-target 111:1 export-
extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance
vpnb
ipv4-
family
route-distinguisher
200:2
vpn-target 222:2 export-
extcommunity
vpn-target 222:2 import-extcommunity
#
interface Ethernet1/0/0.1
qinq termination pe-vid 100 ce-vid 10
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
arp broadcast enable
#
interface Ethernet2/0/0.1
qinq termination pe-vid 200 ce-vid 20
ip binding vpn-instance vpnb
ip address 10.2.1.1 255.255.255.0
arp broadcast enable
#
return
This document describes the configuration of Ethernet services, including configuring link
aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, Loopback
DetectionSTP/RSTP/MSTP, SEP, and so on.
The document provides the configuration procedures and configuration examples to illustrate
the service configuration methods and application scenario.
3.1 Link Aggregation Configuration
Link aggregation is a technology that bundles multiple Ethernet links into a logical link to
increase bandwidth, improve reliability, and load balance traffic.
3.2 VLAN Configuration
Virtual Local Area Networks (VLANs) have advantages of broadcast domain isolation, security
hardening, flexible networking, and good extensibility.
3.3 Voice VLAN Configuration
This chapter describes voice VLAN concepts and how to configure voice VLAN.
3.4 QinQ Configuration
This chapter describes the concepts and configuration procedure of 802.1Q-in-802.1Q (QinQ),
and provides configuration examples.
3.5 GVRP Configuration
This chapter describes basic GVRP concepts, GVRP configuration procedures, and concludes
with a GVRP configuration example.
3.6 MAC Address Table Configuration
This chapter provides the basics for MAC address table configuration, configuration procedure,
and configuration examples.
3.7 STP/RSTP Configuration
The Spanning Tree Protocol (STP) trims a ring network into a loop-free tree network. It prevents
replication and circular propagation of packets. The Rapid Spanning Tree Protocol (RSTP) was
developed based on STP to implement faster convergence. RSTP defines edge ports and provides
protection functions.
3.8 MSTP Configuration
The Multiple Spanning Tree Protocol (MSTP) trims a ring network into a loop-free tree network.
It prevents replication and circular propagation of packets, provides multiple redundant paths
for Virtual LAN (VLAN) data traffic, and enables load balancing.
3.9 SEP Configuration
Smart Ethernet Protection (SEP) is a ring network protocol specially used for the Ethernet link
layer. It blocks redundant links to prevent logical loops on a ring network.
3.10 Layer 2 Protocol Transparent Transmission Configuration
This chapter describes the concept, configuration procedure, and configuration examples of
Layer 2 protocol transparent transmission.
3.11 Loopback Detection Configuration
Loopback detection can detect loops on the network connected to the device and reduce impacts
on the network.
3.12 VoIP Access Configuration
Networking Requirements
As shown in Figure 3-1, SwitchA and SwitchB connect to devices in VLAN 10 and VLAN 20
through Ethernet links, and heavy traffic is transmitted between SwitchA and SwitchB.
SwitchA and SwitchB can provide higher link bandwidth to implement inter-VLAN
communication. Reliability of data transmission needs to be ensured.
Figure 3-1 Networking diagram for configuring link aggregation in manual load balancing mode
VLAN10 VLAN10
VLAN20 VLAN20
Configuration Roadmap
The configuration roadmap is as follows:
1. Create an Eth-Trunk and add member interfaces to the Eth-Trunk to increase link
bandwidth.
NOTE
An interface is added to VLAN1 by default. To avoid broadcast strom, shut down the interface or
remove the interface from VLAN1 before adding it to an Eth-Trunk interface.
2. Create VLANs and add interfaces to the VLANs.
3. Set the load balancing mode to ensure that traffic is load balanced between member
interfaces of the Eth-Trunk.
Procedure
Step 1 Create an Eth-Trunk on SwitchA and add member interfaces to the Eth-Trunk. The configuration
of SwitchB is similar to the configuration of SwitchA, and the configuration details are not
mentioned here.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface Eth-Trunk1
[SwitchA-Eth-Trunk1] trunkport ethernet 0/0/1 to 0/0/3
[SwitchA-Eth-Trunk1] quit
Step 2 Create VLANs and add interfaces to the VLANs. The configuration of SwitchB is similar to the
configuration of SwitchA, and the configuration details are not mentioned here.
# Create VLAN 10 and VLAN 20, and add interfaces to VLAN 10 and VLAN 20.
[SwitchA] vlan batch 10 20
[SwitchA] interface ethernet 0/0/4
[SwitchA-Ethernet0/0/4] port link-type trunk
[SwitchA-Ethernet0/0/4] port trunk allow-pass vlan 10
[SwitchA-Ethernet0/0/4] quit
[SwitchA] interface ethernet 0/0/5
[SwitchA-Ethernet0/0/5] port link-type trunk
[SwitchA-Ethernet0/0/5] port trunk allow-pass vlan 20
[SwitchA-Ethernet0/0/5] quit
# Configure Eth-Trunk 1 to allow packets from VLAN 10 and VLAN 20 to pass through.
[SwitchA] interface Eth-Trunk1
[SwitchA-Eth-Trunk1] port link-type trunk
[SwitchA-Eth-Trunk1] port trunk allow-pass vlan 10 20
Step 3 Set the load balancing mode of Eth-Trunk 1. The configuration of SwitchB is similar to the
configuration of SwitchA, and the configuration details are not mentioned here.
[SwitchA-Eth-Trunk1] load-balance src-dst-mac
[SwitchA-Eth-Trunk1] quit
The preceding command output shows that Eth-Trunk 1 has three member interfaces:
Ethernet0/0/1, Ethernet0/0/2, and Ethernet0/0/3. The member interfaces are both in Up state.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
load-balance src-dst-mac
#
interface Ethernet0/0/1
eth-trunk 1
#
interface Ethernet0/0/2
eth-trunk 1
#
interface Ethernet0/0/3
eth-trunk 1
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10
#
interface Ethernet0/0/5
port link-type trunk
port trunk allow-pass vlan 20
#
return
Networking Requirements
To improve bandwidth and connection reliability, configure a link aggregation group on two
directly connected Switches, as shown in Figure 3-2. The requirements are as follows:
l One link function as the backup link. When a fault occurs on an active link, the backup link
replaces the faulty link to maintain reliable data transmission.
Figure 3-2 Networking diagram for configuring link aggregation in LACP mode
SwitchA SwitchB
Eth0/0/1 Eth0/0/1
Eth0/0/2 Eth-Trunk Eth0/0/2
Eth0/0/3 Eth0/0/3
Eth-Trunk 1 Eth-Trunk 1
Active link
Backup link
Configuration Roadmap
The configuration roadmap is as follows:
1. Create an Eth-Trunk and configure the Eth-Trunk to work in LACP mode to implement
link aggregation.
2. Add member interfaces to the Eth-Trunk.
NOTE
An interface is added to VLAN1 by default. To avoid broadcast strom, shut down the interface or
remove the interface from VLAN1 before adding it to an Eth-Trunk interface.
3. Set the system priority and determine the Actor so that the Partner selects active interfaces
based on the Actor interface priority.
4. Set the upper threshold for the number of active interfaces to improve reliability.
5. Set interface priorities and determine active interfaces so that interfaces with higher
priorities are selected as active interfaces.
Procedure
Step 1 Create Eth-Trunk 1 on SwitchA and configure Eth-Trunk 1 to work in LACP mode. The
configuration of SwitchB is similar to the configuration of SwitchA, and the configuration details
are not mentioned here.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] mode lacp-static
[SwitchA-Eth-Trunk1] quit
Step 2 Add member interfaces to Eth-Trunk 1 on SwitchA. The configuration of SwitchB is similar to
the configuration of SwitchA, and the configuration details are not mentioned here.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] eth-trunk 1
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] eth-trunk 1
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet 1/0/3
[SwitchA-Ethernet0/0/3] eth-trunk 1
[SwitchA-Ethernet0/0/3] quit
Step 3 Set the system priority on SwitchA to 100 so that SwitchA becomes the Actor.
[SwitchA] lacp priority 100
Step 4 On SwitchA, set the upper threshold for the number of active interfaces to 2.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] max active-linknumber 2
[SwitchA-Eth-Trunk1] quit
Step 5 Set the priority of the interface and determine active links on SwitchA.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] lacp priority 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] lacp priority 100
[SwitchA-Ethernet0/0/2] quit
# Check information about the Eth-Trunk of the Switchs and check whether negotiation is
successful on the link.
[SwitchA] display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 100 System ID: 00e0-fca8-0417
Least Active-linknumber: 1 Max Active-linknumber: 2
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey
PortState Weight
Ethernet0/0/1 Selected 100M 100 6145 2865
11111100 1
Ethernet0/0/2 Selected 100M 100 6146 2865
11111100 1
Ethernet0/0/3 Unselect 100M 32768 6147 2865
11100000 1
Partner:
------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo
PortKey PortState
Ethernet0/0/1 32768 00e0-fca6-7f85 32768 6145
2609 11111100
Ethernet0/0/2 32768 00e0-fca6-7f85 32768 6146
2609 11111100
Ethernet0/0/3 32768 00e0-fca6-7f85 32768 6147
2609 11110000
[SwitchB] display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 32768 System ID: 00e0-fca6-7f85
Least Active-linknumber: 1 Max Active-linknumber: 8
Operate status: Up Number Of Up Port In Trunk: 2
------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey
PortState Weight
Ethernet0/0/1 Selected 100M 32768 6145 2609
11111100 1
Ethernet0/0/2 Selected 100M 32768 6146 2609
11111100 1
Ethernet0/0/3 Unselect 100M 32768 6147 2609
11100000 1
Partner:
------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo
PortKey PortState
The preceding information shows that the system priority of SwitchA is 100, which is higher
than the system priority of SwitchB. Member interfaces Ethernet0/0/1 and Ethernet0/0/2 become
the active interfaces and are in Selected state. Interface Ethernet0/0/3 is in Unselect state. Two
links are active and working in load balancing mode, and one link is the backup links.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
lacp priority 100
#
interface Eth-Trunk1
mode lacp-static
max active-linknumber 2
#
interface Ethernet0/0/1
eth-trunk 1
lacp priority 100
#
interface Ethernet0/0/2
eth-trunk 1
lacp priority 100
#
interface Ethernet0/0/3
eth-trunk 1
#
return
Networking Requirements
As shown in Figure 3-3, multiple user terminals are connected to switches in an enterprise.
Users who use the same service access the enterprise network using different devices.
To ensure the communication security and avoid broadcast storms, the enterprise wants to allow
users who use the same service to communicate with each other but isolate users who use
different services.
Configure port-based VLANs on the switch and add ports connecting to terminals of users who
use the same service to the same VLAN. Users in different VLANs cannot perform Layer 2
communication. Users in the same VLAN can communicate directly.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and add ports connecting to user terminals to VLANs to isolate Layer 2
traffic between users who use different services.
2. Configure the type of link between SwitchA and SwitchB and VLANs to allow users who
use the same service to communicate.
Procedure
Step 1 Create VLAN2 and VLAN3 on SwitchA, and add ports connecting to user terminals to different
VLANs. Configuration of SwitchB is similar to that of SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 2 3
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port link-type access
[SwitchA-Ethernet0/0/1] port default vlan 2
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port link-type access
[SwitchA-Ethernet0/0/2] port default vlan 3
[SwitchA-Ethernet0/0/2] quit
Step 2 Configure the type of port connecting to SwitchB on SwitchA and VLANs. Configuration of
SwitchB is similar to that of SwitchA.
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface Ethernet0/0/1
port link-type access
port default vlan 2
#
interface Ethernet0/0/2
port link-type access
port default vlan 3
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
As shown in Figure 3-4, only PC1, PC2, and PC3 are allowed to access the intranet using
SwitchA and Switch.
You can assign VLANs based on MAC addresses and associate MAC addresses of PCs with the
specified VLAN.
NOTE
The S2300SI does not support this configuration.
Figure 3-4 Networking diagram for assigning VLANs based on MAC addresses
Enterprise
network
Eth0/0/2
Switch
Eth0/0/1
Eth0/0/1
SwitchA
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and determine which VLAN the PCs of employees belong to.
2. Add Ethernet interfaces to VLANs so that packets of the VLANs can pass through the
interfaces.
3. Associate MAC addresses of PC1, PC2, and PC3 with the specified VLAN so that the
VLAN of the packet can be determined based on the source MAC address.
Procedure
Step 1 Configure the Switch.
# Create VLANs.
<Quidway> system-view
[Quidway] vlan batch 10 100
# Associate MAC addresses of PC1, PC2, and PC3 with VLAN 10.
[Quidway] vlan 10
[Quidway-Vlan10] mac-vlan mac-address 22-22-22
[Quidway-Vlan10] mac-vlan mac-address 33-33-33
[Quidway-Vlan10] mac-vlan mac-address 44-44-44
[Quidway-Vlan10] quit
PC1, PC2, and PC3 can access the intranet, whereas other PCs cannot access the intranet.
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 10 100
#
vlan 10
mac-vlan mac-address 0022-0022-0022 priority 0
mac-vlan mac-address 0033-0033-0033 priority 0
mac-vlan mac-address 0044-0044-0044 priority 0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 10
mac-vlan enable
#
interface Ethernet0/0/2
port hybrid tagged vlan 10
#
return
Networking Requirements
A company has multiple services, including IPTV, VoIP, and Internet access. Each service uses
a unique IP subnet. Packets of the same service must be transmitted in the same VLAN, and
packets of different services must be transmitted in different VLANs.
On the network shown in Figure 3-5, the Switch receives Internet, IPTV, and voice services
from users with diverse IP subnets. Packets of different services need to be transmitted in
different VLANs, and packets of each service need to be sent to a specified remote server.
NOTE
The S2300SI does not support this configuration.
IPTV
server Voice
Internet Network
RouterB
RouterA Eth0/0/3 RouterC
Eth0/0/2 Eth0/0/4
Switch
Eth0/0/1
SwitchA
192.168.1.2 192.168.3.2
/24 192.168.2.2 /24
/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and determine which VLAN each service belongs to.
2. Associate IP subnets with VLANs so that VLANs of packets can be determined based on
the source IP addresses or specified network segments.
3. Add interfaces to VLANs so that packets of the IP subnet-based VLANs can pass through
the interfaces.
4. Configure the highest priority for IP subnet-based VLAN assignment.
5. Enable IP subnet-based VLAN assignment.
Procedure
Step 1 Create VLANs.
# Create VLAN 100, VLAN 200, and VLAN 300 on the Switch.
<Quidway> system-view
[Quidway] vlan batch 100 200 300
# Associate 192.168.2.2/24 to VLAN 200 and set the 802.1p priority of VLAN 200 to 3.
[Quidway] vlan 200
[Quidway-vlan200] ip-subnet-vlan 1 ip 192.168.2.2 24 priority 3
[Quidway-vlan200] quit
# Associate IP subnet 192.168.3.2/24 to VLAN 100 and set the 802.1p priority of VLAN 300
to 4.
[Quidway] vlan 300
[Quidway-vlan300] ip-subnet-vlan 1 ip 192.168.3.2 24 priority 4
[Quidway-vlan300] quit
----End
Configuration Files
l Configuration file of the Switch
#
sysname Quidway
#
vlan batch 100 200 300
#
vlan 100
ip-subnet-vlan 1 ip 192.168.1.2 255.255.255.0 priority 2
vlan 200
ip-subnet-vlan 1 ip 192.168.2.2 255.255.255.0 priority 3
vlan 300
ip-subnet-vlan 1 ip 192.168.3.2 255.255.255.0 priority 4
#
interface Ethernet0/0/1
port hybrid untagged vlan 100 200 300
ip-subnet-vlan enable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 200
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 300
#
return
NOTE
The S2300SI does not support this configuration.
Voice
Network Internet
RouterA RouterB
Eth0/0/2 Eth0/0/3
Switch
Eth0/0/1
IPv4 IPv6
VLAN 10 VLAN 20
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and determine which VLAN each service belongs to.
2. Associate protocols with VLANs so that VLAN IDs that received packets belong to can
be assigned based on the protocol types.
3. Add interfaces to VLANs so that packets of the protocol-based VLANs can pass through
the interfaces.
4. Associate ports with VLANs.
After the Switch receives a frame of a specified protocol, it assigns the VLAN ID associated
with the protocol to the frame.
Procedure
Step 1 Create VLANs.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan batch 10 20
[Switch] vlan 20
[Switch-vlan20] protocol-vlan ipv6
[Switch-vlan20] quit
# Associate Eth0/0/1 with VLAN 20 and set the 802.1p priority of VLAN 20 to 6.
[Switch-Ethernet0/0/1] protocol-vlan vlan 20 all priority 6
[Switch-Ethernet0/0/1] quit
# Add Eth0/0/2 to VLAN 10 so that Eth0/0/2 allows packets of VLAN 10 to pass through.
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port link-type trunk
[Switch-Ethernet0/0/2] port trunk allow-pass vlan 10
[Switch-Ethernet0/0/2] quit
# Add Eth0/0/3 to VLAN 20 so that Eth0/0/3 allows packets of VLAN 20 to pass through.
[Switch] interface ethernet 0/0/3
[Switch-Ethernet0/0/3] port link-type trunk
[Switch-Ethernet0/0/3] port trunk allow-pass vlan 20
[Switch-Ethernet0/0/3] return
----End
Configuration Files
l Configuration file of the Switch
#
sysname Switch
#
vlan batch 10 20
#
vlan 10
protocol-vlan 0 ipv4
vlan 20
protocol-vlan 0 ipv6
#
interface Ethernet0/0/1
port hybrid untagged vlan 10 20
protocol-vlan vlan 10 0 priority 5
protocol-vlan vlan 20 0 priority 6
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20
#
return
Networking Requirements
Users in an enterprise use different services and locate at different network segments. Users who
use the same service belong to different VLANs and they want to communicate with each other.
As shown in Figure 3-7, User 1 and User 2 use the same service but belong to different VLANs
and locate at different network segments. User 1 wants to communicate with User 2.
Figure 3-7 Networking diagram for implementing inter-VLAN communication using VLANIF
interfaces
Switch
Eth0/0/1 Eth0/0/2
VLANIF10 VLANIF20
10.10.10.2/24 20.20.20.2/24
VLAN 10 VLAN 20
User1 User2
10.10.10.3/24 20.20.20.3/24
Configuration Roadmap
The configuration roadmap is as follows:
NOTE
To implement communication between VLANs, hosts in each VLAN must use the IP address of the
corresponding VLANIF interface as the gateway address.
Procedure
Step 1 Configure the Switch.
# Create VLANs.
<Quidway> system-view
[Quidway] vlan batch 10 20
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
interface Vlanif20
ip address 20.20.20.2 255.255.255.0
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
return
Networking Requirements
Multiple departments in an enterprise locate at the same network segment. To improve the
service security, assign departments to different VLANs. Some departments need to
communicate.
As shown in Figure 3-8, departments in VLAN 2 and VLAN 3 want to communicate with each
other.
You can configure VLAN aggregation on the switch to isolate VLAN 2 from VLAN 3 at Layer
2 and allow them to communicate at Layer 3. VLAN 2 and VLAN 3 use the same subnet segment,
saving IP addresses.
NOTE
Eth0/0/1 Eth0/0/3
Eth0/0/2 Eth0/0/4
VLAN2 VLAN3
VLAN4
VLANIF4:100.1.1.12/24
VLAN 2 VLAN 3
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Set the interface type.
# Configure Eth 0/0/1 as an access interface.
<Quidway> system-view
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] port link-type access
[Quidway-Ethernet0/0/1] quit
Configurations of Eth0/0/2, Eth0/0/3, and Eth0/0/4 are the same as that of Eth0/0/1.
Step 2 Create VLAN 2 and add Eth0/0/1 and Eth0/0/2 to VLAN 2.
[Quidway] vlan 2
[Quidway-vlan2] port ethernet 0/0/1 0/0/2
[Quidway-vlan2] quit
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 100.1.1.12 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface Ethernet0/0/1
port link-type access
port default vlan 2
#
interface Ethernet0/0/2
port link-type access
port default vlan 2
#
interface Ethernet0/0/3
port link-type access
port default vlan 3
#
interface Ethernet0/0/4
port link-type access
port default vlan 3
#
return
NOTE
The S2300 does not support MUX VLAN.
Eth0/0/3 Eth0/0/4
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the principal VLAN.
2. Configure the group VLAN.
3. Configure the separate VLAN.
4. Add interfaces to the VLANs and enable the MUX VLAN function.
Procedure
Step 1 Configure the MUX VLAN.
# Create VLAN 2, VLAN 3, and VLAN 4.
<Quidway> system-view
[Quidway] vlan batch 2 3 4
# Add interfaces to the VLANs and enable the MUX VLAN function on the interfaces.
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] port link-type access
[Quidway-Ethernet0/0/1] port default vlan 2
[Quidway-Ethernet0/0/1] port mux-vlan enable
[Quidway-Ethernet0/0/1] quit
[Quidway] interface ethernet 0/0/2
[Quidway-Ethernet0/0/2] port link-type access
[Quidway-Ethernet0/0/2] port default vlan 3
[Quidway-Ethernet0/0/2] port mux-vlan enable
[Quidway-Ethernet0/0/2] quit
[Quidway] interface ethernet 0/0/3
[Quidway-Ethernet0/0/3] port link-type access
[Quidway-Ethernet0/0/3] port default vlan 3
[Quidway-Ethernet0/0/3] port mux-vlan enable
[Quidway-Ethernet0/0/3] quit
[Quidway] interface ethernet 0/0/4
[Quidway-Ethernet0/0/4] port link-type access
[Quidway-Ethernet0/0/4] port default vlan 4
[Quidway-Ethernet0/0/4] port mux-vlan enable
[Quidway-Ethernet0/0/4] quit
[Quidway] interface ethernet 0/0/5
[Quidway-Ethernet0/0/5] port link-type access
[Quidway-Ethernet0/0/5] port default vlan 4
[Quidway-Ethernet0/0/5] port mux-vlan enable
[Quidway-Ethernet0/0/5] quit
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate separate 4
subordinate group 3
#
interface Ethernet0/0/1
port link-type access
port default vlan 2
port mux-vlan enable
#
interface Ethernet0/0/2
port link-type access
port default vlan 3
port mux-vlan enable
#
interface Ethernet0/0/3
port link-type access
port default vlan 3
port mux-vlan enable
#
interface Ethernet0/0/4
port link-type access
port default vlan 4
port mux-vlan enable
#
interface Ethernet0/0/5
port link-type access
port default vlan 4
port mux-vlan enable
#
return
NOTE
The S2300SI does not support Voice VLAN.
Internet
Switch
Eth0/0/1
HG
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and VLANIF interfaces on Switch and configure interfaces so that users
can access the WAN.
2. Configure a voice VLAN and set the mode in which interfaces are added to the voice VLAN
to auto so that voice data packets are transmitted in the voice VLAN with a high priority.
Procedure
Step 1 Create VLANs and configure the interface on the Switch.
# Create VLAN 2 and VLAN 6.
<Quidway> system-view
[Quidway] vlan batch 2 6
# Set the voice VLAN mode to auto so that the interface can be automatically added to or deleted
from the voice VLAN.
Run the display voice-vlan 2 status command to check the voice VLAN mode, voice security
mode, and voice VLAN aging time.
<Quidway> display voice-vlan 2 status
Voice VLAN Configurations:
---------------------------------------------------
Voice VLAN ID : 2
Voice VLAN status : Enable
Voice VLAN aging time : 1440 (minutes)
Voice VLAN 8021p remark : 6
Voice VLAN dscp remark : 46
----------------------------------------------------------
Port Information:
-----------------------------------------------------------
Port Add-Mode Security-Mode Legacy
-----------------------------------------------------------
Ethernet0/0/1 Auto Security Disable
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 2 6
#
voice-vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
#
interface Ethernet0/0/1
voice-vlan 2 enable
port hybrid pvid vlan 6
port hybrid untagged vlan 6
#
return
Networking Requirements
As shown in Figure 3-11, data flows of the HSI, VoIP, and IPTV services are transmitted on
the network. Users require high quality of the VoIP service. Therefore, voice data flows must
be transmitted with a high priority.
Internet
Switch
Eth0/0/1
HG
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and VLANIF interfaces on Switch and configure interfaces so that users
can access the WAN.
2. Configure a voice VLAN and set the mode in which interfaces are added to the voice VLAN
to manual so that voice data packets are transmitted in the voice VLAN with a high priority.
Procedure
Step 1 Create VLANs and configure the interface on the Switch.
# Set the voice VLAN mode to manual and add the interface to the voice VLAN.
[Quidway-Ethernet0/0/1] voice-vlan mode manual
[Quidway-Ethernet0/0/1] port hybrid tagged vlan 2
[Quidway-Ethernet0/0/1] quit
Run the display voice-vlan 2 status command to check the voice VLAN mode, voice security
mode, and voice VLAN aging time.
<Quidway> display voice-vlan 2 status
Voice VLAN Configurations:
---------------------------------------------------
Voice VLAN ID : 2
Voice VLAN status : Enable
Voice VLAN aging time : 1440 (minutes)
Voice VLAN 8021p remark : 6
Voice VLAN dscp remark : 46
----------------------------------------------------------
Port Information:
-----------------------------------------------------------
Port Add-Mode Security-Mode Legacy
-----------------------------------------------------------
Ethernet0/0/1 Manual Security Disable
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 2 6
#
voice-vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
#
interface Ethernet0/0/1
voice-vlan 2 enable
NOTE
The S2300SI does not support QinQ.
Networking Requirements
As shown in Figure 3-12, there are two enterprises on the network, Enterprise 1 and Enterprise
2. Enterprise 1 has two office locations, and Enterprise 2 has 2 office locations. The office
locations of the two enterprises access SwitchA and SwitchB of the ISP network. A non-Huawei
device with the TPID value 0x9100 exists on the public network.
The requirements are as follows:
l Enterprise 1 and Enterprise 2 plans their VLANs independently.
l Traffic of the two branches is transparently transmitted on the public network. Users using
the same services in the two branches are allowed to communicate and users using different
services are isolated.
You can configure QinQ to meet the preceding requirements. VLAN 100 provided by the public
network can be used to implement communication of Enterprise 1 in the two branches and VLAN
200 is used for Enterprise 2. You can set the TPID value in the outer VLAN on the interface that
connects the non-Huawei device to implement communication between devices.
ISP
VLAN 100,200
TPID=0x9100
Eth0/0/3 Eth0/0/3
Switch A Switch B
Eth0/0/1 Eth0/0/2 Eth0/0/1 Eth0/0/2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure VLAN 100 and VLAN 200 on both SwitchA and SwitchB. Set the link type of
the interface to QinQ and add the interfaces to VLAN. In this way, different outer VLAN
tags are added to different services.
2. Add interfaces connecting to the public network on SwitchA and SwitchB to VLAN 100
and VLAN 200 to permit packets from these VLANs to pass through.
3. Set the TPID values in the outer VLAN tag on interfaces connecting to the public network
on SwitchA and SwitchB to implement communication between the device with devices
from other vendors.
Procedure
Step 1 Create VLANs.
# Configure Eth0/0/1 and Eth0/0/2 of SwitchB as QinQ interfaces. Set the VLAN of Eth0/0/1
to VLAN 100 and the VLAN of Eth0/0/2 to VLAN 200. The configuration procedure of SwitchB
is the same as that of SwitchA.
Step 3 Configure the interface connecting to the public network on the switch.
# Add Eth0/0/3 of SwitchA to VLAN 100 and VLAN 200.
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] port link-type trunk
[SwitchA-Ethernet0/0/3] port trunk allow-pass vlan 100 200
[SwitchA-Ethernet0/0/3] quit
# Add Eth0/0/3 of SwitchB to VLAN 100 and VLAN 200. The configuration procedure of
SwitchB is the same as that of SwitchA.
Step 4 Configure the TPID value for an outer VLAN tag
# Set the TPID value of an outer VLAN tag to 0x9100 on SwitchA.
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] qinq protocol 9100
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100 200
#
interface Ethernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface Ethernet0/0/2
port link-type dot1q-tunnel
port default vlan 200
#
interface Ethernet0/0/3
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return
#
sysname SwitchB
#
vlan batch 100 200
#
interface Ethernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface Ethernet0/0/2
port link-type dot1q-tunnel
port default vlan 200
#
interface Ethernet0/0/3
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return
Networking Requirements
As shown in Figure 3-13, Internet access users (using PCs) and VoIP users (using VoIP
terminals) connect to the ISP network through SwitchA and SwitchB and communicate with
each other through the ISP network.
It is required that packets of PCs and VoIP terminals be tagged VLAN 2 and VLAN 3 when the
packets are transmitted through the ISP network.
NOTE
Only the S3300 supports Selective QinQ.
SwitchA SwitchB
Eth0/0/2 Eth0/0/2
Network
Eth0/0/1 Eth0/0/1
PC VoIP VoIP PC
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs on SwitchA and SwitchB.
2. Configure link types of interfaces on SwitchA and SwitchB and add interfaces to VLANs.
3. Configure selective QinQ on the interfaces of SwitchA and SwitchB.
Procedure
Step 1 Create VLANs.
# On SwitchA, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN tag to be
added.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 2 3
# On SwitchB, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN tag to be
added.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 2 3
l PCs can communicate with each other through the ISP network.
l VoIP terminals can communicate with each other through the ISP network.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface Ethernet0/0/1
qinq vlan-translation enable
port hybrid untagged vlan 2 to 3
port vlan-stacking vlan 100 stack-vlan 2
port vlan-stacking vlan 300 stack-vlan 3
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
ME60
Internet
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure SwitchA.
# Create VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 21 to 70 1101 to 1103
----End
Configuration Files
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 21 to 70 1101 to 1103
#
interface Ethernet0/0/1
qinq vlan-translation enable
port hybrid tagged vlan 1101 to 1103
port hybrid untagged vlan 21
port vlan-stacking vlan 101 to 150 stack-vlan 21
#
return
#
interface Ethernet0/0/2
port hybrid tagged vlan 101 to 150 1101 to 1103
#
return
Networking Requirements
The management VLAN is deployed on the remote SwitchB and the VLAN ID of SwitchA is
the same as the management VLAN ID. However, the VLAN ID provided by the carrier is
different from the management VLAN ID. To remotely log in to the remote SwitchB on SwitchA,
you can configure VLAN stacking according to this example. As shown in Figure 3-15, SwitchA
is connected to the remote SwitchB through the third-party network. The management VLAN
is deployed on the remote SwitchB and the VLAN ID of SwitchA is the same as the management
VLAN ID. However, the VLAN ID provided by the carrier is different from the management
VLAN ID.
Figure 3-15 Networking diagram for configuring QinQ stacking on the VLANIF interface
20 10 IP
SwitchB
Eth0/0/2 Eth0/0/2
Internet
SwitchA Eth0/0/1
10 IP
Eth0/0/2
Eth0/0/1 SwitchC
user1
VLAN 10
To remotely log in to the remote SwitchB for managing VLAN services on SwitchA, you can
configure QinQ stacking on the VLANIF interface corresponding to the management VLAN on
SwitchB.
NOTE
When configuring QinQ stacking on a VLANIF interface, ensure that the VLANIF interface corresponds
to the management VLAN. VLANIF interfaces corresponding to other VLANs do not support QinQ
stacking.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure SwitchC.
# Configure QinQ so that the packets sent from SwitchA to the remote SwitchB carry double
tags.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 20
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] qinq vlan-translation enable
[SwitchA-Ethernet0/0/1] port vlan-stacking vlan 10 stack-vlan 20
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 20
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid tagged vlan 20
[SwitchA-Ethernet0/0/2] quit
You can log in to the remote SwitchB for managing VLAN services on SwitchA.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 20
#
interface Ethernet0/0/1
qinq vlan-translation enable
port hybrid untagged vlan 20
port vlan-stacking vlan 10 stack-vlan 20
#
interface Ethernet0/0/2
port hybrid tagged vlan 20
#
return
Context
NOTE
Networking Requirements
As shown in Figure 3-16, company A, a branch of company A, and company B are connected
using switches. To implement dynamic VLAN registration, enable GVRP. The branch of
company A can communicate with the headquarters using SwitchA and SwitchB. Company B
can communicate with company A using SwitchB and SwitchC. Interfaces connected to
company A allow only the VLAN to which company B belongs to pass.
Branch of
Company B
company A
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable GVRP to implement dynamic VLAN registration.
2. Configure GVRP on all switches of company A and set the registration mode to normal for
the interfaces to simplify configurations.
3. Configure GVRP on all switches of company A and set the registration mode to fixed for
the interfaces connecting to company A to allow only the VLAN to which company B
belongs to pass.
Procedure
Step 1 Configure SwitchA.
# Enable GVRP globally.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] gvrp
# Set the link type of Eth 0/0/1 and Eth 0/0/2 to trunk and configure the interfaces to allow all
VLANs to pass through.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port link-type trunk
[SwitchA-Ethernet0/0/1] port trunk allow-pass vlan all
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned
here.
Step 2 Configure SwitchC.
# Create VLAN 101 to VLAN 200.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] vlan batch 101 to 200
# Set the link type of Eth 0/0/1 and Eth 0/0/2 to trunk and configure the interfaces to allow all
VLANs to pass through.
[SwitchC] interface ethernet 0/0/1
[SwitchC-Ethernet0/0/1] port link-type trunk
[SwitchC-Ethernet0/0/1] port trunk allow-pass vlan all
[SwitchC-Ethernet0/0/1] quit
[SwitchC] interface ethernet 0/0/2
[SwitchC-Ethernet0/0/2] port link-type trunk
[SwitchC-Ethernet0/0/2] port trunk allow-pass vlan all
[SwitchC-Ethernet0/0/2] quit
Run the display gvrp statistics command on SwitchA to view GVRP statistics on GVRP
interfaces, including the GVRP state of each interface, number of GVRP registration failures,
source MAC address of the last GVRP PDU, and registration mode of each interface.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
gvrp
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
return
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
return
Networking Requirements
As shown in Figure 3-17, the MAC address of the user host PC1 is 0002-0002-0002 and that
of the user host PC2 is 0003-0003-0003. PC1 and PC2 are connected to the Switch through the
LSW. The LSW is connected to Eth0/0/1 of the Switch, which belongs to VLAN 2. The MAC
address of the server is 0004-0004-0004. The server is connected to Eth0/0/2 of the Switch.
Eth0/0/2 belongs to VLAN 2.
l To prevent hackers from using MAC addresses to attack the network, configure two static
MAC address entries for each user host on the Switch.
l To prevent hackers from stealing user information by forging the MAC address of the
server, configure a static MAC address entry on the Switch for the server.
Network Server
Eth0/0/1
LSW
PC1 PC2
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.
2. Configure static MAC address entries to prevent MAC address attacks.
3. Configure the aging time of dynamic MAC address entries to update the entries.
Procedure
Step 1 Configure static MAC address entries.
# Create VLAN 2 and add Ethernet0/0/1 and Ethernet0/0/2 to VLAN 2.
<Switch> system-view
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid pvid vlan 2
[Switch-Ethernet0/0/1] port hybrid untagged vlan 2
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid pvid vlan 2
[Switch-Ethernet0/0/2] port hybrid untagged vlan 2
[Switch-Ethernet0/0/2] quit
# Run the display mac-address aging-time command in any view to check whether the aging
time of dynamic entries is set successfully.
[Switch] display mac-address aging-time
Aging time: 500 seconds
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
vlan batch 2
#
Networking Requirements
As shown in Figure 3-18, user network 1 is connected to Switch on the Ethernet0/0/1 through
an LSW. User network 2 is connected to Switch on the Ethernet0/0/2 through another LSW.
Both Ethernet0/0/1 and Ethernet0/0/2 belong to VLAN 2. To prevent MAC address attacks and
limit the number of access users on the device, limit MAC address learning on all the interfaces
in VLAN 2.
NOTE
Only the S3300 supports limiting the number of MAC addresses learned in a VLAN.
Network
Switch
Eth0/0/1 Eth0/0/2
LSW LSW
User User
network 1 VLAN 2 network 2
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.
2. Limit MAC address learning on all the interfaces in the VLAN to prevent MAC address
attacks and limit the number of access users.
Procedure
Step 1 Limit MAC address learning.
# Configure the following MAC address limiting rule in VLAN 2: A maximum of 100 MAC
addresses can be learned. When the number of learned MAC addresses reaches the limit, the
device and sends an alarm.
[Switch] vlan 2
[Switch-vlan2] mac-limit maximum 100 alarm enable
[Switch-vlan2] quit
# Run the display mac-limit command in any view to check whether the MAC address limiting
rule is successfully configured.
<Switch> display mac-limit
MAC Limit is enabled
Total MAC Limit rule count : 1
----End
Configuration Files
The following lists only the configuration file of Switch.
#
sysname Switch
#
vlan batch 2
#
vlan 2
mac-limit maximum 100
#
interface Ethernet0/0/1
port hybrid pvid vlan 2
port hybrid untagged vlan 2
#
interface Ethernet0/0/2
port hybrid pvid vlan 2
port hybrid untagged vlan 2
#
return
Networking Requirements
As shown in Figure 3-19, a company wants to prevent computers of non-employees from
accessing the intranet of the company to protect information security. To achieve this goal, the
company needs to enable port security on the interface connected to computers of employees
and set the maximum number of MAC addresses learned by the interface to be the same as the
number of trusted computers.
NOTE
The S2300SI does not support Port Security.
Intranet
Switch
Eth0/0/1
VLAN 10
SwitchA
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Create a VLAN and set the link type of the interface.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface ethernet 0/0/1
# Set the limit on the number of MAC addresses that can be learned on the interface.
[Switch-Ethernet0/0/1] port-security max-mac-num 4
To enable the port security function on other interfaces, repeat the preceding steps.
Step 3 Verify the configuration.
If PC1 is replaced by another device, the device cannot access the intranet of the company.
----End
Configuration Files
Configuration file of the switch
#
sysname Switch
#
vlan batch 10
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
port-security enable
port-security protect-action protect
port-security max-mac-num 4
port-security mac-address sticky
#
return
Loops will cause broadcast storms, which exhaust network resources and paralyze the network.
Loops also cause MAC address flapping that damages MAC address entries.
STP can be deployed on a network to eliminate loops by blocking some ports. On the network
shown in Figure 3-20, after SwitchA, SwitchB, SwitchC, and SwitchD running STP discover
loops by exchanging information, they trim the ring topology into a loop-free tree topology by
blocking a certain port. STP prevents replication and circular propagation of packets on the
network and the release the switching devices from processing duplicate packets, improving
their processing performance.
Network
Eth0/0/3 Eth0/0/3
Root
SwitchD Eth0/0/1 Eth0/0/1
Bridge
STP
Eth0/0/3 Eth0/0/3
SwitchC SwitchB
Eth0/0/1 Eth0/0/1
Eth0/0/2 Eth0/0/2
PC1 PC2
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic STP functions, including:
a. Configure the STP mode for the ring network.
b. Configure primary and secondary root bridges.
c. Set path costs for ports to block certain ports.
d. Enable STP to eliminate loops.
NOTE
STP is not required on the interfaces connected to terminals because these interfaces do not
need to participate in STP calculation.
Procedure
Step 1 Configure basic STP functions.
1. Configure the STP mode for the devices on the ring network.
# Configure the STP mode on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp mode stp
3. Set path costs for ports in each spanning tree to block certain ports.
NOTE
l The values of path costs depend on the path-cost calculation method. Huawei calculation method
is used in this example, and the path cost of the blocked port is set to 20000 (the highest value
in the range).
l All switching devices on a network must use the same path cost calculation method.
# On Switch A, configure the path cost calculation method as the Huawei proprietary
method.
[SwitchA] stp pathcost-standard legacy
# On Switch B, configure the path cost calculation method as the Huawei proprietary
method.
[SwitchB] stp pathcost-standard legacy
# On SwitchD, configure the path cost calculation method as the Huawei proprietary
method.
[SwitchD] stp pathcost-standard legacy
After the previous configurations, run the following commands to verify the configuration when
the network is stable:
# Run the display stp brief command on SwitchA to view the interface status and protection
type. The displayed information is as follows:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
After SwitchA is configured as a root bridge, Ethernet 0/0/2 and Ethernet 0/0/1 connected to
SwitchB and SwitchD respectively are elected as designated ports in spanning tree calculation.
# Run the display stp interface ethernet 0/0/1 brief command on SwitchB to view status of
Ethernet 0/0/1. The displayed information is as follows:
[SwitchB] display stp interface ethernet 0/0/1 brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
Ethernet 0/0/1 is elected as a designated port in spanning tree calculation and is in the Forwarding
state.
# Run the display stp brief command on SwitchC to view the interface status and protection
type. The displayed information is as follows:
[SwitchC] display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ALTE DISCARDING NONE
0 Ethernet0/0/3 ROOT FORWARDING NONE
Ethernet 0/0/3 is elected as a root port in spanning tree calculation and is in the Forwarding state.
Ethernet 0/0/1 is elected as an alternate port in spanning tree calculation and is in the Discarding
state.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
stp mode stp
stp instance 0 root primary
stp pathcost-standard legacy
#
return
into a loop-free tree topology by blocking a certain port. In this manner, replication and circular
propagation of packets are prevented on the network and the switching devices are released from
processing duplicated packets, thereby improving their processing performance.
Network
Eth0/0/3 Eth0/0/3
Root
SwitchD Eth0/0/1 Eth0/0/1
Bridge
RSTP
Eth0/0/3 Eth0/0/3
SwitchC SwitchB
Eth0/0/1 Eth0/0/1
Eth0/0/2 Eth0/0/2
PC1 PC2
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic RSTP functions, including:
a. Configure the RSTP mode for the ring network.
b. Configure primary and secondary root bridges.
c. Set path costs for ports in each MSTI to block certain ports.
d. Enable RSTP to eliminate loops.
NOTE
The port connected to the PC does not participate in RSTP calculation, so it is configured as
an edge port and BPDU filter port.
2. Configure RSTP protection functions, for example, root protection on a designated port of
a root bridge in each MSTI.
Procedure
Step 1 Configure basic RSTP functions.
1. Configure the RSTP mode for the devices on the ring network.
3. Set path costs for ports in each MSTI to block certain ports.
NOTE
l The values of path costs depend on path cost calculation methods. Use the Huawei proprietary
calculation method as an example to set the path costs of the ports to be blocked to 20000.
l All switching devices on a network must use the same path cost calculation method.
# On Switch A, configure the path cost calculation method as the Huawei proprietary
method.
[SwitchA] stp pathcost-standard legacy
# On Switch B, configure the path cost calculation method as the Huawei proprietary
method.
[SwitchB] stp pathcost-standard legacy
# On SwitchD, configure the path cost calculation method as the Huawei proprietary
method.
[SwitchD] stp pathcost-standard legacy
[SwitchC-Ethernet0/0/2] quit
Step 2 Configure RSTP protection functions, for example, root protection on a designated port of a root
bridge in each MSTI.
# Enable root protection on GE 0/0/1 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-Ethernet0/0/1] stp root-protection
[SwitchA-Ethernet0/0/1] quit
Ethernet0/0/1 is elected as a designated port in spanning tree calculation and is in the Forwarding
state.
# Run the display stp brief command on SwitchC to view the interface status and protection
type. The displayed information is as follows:
[SwitchC] display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ALTE DISCARDING NONE
0 Ethernet0/0/3 ROOT FORWARDING NONE
GE0/0/1 is elected as an alternate port in spanning tree calculation and is in the Discarding state.
GE0/0/3 is elected as a root port in spanning tree calculation and is in the Forwarding state.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
stp mode rstp
stp instance 0 root primary
stp pathcost-standard legacy
#
interface Ethernet0/0/1
stp root-protection
#
interface Ethernet0/0/2
stp root-protection
#
return
NOTE
Network
RG1
SwitchA SwitchB
Eth0/0/2
Eth0/0/2
Eth0/0/1 Eth0/0/1
Eth0/0/3 Eth0/0/3
Eth0/0/2
SwitchC SwitchD
Eth0/0/2
Eth0/0/1 Eth0/0/1
VLAN2~10 MSTI1
VLAN11~20 MSTI2
MSTI1:
Root Switch:SwitchA
Blocked port
MSTI2:
Root Switch:SwitchB
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP functions on the switching device on the ring network.
2. Configure protection functions to protect devices or links. You can configure root
protection on the designated port of the root bridge.
Procedure
Step 1 Configure basic MSTP functions.
1. Configure SwitchA, SwitchB, SwitchC, and SwitchD in the same MST region named
RG1 and create MSTI 1 and MSTI 2.
NOTE
Two switching devices belong to the same MST region when they have the same:
l Name of the MST region
l Mapping between VLANs and MSTIs
l Revision level of the MST region
# Configure an MST region on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1
[SwitchA-mst-region] instance 1 vlan 2 to 10
[SwitchA-mst-region] instance 2 vlan 11 to 20
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
2. In the MST region RG1, configure the root bridge and secondary root bridge in MSTI 1
and MSTI 2.
l Configure the root bridge and secondary root bridge in MSTI 1.
# Configure SwitchA as the root bridge in MSTI 1.
[SwitchA] stp instance 1 root primary
3. Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be greater than the
default value.
NOTE
l The values of path costs depend on path cost calculation methods. This example uses the Huawei
proprietary calculation method as an example to set the path costs of the ports to be blocked to
20000.
l All switching devices on a network must use the same path cost calculation method.
# Configure SwitchA to use Huawei private algorithm to calculate the path cost.
[SwitchA] stp pathcost-standard legacy
# Configure SwitchB to use Huawei private algorithm to calculate the path cost.
[SwitchB] stp pathcost-standard legacy
# Configure SwitchC to use Huawei private algorithm to calculate the path cost, and set
the path cost of Eth0/0/2 in MSTI 2 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface ethernet 0/0/2
[SwitchC-Ethernet0/0/2] stp instance 2 cost 20000
[SwitchC-Ethernet0/0/2] quit
# Configure SwitchD to use Huawei private algorithm to calculate the path cost, and set
the path cost of Eth0/0/2 in MSTI 1 to 20000.
[SwitchD] stp pathcost-standard legacy
[SwitchD] interface ethernet 0/0/2
[SwitchD-Ethernet0/0/2] stp instance 1 cost 20000
[SwitchD-Ethernet0/0/2] quit
Step 2 Configure root protection on the designated port of the root bridge.
After the preceding configurations are complete and the network topology becomes stable,
perform the following operations to verify the configuration.
# Run the display stp brief command on SwitchA to view the status and protection type on the
ports. The displayed information is as follows:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
# Run the display stp brief command on SwitchB. The displayed information is as follows:
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING ROOT
0 Ethernet0/0/2 ROOT FORWARDING NONE
1 Ethernet0/0/1 DESI FORWARDING ROOT
1 Ethernet0/0/2 ROOT FORWARDING NONE
2 Ethernet0/0/1 DESI FORWARDING ROOT
2 Ethernet0/0/2 DESI FORWARDING NONE
In MSTI 2, Eth0/0/1 and Eth0/0/2 are designated ports because SwitchB is the root bridge. In
MSTI 1, Eth0/0/1 on SwitchB is the designated port and Eth0/0/2 is the root port.
# Run the display stp interface brief commands on SwitchC. The displayed information is as
follows:
[SwitchC] display stp interface ethernet 0/0/3 brief
MSTID Port Role STP State Protection
0 Ethernet0/0/3 ROOT FORWARDING NONE
1 Ethernet0/0/3 ROOT FORWARDING NONE
2 Ethernet0/0/3 ROOT FORWARDING NONE
[SwitchC] display stp interface ethernet 0/0/2 brief
MSTID Port Role STP State Protection
0 Ethernet0/0/2 DESI FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
2 Ethernet0/0/2 ALTE DISCARDING NONE
Eth0/0/3 on SwitchC is the root port in MSTI 1 and MSTI 2. Eth0/0/2 on SwitchC is the
designated port in MSTI 1 but is blocked in MSTI 2.
# Run the display stp interface brief commands on SwitchD. The displayed information is as
follows:
[SwitchD] display stp interface ethernet 0/0/3 brief
MSTID Port Role STP State Protection
0 Ethernet0/0/3 ALTE DISCARDING NONE
1 Ethernet0/0/3 ROOT FORWARDING NONE
2 Ethernet0/0/3 ROOT FORWARDING NONE
[SwitchD] display stp interface ethernet 0/0/2 brief
MSTID Port Role STP State Protection
0 Ethernet0/0/2 ROOT FORWARDING NONE
1 Ethernet0/0/2 ALTE DISCARDING NONE
2 Ethernet0/0/2 DESI FORWARDING NONE
Eth0/0/3 on SwitchD is the root port in MSTI 1 and MSTI 2. Eth0/0/2 on SwitchD is the blocked
port in MSTI 1 and is the designated port in MSTI 2.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 20
#
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp root-protection
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
active region-configuration
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp root-protection
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 2 to 20
#
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 2
stp disable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 2 cost 20000
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 2 to 20
#
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 11
stp disable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 1 cost 20000
#
interface Ethernet0/0/3
NOTE
Only the S3300 supports SEP.
Core
IP/MPLS Core
SEP
Segment1
Eth0/0/1 Eth0/0/1
LSW2 LSW4
LSW3
Eth0/0/2 Eth0/0/2
Eth0/0/1 Eth0/0/2
Eth0/0/3
Eth0/0/1
Access
Configuration Roadmap
The configuration roadmap is as follows:
e. Configure delayed preemption on the device where the primary edge interface is
located.
2. Configure the Layer 2 forwarding function on CE1 and LSW1 to LSW5.
Procedure
Step 1 Configure basic SEP functions.
1. Configure SEP segment 1 on LSW1 to LSW5 and configure VLAN 10 as the control VLAN
of SEP segment 1.
# Configure LSW1.
<Quidway> system-view
[Quidway] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit
# Configure LSW2.
<Quidway> system-view
[Quidway] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit
# Configure LSW3.
<Quidway> system-view
[Quidway] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit
# Configure LSW4.
<Quidway> system-view
[Quidway] sysname LSW4
[LSW4] sep segment 1
[LSW4-sep-segment1] control-vlan 10
[LSW4-sep-segment1] protected-instance all
[LSW4-sep-segment1] quit
# Configure LSW5.
<Quidway> system-view
[Quidway] sysname LSW5
[LSW5] sep segment 1
[LSW5-sep-segment1] control-vlan 10
[LSW5-sep-segment1] protected-instance all
[LSW5-sep-segment1] quit
NOTE
l The control VLAN must be a VLAN that has not been created or used, but the configuration file
automatically displays the command for creating the VLAN.
l Each SEP segment must be configured with a control VLAN. After an interface is added to the
SEP segment configured with a control VLAN, the interface is automatically added to the control
VLAN.
2. Add all devices on the ring to SEP segment 1 and configure interface roles on the devices.
NOTE
By default, STP is enabled on a Layer 2 interface. Before adding an interface to a SEP segment,
disable STP on the interface.
# On LSW1, configure Eth0/0/1 as the primary edge interface and Eth0/0/3 as the secondary
edge interface.
# Configure LSW2.
[LSW2] interface ethernet 0/0/1
[LSW2-Ethernet0/0/1] stp disable
[LSW2-Ethernet0/0/1] sep segment 1
[LSW2-Ethernet0/0/1] quit
[LSW2] interface ethernet 0/0/2
[LSW2-Ethernet0/0/2] stp disable
[LSW2-Ethernet0/0/2] sep segment 1
[LSW2-Ethernet0/0/2] quit
# Configure LSW3.
[LSW3] interface ethernet 0/0/1
[LSW3-Ethernet0/0/1] stp disable
[LSW3-Ethernet0/0/1] sep segment 1
[LSW3-Ethernet0/0/1] quit
[LSW3] interface ethernet 0/0/2
[LSW3-Ethernet0/0/2] stp disable
[LSW3-Ethernet0/0/2] sep segment 1
[LSW3-Ethernet0/0/2] quit
# Configure LSW4.
[LSW4] interface ethernet 0/0/1
[LSW4-Ethernet0/0/1] stp disable
[LSW4-Ethernet0/0/1] sep segment 1
[LSW4-Ethernet0/0/1] quit
[LSW4] interface ethernet 0/0/2
[LSW4-Ethernet0/0/2] stp disable
[LSW4-Ethernet0/0/2] sep segment 1
[LSW4-Ethernet0/0/2] quit
# Configure LSW5.
[LSW5] interface ethernet 0/0/1
[LSW5-Ethernet0/0/1] stp disable
[LSW5-Ethernet0/0/1] sep segment 1
[LSW5-Ethernet0/0/1] quit
[LSW5] interface ethernet 0/0/3
[LSW5-Ethernet0/0/3] stp disable
[LSW5-Ethernet0/0/3] sep segment 1
[LSW5-Ethernet0/0/3] quit
NOTE
l You must set the preemption delay when delayed preemption is used because there is no default
delay time.
l When the last faulty interface recovers, edge interfaces do not receive any fault notification
packet. If the primary edge interface does not receive any fault notification packet, it starts the
delay timer. When the delay timer expires, nodes in the SEP segment start blocked interface
preemption.
To implement delayed preemption in this example, simulate a port fault and then rectify the fault.
For example:
Run the shutdown command on Eth0/0/1 of LSW2 to simulate an interface fault, and then run
the undo shutdown command on Eth0/0/2 to rectify the fault.
Step 2 Configure the Layer 2 forwarding function on CE1 and LSW1 to LSW5.
For details about the configuration, see the configuration files.
Step 3 Verify the configuration.
l Run the shutdown command on Eth0/0/1 of LSW3 to simulate an interface fault, and then
run the display sep interface command on LSW3 to check whether Eth0/0/2 of LSW3 has
switched from the Discarding state to the Forwarding state.
<LSW3> display sep interface ethernet 0/0/2
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
Eth0/0/2 common up forwarding
----End
Configuration Files
l Configuration file of LSW1
#
sysname LSW1
#
vlan batch 10 100 200
#
sep segment 1
control-vlan 10
block port optimal
preempt delay 30
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1 edge primary
#
interface Ethernet0/0/2
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
interface Ethernet0/0/3
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1 edge secondary
#
return
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface Ethernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
l Configuration file of LSW3
#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface Ethernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
sep segment 1 priority 128
#
interface Ethernet0/0/3
port hybrid tagged vlan 100
#
return
l Configuration file of LSW4
#
sysname LSW4
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface Ethernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
l Configuration file of LSW5
#
sysname LSW5
#
vlan batch 10 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface Ethernet0/0/2
port hybrid pvid vlan 200
port hybrid tagged vlan 100
port hybrid untagged vlan 200
#
interface Ethernet0/0/3
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
return
Core
IP/MPLS Core
Eth0/0/2 Eth0/0/2
SEP
Eth0/0/1 Segment 1 Eth0/0/3
LSW4
LSW2 Et Eth0/0/1
h Eth0/0/2
Eth0/0/2 0/ LSW3
0/
3
Eth0/0/4
Eth0/0/1 Eth0/0/2 Eth0/0/1 Eth0/0/2
Se S
t2
gm EP
gm E P
en
Se S
Eth0/0/1 Eth0/0/1
CE2
CE1
VLAN VLAN
200 100
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic SEP functions.
a. Configure SEP segments 1 to 3 and configure VLAN 10, VLAN 20, and VLAN 30
as their respective control VLANs.
Procedure
Step 1 Configure basic SEP functions.
1. Configure SEP segments 1 to 3 and configure VLAN 10, VLAN 20, and VLAN 30 as their
respective control VLANs, as shown in Figure 3-24.
# Configure LSW1.
<Quidway> system-view
[Quidway] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit
# Configure LSW2.
<Quidway> system-view
[Quidway] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit
[LSW2] sep segment 2
[LSW2-sep-segment2] control-vlan 20
[LSW2-sep-segment2] protected-instance all
[LSW2-sep-segment2] quit
# Configure LSW3.
<Quidway> system-view
[Quidway] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit
[LSW3] sep segment 2
[LSW3-sep-segment2] control-vlan 20
[LSW3-sep-segment2] protected-instance all
[LSW3-sep-segment2] quit
[LSW3] sep segment 3
[LSW3-sep-segment3] control-vlan 30
[LSW3-sep-segment3] protected-instance all
[LSW3-sep-segment3] quit
# Configure LSW4.
<Quidway> system-view
[Quidway] sysname LSW4
[LSW4] sep segment 1
[LSW4-sep-segment1] control-vlan 10
[LSW4-sep-segment1] protected-instance all
[LSW4-sep-segment1] quit
[LSW4] sep segment 3
[LSW4-sep-segment3] control-vlan 30
[LSW4-sep-segment3] protected-instance all
[LSW4-sep-segment3] quit
# Configure LSW5.
<Quidway> system-view
[Quidway] sysname LSW5
[LSW5] sep segment 1
[LSW5-sep-segment1] control-vlan 10
[LSW5-sep-segment1] protected-instance all
[LSW5-sep-segment1] quit
l The control VLAN must be a VLAN that has not been created or used, but the configuration file
automatically displays the command for creating the VLAN.
l Each SEP segment must be configured with a control VLAN. After an interface is added to the
SEP segment configured with a control VLAN, the interface is automatically added to the control
VLAN.
2. Add devices on the rings to the SEP segments and configure interface roles according to
Figure 3-24.
NOTE
By default, STP is enabled on a Layer 2 interface. Before adding an interface to a SEP segment,
disable STP on the interface.
# On LSW1, configure Eth0/0/1 as the primary edge interface and Eth0/0/3 as the secondary
edge interface.
[LSW1] interface ethernet 0/0/1
[LSW1-Ethernet0/0/1] stp disable
[LSW1-Ethernet0/0/1] sep segment 1 edge primary
[LSW1-Ethernet0/0/1] quit
[LSW1] interface ethernet 0/0/3
# On LSW3, set the priority of Eth0/0/4 to 128, which is the highest priority among the
interfaces so that Eth0/0/4 will be blocked.
[LSW3] interface ethernet 0/0/4
[LSW3-Ethernet0/0/4] sep segment 1 priority 128
[LSW3-Ethernet0/0/4] quit
# On LSW4 where the primary edge interface of SEP segment 3 is located, specify the
blocked interface based on the configured hop count.
[LSW4] sep segment 3
[LSW4-sep-segment3] block port hop 5
[LSW4-sep-segment3] quit
NOTE
SEP sets the hop count of the primary edge interface to 1 and the hop count of the secondary edge
interface to 2. Hop counts of other interfaces increase by steps of 1 in the downstream direction of
the primary interface.
4. Configure the preemption mode.
# Configure delayed preemption on LSW1.
[LSW1] sep segment 1
[LSW1-sep-segment1] preempt delay 30
NOTE
l You must set the preemption delay when delayed preemption is used because there is no default
delay time.
l When the last faulty interface recovers, edge interfaces do not receive any fault notification
packet. If the primary edge interface does not receive any fault notification packet, it starts the
delay timer. When the delay timer expires, nodes in the SEP segment start blocked interface
preemption.
To implement delayed preemption in this example, simulate a port fault and then rectify the fault.
For example:
Run the shutdown command on Eth0/0/1 of LSW2 to simulate an interface fault, and then run
the undo shutdown command on Eth0/0/2 to rectify the fault.
# Configure manual preemption on LSW2.
[LSW2] sep segment 2
[LSW2-sep-segment2] preempt manual
# Configure LSW3.
[LSW3] sep segment 2
[LSW3-sep-segment2] tc-notify segment 1
[LSW3-sep-segment2] quit
# Configure LSW4.
[LSW4] sep segment 3
[LSW4-sep-segment3] tc-notify segment 1
[LSW4-sep-segment3] quit
NOTE
The topology change notification function is configured on edge devices between SEP segments so
that the upper-layer network can be notified of topology changes on the lower-layer network.
Step 2 Configure the Layer 2 forwarding function on the CEs and LSW1 to LSW11.
For details about the configuration, see the configuration files.
Step 3 Verify the configuration.
After completing the preceding configurations, verify the configuration. LSW1 is used as an
example.
l Run the shutdown command on Eth0/0/1 of LSW2 to simulate an interface fault, and then
run the display sep interface command on LSW3 to check whether Eth0/0/4 of LSW3 has
switched from the Discarding state to the Forwarding state.
<LSW3> display sep interface ethernet 0/0/4
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
Eth0/0/4 common up forwarding
----End
Configuration Files
l Configuration file of LSW1
#
sysname LSW1
#
vlan batch 10 100 200 300
#
sep segment 1
control-vlan 10
block port optimal
preempt delay 30
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1 edge primary
#
interface Ethernet0/0/2
port hybrid pvid vlan 300
port hybrid tagged vlan 100 200
port hybrid untagged vlan 300
#
interface Ethernet0/0/3
port hybrid tagged vlan 10 100 200 300
stp disable
sep segment 1 edge secondary
#
return
l Configuration file of LSW2
#
sysname LSW2
#
vlan batch 10 20 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
sep segment 2
control-vlan 20
block port sysname LSW7 interface Ethernet0/0/1
tc-notify segment 1
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
interface Ethernet0/0/2
port hybrid tagged vlan 20 200
stp disable
sep segment 2 edge primary
#
interface Ethernet0/0/3
port hybrid tagged vlan 10 100 200
stp disable
sep segment 1
#
return
l Configuration file of LSW3
#
sysname LSW3
#
vlan batch 10 20 30 100 200
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
sep segment 2
control-vlan 20
tc-notify segment 1
protected-instance 0 to 48
sep segment 3
control-vlan 30
tc-notify segment 1
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 30 100
stp disable
sep segment 3 edge secondary
#
interface Ethernet0/0/2
port hybrid tagged vlan 20 200
stp disable
sep segment 1
#
return
l Configuration file of LSW6
#
sysname LSW6
#
vlan batch 20 200
#
sep segment 2
control-vlan 20
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface Ethernet0/0/2
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
return
l Configuration file of LSW7
#
sysname LSW7
#
vlan batch 20 200
#
sep segment 2
control-vlan 20
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface Ethernet0/0/2
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface Ethernet0/0/3
port hybrid tagged vlan 200
#
return
l Configuration file of LSW8
#
sysname LSW8
#
vlan batch 20 200
#
sep segment 2
control-vlan 20
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
interface Ethernet0/0/2
port hybrid tagged vlan 20 200
stp disable
sep segment 2
#
return
#
return
Networking Requirements
Generally, redundant links are used to connect an Ethernet switching network to an upper-layer
network to provide link backup and enhance network reliability. The use of redundant links,
however, may produce loops, causing broadcast storms and rendering the MAC address table
unstable. As a result, communication quality deteriorates, and services may even be interrupted.
SEP can be deployed on the ring network to eliminate loops and restore communication if a link
fault occurs.
NOTE
In this example, devices at the aggregation layer run the MSTP protocol.
As shown in Figure 3-25, multiple Layer 2 switching devices form a ring at the access layer,
and multiple Layer 3 devices form a ring at the aggregation layer. The two devices where the
access layer and the aggregation layer are intersected do not support SEP. You can configure
SEP at the access layer to implement redundancy protection switching and configure the
topology change notification function on an edge device in a SEP segment. This function enables
an upper-layer network to detect topology changes in a lower-layer network in time.
l When there is no faulty link on the ring network, SEP can eliminate loops.
l When a link fails on the ring network, SEP can rapidly restore communication between
nodes.
l The topology change notification function must be configured on an edge device in a SEP
segment. This enables an upper-layer network to detect topology changes in a lower-layer
network in time.
After receiving a message indicating the topology change in a lower-layer network, a device on
an upper-layer network sends TC packets to instruct other devices to delete original MAC
addresses and learn new MAC addresses after the topology of the lower-layer network changes.
This ensures uninterrupted traffic forwarding.
IP/MPLS Core
Core
Eth0/0/2
Eth0/0/3 Eth0/0/3
Eth0/0/2
Aggregation
PE3 PE4
Eth0/0/1
Eth0/0/1
MSTP
Eth0/0/3
Eth0/0/1 Do not Support SEP Eth0/0/1
Eth0/0/1 Eth0/0/1
SEP
LSW1 Segment1 LSW2
Eth0/0/2 Eth0/0/2
Eth0/0/2 Eth0/0/1
Access
Eth0/0/3LSW3
Eth0/0/1
CE
No-neighbor Primary Edge Port
No-neighbor Secondary Edge Port
VLAN100
Block Port(SEP)
Block Port(MSTP)
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic SEP functions.
a. Configure SEP segment 1 on LSW1 to LSW3 and configure VLAN 10 as the control
VLAN of SEP segment 1.
b. Add LSW1 to LSW3 to SEP segment 1 and configure interface roles on the edge
devices (LSW1 and LSW2) of the SEP segment.
NOTE
PE1 and PE2 do not support the SEP protocol; therefore, the interfaces of LSW1 and LSW2
connected to the PEs must be no-neighbor edge interfaces.
c. On the device where the no-neighbor primary edge interface is located, specify the
interface in the middle of the SEP segment as the interface to block.
d. Configure manual preemption.
e. Configure the topology change notification function so that the upper-layer network
running MSTP can be notified of topology changes in the SEP segment.
2. Configure basic MSTP functions.
a. Add LSW1, LSW2, PE1 to PE4 to an MST region RG1.
b. Create VLANs on LSW1, LSW2, PE1 to PE4 and add interfaces on the STP ring to
the VLANs.
c. Configure PE3 as the root bridge and PE4 as the backup root bridge.
3. Configure the Layer 2 forwarding function on CE and LSW1 to LSW3.
Procedure
Step 1 Configure basic SEP functions.
1. Configure SEP segment 1 on LSW1 to LSW3 and configure VLAN 10 as the control VLAN
of SEP segment 1.
# Configure LSW1.
<Quidway> system-view
[Quidway] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
[LSW1-sep-segment1] protected-instance all
[LSW1-sep-segment1] quit
# Configure LSW2.
<Quidway> system-view
[Quidway] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit
# Configure LSW3.
<Quidway> system-view
[Quidway] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit
NOTE
l The control VLAN must be a VLAN that has not been created or used, but the configuration file
automatically displays the command for creating the VLAN.
l Each SEP segment must be configured with a control VLAN. After an interface is added to the
SEP segment configured with a control VLAN, the interface is automatically added to the control
VLAN.
2. Add LSW1 to LSW3 to SEP segment 1 and configure interface roles.
# Configure LSW1.
[LSW1] interface ethernet 0/0/1
[LSW1-Ethernet0/0/1] sep segment 1 edge no-neighbor primary
[LSW1-Ethernet0/0/1] quit
[LSW1] interface ethernet 0/0/2
# Configure LSW2.
[LSW2] interface ethernet 0/0/1
[LSW2-Ethernet0/0/1] sep segment 1 edge no-neighbor secondary
[LSW2-Ethernet0/0/1] quit
[LSW2] interface ethernet 0/0/2
[LSW2-Ethernet0/0/2] stp disable
[LSW2-Ethernet0/0/2] sep segment 1
[LSW2-Ethernet0/0/2] quit
# Configure LSW3.
[LSW3] interface ethernet 0/0/1
[LSW3-Ethernet0/0/1] stp disable
[LSW3-Ethernet0/0/1] sep segment 1
[LSW3-Ethernet0/0/1] quit
[LSW3] interface ethernet 0/0/2
[LSW3-Ethernet0/0/2] stp disable
[LSW3-Ethernet0/0/2] sep segment 1
[LSW3-Ethernet0/0/2] quit
# Configure LSW2.
[LSW2] sep segment 1
[LSW2-sep-segment1] tc-notify stp
[LSW2-sep-segment1] quit
# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] stp region-configuration
[PE2-mst-region] region-name RG1
[PE2-mst-region] active region-configuration
[PE2-mst-region] quit
# Configure PE3.
<Quidway> system-view
[Quidway] sysname PE3
[PE3] stp region-configuration
[PE3-mst-region] region-name RG1
[PE3-mst-region] active region-configuration
[PE3-mst-region] quit
# Configure PE4.
<Quidway> system-view
[Quidway] sysname PE4
[PE4] stp region-configuration
[PE4-mst-region] region-name RG1
[PE4-mst-region] active region-configuration
[PE4-mst-region] quit
# Configure LSW1.
[LSW1] stp region-configuration
[LSW1-mst-region] region-name RG1
[LSW1-mst-region] active region-configuration
[LSW1-mst-region] quit
# Configure LSW2.
[LSW2] stp region-configuration
[LSW2-mst-region] region-name RG1
[LSW2-mst-region] active region-configuration
[LSW2-mst-region] quit
# On PE2, PE3, and PE4, create VLAN 100 and add Eth0/0/1, Eth0/0/2, and Eth0/0/3 to
VLAN 100.
The configurations of PE2, PE3, and PE4 are similar to the configuration of PE1. For details
about the configuration, see the configuration files.
# On LSW1 and LSW2, create VLAN 100 and add Eth0/0/1 to VLAN 100. The
configurations of LSW1 and LSW2 are similar to the configuration of PE1. For details
about the configuration, see the configuration files.
3. Enable MSTP.
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
# Configure PE3.
[PE3] stp enable
# Configure PE4.
[PE4] stp enable
# Configure LSW1.
[LSW1] stp enable
# Configure LSW2.
[LSW2] stp enable
4. Configure PE3 as the root bridge and PE4 as the backup root bridge.
# Set the priority of PE3 to 0 in MSTI0 to ensure that PE3 functions as the root bridge.
[PE3] stp root primary
# Set the priority of PE4 to 4096 in MSTI0 to ensure that PE4 functions as the backup root
bridge.
[PE4] stp root secondary
Step 3 Configure the Layer 2 forwarding function on the CE and LSW1 to LSW3.
For details about the configuration, see the configuration files.
Step 4 Verify the configuration.
After the configurations are complete and network becomes stable, run the following commands
to verify the configuration. LSW1 is used as an example.
l Run the shutdown command on Eth0/0/1 of LSW2 to simulate an interface fault, and then
run the display sep interface command on LSW3 to check whether Eth0/0/2 of LSW3 has
switched from the Discarding state to the Forwarding state.
<LSW3> display sep interface ethernet 0/0/2
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
Eth0/0/2 common up forwarding
----End
Configuration Files
l Configuration file of LSW1
#
sysname LSW1
#
vlan batch 10 100
#
stp region-configuration
region-name RG1
active region-configuration
#
sep segment 1
control-vlan 10
block port middle
tc-notify stp
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 10 100
sep segment 1 edge no-neighbor primary
#
interface Ethernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
#
vlan batch 10 100
#
#
stp region-configuration
region-name RG1
active region-configuration
#
sep segment 1
control-vlan 10
tc-notify stp
protected-instance 0 to 48
#
interface Ethernet0/0/1
port hybrid tagged vlan 10 100
sep segment 1 edge no-neighbor secondary
#
interface Ethernet0/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
#
return
l Configuration file of CE
#
sysname CE
#
vlan batch 100
#
interface Ethernet0/0/1
port hybrid tagged vlan 100
#
return
Networking Requirements
Generally, redundant links are used to connect an Ethernet switching network to an upper-layer
network to provide link backup and enhance network reliability. The use of redundant links,
however, may produce loops, causing broadcast storms and rendering the MAC address table
unstable. As a result, communication quality deteriorates, and services may even be interrupted.
SEP can be deployed on the ring network to eliminate loops and restore communication if a link
fault occurs.
Network
NPE1 NPE2
Eth0/0/2
Eth0/0/3 Eth0/0/3
Eth0/0/2
Aggregation
PE3 PE4
Eth0/0/1
Eth0/0/1
RRPP
Eth0/0/3
Eth0/0/1 Eth0/0/1
Eth0/0/1 Eth0/0/1
SEP
LSW1 Segment1 LSW2
Eth0/0/2 Eth0/0/2
Eth0/0/2 Eth0/0/1
Access
Eth0/0/3LSW3
Eth0/0/1
CE
Primary Edge Port
Secondary Edge Port
VLAN100
Block Port(SEP)
Block Port(RRPP)
As shown in Figure 3-26, multiple Layer 2 switching devices at the access layer and aggregation
layer form a ring network to access the core layer. RRPP has been configured at the aggregation
layer to eliminate loops. In this case, SEP needs to run at the access layer to implement the
following functions:
l Eliminates loops when there is no faulty link on the ring network.
l Rapidly restores communication between nodes when a link fault occurs on the ring
network.
l Provides the topology change notification function on an edge device in a SEP segment.
This function enables an upper-layer network to detect topology changes in a lower-layer
network in time.
After receiving a message indicating the topology change in a lower-layer network, a device
on an upper-layer network sends TC packets to instruct other devices to delete original
MAC addresses and learn new MAC addresses after the topology of the lower-layer
network changes. This ensures uninterrupted traffic forwarding.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic SEP functions.
a. Configure SEP segment 1 on PE1, PE2, and LSW1 to LSW3 and configure VLAN
10 as the control VLAN of SEP segment 1.
b. Add PE1, PE2, and LSW1 to LSW3 to SEP segment 1, and configure interface roles
on edge devices (PE1 and PE2) of the SEP segment.
c. Set an interface blocking mode on the device where a primary edge interface is located
to specify an interface to block.
d. Configure the preemption mode to ensure that the specified interface is blocked when
a fault is rectified.
e. Configure the topology change notification function so that the topology change in
the local SEP segment can be notified to the upper-layer network where RRPP is
enabled.
2. Configure basic RRPP functions.
a. Add PE1 to PE4 to RRPP domain 1, create control VLAN 5 on PE1 to PE4, and
configure a protected VLAN.
b. Configure PE1 as the master node and PE2 to PE4 as transit nodes on the major ring,
and configure the primary and secondary interfaces of the major ring.
c. Create a VLAN on PE1 to PE4, and add the interfaces on the RRPP ring network to
the VLAN.
3. Configure the Layer 2 forwarding function on the CE, LSW1 to LSW3, and PE1 to PE4.
Procedure
Step 1 Configure basic SEP functions.
1. Configure SEP segment 1 on PE1, PE2, and LSW1 to LSW3 and configure VLAN 10 as
the control VLAN of SEP segment 1.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] sep segment 1
[PE1-sep-segment1] control-vlan 10
[PE1-sep-segment1] protected-instance all
[PE1-sep-segment1] quit
# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] sep segment 1
[PE2-sep-segment1] control-vlan 10
[PE2-sep-segment1] protected-instance all
[PE2-sep-segment1] quit
# Configure LSW1.
<Quidway> system-view
[Quidway] sysname LSW1
[LSW1] sep segment 1
[LSW1-sep-segment1] control-vlan 10
# Configure LSW2.
<Quidway> system-view
[Quidway] sysname LSW2
[LSW2] sep segment 1
[LSW2-sep-segment1] control-vlan 10
[LSW2-sep-segment1] protected-instance all
[LSW2-sep-segment1] quit
# Configure LSW3.
<Quidway> system-view
[Quidway] sysname LSW3
[LSW3] sep segment 1
[LSW3-sep-segment1] control-vlan 10
[LSW3-sep-segment1] protected-instance all
[LSW3-sep-segment1] quit
2. Add PE1, PE2, and LSW1 to LSW3 to SEP segment 1 and configure interface roles.
NOTE
By default, STP is enabled on an interface. Before adding an interface to a SEP segment, disable STP
on the interface.
# Configure PE1.
[PE1] interface ethernet 0/0/1
[PE1-Ethernet0/0/1] stp disable
[PE1-Ethernet0/0/1] sep segment 1 edge primary
[PE1-Ethernet0/0/1] quit
# Configure LSW1.
[LSW1] interface ethernet 0/0/1
[LSW1-Ethernet0/0/1] sep segment 1
[LSW1-Ethernet0/0/1] quit
[LSW1] interface ethernet 0/0/2
[LSW1-Ethernet0/0/2] stp disable
[LSW1-Ethernet0/0/2] sep segment 1
[LSW1-Ethernet0/0/2] quit
# Configure LSW2.
[LSW2] interface ethernet 0/0/1
[LSW2-Ethernet0/0/1] sep segment 1
[LSW2-Ethernet0/0/1] quit
[LSW2] interface ethernet 0/0/2
[LSW2-Ethernet0/0/2] stp disable
[LSW2-Ethernet0/0/2] sep segment 1
[LSW2-Ethernet0/0/2] quit
# Configure LSW3.
[LSW3] interface ethernet 0/0/1
[LSW3-Ethernet0/0/1] stp disable
[LSW3-Ethernet0/0/1] sep segment 1
[LSW3-Ethernet0/0/1] quit
[LSW3] interface ethernet 0/0/2
[LSW3-Ethernet0/0/2] stp disable
[LSW3-Ethernet0/0/2] sep segment 1
[LSW3-Ethernet0/0/2] quit
# Configure PE2.
[PE2] interface ethernet 0/0/1
[PE2-Ethernet0/0/1] stp disable
[PE2-Ethernet0/0/1] sep segment 1 edge secondary
[PE2-Ethernet0/0/1] quit
After completing the preceding configurations, run the display sep topology command on
PE1 to view the topology of the SEP segment. The command output shows that the blocked
interface is one of the two interfaces that complete neighbor negotiations last.
[PE1] display sep topology
SEP segment 1
-----------------------------------------------------------------
System Name Port Name Port Role Port Status
-----------------------------------------------------------------
PE1 Eth0/0/1 primary forwarding
LSW1 Eth0/0/1 common forwarding
LSW1 Eth0/0/2 common forwarding
LSW3 Eth0/0/2 common forwarding
LSW3 Eth0/0/1 common forwarding
LSW2 Eth0/0/2 common forwarding
LSW2 Eth0/0/1 common forwarding
PE2 Eth0/0/1 secondary discarding
# Configure PE2.
[PE2] sep segment 1
[PE2-sep-segment1] tc-notify rrpp
[PE2-sep-segment1] quit
After the preceding configurations are successful, perform the following operations to verify the
configurations. PE1 is used as an example.
l Run the display sep topology command on PE1 to view the topology of the SEP segment.
The command output shows that the status of Eth 0/0/2 on LSW3 is discarding and the status
of the other interfaces is forwarding.
[PE1] display sep topology
SEP segment 1
-----------------------------------------------------------------
System Name Port Name Port Role Port Status
-----------------------------------------------------------------
PE1 Eth0/0/1 primary forwarding
LSW1 Eth0/0/1 common forwarding
LSW1 Eth0/0/2 common forwarding
LSW3 Eth0/0/2 common discarding
LSW3 Eth0/0/1 common forwarding
LSW2 Eth0/0/2 common forwarding
LSW2 Eth0/0/1 common forwarding
PE2 Eth0/0/1 secondary forwarding
l Run the display sep interface verbose command on PE1 to view detailed information about
the interfaces added to the SEP segment.
[PE1] display sep interface verbose
SEP segment 1
Control-vlan :10
Preempt Delay Timer :0
TC-Notify Propagate to :rrpp
----------------------------------------------------------------
Interface :Eth0/0/1
Port Role :Config = primary / Active = primary
Port Priority :64
Port Status :forwarding
Neighbor Status :up
Neighbor Port :LSW1 - Eth0/0/1 (00e0-0829-7c00.0000)
NBR TLV rx :2124 tx :2126
LSP INFO TLV rx :2939 tx :135
LSP ACK TLV rx :113 tx :768
PREEMPT REQ TLV rx :0 tx :3
PREEMPT ACK TLV rx :3 tx :0
TC Notify rx :5 tx :3
EPA rx :363 tx :397
# Configure PE2.
[PE2] stp region-configuration
[PE2-mst-region] instance 1 vlan 5 6 100
[PE2-mst-region] active region-configuration
[PE2-mst-region] quit
[PE2] rrpp domain 1
[PE2-rrpp-domain-region1] control-vlan 5
[PE2-rrpp-domain-region1] protected-vlan reference-instance 1
# Configure PE3.
[PE3] stp region-configuration
[PE3-mst-region] instance 1 vlan 5 6 100
[PE3-mst-region] active region-configuration
[PE3-mst-region] quit
[PE3] rrpp domain 1
[PE3-rrpp-domain-region1] control-vlan 5
[PE3-rrpp-domain-region1] protected-vlan reference-instance 1
# Configure PE4.
[PE4] stp region-configuration
[PE4-mst-region] instance 1 vlan 5 6 100
[PE4-mst-region] active region-configuration
[PE4-mst-region] quit
[PE4] rrpp domain 1
[PE4-rrpp-domain-region1] control-vlan 5
[PE4-rrpp-domain-region1] protected-vlan reference-instance 1
2. Create a VLAN and add interfaces on the ring network to the VLAN.
# Create VLAN 100 on PE1, and add Eth 0/0/1, Eth 0/0/2, and Eth 0/0/3 to VLAN 100.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface ethernet 0/0/1
[PE1-Ethernet0/0/1] stp disable
[PE1-Ethernet0/0/1] port link-type trunk
[PE1-Ethernet0/0/1] port trunk allow-pass vlan 100
[PE1-Ethernet0/0/1] quit
[PE1] interface ethernet 0/0/2
[PE1-Ethernet0/0/2] stp disable
[PE1-Ethernet0/0/2] port link-type trunk
[PE1-Ethernet0/0/2] port trunk allow-pass vlan 100
[PE1-Ethernet0/0/2] quit
[PE1] interface ethernet 0/0/3
[PE1-Ethernet0/0/3] stp disable
[PE1-Ethernet0/0/3] port link-type trunk
[PE1-Ethernet0/0/3] port trunk allow-pass vlan 100
[PE1-Ethernet0/0/3] quit
# Create VLAN 100 on PE2, and add Eth 0/0/1, Eth 0/0/2, and Eth 0/0/3 to VLAN 100.
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface ethernet 0/0/1
[PE2-Ethernet0/0/1] stp disable
[PE2-Ethernet0/0/1] port link-type trunk
[PE2-Ethernet0/0/1] port trunk allow-pass vlan 100
[PE2-Ethernet0/0/1] quit
[PE2] interface ethernet 0/0/2
[PE2-Ethernet0/0/2] stp disable
[PE2-Ethernet0/0/2] port link-type trunk
[PE2-Ethernet0/0/2] port trunk allow-pass vlan 100
[PE2-Ethernet0/0/2] quit
[PE2] interface ethernet 0/0/3
[PE2-Ethernet0/0/3] stp disable
[PE2-Ethernet0/0/3] port link-type trunk
[PE2-Ethernet0/0/3] port trunk allow-pass vlan 100
[PE2-Ethernet0/0/3] quit
# Create VLAN 100 on PE3, and add Eth 0/0/1 and Eth 0/0/2 to VLAN 100.
[PE3] vlan 100
[PE3-vlan100] quit
[PE3] interface ethernet 0/0/1
[PE3-Ethernet0/0/1] stp disable
[PE3-Ethernet0/0/1] port link-type trunk
[PE3-Ethernet0/0/1] port trunk allow-pass vlan 100
[PE3-Ethernet0/0/1] quit
[PE3] interface ethernet 0/0/2
[PE3-Ethernet0/0/2] stp disable
[PE3-Ethernet0/0/2] port link-type trunk
[PE3-Ethernet0/0/2] port trunk allow-pass vlan 100
[PE3-Ethernet0/0/2] quit
# Create VLAN 100 on PE4, and add Eth 0/0/1 and Eth 0/0/2 to VLAN 100.
[PE4] vlan 100
[PE4-vlan100] quit
[PE4] interface ethernet 0/0/1
[PE4-Ethernet0/0/1] stp disable
[PE4-Ethernet0/0/1] port link-type trunk
[PE4-Ethernet0/0/1] port trunk allow-pass vlan 100
[PE4-Ethernet0/0/1] quit
[PE4] interface ethernet 0/0/2
[PE4-Ethernet0/0/2] stp disable
[PE4-Ethernet0/0/2] port link-type trunk
[PE4-Ethernet0/0/2] port trunk allow-pass vlan 100
[PE4-Ethernet0/0/2] quit
3. Configure PE1 as the master node and PE2 to PE4 as transit nodes of the major ring, and
configure the primary and secondary interfaces of the major ring.
# Configure PE1.
[PE1] rrpp domain 1
[PE1-rrpp-domain-region1] ring 1 node-mode master primary-port ethernet0/0/2
secondary-port ethernet0/0/3 level 0
[PE1-rrpp-domain-region1] ring 1 enable
# Configure PE2.
[PE2] rrpp domain 1
[PE2-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet0/0/2
secondary-port ethernet0/0/3 level 0
[PE2-rrpp-domain-region1] ring 1 enable
# Configure PE3.
# Configure PE4.
[PE4] rrpp domain 1
[PE4-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet0/0/1
secondary-port ethernet0/0/2 level 0
[PE4-rrpp-domain-region1] ring 1 enable
4. Enable RRPP.
# Configure PE1.
[PE1] rrpp enable
# Configure PE2.
[PE2] rrpp enable
# Configure PE3.
[PE3] rrpp enable
# Configure PE4.
[PE4] rrpp enable
After completing the preceding configurations, run the display rrpp brief or display rrpp
verbose domain command on PE1 to check the RRPP configuration.
[PE1] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 M Ethernet0/0/2 Ethernet0/0/3 Yes
The command output shows that RRPP is enabled on PE1. In domain 1, VLAN 5 is the major
control VLAN, VLAN 6 is the sub-control VLAN, Instance 1 is the protected VLAN, and PE1
is the master node in major ring 1 with the primary and secondary interfaces as Ethernet0/0/2
and Ethernet0/0/3 respectively.
[PE1] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : Ethernet0/0/2 Port status: UP
Secondary port : Ethernet0/0/3 Port status: BLOCKED
The command output shows that in domain 1, VLAN 5 is the major control VLAN, VLAN 6 is
the sub-control VLAN, Instance 1 is the protected VLAN, PE1 is the master node in major ring
1 with the primary and secondary interfaces as Ethernet0/0/2 and Ethernet0/0/3 respectively,
and the node status is Complete.
Step 3 Configure the Layer 2 forwarding function on the CE, LSW1 to LSW3, and PE1 to PE4.
For the configuration details, see the configuration files.
Step 4 Verify the configuration.
After the previous configurations, run the following commands to verify the configuration when
the network is stable. LSW1 is used as an example.
l Run the shutdown command on Eth0/0/1 of LSW2 to simulate an interface fault, and then
run the display sep interface command on LSW3 to check whether the status of Eth0/0/2
changes from blocked to forwarding.
[LSW3] display sep interface ethernet 0/0/2
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
Eth0/0/2 common up forwarding
----End
Configuration Files
l Configuration file of LSW1
#
sysname LSW1
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 48
#
interface Ethernet0/0/1 port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
return
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 5 to 6 10 100
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet 0/0/2 secondary-port Ethernet
0/0/3 level 0
ring 1 enable
#
sep segment 1
control-vlan 10
tc-notify rrpp
protected-instance 0 to 48
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1 edge secondary
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
return
l Configuration file of PE3
#
sysname PE3
#
vlan batch 5 to 6 100 200
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet 0/0/1 secondary-port Ethernet
0/0/2 level 0
ring 1 enable
#
interface Ethernet0/0/1
NOTE
The S2300SI does not support Layer 2 Protocol Transparent Transmission.
Networking Requirements
As shown in Figure 3-27, CEs are edge devices on two private networks of an enterprise located
in different areas, and PE1 and PE2 are edge devices on the ISP network. The two private
networks of the enterprise are Layer 2 networks and they are connected through the ISP network.
STP is run on the Layer 2 networks to prevent loops. Enterprise users require that STP run only
on the private networks so that spanning trees can be generated correctly.
Figure 3-27 Networking diagram for configuring interface-based Layer 2 protocol transparent
transmission
ISP
network
PE2
Eth0/0/1
Eth0/0/1
PE1 Eth0/0/1
CE1 Eth0/0/1
CE2
User A User A
network1 network2
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Enable STP on CEs.
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] stp enable
[CE1] interface ethernet 0/0/1
[CE1-Ethernet0/0/1] port hybrid pvid vlan 100
[CE1-Ethernet0/0/1] port hybrid untagged vlan 100
# Configure CE2.
<Quidway> system-view
[Quidway] sysname CE2
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] stp enable
[CE2] interface ethernet 0/0/1
[CE2-Ethernet0/0/1] port hybrid pvid vlan 100
[CE2-Ethernet0/0/1] port hybrid untagged vlan 100
Step 2 Add Eth0/0/1 on PE1 and PE2 to VLAN 100 and enable Layer 2 protocol transparent
transmission on PEs.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface Ethernet 0/0/1
[PE1-Ethernet0/0/1] port hybrid pvid vlan 100
[PE1-Ethernet0/0/1] port hybrid untagged vlan 100
[PE1-Ethernet0/0/1] l2protocol-tunnel stp enable
[PE1-Ethernet0/0/1] quit
# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface Ethernet 0/0/1
[PE2-Ethernet0/0/1] port hybrid pvid vlan 100
[PE2-Ethernet0/0/1] port hybrid untagged vlan 100
[PE2-Ethernet0/0/1] l2protocol-tunnel stp enable
[PE2-Ethernet0/0/1] quit
Step 3 Configure PEs to replace the destination MAC address of STP packets received from CEs.
# Configure PE1.
[PE1] l2protocol-tunnel stp group-mac 0100-5e00-0011
# Configure PE2.
[PE2] l2protocol-tunnel stp group-mac 0100-5e00-0011
Run the display stp command on CE1 and CE2 to view the root in the MSTP region. You can
find that a spanning tree is calculated between CE1 and CE2. Eth0/0/1 on CE1 is the root port
and Eth0/0/1 on CE2 is the designated port.
<CE1> display stp
-------[CIST Global Info] [Mode MSTP] -------
CIST Bridge :32768.00e0-fc9f-3257
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0
CIST RootPortId :128.82
BPDU-Protection :Disabled
TC or TCN received :6
TC count per hello :6
STP Converge Mode :
Time since last TC :0 days 2h:24m:36s
----[Port1(Ethernet0/0/1)] [FORWARDING] ----
Port Protocol :Enabled
Port Role :Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=200000000
Designated Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/hello-time
Protection Type :None
Port STP Mode :MSTP
Port Protocol Type :Config=auto / Active= dot1s
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send :0
TC or TCN received :0
BPDU Sent :6
TCN: 0, Config: 0, RST: 0, MST: 6
BPDU Received :4351
TCN: 0, Config: 0, RST: 0, MST: 4351
<CE2> display stp
-------[CIST Global Info] [Mode MSTP] -------
CIST Bridge :32768.00e0-fc9a-4315
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 0
CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0
CIST RootPortId :0.0
BPDU-Protection :Disabled
TC or TCN received :3
TC count per hello :3
STP Converge Mode :
Time since last TC :0 days 2h:26m:42s
----[Port1(Ethernet0/0/1)] [FORWARDING] ----
Port Protocol :Enabled
Port Role :Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=200000000
Designated Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/hello-time
Protection Type :None
Port STP Mode :MSTP
Port Protocol Type :Config=auto / Active= dot1s
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send :0
TC or TCN received :0
BPDU Sent :4534
TCN: 0, Config: 0, RST: 0, MST: 4534
BPDU Received :6
TCN: 0, Config: 0, RST: 0, MST: 6
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
Networking Requirements
As shown in Figure 3-28, CEs are edge devices on two private networks of an enterprise located
in different areas, and PE1 and PE2 are edge devices on the ISP network. VLAN 100 and VLAN
200 are Layer 2 networks for different users and are connected through the ISP network. STP
is run on the Layer 2 networks to prevent loops. Enterprise users require that STP run only on
the private networks so that spanning trees can be generated correctly.
l All the devices in VLAN 100 participate in calculation of a spanning tree.
l All the devices in VLAN 200 participate in calculation of a spanning tree.
Figure 3-28 Networking diagram for configuring VLAN-based Layer 2 protocol transparent
transmission
PE1 PE2
ISP
network
Eth0/0/2 Eth0/0/3 Eth0/0/2 Eth0/0/3
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure STP on CEs to prevent loops on Layer 2 networks.
2. Configure CEs to send STP packets with specified VLAN tags to PEs so that calculation
of a spanning tree is complete independently in VLAN 100 and VLAN 200.
3. Configure VLAN-based Layer 2 protocol transparent transmission on PEs so that STP
packets are not sent to the CPUs of PEs for processing.
Procedure
Step 1 Enable STP on CEs.
# Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
# Configure CE4.
[CE4] stp enable
Step 2 Configure CE1 and CE2 to send STP packets with VLAN tag 100 to PEs, and configure CE3
and CE4 to send STP packets with VLAN tag 200 to PEs.
# Configure CE1.
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface ethernet 0/0/1
[CE1-Ethernet0/0/1] port hybrid tagged vlan 100
[CE1-Ethernet0/0/1] stp bpdu vlan 100
# Configure CE2.
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] interface ethernet 0/0/1
[CE2-Ethernet0/0/1] port hybrid tagged vlan 100
[CE2-Ethernet0/0/1] stp bpdu vlan 100
# Configure CE3.
[CE3] vlan 200
[CE3-vlan200] quit
[CE3] interface ethernet 0/0/1
[CE3-Ethernet0/0/1] port hybrid tagged vlan 200
[CE3-Ethernet0/0/1] stp bpdu vlan 200
# Configure CE4.
[CE4] vlan 200
[CE4-vlan200] quit
[CE4] interface ethernet 0/0/1
[CE4-Ethernet0/0/1] port hybrid tagged vlan 200
[CE4-Ethernet0/0/1] stp bpdu vlan 200
Step 3 Configure PE interfaces to transparently transmit STP packets of CEs to the peer ends.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] vlan 200
[PE1-vlan200] quit
[PE1] interface ethernet 0/0/2
[PE1-Ethernet0/0/2] port hybrid tagged vlan 100
[PE1-Ethernet0/0/2] l2protocol-tunnel stp vlan 100
[PE1-Ethernet0/0/2] quit
[PE1] interface ethernet 0/0/3
[PE1-Ethernet0/0/3] port hybrid tagged vlan 200
[PE1-Ethernet0/0/3] l2protocol-tunnel stp vlan 200
[PE1-Ethernet0/0/3] quit
# Configure PE2.
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] vlan 200
[PE2-vlan200] quit
[PE2] interface ethernet 0/0/2
[PE2-Ethernet0/0/2] port hybrid tagged vlan 100
[PE2-Ethernet0/0/2] l2protocol-tunnel stp vlan 100
[PE2-Ethernet0/0/2] quit
[PE2] interface ethernet 0/0/3
[PE2-Ethernet0/0/3] port hybrid tagged vlan 200
Step 4 Configure PEs to replace the destination MAC address of STP packets received from CEs.
# Configure PE1.
[PE1] l2protocol-tunnel stp group-mac 0100-5e00-0011
# Configure PE2.
[PE2] l2protocol-tunnel stp group-mac 0100-5e00-0011
Run the display stp command on CE1 and CE2 to view the root in the MSTP region. You can
find that a spanning tree is calculated between CE1 and CE2. Eth0/0/1 on CE1 is the root port
and Eth0/0/1 on CE2 is the designated port.
<CE1> display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-09f0-1b91
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000b-09d4-b66c / 199999
CIST RegRoot/IRPC :32768.000b-09f0-1b91 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :2
TC count per hello :2
STP Converge Mode :
Share region-configuration :enabled
Time since last TC :0 days 3h:53m:43s
Port Protocol :Enabled
Port Role :Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=200000000
Designated Bridge/Port :32768.000b-09d4-b66c / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/hello-time
Protection Type :None
Port STP Mode :MSTP
Port Protocol Type :Config=auto / Active= dot1s
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send :0
TC or TCN received :0
BPDU Sent :237
TCN: 0, Config: 0, RST: 0, MST: 237
BPDU Received :9607
TCN: 0, Config: 0, RST: 0, MST: 9607
<CE2> display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-09d4-b66c
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000b-09d4-b66c / 0
CIST RegRoot/IRPC :32768.000b-09d4-b66c / 0
Run the display stp command on CE3 and CE4 to view the root in the MSTP region. You can
find that a spanning tree is calculated between CE3 and CE4. Eth0/0/1 on CE3 is the root port
and Eth0/0/1 on CE4 is the designated port.
<CE3> display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.00e0-fc9f-3257
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :4
TC count per hello :4
STP Converge Mode :
Time since last TC :0 days 3h:57m:0s
Port Protocol :Enabled
Port Role :Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=200000000
Designated Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/hello-time
Protection Type :None
Port STP Mode :MSTP
Port Protocol Type :Config=auto / Active= dot1s
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send :0
TC or TCN received :0
BPDU Sent :238
TCN: 0, Config: 0, RST: 0, MST: 238
BPDU Received :9745
TCN: 0, Config: 0, RST: 0, MST: 9745
<CE4> display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.00e0-fc9a-4315
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 0
CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :2
TC count per hello :2
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
interface Ethernet0/0/1
port hybrid tagged vlan 100
stp bpdu vlan 100
#
return
Networking Requirements
As shown in Figure 3-29, CEs are edge devices on two private networks of an enterprise located
in different areas, and PE1 and PE2 are edge devices on the ISP network. VLAN 100 and VLAN
200 are Layer 2 networks for different users and are connected through the ISP network. STP
is run on the Layer 2 networks to prevent loops. Enterprise users require that STP run only on
the private networks so that spanning trees can be generated correctly.
Because of shortage of public VLAN resources, VLAN IDs on carrier networks must be saved.
NOTE
Only the S3300 supports QinQ-based Layer 2 Protocol Transparent Transmission.
Figure 3-29 Networking diagram for configuring QinQ-based Layer 2 protocol transparent
transmission
User A User A
VLAN100 VLAN100
Eth0/0/1
Eth0/0/1
Eth0/0/2
Eth0/0/2
CE1 CE2
ISP
PE1 Network PE2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure STP on CEs to prevent loops on Layer 2 networks.
2. Configure CEs to send STP packets with specified VLAN tags to PEs so that calculation
of a spanning tree is complete independently in VLAN 100 and VLAN 200.
3. Configure VLAN-based Layer 2 protocol transparent transmission on PEs so that STP
packets are not sent to the CPUs of PEs for processing.
4. Configure QinQ (VLAN stacking) on PEs so that PEs add outer VLAN tag 10 to STP
packets sent from CEs, saving public network VLAN IDs.
Procedure
Step 1 Enable STP on CEs.
# Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
Step 2 Configure CE1 and CE2 to send STP packets with VLAN tag 100 to PEs, and configure CE3
and CE4 to send STP packets with VLAN tag 200 to PEs.
# Configure CE1.
[CE1] vlan 100
[CE1-vlan100] quit
# Configure CE2.
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] interface ethernet 0/0/1
[CE2-Ethernet0/0/1] port hybrid tagged vlan 100
[CE2-Ethernet0/0/1] stp bpdu vlan 100
[CE2-Ethernet0/0/1] quit
# Configure CE3.
[CE3] vlan 200
[CE3-vlan200] quit
[CE3] interface ethernet 0/0/1
[CE3-Ethernet0/0/1] port hybrid tagged vlan 200
[CE3-Ethernet0/0/1] stp bpdu vlan 200
[CE3-Ethernet0/0/1] quit
# Configure CE4.
[CE4] vlan 200
[CE4-vlan200] quit
[CE4] interface ethernet 0/0/1
[CE4-Ethernet0/0/1] port hybrid tagged vlan 200
[CE4-Ethernet0/0/1] stp bpdu vlan 200
[CE4-Ethernet0/0/1] quit
Step 3 Configure QinQ-based Layer 2 protocol transparent transmission on PEs so that STP packets
with VLAN tags 100 and 200 are tagged with outer VLAN 10 by PEs and can be transmitted
on the ISP network.
# Configure PE1.
[PE1] vlan 10
[PE1-Vlan10] quit
[PE1] interface ethernet 0/0/2
[PE1-Ethernet0/0/2] qinq vlan-translation enable
[PE1-Ethernet0/0/2] port hybrid untagged vlan 10
[PE1-Ethernet0/0/2] port vlan-stacking vlan 100 stack-vlan 10
[PE1-Ethernet0/0/2] l2protocol-tunnel stp vlan 10
[PE1-Ethernet0/0/2] quit
[PE1] interface ethernet 0/0/3
[PE1-Ethernet0/0/3] qinq vlan-translation enable
[PE1-Ethernet0/0/3] port hybrid untagged vlan 10
[PE1-Ethernet0/0/3] port vlan-stacking vlan 200 stack-vlan 10
[PE1-Ethernet0/0/3] l2protocol-tunnel stp vlan 10
[PE1-Ethernet0/0/3] quit
# Configure PE2.
[PE2] vlan 10
[PE2-Vlan10] quit
[PE2] interface ethernet 0/0/2
[PE2-Ethernet0/0/2] qinq vlan-translation enable
[PE2-Ethernet0/0/2] port hybrid untagged vlan 10
[PE2-Ethernet0/0/2] port vlan-stacking vlan 100 stack-vlan 10
[PE2-Ethernet0/0/2] l2protocol-tunnel stp vlan 10
[PE2-Ethernet0/0/2] quit
[PE2] interface ethernet 0/0/3
[PE2-Ethernet0/0/3] qinq vlan-translation enable
[PE2-Ethernet0/0/3] port hybrid untagged vlan 10
[PE2-Ethernet0/0/3] port vlan-stacking vlan 200 stack-vlan 10
[PE2-Ethernet0/0/3] l2protocol-tunnel stp vlan 10
[PE2-Ethernet0/0/3] quit
Step 4 Configure PEs to replace the destination MAC address of STP packets received from CEs.
# Configure PE1.
[PE1] l2protocol-tunnel stp group-mac 0100-5e00-0011
# Configure PE2.
[PE2] l2protocol-tunnel stp group-mac 0100-5e00-0011
Run the display stp command on CE1 and CE2 to view the root in the MSTP region. You can
find that a spanning tree is calculated between CE1 and CE2. Eth0/0/1 on CE1 is the root port
and Eth0/0/1 on CE2 is the designated port.
<CE1> display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-09f0-1b91
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000b-09d4-b66c / 199999
CIST RegRoot/IRPC :32768.000b-09f0-1b91 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :2
TC count per hello :2
STP Converge Mode :
Time since last TC :0 days 2h:24m:36s
----[Port17(Ethernet0/0/1)][FORWARDING]----
Port Protocol :Enabled
Port Role :Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=200000000
Designated Bridge/Port :32768.000b-09d4-b66c / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/hello-time
Protection Type :None
Port STP Mode :MSTP
Port Protocol Type :Config=auto / Active= dot1s
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send :0
TC or TCN received :0
BPDU Sent :237
TCN: 0, Config: 0, RST: 0, MST: 237
BPDU Received :9607
TCN: 0, Config: 0, RST: 0, MST: 9607
<CE2> display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-09d4-b66c
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000b-09d4-b66c / 0
CIST RegRoot/IRPC :32768.000b-09d4-b66c / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :1
Run the display stp command on CE3 and CE4 to view the root in the MSTP region. You can
find that a spanning tree is calculated between CE3 and CE4. Eth0/0/1 on CE3 is the root port
and Eth0/0/1 on CE4 is the designated port.
<CE3> display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.00e0-fc9f-3257
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :4
TC count per hello :4
STP Converge Mode :
Time since last TC :0 days 2h:24m:36s
----[Port17(Ethernet0/0/1)][FORWARDING]----
Port Protocol :Enabled
Port Role :Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=200000000
Designated Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/hello-time
Protection Type :None
Port STP Mode :MSTP
Port Protocol Type :Config=auto / Active= dot1s
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send :0
TC or TCN received :0
BPDU Sent :238
TCN: 0, Config: 0, RST: 0, MST: 238
BPDU Received :9745
TCN: 0, Config: 0, RST: 0, MST: 9745
<CE4> display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.00e0-fc9a-4315
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 0
CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :2
TC count per hello :2
STP Converge Mode :
Run the display vlan command on PEs to view the QinQ configuration.
The display on PE1 is used as an example.
<PE1> display vlan 10 verbose
* : Management-VLAN
---------------------
VLAN ID : 10
VLAN Type : Common
Description : VLAN 0010
Status : Enable
Broadcast : Enable
MAC learning : Enable
Statistics : Disable
Property : Default
VLAN State : Up
----------------
Untagged Port: Ethernet0/0/2 Ethernet0/0/3
----------------
Active Untag Port: Ethernet0/0/2 Ethernet0/0/3
----------------
QinQ-stack Port: Ethernet0/0/2 Ethernet0/0/3
----------------
Interface Physical
Ethernet0/0/2 UP
Ethernet0/0/3 UP
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
interface Ethernet0/0/1
port hybrid tagged vlan 100
stp bpdu vlan 100
#
return
Networking Requirements
As shown in Figure 3-30, if there is a loop on the network connected to the Eth0/0/1 interface,
broadcast storms will occur on the Switch or even the entire network.
To detect loops on the network connected to the switch and disabled downlink interfaces to
reduce impacts on the switch and other networks, enable loopback detection on the Switch.
Eth0/0/1
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable loopback detection on the interface to detect loops on downlink networks.
2. Specify the VLAN ID for loopback detection packets.
3. Set loopback detection parameters to enable the interface automatic recovery.
Procedure
Step 1 Enable loopback detection on the interface.
<Quidway> system-view
[Quidway] sysname Switch
When loops occur on the Ethernet0/0/1 interface, the interface is blocked. The interface will
recover 30s after no loopback packets are detected.
----End
Configuration Files
Configuration file of the Switch
#
sysname Switch
#
vlan batch 100
#
loopback-detect packet-interval 10
#
interface Ethernet0/0/1
port hybrid tagged vlan 100
loopback-detect recovery-time 30
loopback-detect packet vlan 100
loopback-detect enable
#
return
Networking Requirements
Flows of the HSI, VoIP, and IPTV services are transmitted on the network. Users require high
quality of the VoIP service. Therefore, voice data flows must be transmitted with a high priority.
If a voice device supports LLDP and has a high 802.1p priority (for example, 5), you can
configure LLDP and Voice VLAN on the switch. Then the switch uses the LLDP protocol to
deliver the Voice VLAN ID to the voice device and does not change the packet priority.
As shown in Figure 3-31, after a Voice VLAN is configured on the Switch, the voice device
learns the Voice VLAN ID using LLDP.
NOTE
The S2300SI does not support this example.
Internet
Switch
Eth0/0/1
HG
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs.
2. Configure the link type and default VLAN of the interface connected to the IP phone.
3. Enable the Voice VLAN function on the interface.
4. Configure the interface to join the Voice VLAN in manual mode.
5. Set the working mode of the Voice VLAN.
Procedure
Step 1 Configure VLANs and interface on the Switch.
# Create VLAN 2 and VLAN 6.
<Quidway> system-view
[Quidway] vlan batch 2 6
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 2 6
#
lldp enable
#
interface Ethernet0/0/1
voice-vlan 2 enable
voice-vlan mode manual
undo voice-vlan security enable
port hybrid pvid vlan 6
port hybrid tagged vlan 2
port hybrid untagged vlan 6
trust 8021p
#
return
Networking Requirements
Flows of the HSI, VoIP, and IPTV services are transmitted on the network. Users require high
quality of the VoIP service. Therefore, voice data flows must be transmitted with a high priority.
If a voice device supports DHCP and has a high 802.1p priority (for example, 5), you can
configure DHCP and Voice VLAN on the switch. Then the switch uses the DHCP protocol to
deliver the Voice VLAN ID to the voice device and does not change the packet priority.
As shown in Figure 3-32, the voice device does not support VLAN configuration. In this case,
you can configure the DHCP option so that the DHCP server can deliver the voice VLAN ID to
the voice device.
NOTE
Only the S3300 supports this example.
Internet
Eth0/0/1
HG
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs.
2. Configure the link type and default VLAN of the interface connected to the IP phone.
3. Configure the interface to trust the 802.1p priority of packets.
4. Configure an IP address pool.
5. Configure Option in the address pool.
6. Enable DHCP globally and configure the DHCP server on the VLANIF interface to allocate
IP addresses using the global IP address pool.
Procedure
Step 1 Configure VLANs and interface on the Switch.
NOTE
The DHCP option is configured to enable the DHCP server to deliver the voice VLAN ID to the voice
device. Option184 is used as an example here. IP phones from different vendors may use different options.
For the specific option used by an IP phone, see the user manual of the IP phone. For details on how to
configure the option, see the option command in S2300&S3300 Series Ethernet Switches IP Service
Commands - DHCP Configuration Commands.
Step 5 Create the VLANIF interface corresponding to the default VLAN of Ethernet0/0/1. Configure
the DHCP server on the VLANIF interface to allocate IP addresses using the global address
pool.
[Quidway] interface Vlanif2
[Quidway-Vlanif2] ip address 192.168.10.1 255.255.255.0
[Quidway-Vlanif2] dhcp select global
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 2 6
#
dhcp enable
#
ip pool ip_access
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
option184 voice-vlan 6
#
interface Vlanif2
ip address 192.168.10.1 255.255.255.0
dhcp select global
#
interface Ethernet0/0/1
port hybrid pvid vlan 2
port hybrid tagged vlan 6
port hybrid untagged vlan 2
trust 8021p
#
return
Networking Requirements
Flows of the HSI, VoIP, and IPTV services are transmitted on the network. Users require high
quality of the VoIP service. Therefore, voice data flows must be transmitted with a high priority.
If a voice device connected to a switch does not support LLDP or DHCP, you can configure an
ACL on the switch to implement VoIP access.
As shown in Figure 1, the voice device sends untagged packets. To ensure high-quality VoIP
service, the Switch identifies voice data packets based on the source MAC address, tags the
voice data packets with VLAN 200, and sets the priority of the voice data packets to 7.
NOTE
The S2300SI does not support this example.
Internet
Switch
Eth0/0/1
HG
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VLAN.
2. Configure the link type and default VLAN of the interface connected to the voice device.
3. Configure an ACL rule to match the MAC address of the voice device.
4. Configure the Switch to change the priority of the packets matching the ACL rule.
Procedure
Step 1 Configure VLAN and interface on the Switch.
<Quidway> system-view
[Quidway] vlan 200
[Quidway-vlan200] quit
# Configure the link type and default VLAN of the interface connected to the voice device.
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] port link-type dot1q-tunnel
[Quidway-Ethernet0/0/1] port default vlan 200
[Quidway-Ethernet0/0/1] quit
Step 3 Apply the ACL to Eth0/0/1 and re-mark the priority of the packets matching the ACL.
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] traffic-remark inbound acl 4000 8021p 7
[Quidway-Ethernet0/0/1] return
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 200
#
acl number 4000
rule 5 permit source-mac 1234-1234-1200 ffff-ffff-ff00
#
interface Ethernet0/0/1
port link-type dot1q-tunnel
port default vlan 200
traffic-remark inbound acl 4000 8021p 7
#
return
This document describes configuration of IP Service supported by the device and provides
configuration examples.
4.1 IP Address Configuration
Network devices can communicate at the network layer only after they are configured with IP
addresses.
4.2 ARP Configuration
The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses so that Ethernet
frames can be transmitted on a physical network.
4.3 DHCP Configuration
Dynamic Host Configuration Protocol (DHCP) dynamically manages and configures clients in
a concentrated manner. It ensures proper IP address allocation and improves IP address use
efficiency.
4.4 DHCP Policy VLAN Configuration
On a network supporting VLAN assignment based on IP subnets, after the Dynamic Host
Configuration Protocol (DHCP) policy VLAN is configured on a switch, a new host can
communicate with the DHCP server using DHCP packets.
4.5 DHCPv6 Configuration
This section describes how to configure the DHCPv6 function. Currently, the switch can function
as the DHCPv6 relay on the IPv6 network.
4.6 IP Performance Configuration
You can optimize IP performance by adjusting parameters on the network.
4.7 DNS Configuration
This chapter describes the principles, basic functions and configuration procedures of DNS on
the switch, and provides configuration examples.
4.8 Basic IPv6 Configurations
The IPv6 protocol stack supports routing protocols and application protocols on an IPv6 network.
4.9 IPv6 DNS configuration
This section describes how to configure IPv6 DNS so that devices can use domain names to
communicate.
GE0/0/1
VLANIF100
172.16.1.1/24
172.16.2.1/24 sub
172.16.2.1/24 172.16.2.2/24
Configuration Roadmap
The configuration roadmap is as follows:
Configure a primary IP address and a secondary IP address for the interface.
Procedure
Step 1 Add GigabitEthernet0/0/1 to VLAN 100, and configure a primary IP address and a secondary
IP address for VLANIF100.
<Quidway> system-view
[Quidway] vlan 100
[Quidway-Vlan100] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface vlanif 100
# Ping a host on network segment 172.16.1.0 from the Switch. The ping operation succeeds.
<Quidway> ping 172.16.1.2
PING 172.16.1.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=128 time=25 ms
Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=128 time=27 ms
Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=128 time=26 ms
Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=128 time=26 ms
Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=128 time=26 ms
--- 172.16.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/26/27 ms
# Ping a host on network segment 172.16.2.0 from the Switch. The ping operation succeeds.
<Quidway> ping 172.16.2.2
PING 172.16.2.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=128 time=25 ms
Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=128 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=128 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=128 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=128 time=26 ms
--- 172.16.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 100
#
interface Vlanif100
ip address 172.16.1.1 255.255.255.0
ip address 172.16.2.1 255.255.255.0 sub
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
Networking Requirements
As shown in Figure 4-2, Tunnel interfaces (Tunnel0/0/15) of SwitchA and SwitchC are seldom
used, so they have no IP address configured. IP unnumbered need to be configured on the tunnel
interfaces so that the two switches can communicate through the tunnel.
GE0/0/1 GE0/0/1
SwitchA
116.116.116.1/24
LoopBack 0
LoopBack 0
20.1.1.1/24 30.1.1.2/24
9.9.9.1/24
Tunnel
Tunnel Tunnel
0/0/15 0/0/15
PC 1 PC 2
Configuration Roadmap
The configuration roadmap is as follows:
1. Create tunnel interfaces on SwitchA and SwitchC, set up a GRE tunnel between them, and
specify the source and destination addresses of the tunnel interfaces.
2. On SwitchA and SwitchC, configure an IP address for a loopback interface and configure
the tunnel interface to borrow the IP address from this loopback interface.
Procedure
Step 1 Configure public IP and the IP address of interface Loopback0
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] port default vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 20.1.1.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 116.116.116.1 24
[SwitchA-LoopBack0] quit
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 10 20
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type access
# Configure SwitchC.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] vlan 10
[SwitchC-vlan10] quit
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type access
[SwitchC-GigabitEthernet0/0/1] port default vlan 10
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] ip address 30.1.1.2 24
[SwitchC-Vlanif10] quit
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 9.9.9.1 24
[SwitchC-LoopBack0] quit
# Configure SwitchA.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Configure SwitchB.
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# Configure SwitchC.
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
Step 3 Configure Tunnel0/0/15 to borrow the IP address from Loopback0 and configure the gre tunnel.
# Configure SwitchA.
[SwitchA] interface tunnel 0/0/15
[SwitchA-Tunnel0/0/15] tunnel-protocol gre
[SwitchA-Tunnel0/0/15] ip address unnumbered interface loopback 0
[SwitchA-Tunnel0/0/15] source 20.1.1.1
[SwitchA-Tunnel0/0/15] destination 30.1.1.2
[SwitchA-Tunnel0/0/15] quit
# Configure SwitchC.
# Configure SwitchC.
[SwitchC] ip route-static 116.116.116.0 255.255.255.0 tunnel 0/0/15
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface LoopBack0
ip address 116.116.116.1 255.255.225.0
#
interface Vlanif10
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface Tunnel0/0/15
ip address unnumbered interface LoopBack0
tunnel-protocol gre
source 20.1.1.1
destination 30.1.1.2
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
#
ip route-static 9.9.9.0 255.255.255.0 tunnel 0/0/15
#
return
Networking Requirements
As shown in Figure 4-3, GE0/0/1 on the switch connects to hosts through the LAN Switch
(LSW). GE0/0/2 connects to a server through the Router. Requirements are as follows:
l GE0/0/1 belongs to VLAN2 and GE0/0/2 belongs to VLAN3.
l Dynamic ARP parameters should be configured for VLANIF2 of the switch so that packets
are transmitted correctly regardless of network typology change.
l A static ARP entry should be configured on GE0/0/2 of the switch to ensure secure
communication with the server and prevent illegal ARP packets. The IP address of the
router should be 10.2.2.3 and the corresponding MAC address is 00e0-fc01-0000.
Internet
Router
VLANIF3
GE0/0/2 10.2.2.2/24
Switch
GE0/0/1 VLANIF2
2.2.2.2/24
LSW
PC1
Internet
PC3
PC2
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
# Create VLANIF2.
[Quidway] interface vlanif 2
# Create VLANIF3.
[Quidway] interface vlanif 3
# Configure a static ARP entry with IP address 10.2.2.3, MAC address 00e0-fc01-0000, VLAN
ID 3, and outbound interface GE0/0/2.
[Quidway] arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface gigabitethernet 0/0/2
[Quidway] quit
# Run the display current-configuration command to check the aging time, number of probes,
and ARP mapping entries.
<Quidway> display current-configuration | include arp
arp detect-times 2
arp expire-time 60
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet0/0/2
----End
Configuration Files
Configuration file of the switch
#
sysname Quidway
#
vlan batch 2 to 3
#
interface Vlanif2
arp detect-times 2
arp expire-time 60
ip address 2.2.2.2 255.255.255.0
#
interface Vlanif3
ip address 10.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 2
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 3
#
arp static 10.2.2.3 00e0-fc01-0000 vid 3 interface GigabitEthernet0/0/2
#
return
Networking Requirements
In Figure 4-4, Ethernet interfaces GE0/0/1 and GE0/0/2 connect to two LANs respectively. The
two LANs are at the same network segment 172.16.0.0/16. HostA and HostB have no default
gateway. Routed proxy ARP is required to be configured on the switch so that hosts on two
LANs can communicate.
GE0/0/1 GE0/0/2
172.16.1.1/24 172.16.2.1/24
VLAN2 VLAN3
Switch
Ethernet A Ethernet B
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Create VLAN2 and add GE0/0/1 to VLAN2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port link-type access
[Quidway-GigabitEthernet0/0/1] port default vlan 2
[Quidway-GigabitEthernet0/0/1] quit
----End
Configuration Files
Configuration file of the switch
#
sysname Quidway
#
vlan batch 2 to 3
#
interface Vlanif2
ip address 172.16.1.1 255.255.255.0
arp-proxy enable
#
interface Vlanif3
Networking Requirements
As shown in Figure 4-5, GE0/0/2 and GE0/0/1 on the switch belong to sub-VLAN2. Sub-
VLAN2 belongs to super-VLAN3. Requirements are as follows:
l HostA and HostB in VLAN2 should be isolated at Layer 2.
l HostA and HostB can communicate at Layer 3 using intra-VLAN proxy ARP.
The IP address of the VLANIF interface corresponding to the super-VLAN is 10.10.10.1 and
the mask is 255.255.255.0.
Internet
Switch
GE0/0/2 GE0/0/1
hostB hostA
10.10.10.3/24 10.10.10.2/24
00-e0-fc-00-00-03 00-e0-fc-00-00-02
sub-VLAN2
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure a super-VLAN and a sub-VLAN.
# Configure sub-VLAN2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit
# Create VLANIF3.
[Quidway] interface vlanif 3
----End
Configuration Files
Configuration file of the switch
#
sysname Quidway
#
vlan batch 2 to 3
#
vlan 3
aggregate-vlan
access-vlan 2
#
port-isolate mode l2
#
interface Vlanif3
ip address 10.10.10.1 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
port-isolate enable group 1
#
return
Networking Requirements
As shown in Figure 4-6, VLAN2 and VLAN3 belong to super-VLAN4. Requirements are as
follows:
l Hosts in VLAN2 and VLAN3 cannot ping each other.
l Hosts in VLAN2 and VLAN3 can communicate after inter-VLAN proxy ARP is
configured.
GE0/0/1 GE0/0/3
GE0/0/2 GE0/0/4
VLAN2 VLAN3
VLAN4
VLAN2 VLAN3
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure a super-VLAN and sub-VLANs.
# Configure sub-VLAN2.
<Quidway> system-view
[Quidway] vlan 2
[Quidway-vlan2] quit
# Configure sub-VLAN3.
<Quidway> system-view
[Quidway] vlan 3
[Quidway-vlan3] quit
# Create VLANIF4.
[Quidway] interface vlanif 4
----End
Configuration Files
Configuration file of the switch
#
sysname Quidway
#
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 3
#
interface Vlanif4
ip address 10.10.10.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 3
#
return
GE0/0/1 GE0/0/2
VLANIF100
10.1.1.2/24
PC A PC B
10.1.1.1/24 VLAN100 10.1.1.3/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Add two GE interfaces to VLAN100 in default mode.
2. Enable Layer 2 topology detection to view changes of ARP entries.
Procedure
Step 1 Create VLAN100 and add two GE interfaces on the switch to VLAN100 in default mode.
# Create VLAN100 and configure an IP address for the VLANIF interface.
<Quidway> system-view
[Quidway] vlan 100
[Quidway-vlan100] quit
[Quidway] interface vlanif 100
[Quidway-Vlanif100] ip address 10.1.1.2 24
[Quidway-Vlanif100] quit
Step 3 Restart GE0/0/1 and view changes of ARP entries and aging time.
# View ARP entries on the switch. You can find the switch has learnt the MAC address of the
PC.
[Quidway] display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-
INSTANCE
VLAN
-----------------------------------------------------------------------------
10.1.1.2 00e0-c01a-4900 I - Vlanif100
10.1.1.1 00e0-c01a-4901 20 D-0 GE0/0/1
100/-
10.1.1.3 00e0-de24-bf04 20 D-0 GE0/0/2
100/-
-----------------------------------------------------------------------------
Total:3 Dynamic:2 Static:0 Interface:1
# Run the shutdown and undo shutdown commands on GE0/0/1 and view the aging time of
ARP entries.
l Run the shutdown command on GE0/0/1 to view the aging time of ARP entries.
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] shutdown
[Quidway-GigabitEthernet0/0/1] display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-
INSTANCE
VLAN
----------------------------------------------------------------------------
10.1.1.2 00e0-c01a-4900 I -
Vlanif100
10.1.1.3 00e0-de24-bf04 18 D-0 GE0/0/2
100/-
------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1
l Run the undo shutdown command on GE0/0/1 to view the aging time of ARP entries.
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] undo shutdown
[Quidway-GigabitEthernet0/0/1] display arp all
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-
INSTANCE
VLAN
-----------------------------------------------------------------------------
10.1.1.2 00e0-c01a-4900 I - Vlanif100
10.1.1.1 00e0-c01a-4901 20 D-0 GE0/0/1
100/-
10.1.1.3 00e0-de24-bf04 20 D-0 GE0/0/2
100/-
-----------------------------------------------------------------------------
Total:3 Dynamic:2 Static:0 Interface:1
NOTE
The preceding command output shows that the ARP entries learned from GE 0/0/1 are deleted after GE
0/0/1 is shut down. After the undo shutdown command is run on GE 0/0/1 and GE 0/0/1 goes Up, the ARP
entry learned from GE 0/0/2 is aged, and then the device sends an ARP probe packet for updating ARP
entry. After the entry is updated, the aging time restores the default value, 20 minutes.
----End
Configuration Files
Configuration file of the switch
#
sysname Quidway
#
L2-topology detect enable
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
Networking Requirements
As shown in Figure 4-8, SwitchB connects to SwitchA (DHCP server) through Eth0/0/3 and
connects to UserA and UserB through interfaces Eth0/0/1 and Eth0/0/2 respectively. UserA and
UserB obtain IP addresses using DHCP. Eth0/0/3 of SwitchA, Eth0/0/1, Eth0/0/2, Eth0/0/3 of
SwitchB belong to VLAN 2. The administrator has the following requirements:
l UserA and UserB in VLAN 2 are isolated at Layer 2 and communicate at Layer 3.
l SwitchB does not broadcast ARP Request packets in the VLAN to reduce traffic volume
in the VLAN.
Figure 4-8 Networking diagram for configuring ARP packet forwarding between isolated
interfaces
SwitchA
GE0/0/1 GE0/0/2
UserB UserA
10.10.10.3/24 10.10.10.2/24
00-e0-fc-00-00-03 00-e0-fc-00-00-02
VLAN2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure port isolation on Eth0/0/1 and Eth0/0/2 of SwitchB and enable intra-VLAN ARP
proxy on SwitchA so that UserA and UserB are isolated at Layer 2 and communicate at
Layer 3.
2. Enable DHCP snooping and EAI on SwitchB so that SwitchB matches the destination IP
addresses of received ARP Request packets with the dynamic DHCP snooping binding
entries to determine the outbound interfaces, preventing ARP Request packets from being
broadcast in a VLAN.
3. Enable ARP packet forwarding between isolated interfaces on SwitchB so that UserA and
UserB can be isolated at Layer 2 and communicate at Layer 3 after EAI is enabled on the
outbound interface.
Procedure
Step 1 Enable DHCP on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] dhcp enable
Step 2 Create a VLAN on SwitchA, add the interface to the VLAN, and create a VLANIF interface.
# Create VLAN 2 and add Eth0/0/3 to VLAN 2.
[SwitchA] vlan 2
[SwitchA-vlan2] quit
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] port link-type trunk
[SwitchA-Ethernet0/0/3] port trunk allow-pass vlan 2
[SwitchA-Ethernet0/0/3] quit
# Create VLANIF2, configure an IP address for VLANIF2, and enable DHCP on VLANIF2.
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] ip address 10.10.10.12 24
[SwitchA-Vlanif2] dhcp select interface
After the configuration is complete, UserA and UserB can go online using DHCP, and UserA
and UserB can ping each other. Dynamic DHCP snooping binding entries are generated on
SwitchB.
After the configuration is complete, UserA and UserB cannot ping each other, indicating that
UserA and UserB are isolated at Layer 2.
After the configuration is complete, UserA and UserB can ping each other, indicating that UserA
and UserB can communicate at Layer 3.
After the configuration is complete, if ARP entries corresponding to UserA and UserB have
aged, UserA sends an ARP Request packet to UserB before performing the ping operation.
After EAI is enabled, SwitchB matches the destination IP addresses of received ARP Request
packets with the dynamic DHCP snooping binding entries to determine the outbound interface.
SwitchB then forwards ARP Request packets to Eth0/0/1. Intra-VLAN ARP proxy on SwitchA
does not take effect when ARP packets are forwarded to SwitchA through Eth0/0/3. The
outbound interface Eth0/0/1 with EAI enabled and the inbound interface Eth0/0/2 are configured
with port isolation. Therefore, SwitchB discards the ARP Request packet, and UserA fails to
learn ARP entries.
After the configuration is complete, SwitchB forwards ARP Request packets sent from UserA
to the trusted interface Eth0/0/3. SwitchA with intra-VLAN ARP proxy enabled allows UserA
and UserB to ping each other. ARP packet forwarding between isolated interfaces is configured
successfully.
Run the display current-configuration command on SwitchA and SwitchB to check the
configuration. The command output is displayed in the following configuration files.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2
#
dhcp enable
#
interface Vlanif2
ip address 10.10.10.12 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
dhcp select interface
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2
#
return
Networking Requirements
As shown in Figure 4-9, an enterprise has two offices on the same network segment. To reduce
network construction cost, the enterprise uses one DHCP server to assign IP addresses for hosts
in the two offices.
All the hosts in Office1 are on the network segment 10.1.1.0/25 and added to VLAN 10. Hosts
in Office1 only use the DNS service with a lease of ten days. All the hosts in Office2 are on the
network segment 10.1.1.128/25 and added to VLAN 20. Hosts in Office2 use the DNS service
and NetBIOS service with a lease of two days.
You can configure a global address pool on SwitchA and enable the server to dynamically assign
IP addresses to hosts in the two offices.
Figure 4-9 Networking diagram for configuring a DHCP server based on the global address
pool
NetBIOS DHCP DHCP DHCP
server client client client
10.1.1.4/25
GE0/0/1 GE0/0/2
VLANIF10 VLANIF20
10.1.1.1/25 10.1.1.129/25
SwtichB SwtichC
SwtichA
DHCP server
Configuration Roadmap
The configuration roadmap is as follows:
1. Create two global address pools on the SwitchA and set attributes of the pools. Assign IP
addresses to Office1 and Office2 as required.
2. Configure VLANIF interfaces to use the global address pool to assign IP addresses to
clients.
Procedure
Step 1 Enable DHCP
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] dhcp enable
Step 2 Create address pools and set the attributes of the address pools
# Set the attributes of IP address pool 1, including the address pool range, DNS server address,
gateway address, and address lease.
[SwitchA] ip pool 1
[SwitchA-ip-pool-1] network 10.1.1.0 mask 255.255.255.128
[SwitchA-ip-pool-1] dns-list 10.1.1.2
[SwitchA-ip-pool-1] gateway-list 10.1.1.1
[SwitchA-ip-pool-1] excluded-ip-address 10.1.1.2
[SwitchA-ip-pool-1] excluded-ip-address 10.1.1.4
[SwitchA-ip-pool-1] lease day 10
[SwitchA-ip-pool-1] quit
# Set the attributes of IP address pool 2, including the address pool range, DNS server address,
egress gateway address, NetBIOS server address, and address lease
[SwitchA] ip pool 2
[SwitchA-ip-pool-2] network 10.1.1.128 mask 255.255.255.128
[SwitchA-ip-pool-2] dns-list 10.1.1.2
[SwitchA-ip-pool-2] nbns-list 10.1.1.4
[SwitchA-ip-pool-2] gateway-list 10.1.1.129
[SwitchA-ip-pool-2] lease day 2
[SwitchA-ip-pool-2] quit
# Configure clients on VLANIF 10 to obtain IP addresses from the global address pool.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 255.255.255.128
[SwitchA-Vlanif10] dhcp select global
[SwitchA-Vlanif10] quit
# Configure clients on VLANIF 20 to obtain IP addresses from the global address pool.
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 10.1.1.129 255.255.255.128
[SwitchA-Vlanif20] dhcp select global
[SwitchA-Vlanif20] quit
-----------------------------------------------------------------------
Pool-name : 2
Pool-No : 1
Position : Local Status : Unlocked
Gateway-0 : 10.1.1.129
Mask : 255.255.255.128
VPN instance : --
IP address Statistic
Total :250
Used :1 Idle :248
Expired :0 Conflict :0 Disable :1
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20
#
dhcp enable
#
ip pool 1
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.128
excluded-ip-address 10.1.1.2
excluded-ip-address 10.1.1.4
lease day 10 hour 0 minute 0
dns-list 10.1.1.2
#
ip pool 2
gateway-list 10.1.1.129
network 10.1.1.128 mask 255.255.255.128
lease day 2 hour 0 minute 0
dns-list 10.1.1.2
nbns-list 10.1.1.4
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.128
dhcp select global
#
interface Vlanif20
ip address 10.1.1.129 255.255.255.128
dhcp select global
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
Networking Requirements
As shown in Figure 4-10, an enterprise has two offices on the same network segment. To reduce
network construction cost, the enterprise uses one DHCP server to assign IP addresses for hosts
in the two offices.
All the hosts in Office1 are on the network segment 10.1.1.0/24 and added to VLAN 10. Hosts
in Office1 use the DNS service and NetBIOS service with a lease of thirty days. All the hosts
in Office2 are on the network segment 10.1.2.0/24 and added to VLAN 11. Hosts in Office2 do
not use the DNS service or NetBIOS service. The lease of the IP address is tweenty days.
Figure 4-10 Networking diagram for configuring a DHCP server based on the VLANIF interface
address pool
NetBIOS Server DHCP DNS Server
10.1.1.3/24 Client 10.1.1.2/24
VLANIF10
10.1.1.1/24
SwitchB
GE0/0/1
SwitchA
GE0/0/2 DHCP
SwitchC VLANIF11 Server
10.1.2.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Create two interface address pools on the SwitchA and set attributes of the address pool.
Configure the interface address pools to enable the DHCP server to assign IP addresses and
configuration parameters to hosts from different interface address pools.
2. Configure VLANIF interfaces to assign IP addresses to hosts from the interface address
pool.
Procedure
Step 1 Enable DHCP
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] dhcp enable
# Configure clients on VLANIF 10 to obtain IP addresses from the interface address pool.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] dhcp select interface
[SwitchA-Vlanif10] quit
# Configure clients on VLANIF 11 to obtain IP addresses from the interface address pool.
[SwitchA] interface vlanif 11
[SwitchA-Vlanif11] dhcp select interface
[SwitchA-Vlanif11] quit
Step 5 Configure the DNS service and NetBIOS service for the interface address pool
# Configure the DNS service and NetBIOS service for the interface address pool on VLANIF
10.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] dhcp server domain-name huawei.com
[SwitchA-Vlanif10] dhcp server dns-list 10.1.1.2
[SwitchA-Vlanif10] dhcp server nbns-list 10.1.1.3
[SwitchA-Vlanif10] dhcp server excluded-ip-address 10.1.1.2
[SwitchA-Vlanif10] dhcp server excluded-ip-address 10.1.1.3
[SwitchA-Vlanif10] dhcp server netbios-type b-node
[SwitchA-Vlanif10] quit
----End
Configuration Files
Configuration file of SwitchA
#
sysname Quidway
#
vlan batch 10 to 11
#
dhcp enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 10.1.1.2 10.1.1.3
Networking Requirements
When the DHCP server and clients are on different network segments, a DHCP relay agent is
required.
As shown in Figure 4-11, an enterprise has multiple offices, which are distributed in different
office buildings. The offices in different buildings belong to different VLANs. The enterprise
uses SwitchB, which functions as the DHCP server, to assign IP addresses to hosts in different
offices.
Hosts in OfficeA are on 20.20.20.0/24 and the DHCP server is on 100.10.10.0/24. By using
SwitchA enabled with DHCP relay, the DHCP clients can obtain IP addresses from the DHCP
server.
On SwitchA, the public address of VLANIF200 is 100.10.20.1/24 and the interface address of
SwitchA connected to the carrier device is 100.10.20.2/24.
On SwitchB, the public address of VLANIF300 is 100.10.10.1/24 and the interface address of
SwitchB connected to the carrier device is 100.10.10.2/24.
VLANIF200
100.10.20.1/24
OfficeA
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DHCP relay on SwitchA to enable SwitchA to forward DHCP messages from
different network segments.
2. Configure a global address pool at 20.20.20.0/24 to enable the DHCP server to assign IP
address to clients on different network segments.
Procedure
Step 1 Configure DHCP relay on SwitchA.
1. Create a DHCP server group and add DHCP servers to the group.
Step 3 Configure the DHCP server based on the global address pool on SwitchB.
# Enable DHCP.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] dhcp enable
Create an address pool and set the attributes of the address pool.
[SwitchB] ip pool pool1
[SwitchB-ip-pool-pool1] network 20.20.20.0 mask 24
[SwitchB-ip-pool-pool1] gateway-list 20.20.20.1
[SwitchB-ip-pool-pool1] quit
# Run the display ip pool command on SwitchB to view the IP address pool configuration.
[SwitchB] display ip pool
-----------------------------------------------------------------------
Pool-name : pool1
Pool-No : 0
Position : Local Status : Unlocked
Gateway-0 : 20.20.20.1
Mask : 255.255.255.0
VPN instance : --
IP address Statistic
Total :253
Used :2 Idle :251
Expired :0 Conflict :0 Disable :0
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100 200
#
dhcp enable
#
dhcp server group dhcpgroup1
dhcp-server 100.10.10.1 0
#
interface Vlanif100
ip address 20.20.20.1 255.255.255.0
dhcp select relay
dhcp relay server-select dhcpgroup1
#
interface Vlanif200
ip address 100.10.20.1 255.255.255.0
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ip route-static 0.0.0.0 0.0.0.0 100.10.20.2
#
return
#
return
Gateway
VLANIF10
192.168.1.126/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the DHCP client function on SwitchA so that SwitchA can dynamically obtains an
IP address from the DHCP server.
2. Create a global address pool on SwitchB and configure related attributes.
Procedure
l Configure the DHCP client function on SwitchA
# Enable the DHCP service
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] dhcp enable
# After VLANIF10 obtains an IP address, run the display dhcp client command on
SwitchA to check the status of the DHCP client on VLANIF10
[SwitchA] display dhcp client
DHCP client lease information on interface
Vlanif10 :
Current machine state :
Bound
Internet address assigned via :
DHCP
Physical address :
0018-8201-0987
IP address :
192.168.1.254
Subnet mask :
255.255.255.0
Gateway ip address :
192.168.1.126
DHCP server :
192.168.1.2
Lease obtained at : 2008-11-06
02:48:09
Lease expires at : 2008-11-06
03:48:09
Lease renews at : 2008-11-06
03:18:09
# Run the display ip pool command on SwitchC. You can view the configuration about
the IP address pool of SwitchC
[SwitchB] display ip pool
-----------------------------------------------------------------------
Pool-name :
pool1
Pool-No :
0
Position : Local Status :
Unlocked
Gateway-0 :
192.168.1.126
Mask :
255.255.255.0
VPN instance :
--
IP address
Statistic
Total :
253
Used :1 Idle :
252
Expired :0 Conflict :0 Disable :0
----End
Example
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
dhcp enable
#
interface
GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan
10
#
interface Vlanif10
ip address dhcp-
alloc
#
return
Gateway
VLANIF10
192.168.1.126/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the DHCP client function on SwitchA so that SwitchA can dynamically obtains an
IP address from the DHCP server.
2. Create a global address pool on SwitchB and configure related attributes.
Procedure
l Configure the DHCP client function on SwitchA
# Enable the DHCP service.
<Quidway> system-view
# After VLANIF10 obtains an IP address, run the display dhcp client command on
SwitchA to check the status of the DHCP client on VLANIF10
[SwitchA] display dhcp client
BOOTP client lease information on interface
Vlanif10 :
Current machine state :
Bound
# Run the display ip pool command on SwitchB. You can view the configuration about
the IP address pool of SwitchB
[SwitchB] display ip pool
-----------------------------------------------------------------------
Pool-name :
pool1
Pool-No :
0
Position : Local Status :
Unlocked
Gateway-0 :
192.168.1.126
Mask :
255.255.255.0
VPN instance :
--
-----------------------------------------------------------------------
IP address
Statistic
Total :
253
Used :1 Idle :
252
Expired :0 Conflict :0 Disable :0
----End
Example
Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
dhcp enable
#
interface
GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan
10
#
interface Vlanif10
ip address bootp-
alloc
#
return
#
sysname SwitchB
#
vlan batch 10
#
dhcp enable
#
dhcp server bootp
dhcp server bootp automatic
#
interface
GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan
10
#
interface Vlanif10
ip address 192.168.1.1 24
dhcp select global
#
ip pool pool1
gateway-list 192.168.1.126
network 192.168.1.0 mask 24
dns-list 192.168.1.2
#
return
Networking Requirements
As shown in Figure 4-14, an enterprise deploys multiple branch networks for departments.
SwitchA functions as the DHCP server. Hosts in Department A and Department B connect to
SwitchA through SwitchB and SwitchC respectively. Departments are assigned to VLANs based
on IP subnets. HostA and HostB in Department A and all hosts in Department B access the
network for the first time. HostA with the MAC address 0018-1111-2123 wants to obtain an IP
address on the network segment 10.1.1.1/28 and join VLAN 10, and HostB connecting to
GE0/0/3 on SwitchB wants to obtain an IP address on the network segment 10.2.2.1/28 and join
VLAN 30. All hosts in DepartmentB including HostC and HostD wants to obtain IP addresses
on the network segment 10.3.3.1/28 and join VLAN 50. To meet the preceding requirements,
configure the DHCP policy VLAN on switches.
Figure 4-14 Networking diagram for configuring the DHCP policy VLAN
DHCP Server
SwitchA
VLANIF10: 10.1.1.1/28 VLANIF50: 10.3.3.1/28
VLANIF30: 10.2.2.1/28
GE0/0/1 GE0/0/2
GE0/0/1 GE0/0/1
SwitchB SwitchC
GE0/0/2 GE0/0/3 GE0/0/2 GE0/0/3
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an interface address pool on SwitchA to assign IP addresses on different network
segments to hosts in different departments.
2. Configure IP subnet-based VLAN assignment on SwitchB and SwitchC interfaces
connecting to hosts so that hosts are added to VLANs.
3. Configure the MAC address-based DHCP policy VLAN on SwitchB so that HostA can
obtain an IP address on the network segment 10.1.1.1/28 based on its MAC address.
4. Configure the interface-based DHCP policy VLAN on SwitchB so that HostB connecting
to GE0/0/3 on SwitchB can obtain an IP address on the network segment 10.2.2.1/28.
5. Configure the generic DHCP policy VLAN on SwitchC so that all hosts in Department B
can obtain IP addresses on the network segment 10.3.3.1/28.
Configuration Procedure
1. Configure an interface address pool on SwitchA.
# Create VLANs on SwitchA and configure IP addresses for VLANIF interfaces.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] dhcp enable
[SwitchA] vlan batch 10 30 50
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 28
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 30
[SwitchA-Vlanif30] ip address 10.2.2.1 28
[SwitchA-Vlanif30] quit
[SwitchA] interface vlanif 50
[SwitchA-Vlanif50] ip address 10.3.3.1 28
[SwitchA-Vlanif50] quit
3. Configure the MAC address-based DHCP policy VLAN on SwitchB so that HostA can
obtain an IP address on the network segment 10.1.1.1/28 based on its MAC address.
[SwitchB] vlan 10
[SwitchB-vlan10] ip-subnet-vlan ip 10.1.1.1 28
[SwitchB-vlan10] dhcp policy-vlan mac-address 0018-1111-2123
[SwitchB-vlan10] quit
4. Configure the interface-based DHCP policy VLAN on SwitchB so that HostB connecting
to GE0/0/3 on SwitchB can obtain an IP address on the network segment 10.2.2.1/28.
[SwitchB] vlan 30
[SwitchB-vlan30] ip-subnet-vlan ip 10.2.2.1 28
[SwitchB-vlan30] dhcp policy-vlan port gigabitethernet 0/0/3
[SwitchB-vlan30] quit
5. Configure the generic DHCP policy VLAN on SwitchC so that all hosts in Department B
can obtain IP addresses on the network segment 10.3.3.1/28.
[SwitchC] vlan 50
[SwitchC-vlan50] ip-subnet-vlan ip 10.3.3.1 28
[SwitchC-vlan50] dhcp policy-vlan generic
[SwitchC-vlan50] quit
Pool-No :
0
Domain-name :
-
DNS-server0 :
-
NBNS-server0 :
-
Netbios-type :
-
Mask :
255.255.255.240
VPN instance :
--
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
5 packet(s)
transmitted
5 packet(s)
received
0.00% packet
loss
# After HostB obtains the IP address 10.2.2.14/28, check the address allocation of VLANIF
30 address pool on SwitchA and ping HostB from SwitchA. The ping succeeds.
[SwitchA] display ip pool interface vlanif30
Pool-name :
Vlanif30
Pool-No :
1
Domain-name :
-
DNS-server0 :
-
NBNS-server0 :
-
Netbios-type :
-
Mask :
255.255.255.240
VPN instance :
--
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
5 packet(s)
transmitted
5 packet(s)
received
0.00% packet
loss
# After HostC and HostD obtain IP addresses 10.3.3.14/28 and 10.3.3.13/28, check the
address allocation of VLANIF 50 address pool on SwitchA and ping HostC and HostD
from SwitchA respectively. The ping operations succeed.
[SwitchA] display ip pool interface vlanif50
Pool-name :
Vlanif50
Pool-No :
2
Domain-name :
-
DNS-server0 :
NBNS-server0 :
-
Netbios-type :
-
Mask :
255.255.255.240
VPN instance :
--
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
5 packet(s)
transmitted
5 packet(s)
received
0.00% packet
loss
5 packet(s)
transmitted
5 packet(s)
received
0.00% packet
loss
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 30 50
#
dhcp enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.240
dhcp select interface
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.240
dhcp select interface
#
interface Vlanif50
ip address 10.3.3.1 255.255.255.240
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
return
Networking Requirements
If a large number of IPv6 addresses need to be manually configured, the workload on
configuration will be huge, and the manually configured addresses have poor manageability.
The administrator requires that IPv6 addresses and network configuration parameters be
obtained automatically to facilitate centralized management and hierarchical IPv6 network
deployment.
VLANIF100 Switch A
3000::1/64
GE0/0/1
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IPv6 functions on the interface so that devices can communicate using IPv6.
2. Enable the DHCPv6 PD Server function so that devices can obtain IPv6 address prefixes
using DHCPv6.
Procedure
Step 1 Enable the DHCPv6 service
<Quidway> system-view
[Quidway] sysname Switch A
[Switch A] dhcp enable
0 in use, 0 conflicts
Information refresh time: 86400
DNS server address: 4000::1
Conflict-address expire-time: 172800
Active normal clients: 0
Run the display dhcpv6 server command on the switch to check information about the DHCPv6
server.
<Switch A> display dhcpv6 server
Interface DHCPv6 pool
Vlanif100 pool1
----End
Configuration File
Configuration file of Switch A
#
sysname Switch A
#
ipv6
#
vlan batch 100
#
dhcp enable
#
dhcpv6 pool pool1
address prefix 3000::2/64
dns-server 4000::1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan
100
#
interface Vlanif100
ipv6 enable
ipv6 address 3000::1/64
dhcpv6 server pool1
#
return
GE0/0/1
DHCPv6 PD Client
DHCPv6 PD Server
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IPv6 on interfaces so that devices can communicate using IPv6.
2. Enable the DHCPv6 PD server function so that DHCPv6 PD server can assign IPv6
addresses using DHCPv6.
Procedure
Step 1 Enable the DHCPv6 service
<Quidway> system-view
[Quidway] sysname Switch A
[Switch A] dhcp enable
Run the display dhcpv6 pool command on the switch to check information about the DHCPv6
address pool.
<Switch A> display dhcpv6 pool
DHCPv6 pool: pool1
Prefix delegation: 3000::/60 64
lifetime valid 172800 seconds, preferred 86400 seconds
0 in use
Information refresh time: 86400
DNS server address: 4000::1
Conflict-address expire-time: 172800
Active pd clients: 0
Run the display dhcpv6 server command on the switch to check information about the DHCPv6
PD server.
<Switch A> display dhcpv6 server
Interface DHCPv6 pool
Vlanif100 pool1
----End
Configuration File
Configuration file of SwitchA
#
sysname Switch A
#
ipv6
#
vlan batch 100
#
dhcp enable
#
dhcpv6 pool pool1
prefix-delegation 3000::/60 64
dns-server 4000::1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan
100
#
interface Vlanif100
ipv6 enable
ipv6 address 3000::1/64
dhcpv6 server pool1
#
return
Networking Requirements
As shown in Figure 4-17, the DHCPv6 client address is 2000::/64 and the DHCPv6 server
address is 3000::3/64. The DHCPv6 client and server are on different links; therefore, a DHCPv6
relay agent is required to forward DHCPv6 packets.
The Switch needs to function as the DHCPv6 relay agent to forward DHCPv6 packets between
the DHCPv6 client and server. In addition, the Switch functions as the gateway device of the
network at 2000::/64. The M flag bit and O flag bit in RA messages allow hosts on the network
to obtain IPv6 addresses and other network configuration parameters through DHCPv6.
GE0/0/1 GE0/0/2
VLANIF10 Switch VLANIF20
2000::1/64 3000::1/64
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IPv6 on interfaces so that devices can communicate using IPv6.
2. Enable the DHCPv6 relay function so that the DHCPv6 server and client on different links
can transmit packets.
Procedure
Step 1 Enable the DHCPv6 service
<Quidway> system-view
[Quidway] dhcp enable
Run the display dhcpv6 relay statistics command on the Switch, and you can view statistics
about DHCPv6 packets passing through the DHCPv6 relay agent.
[Quidway] display dhcpv6 relay statistics
MessageType Receive Send Error
Solicit 0 0 0
Advertise 0 0 0
Request 0 0 0
Confirm 0 0 0
Renew 0 0 0
Rebind 0 0 0
Reply 0 0 0
Release 0 0 0
Decline 0 0 0
Reconfigure 0 0 0
Information-request 0 0 0
Relay-forward 0 0 0
Relay-reply 0 0 0
UnknownType 0 0 0
----End
Configuration File
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 10 20
#
ipv6
#
dhcp enable
#
interface Vlanif10
ipv6 enable
ipv6 address 2000::1/64
undo ipv6 nd ra halt
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
dhcpv6 relay destination 3000::3
#
interface Vlanif20
ipv6 enable
ipv6 address 3000::1/64
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return
Networking Requirements
In Figure 4-18, SwitchA, SwitchB, and SwitchC are connected to the Internet through GE
interfaces. When SwitchB detects that SwitchA uses a non-optimal route, it sends an ICMP
redirection packet to SwitchA, requesting SwitchA to change the route. To prevent SwitchB
from sending ICMP packets, the function of sending ICMP redirection packets is required to be
disabled. Ping SwitchB from SwitchA to check whether SwitchB is disabled from sending ICMP
redirection packets.
GE0/0/1
VLANIF100
1.1.1.1/24
Internet
GE0/0/1 GE0/0/1
VLANIF100 VLANIF100
2.2.2.2/24 1.1.1.2/24
SwitchC SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
Disable the function of sending ICMP redirection packets on VLANIF100 on SwithB. Ping
SwitchB from SwitchA. SwitchB does not send ICMP redirection packets.
Procedure
Step 1 Configure an IP address for the VLANIF interface.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-Vlan100] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 1.1.1.1 24
[SwitchA-Vlanif100] quit
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan 100
[SwitchB-Vlan100] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 1.1.1.2 24
[SwitchB-Vlanif100] quit
# Configure SwitchC.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] vlan 100
[SwitchC-Vlan100] quit
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port hybrid tagged vlan 100
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface vlanif 1000
[SwitchC-Vlanif100] ip address 2.2.2.2 24
[SwitchC-Vlanif100] quit
# Configure SwitchB.
[SwitchB] ip route-static 2.2.2.0 255.255.255.0 1.1.1.1
Step 3 Disable the function of sending ICMP redirection packets on VLANIF100 on SwitchB.
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] undo icmp redirect send
[SwitchB-Vlanif100] quit
# Ping SwitchB from SwitchA. SwitchB does not send ICMP redirection packets. There is no
information about ICMP redirection packets in the debugging command output.
[SwitchA] ping 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=3 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=3 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=3 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=3 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=3 ms
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
l Configuration of SwitchC
#
sysname SwitchC
#
vlan batch 100
#
interface Vlanif100
ip address 2.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
return
Networking Requirements
In Figure 4-19, SwitchA, SwitchB, and SwitchC are connected to each other through GE
interfaces. To check the sending of ICMP host unreachable packets.
Figure 4-19 Network diagram for configuring ICMP host unreachable packets
GE0/0/2 GE0/0/2
VLANIF11 VLANIF11
2.2.2.2/24 2.2.2.1/24
SwitchB
SwitchC GE0/0/1
VLANIF10
1.1.1.2/24
GE0/0/1
VLANIF10
1.1.1.1/24
SwitchA
Configuration Roadmap
The configuration roadmap is as follows:
Disable the function of sending ICMP host unreachable packets on SwitchB. Ping 2.2.2.2 on
SwitchA. SwitchA can not receive ICMP host unreachable packets sent from SwitchB.
NOTE
By default, the function of sending ICMP host unreachable packets is enabled in both the system and the
interface view. If the configuration is not modified, you do not need to use a command to enable the function
of sending ICMP host unreachable packets.
Procedure
Step 1 Configure SwitchA.
# Configure an IP address for VLANIF 10.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid tagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.1.1 24
[SwitchA-Vlanif10] quit
[SwitchC-vlan11] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port hybrid tagged vlan 11
[SwitchC-GigabitEthernet0/0/2] quit
[SwitchC] interface vlanif 11
[SwitchC-Vlanif11] ip address 2.2.2.2 24
[SwitchC-Vlanif11] quit
# Run the display icmp statistics, If you can view that the statistics of destination
unreachable is 0, it proved that SwitchB does not send the host unreachable packets, it means
that the configuration succeeds.
<SwitchA> display icmp statistics
Input: bad format 0 bad checksum 0
echo 0 destination unreachable 0
source quench 0 redirects 0
echo reply 0 parameter problem 0
timestamp 0 information request 0
mask requests 0 mask replies 0
time exceeded 0 other 0
Mping request 0 Mping reply 0
Output: echo 0 destination unreachable 0
source quench 0 redirects 0
echo reply 0 parameter problem 0
timestamp 0 information reply 0
mask requests 0 mask replies 0
time exceeded 0
Mping request 0 Mping reply 0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif 10
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 10
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2
#
return
l Configuration of SwitchC
#
sysname SwitchC
#
vlan batch 11
#
interface Vlanif 11
ip address 2.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 11
#
ip route-static 1.1.1.0 24 2.2.2.1
#
return
Networking Requirements
The switch in Figure 4-20 functions as the aggregation device. Enterprise users, individual users,
and DSLAMs are attached to the switch and the switch is connected to the Internet through a
BRAS. When a large amount of information is exchanged on the network or the network is
attacked, lots of ICMP packets are forwarded and the network performance is degraded. In this
case, some ICMP packets are required to be discarded to reduce the burden on the switch.
Internet
BRAS
Swtich
DSLAM
User
network
Enterprise Individual
user user
Configuration Roadmap
The configuration roadmap is as follows:
Configure the function of discarding ICMP packets whose TTL value is 1, ICMP packets that
carry options, and ICMP destination unreachable packets to reduce the burden of the device in
processing a large number of ICMP packets.
Procedure
Step 1 Configure the device to discard certain ICMP packets.
# Configure the device to discard ICMP packets whose TTL value is 1.
<Quidway> system-view
[Quidway] icmp ttl-exceeded drop all
# Configure the device to discard ICMP packets whose destination addresses are unreachable.
[Quidway] icmp unreachable drop
----End
Configuration Files
Configuration file of the switch
#
sysname Quidway
#
icmp unreachable drop
icmp ttl-exceeded drop slot 0
icmp with-options drop slot 0
#
return
Networking Requirements
Compared with an IP address, the URL is easy to remember. Users want to access network
servers using domain names. It is required that the DNS server can resolve a domain name after
a user enters some fields of the domain name. For example, when a user attempts to access the
host huawei.com, the user only needs to enter huawei. It is required that the DNS server can
fast resolve common domain names.
huawei.com
2.1.1.3/16
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure static DNS entries on Switch A to access HostB and HostC.
2. Configure the dynamic DNS resolution on SwitchA to access the network server.
3. Configure the domain name suffix on SwitchA to support a domain name suffix list.
4. Configure OSPF on switches to ensure routes among all devices are reachable.
Procedure
Step 1 Configure SwitchA.
# Configure an IP address for VLANIF101.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 101
[SwitchA-vlan101] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] port default vlan 101
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 101
[SwitchA-Vlanif101] ip address 1.1.1.2 255.255.0.0
[SwitchA-Vlanif101] quit
# Configure OSPF.
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
NOTE
You need to configure OSPF on SwitchB and SwitchC to ensure reachable routes between them. For details
about OSPF configurations on SwitchB and SwitchC, see the configuration files.
# Run the ping huawei.com command on SwitchA. You can see that the ping operation succeeds
and the destination IP address is 2.1.1.3.
<SwitchA> ping huawei.com
PING huawei.com (2.1.1.3): 56 data bytes, press CTRL_C to break
Reply from 2.1.1.3: bytes=56 Sequence=1 ttl=126 time=6 ms
Reply from 2.1.1.3: bytes=56 Sequence=2 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=3 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=4 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=5 ttl=126 time=4 ms
# Run the ping huawei command on SwitchA. You can see that the ping operation succeeds,
the domain name changes to huawei.com, and the destination IP address is 2.1.1.3.
<SwitchA> ping huawei
PING huawei.com (2.1.1.3): 56 data bytes, press CTRL_C to break
Reply from 2.1.1.3: bytes=56 Sequence=1 ttl=126 time=6 ms
Reply from 2.1.1.3: bytes=56 Sequence=2 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=3 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=4 ttl=126 time=4 ms
Reply from 2.1.1.3: bytes=56 Sequence=5 ttl=126 time=4 ms
Run the display ip host command on SwitchA. You can view mappings between host names
and IP addresses in static DNS entries.
<SwitchA> display ip host
Host Age Flags Address
hostB 0 static 4.1.1.1
hostC 0 static 4.1.1.2
# Run the display dns dynamic-host command on SwitchA. You can view information about
dynamic DNS entries saved in the cache.
<SwitchA> display dns dynamic-host
No Domain-name IpAddress TTL Alias
1 huawei.com 2.1.1.3 114
----End
Configuration File
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 101
#
ip host hostB 4.1.1.1
ip host hostC 4.1.1.2
#
dns resolve
dns server 3.1.1.2
dns domain net
dns domain com
#
interface Vlanif101
ip address 1.1.1.2 255.255.0.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 101
#
ospf 1
area 0.0.0.0
network 1.1.0.0 0.0.255.255
#
return
interface LoopBack0
ip address 4.1.1.2 255.255.255.255
#
interface Vlanif101
ip address 3.1.1.1 255.255.0.0
#
interface Vlanif100
ip address 2.1.1.2 255.255.0.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 101
#
ospf 1
area 0.0.0.0
network 2.1.0.0 0.0.255.255
network 3.1.0.0 0.0.255.255
network 4.1.1.2 0.0.0.0
#
return
Networking Requirements
As shown in Figure 4-22, GE0/0/1 of SwitchA connects to GE0/0/1 of SwitchB. The two
interfaces correspond to their VLANIF interfaces (VLANIF 100). You need to configure IPv6
global unicast addresses for the VLANIF interfaces and check the Layer 3 interconnection
between the interfaces.
IPv6 global unicast addresses for the VLANIF interfaces are 3001::1/64 and 3001::2/64.
Figure 4-22 Networking diagram for configuring IPv6 addresses for interfaces
SwitchA SwitchB
GE0/0/1 GE0/0/1
VLANIF100 VLANIF100
3001::1/64 3001::2/64
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Enable the IPv6 forwarding function on switches.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] ipv6
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] ipv6
# Configure SwitchB.
[SwitchB] vlan 100
[SwitchB-vlan100] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ipv6 enable
[SwitchB-Vlanif100] ipv6 address 3001::2/64
[SwitchB-Vlanif100] quit
# Ping the link-local address of SwitchB from SwitchA. You need to use the parameter -i to
specify the interface of the link-local address.
[SwitchA] ping ipv6 FE80::2E0:FCFF:FE33:11 -i vlanif 100
PING FE80::2E0:FCFF:FE33:11 : 56 data bytes, press CTRL_C to break
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=1 hop limit=64 time = 7 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=4 hop limit=64 time = 3 ms
Reply from FE80::2E0:FCFF:FE33:11
bytes=56 Sequence=5 hop limit=64 time = 3 ms
----End
Configuration File
l Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 100
#
interface Vlanif100
ipv6 enable
ipv6 address 3001::1/64
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
Networking Requirements
As shown in Figure 4-23, SwitchA, functioning as the IPv6 DNS client and working jointly
with IPv6 DNS server, can access the host with the IPv6 address as 2002::1/64 based on the
domain name huawei.com.
On SwitchA, the static IPv6 DNS entries of SwitchB and SwitchC are configured. This ensures
that SwitchA can manage both the devices based on the domain names SwitchB and SwitchC.
huawei.com
2002::1/64
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure static DNS entries on SwitchA to access SwitchB and SwitchC using the domain
name.
2. Configure dynamic DNS resolution on SwithcA to enable SwitchA to access the web server
by querying dynamic DNS entries.
3. Configure domain name suffixes on SwitchA so that SwitchA can filter domain names
using the domain name suffix list.
4. Configure OSPF on the switches to ensure reachable routes between them.
Procedure
Step 1 Configure SwitchA.
# Configure IPv6 function.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] ipv6
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 101
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 101
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 101
[SwitchA-Vlanif101] ipv6 enable
[SwitchA-Vlanif101] ipv6 address 2001::1/64
[SwitchA-Vlanif101] quit
NOTE
To resolve the domain name, you also need to configure the route from Switch A to the IPv6 DNS server.
For details of how to configure the route, see Configuration example of IP static route in the
S2300&S3300 Series Ethernet Switches Configuration Guide: IP Routing.
# Run the display ipv6 host command on SwitchA. You can view the mapping relationships
between the host names and the IPv6 addresses in IPv6 static DNS entries.
<SwitchA> display ipv6 host
Host Age Flags IPv6Address (es)
SwitchB 0 static 2001::2
SwitchC 0 static 2002::3
Run the display dns ipv6 dynamic-host command on SwitchA. You can view information about
IPv6 dynamic DNS entries in the dynamic cache.
<SwitchA> display dns ipv6 dynamic-host
No Domain-name Ipv6address TTL
1 huawei.com 2002::1 3579
NOTE
TTL in the command output indicates the life time of the entry, in seconds.
----End
Configuration Files
l Configuration file of SwitchA
l #
sysname SwitchA
#
vlan batch 101
#
ipv6
#
Networking Requirements
As shown in Figure 4-24, two IPv6 networks connect to an IPv4 backbone network through
SwitchA and SwitchB respectively. An automatic IPv6 over IPv4 tunnel needs to be set up
between SwitchA and SwitchB so that devices on the two IPv6 networks can communicate.
Figure 4-24 Networking diagram for configuring an automatic IPv6 over IPv4 tunnel
IPv4
Dual Dual
Stack Stack
VLANIF100 VLANIF100
SwitchA SwitchB
2.1.1.1/8 2.1.1.2/8
Tunnel0/0/1 Tunnel0/0/1
IPv6 ::2.1.1.1/96 ::2.1.1.2/96 IPv6
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for physical interfaces so that devices can communicate on the IPv4
backbone network.
2. Configure IPv6 addresses and source interfaces for tunnel interfaces so that devices can
communicate with hosts on the two IPv6 networks.
3. Set the tunnel protocol to automatic so that hosts on the two IPv6 networks can
communicate through the IPv4 network.
Procedure
Step 1 Configure SwitchA.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
# Ping the IPv6 address of the peer device that is compatible with the IPv4 address from
SwitchA. The IPv6 address is pinged successfully.
[SwitchA] ping ipv6 ::2.1.1.2
PING ::2.1.1.2 : 56 data bytes, press CTRL_C to break
Reply from ::2.1.1.2
bytes=56 Sequence=1 hop limit=64 time = 30 ms
Reply from ::2.1.1.2
bytes=56 Sequence=2 hop limit=64 time = 40 ms
Reply from ::2.1.1.2
bytes=56 Sequence=3 hop limit=64 time = 50 ms
Reply from ::2.1.1.2
bytes=56 Sequence=4 hop limit=64 time = 1 ms
Reply from ::2.1.1.2
bytes=56 Sequence=5 hop limit=64 time = 50 ms
--- ::2.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/34/50 ms
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
interface vlanif100
ip address 2.1.1.1 255.0.0.0
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel 0/0/1
eth-trunk 1
ipv6 enable
ipv6 address ::2.1.1.1/96
tunnel-protocol ipv6-ipv4 auto-tunnel
source vlanif100
#
return
Networking Requirements
As shown in Figure 4-25, two IPv6 networks connect to SwitchB on an IPv4 backbone network
respectively through SwitchA and SwitchC. A manual IPv6 over IPv4 tunnel needs to be set up
between SwitchA and SwitchC so that hosts on the two IPv6 networks can communicate.
Figure 4-25 Networking diagram for configuring a manual IPv6 over IPv4 tunnel
IPv4
network
GE0/0/1 GE0/0/2
VLANIF100 VLANIF200
192.168.50.1/24 192.168.51.1/24
GE0/0/1 GE0/0/1
VLANIF100 VLANIF200
192.168.50.2/24 SwitchB 192.168.51.2/24
Dual Dual
IPv6 IPv6
stack stack
SwitchA SwitchC
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces so that devices can communicate on the IPv4
backbone network.
2. Configure IPv6 addresses, source interfaces, and destination addresses for tunnel interfaces
so that devices can communicate with hosts on the two IPv6 networks.
3. Set the tunnel protocol to IPv6-IPv4 so that hosts on the two IPv6 networks can
communicate through the IPv4 backbone network.
Procedure
Step 1 Configure SwitchA.
# Enable the service loopback function on an Eth-Trunk.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
# Configure an IPv6 address and a destination address for the tunnel interface.
[SwitchA-Tunnel0/0/1] ipv6 enable
[SwitchA-Tunnel0/0/1] ipv6 address 3001::1 64
[SwitchA-Tunnel0/0/1] source vlanif 100
[SwitchA-Tunnel0/0/1] destination 192.168.51.2
[SwitchA-Tunnel0/0/1] quit
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] ipv6
[SwitchB] vlan 100
[SwitchB-vlan100] quit
[SwitchB] vlan 200
[SwitchB-vlan200] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[SwitchB-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 192.168.50.1 255.255.255.0
[SwitchB-Vlanif100] quit
[SwitchB] interface vlanif 200
[SwitchB-Vlanif200] ip address 192.168.51.1 255.255.255.0
[SwitchB-Vlanif200] quit
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
# Configure an IPv6 address and a destination address for the tunnel interface.
[SwitchC-Tunnel0/0/1] ipv6 enable
[SwitchC-Tunnel0/0/1] ipv6 address 3001::2 64
[SwitchC-Tunnel0/0/1] source vlanif 200
[SwitchC-Tunnel0/0/1] destination 192.168.50.2
[SwitchC-Tunnel0/0/1] quit
# Ping the IPv6 address of Tunnel0/0/1 on SwitchA from SwitchC. SwitchC can receive a Reply
packet from SwitchA.
[SwitchC] ping ipv6 3001::1
PING 3001::1 : 56 data bytes, press CTRL_C to break
Reply from 3001::1
bytes=56 Sequence=1 hop limit=64 time = 28 ms
Reply from 3001::1
bytes=56 Sequence=2 hop limit=64 time = 27 ms
Reply from 3001::1
bytes=56 Sequence=3 hop limit=64 time = 26 ms
Reply from 3001::1
bytes=56 Sequence=4 hop limit=64 time = 27 ms
Reply from 3001::1
bytes=56 Sequence=5 hop limit=64 time = 26 ms
--- 3001::1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 26/26/28 ms
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 100
#
interface Vlanif100
ip address 192.168.50.2 255.255.255.0
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel0/0/1
ipv6 enable
ipv6 address 3001::1/64
tunnel-protocol ipv6-ipv4
source Vlanif100
destination 192.168.51.2
eth-trunk 1
#
ip route-static 192.168.51.0 255.255.255.0 192.168.50.1
#
return
Networking Requirements
As shown in Figure 4-26, the IPv6 network-side interface of 6to4 SwitchA connects to a 6to4
network. SwitchB is a 6to4 relay agent and connects to the IPv6 Internet (2002::/64). SwitchA
and SwitchB are connected through an IPv4 backbone network. A 6to4 tunnel needs to be set
up between SwitchA and SwitchB so that hosts on the 6to4 network and the IPv6 network can
communicate.
IPv4
GE0/0/1 GE0/0/1
VLANIF100 VLANIF100
2.1.1.1 2.1.1.2
SwitchA SwitchB
GE0/0/2 GE0/0/2
VLANIF200 VLANIF200
2002:201:101:1::1/64 2002:201:102:1::1/64
Tunnel0/0/1 Tunnel0/0/1
2002:201:101::1/64 2002:201:102::1/64
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IPv4/IPv6 dual stack on switches so that they can access the IPv4 network
and the IPv6 network.
2. Configure a 6to4 tunnel on switches to connect IPv6 networks through the IPv4 backbone
network.
3. Configure a static route between SwitchA and SwitchB so that they can be connected
through the IPv4 backbone network.
Procedure
Step 1 Configure SwitchA.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
NOTE
There must be a reachable route between SwitchA and SwitchB. In this example, a routing protocol needs
to be configured on VLANIF 100 of SwitchA and SwitchB. For details, see the S2300&S3300 Series
Ethernet Switches Configuration Guide - IP Routing
# Ping the 6to4 address of VLANIF200 on SwitchB from SwitchA. The 6to4 address can be
pinged successfully.
[SwitchA] ping ipv6 2002:0201:0102:1::1
PING 2002:0201:0102:1::1 : 56 data bytes, press CTRL_C to break
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 100 200
#
interface Vlanif100
ip address 2.1.1.1 255.0.0.0
#
interface Vlanif200
ipv6 enable
ipv6 address 2002:201:101:1::1/64
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel0/0/1
ipv6 enable
ipv6 address 2002:201:101::1/64
tunnel-protocol ipv6-ipv4 6to4
source vlanif100
eth-trunk 1
#
ipv6 route-static 2002:: 16 Tunnel0/0/1
#
return
#
interface Vlanif100
ip address 2.1.1.2 255.0.0.0
#
interface Vlanif200
ipv6 enable
ipv6 address 2002:201:102:1::1/64
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel0/0/1
ipv6 enable
ipv6 address 2002:201:102::1/64
tunnel-protocol ipv6-ipv4 6to4
source vlanif100
eth-trunk 1
#
ipv6 route-static 2002:: 16 Tunnel0/0/1
#
return
Networking Requirements
As shown in Figure 4-27, an IPv6 host on the IPv4 network runs Windows XP. The IPv6 host
needs to be connected to the IPv6 network through a border device. The IPv6 host and border
device support ISATAP. An ISATAP tunnel needs to be set up between the IPv6 host and the
border device.
ISATAP
IPv6 IPv4
network network
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IPv4/IPv6 dual stack on the switch so that the switch can access the IPv4
network and IPv6 network.
2. Configure an ISATAP tunnel on the switch so that IPv6 hosts on the IPv4 network can
communicate with IPv6 hosts on the IPv6 network.
3. Configure a static route from the IPv6 host to the ISATAP host so that the IPv6 host can
forward packets directly over the tunnel.
Procedure
Step 1 Configure the ISATAP border device.
# Enable the service loopback function on an Eth-Trunk.
CAUTION
The interface must be idle. That is, the interface does not transmit services.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] service type tunnel
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/3
[Quidway-GigabitEthernet0/0/3] eth-trunk 1
[Quidway-GigabitEthernet0/0/3] quit
# Enable the IPv4/IPv6 dual stack and configure an IP address for each interface.
<Quidway> system-view
[Quidway] ipv6
[Quidway] vlan batch 100 200
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[Quidway-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[Quidway-GigabitEthernet0/0/2] quit
[Quidway] interface vlanif 100
[Quidway-Vlanif100] ipv6 enable
[Quidway-Vlanif100] ipv6 address 3001::1/64
[Quidway-Vlanif100] quit
[Quidway] interface vlanif 200
[Quidway-Vlanif200] ip address 2.1.1.1 255.0.0.0
[Quidway-Vlanif200] quit
The ISATAP host needs to run IPv6 and be enabled with the IPv6 function.
# Run the following command to add a static route to the border device. The number of the
pseudo interface on the host is 2. You can run the ipv6 if command to check the interface
corresponding to Automatic Tunneling Pseudo-Interface.
C:\> netsh interface ipv6 isatap set router 2.1.1.1
# Ping the global unicast address of the tunnel interface on the ISATAP host from the ISATAP
device.
[Quidway] ping ipv6 2001::5efe:2.1.1.2
PING 2001::5efe:2.1.1.2 : 56 data bytes, press CTRL_C to break
Reply from 2001::5EFE:201:102
bytes=56 Sequence=1 hop limit=64 time = 4 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=3 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=4 hop limit=64 time = 2 ms
Reply from 2001::5EFE:201:102
bytes=56 Sequence=5 hop limit=64 time = 2 ms
# Ping the global unicast address of the ISATAP device from the ISATAP host.
C:\> ping6 2001::5efe:2.1.1.1
Pinging 2001::5efe:2.1.1.1
from 2001::5efe:2.1.1.2 with 32 bytes of data:
# Ping the IPv6 host from the ISATAP host. They can ping each other.
C:\> ping6 3001::2
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 100 200
#
ipv6
#
interface Vlanif100
ipv6 enable
ipv6 address 3001::1/64
#
interface Vlanif200
ip address 2.1.1.1 255.0.0.0
#
interface Eth-Trunk1
service type tunnel
#
interface Tunnel0/0/2
ipv6 enable
ipv6 address 2001::/64 eui-64
undo ipv6 nd ra halt
tunnel-protocol ipv6-ipv4 isatap
source Vlanif200
eth-trunk 1
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
return
This document describes the IP routing features of the device and provides the configuration
procedures and configuration examples of these features.
can connect to multiple VPNs. The MCE solution isolates services of different VPNs while
reducing cost of network devices.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs, add interfaces to the VLANs, and assign IPv4 addresses to VLANIF
interfaces so that neighboring devices can communicate with each other.
2. Configure the IPv4 default gateway on each host, and configure IPv4 static routes or default
static routes on each Switch so that hosts on different network segments can communicate
with each other.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10 30
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign IPv4 addresses to the VLANIF interfaces.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.4.1 30
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 30
[SwitchA-Vlanif30] ip address 1.1.1.1 24
[SwitchA-Vlanif30] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure hosts.
Set the default gateway addresses of PC1, PC2, and PC3 to 1.1.1.1, 1.1.2.1, and 1.1.3.1
respectively.
Step 4 Configure static routes.
# Configure a default IPv4 route on SwitchA.
[SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 30
#
interface Vlanif10
ip address 1.1.4.1 255.255.255.252
#
interface Vlanif30
ip address 1.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
#
return
SwitchA SwitchB
Eth0/0/1 SwitchC
Eth0/0/1 VLANIF40
VLANIF20 FE80::218:20FF:FE00:82
FE80::218:20FF:FE00:81
Eth0/0/2 Eth0/0/2
VLANIF10 VLANIF50
1::1/64 3::1/64
PC1 PC3
1::2/64 3::2/64
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs, add interfaces to the VLANs, and assign IPv6 addresses to VLANIF
interfaces so that neighboring devices can communicate with each other.
2. Configure the IPv6 default gateway on each host, and configure IPv6 static routes or default
static routes on each Switch so that hosts on different network segments can communicate
with each other.
Procedure
Step 1 Add interfaces to VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10 20
[SwitchA] interface ethernet0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 20
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 20
[SwitchA-Ethernet0/0/1] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign IPv6 addresses to the VLANIF interfaces.
[SwitchA] ipv6
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address 1::1/64
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ipv6 enable
[SwitchA-Vlanif20] ipv6 address auto link-local
[SwitchA-Vlanif20] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
NOTE
Run the display ipv6 interface brief command to check the automatically generated IPv6 address on the
interface.
Destination : :: PrefixLength : 0
NextHop : FE80::218:20FF:FE00:80 Preference : 60
Cost : 0 Protocol : Static
RelayNextHop : :: TunnelID : 0x0
Interface : Vlanif20 Flags : D
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 10 20
#
interface Vlanif10
ipv6 enable
ipv6 address 1::1/64
#
interface Vlanif20
ipv6 enable
ipv6 address auto link-local
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ipv6 route-static :: 0 vlanif20 FE80::218:20FF:FE00:80
#
return
#
sysname SwitchC
#
ipv6
#
vlan batch 40 50
#
interface Vlanif40
ipv6 enable
ipv6 address auto link-local
#
interface Vlanif50
ipv6 enable
ipv6 address 3::1/64
#
interface Ethernet0/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface Ethernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ipv6 route-static :: 0 Vlanif40 FE80::218:20FF:FE00:83
#
return
5.1.3 Example for Configuring Static BFD for IPv4 Static Routes
Networking Requirements
As shown in Figure 5-3, SwitchA is connected to the network management system (NMS)
through SwitchB. You need to configure static routes on SwitchA so that SwitchA can
communicate with the NMS. Link fault detection between SwitchA and SwitchB must be at the
millisecond level to improve convergence speed.
Figure 5-3 Networking diagram of configuring static BFD for IPv4 static routes
Eth0/0/1 Eth0/0/2
VLANIF10 VLANIF20
1.1.1.1/24 2.2.2.2/24
Eth0/0/1 2.2.2.1/24
SwitchA VLANIF10 SwitchB NMS
1.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a BFD session between SwitchA and SwitchB to implement link fault detection
at the millisecond level.
2. Configure a static route from SwitchA to the NMS and bind a BFD session to the static
route. This configuration can implement link fault detection at the millisecond level and
improve convergence speed of static routes.
Procedure
Step 1 Add interfaces to the VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface ethernet0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
The configurations of SwitchB are similar to the configuration of SwitchA, and are not
mentioned here.
Step 2 Assign IP addresses to the VLANIF interfaces.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.1.1 24
[SwitchA-Vlanif10] quit
The configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned
here.
Step 3 Configure a BFD session between SwitchA and SwitchB.
# Create a BFD session on SwitchA.
[SwitchA] bfd
[SwitchA-bfd] quit
[SwitchA] bfd aa bind peer-ip 1.1.1.2
[SwitchA-bfd-session-aa] discriminator local 10
[SwitchA-bfd-session-aa] discriminator remote 20
[SwitchA-bfd-session-aa] commit
[SwitchA-bfd-session-aa] quit
Step 4 Configure a static route and bind the route to the BFD session.
# Configure a default static route to the external network on SwitchA and bind the static route
to the BFD session named aa.
[SwitchA]ip route-static 2.2.2.0 24 1.1.1.2 track bfd-session aa
# Check the IP routing table on SwitchA, and you can find that the static route exists in the
routing table.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 5 Routes : 5
# Run the shutdown command on Eth 0/0/1 of SwitchB to simulate a link fault.
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] shutdown
# Check the routing table on SwitchA, and you can find that default route 2.2.2.0/24 does not
exist. The reason is that the default static route is bound to a BFD session, and BFD immediately
notifies that the bound static route is unavailable when a fault is detected.
[SwitchA]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 2 Routes : 2
# Run the undo shutdown command on Eth0/0/1 of SwitchB to simulate link recovery.
[SwitchB-Ethernet0/0/1]undo shutdown
# Check the routing table on SwitchA, and you can find default route 2.2.2.0/24 in the routing
table. After detecting link recovery, BFD immediately notifies that the bound static route is
reachable.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 5 Routes : 5
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
bfd
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
bfd aa bind peer-ip 1.1.1.2
discriminator local 10
discriminator remote 20
commit
#
ip route-static 2.2.2.0 255.255.255.0 1.1.1.2 track bfd-session aa
#
return
Eth0/0/2
VLANIF20
172.16.1.2/24
Eth0/0/2
Eth0/0/1 VLANIF20 Eth0/0/3
VLANIF10 172.16.1.1/24 VLANIF30
192.168.1.1/24 10.1.1.2/24
Eth0/0/1 Eth0/0/3
SwitchA VLANIF10 SwitchB VLANIF30 SwitchD
192.168.1.2/24 10.1.1.1/24
Configuration Roadmap
The network size is small, so RIP-2 is recommended. The configuration roadmap is as follows:
1. Configure VLAN and IP address for each interface to ensure network reachability.
2. Enable RIP on each switch to implement network connections between processes.
3. Configure RIP-2 on each switch to improve RIP performance.
Procedure
Step 1 Configure VLANs that the related interfaces belong to.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 2 Configure an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 192.168.1.1 24
[SwitchA-Vlanif10] quit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 3 Configure the basic RIP functions.
# Configure Switch A.
[SwitchA] rip
[SwitchA-rip-1] network 192.168.1.0
[SwitchA-rip-1] quit
# Configure Switch B.
[SwitchB] rip
[SwitchB-rip-1] network 192.168.1.0
[SwitchB-rip-1] network 172.16.0.0
[SwitchB-rip-1] network 10.0.0.0
[SwitchB-rip-1] quit
# Configure Switch C.
[SwitchC] rip
[SwitchC-rip-1] network 172.16.0.0
[SwitchC-rip-1] quit
# Configure Switch D.
[SwitchD] rip
[SwitchD-rip-1] network 10.0.0.0
[SwitchD-rip-1] quit
From the routing table, you can find that the routes advertised by RIP-1 use natural masks.
Step 4 Configure the RIP version.
# Configure RIPv2 on Switch A.
[SwitchA] rip
[SwitchA-rip-1] version 2
[SwitchA-rip-1] quit
10.1.1.0/24 192.168.1.2 1 0 RA 32
172.16.1.0/24 192.168.1.2 1 0 RA 32
From the routing table, you can find that the routes advertised by RIP-2 contain more accurate
subnet masks.
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
rip 1
version 2
network 192.168.1.0
#
return
vlan batch 20
#
interface Vlanif20
ip address 172.16.1.2 255.255.255.0
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
rip 1
version 2
network 172.16.0.0
#
return
Eth0/0/1 Eth0/0/2
VLANIF50 VLANIF30
192.168.0.1/24 192.168.3.1/24
Eth0/0/2 Eth0/0/1
VLANIF10 VLANIF20
192.168.2.1/24 Eth0/0/3
192.168.1.2/24
Eth0/0/2 Eth0/0/1 VLANIF40
VLANIF10 VLANIF20 192.168.4.1/24
SwitchA 192.168.1.1/24 SwitchB 192.168.2.2/24 SwitchC
RIP 100 RIP 200
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure VLANs that the related interfaces belong to.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan bath 10 50
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 50
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 50
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/2] quit
The configurations of Switch B, and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
Step 2 Configure an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 192.168.1.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 50
[SwitchA-Vlanif50] ip address 192.168.0.1 24
[SwitchA-Vlanif50] quit
The configurations of Switch B, and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
Step 3 Configure the basic RIP functions.
# Enable RIP process 100 on SwitchA.
[SwitchA] rip 100
[SwitchA-rip-100] network 192.168.0.0
[SwitchA-rip-100] network 192.168.1.0
[SwitchA-rip-100] quit
The routing table of SwitchA does not contain the routes imported from other processes.
Step 4 Configure RIP to import external routes.
# On SwitchB, set the default metric of imported routes to 3 in RIP 100 process and configure
the RIP processes to import routes into each other's routing table.
[SwitchB] rip 100
[SwitchB-rip-100] default-cost 3
[SwitchB-rip-100] import-route rip 200
[SwitchB-rip-100] quit
[SwitchB] rip 200
[SwitchB-rip-200] import-route rip 100
[SwitchB-rip-200] quit
# View the routing table of SwitchA after the routes are imported.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif50
192.168.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10
192.168.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
192.168.3.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
192.168.4.0/24 RIP 100 4 D 192.168.1.2 Vlanif10
The routing table of SwitchA does not contain the route originating from 192.168.4.0/24.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 50
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface Vlanif50
ip address 192.168.0.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
rip 100
network 192.168.0.0
network 192.168.1.0
#
return
Figure 5-6 Networking diagram for One-Arm static BFD for RIP
GE0/0/1 GE0/0/1 GE0/0/3
SwitchA VLANIF10 VLANIF10 SwitchB VLANIF40 SwitchD
2.2.2.1/24 2.2.2.2/24 172.16.1.1/24
GE0/0/1
GE0/0/2 GE0/0/2 VLANIF40
VLANIF20 VLANIF30 172.16.1.2/24
3.3.3.1/24 4.4.4.1/24
GE0/0/2 GE0/0/1
VLANIF20 VLANIF30
3.3.3.2/24 SwitchC 4.4.4.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP address for each interface to ensure network reachability.
2. Enable RIP on each switch to implement network connections between processes.
3. Configure One-Arm static BFD on SwitchA. BFD can rapidly detect the link status and
help RIP speed up route convergence to implement fast link switching.
Procedure
Step 1 Configure VLANs that the related interfaces belong to.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan bath 10 20
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port hybrid pvid vlan 20
[SwitchA-GigabitEthernet0/0/2] port hybrid untagged vlan 20
[SwitchA-GigabitEthernet0/0/2] quit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 2 Configure an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 2.2.2.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 3.3.3.1 24
[SwitchA-Vlanif20] quit
The configurations of Switch B, Switch C, and Switch D are similar to the configuration of
Switch A, and are not mentioned here.
Step 3 Configure basic RIP functions.
# Configure Switch A.
[SwitchA] rip 1
[SwitchA-rip-1] version 2
[SwitchA-rip-1] network 2.0.0.0
[SwitchA-rip-1] network 3.0.0.0
[SwitchA-rip-1] quit
# Configure Switch B.
[SwitchB] rip 1
[SwitchB-rip-1] version 2
[SwitchB-rip-1] network 2.0.0.0
[SwitchB-rip-1] network 4.0.0.0
[SwitchB-rip-1] network 172.16.0.0
[SwitchB-rip-1] quit
# Configure Switch C.
[SwitchC] rip 1
[SwitchC-rip-1] version 2
[SwitchC-rip-1] network 3.0.0.0
[SwitchC-rip-1] network 4.0.0.0
[SwitchC-rip-1] quit
# Configure Switch D.
[SwitchD] rip 1
[SwitchD-rip-1] version 2
[SwitchD-rip-1] network 172.16.0.0
[SwitchD-rip-1] quit
# After completing the preceding operations, run the display rip neighbor command. The
command output shows that Switchs A, B, and C have established neighbor relationships with
each other. In the following example, the display on Switch A is used.
[SwitchA] display rip 1 neighbor
---------------------------------------------------------------------
IP Address Interface Type Last-Heard-Time
---------------------------------------------------------------------
2.2.2.2 Vlanif10 RIP 0:0:10
Number of RIP routes : 2
3.3.3.2 Vlanif20 RIP 0:0:8
Number of RIP routes : 1
# Run the display ip routing-table command. The command output shows that the devices have
imported routes from each other. In the following example, the display on Switch A is used.
[SwitchA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 9
The preceding command output shows that the next-hop address and outbound interface of the
route to destination 172.16.1.0/24 are 2.2.2.2 and VLANIF10 respectively, and traffic is
transmitted over the active link Switch A->Switch B.
Step 4 Configure One-Arm static BFD on Switch A.
# Configure one-arm BFD on Switch A.
[SwitchA] bfd
[SwitchA-bfd] quit
[SwitchA] bfd 1 bind peer-ip 2.2.2.2 interface vlanif 10 source-ip 1.1.1.1 one-arm-
echo
[SwitchA-session-1] discriminator local 1
[SwitchA-session-1] min-echo-rx-interval 200
[SwitchA-session-1] commit
[SwitchA-session-1] quit
# After the configurations are completed, run the display bfd sessionall command on Switch A
and you can see that a static BFD session is set up.
[SwitchA] display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
1 - 2.2.2.2 Up S_IP_IF Vlanif10
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
NOTE
The link fault is simulated to verify the configuration. In actual situations, the operation is not required.
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] shutdown
The preceding command output shows that the standby link Switch A->Switch C->Switch B is
used after the active link fails, and the next-hop address and outbound interface of the route to
destination 172.16.1.0/24 are 3.3.3.2 and VLANIF20 respectively.
----End
Configuration files
l Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 2.2.2.1 255.255.255.0
rip bfd static
#
interface Vlanif20
ip address 3.3.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
bfd 1 bind peer-ip 2.2.2.2 interface Vlanif10 source-ip 1.1.1.1 one-arm-echo
discriminator local 1
min-echo-rx-interval 200
commit
#
rip 1
version 2
network 2.0.0.0
network 3.0.0.0
#
return
l Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 10 30 40
#
bfd
#
interface Vlanif10
ip address 2.2.2.2 255.255.255.0
#
interface Vlanif30
ip address 4.4.4.1 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
rip 1
version 2
network 2.0.0.0
network 4.0.0.0
network 172.16.0.0
#
return
l Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 20 30
#
interface Vlanif20
ip address 3.3.3.2 255.255.255.0
#
interface Vlanif30
ip address 4.4.4.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
rip 1
version 2
network 3.0.0.0
network 4.0.0.0
#
return
Figure 5-7 Networking diagram for configuring RIPng to filter the received routes
SwitchB
Eth0/0/1 Eth0/0/2
VLANIF20 VLANIF30
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable RIPng on each Switch so that the Switches can communicate with each other.
2. Configure an ACL on SwitchB to filter the received routes.
Procedure
Step 1 Add interfaces to VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/2] quit
[SwitchA] vlan 20
[SwitchA-vlan20] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 20
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 20
[SwitchA-Ethernet0/0/1] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and are
not mentioned here.
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and are
not mentioned here.
Step 3 Configure the basic RIPng functions.
# Configure SwitchA.
[SwitchA] ripng 1
[SwitchA-ripng-1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ripng 1 enable
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ripng 1 enable
[SwitchA-Vlanif20] quit
# Configure SwitchB.
[SwitchB] ripng 1
[SwitchB-ripng-1] quit
[SwitchB] interface vlaif 20
[SwitchB-Vlanif20] ripng 1 enable
[SwitchB-Vlanif20] quit
[SwitchB] interface vlanif 30
[SwitchB-Vlanif30] ripng 1 enable
[SwitchB-Vlanif30] quit
# Configure SwitchC.
[SwitchC] ripng 1
[SwitchC-ripng-1] quit
[SwitchC] interface vlanif 30
[SwitchC-Vlanif30] ripng 1 enable
[SwitchC-Vlanif30] quit
[SwitchC] interface vlanif 40
[SwitchC-Vlanif40] ripng 1 enable
[SwitchC-Vlanif40] quit
[SwitchC] interface vlanif 50
[SwitchC-Vlanif50] ripng 1 enable
[SwitchC-Vlanif50] quit
The preceding information shows that the RIPng routing table of SwitchB contains the routes
of network segment 3::/64.
# Display the RIPng routing table of SwitchA.
[SwitchA] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
Dest 3::/64,
via FE80::476:0:3624:1, cost 2, tag 0, RA, 21 Sec
The preceding information shows that the RIPng routing table of SwitchA contains the routes
of network segment 3::/64 advertised by SwitchB.
Step 4 Configure SwitchB to filter the received routes.
[SwitchB] acl ipv6 number 2000
[SwitchB-acl6-basic-2000] rule deny source 3:: 64
[SwitchB-acl6-basic-2000] rule permit
[SwitchB-acl6-basic-2000] quit
[SwitchB] ripng 1
[SwitchB-ripng-1] filter-policy 2000 import
[SwitchB-ripng-1] quit
After the aging time of the filtered routing entry expires, check the verification result. The default aging time is
180 seconds.
# Check the RIPng routing table of SwitchB. The RIPng routing table should not contain the
routes of network segment 3::/64.
[SwitchB] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
# Check the RIPng routing table of SwitchA. The RIPng routing table should not contain the
routes of network segment 3::/64.
[SwitchA] display ripng 1 route
Route Flags: A - Aging, S - Suppressed, G - Garbage-collect
----------------------------------------------------------------
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 10 20
#
interface Vlanif10
ipv6 enable
ipv6 address 1::1/64
ripng 1 enable
#
interface Vlanif20
ipv6 enable
Networking Requirements
As shown in Figure 5-8, all switches run OSPF, and the entire AS is partitioned into three areas.
Switch A and Switch B serve as ABRs to forward routes between areas.
After the configuration, each Switch should learn the routes to all network segments from the
AS.
Eth0/0/1 Eth0/0/1
Switch E Switch F
Configuration Roadmap
The configuration roadmap is as follows:
1. Create the ID of a VLAN to which each interface belongs.
2. Assign an IP address to each VLANIF interface.
3. Enable OSPF on each Switch and specify network segments in different areas.
4. Check the routing table and LSDB.
Configuration Procedure
1. Create a VLAN to which each interface belongs.
The configuration details are not mentioned here.
2. Assign an IP address to each interface.
The configuration details are not mentioned here.
3. Configuring Basic OSPF Functions.
# Configure Switch A.
[SwitchA] router id 1.1.1.1
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] area 1
[SwitchA-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.1] quit
[SwitchA-ospf-1] quit
# Configure Switch B.
[SwitchB] router id 2.2.2.2
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] area 2
[SwitchB-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.2] quit
[SwitchB-ospf-1] quit
# Configure Switch C.
[SwitchC] router id 3.3.3.3
[SwitchC] ospf
[SwitchC-ospf-1] area 1
[SwitchC-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.1] quit
[SwitchC-ospf-1] quit
# Configure Switch D.
[SwitchD] router id 4.4.4.4
[SwitchD] ospf
[SwitchD-ospf-1] area 2
[SwitchD-ospf-1-area-0.0.0.2] network 192.168.2.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.2] quit
[SwitchD-ospf-1] quit
# Configure Switch E.
[SwitchE] router id 5.5.5.5
[SwitchE] ospf
[SwitchE-ospf-1] area 1
[SwitchE-ospf-1-area-0.0.0.1] network 172.16.1.0 0.0.0.255
[SwitchE-ospf-1-area-0.0.0.1] quit
[SwitchE-ospf-1] quit
# Configure Switch F.
[SwitchF] router id 6.6.6.6
[SwitchF] ospf
[SwitchF-ospf-1] area 2
[SwitchF-ospf-1-area-0.0.0.2] network 172.17.1.0 0.0.0.255
[SwitchF-ospf-1-area-0.0.0.2] quit
[SwitchF-ospf-1] quit
Neighbors
Total Nets: 5
Intra Area: 3 Inter Area: 2 ASE: 0 NSSA: 0
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 2.2.2.2 2.2.2.2 317 48 80000003 1
Router 1.1.1.1 1.1.1.1 316 48 80000002 1
Network 192.168.0.1 1.1.1.1 316 32 80000001 0
Sum-Net 172.16.1.0 1.1.1.1 250 28 80000001 2
Sum-Net 172.17.1.0 2.2.2.2 203 28 80000001 2
Sum-Net 192.168.2.0 2.2.2.2 237 28 80000002 1
Sum-Net 192.168.1.0 1.1.1.1 295 28 80000002 1
Area: 0.0.0.1
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 5.5.5.5 5.5.5.5 214 36 80000004 1
Router 3.3.3.3 3.3.3.3 217 60 80000008 1
Router 1.1.1.1 1.1.1.1 289 48 80000002 1
Network 192.168.1.1 1.1.1.1 202 28 80000002 0
Network 172.16.1.1 3.3.3.3 670 32 80000001 0
Sum-Net 172.17.1.0 1.1.1.1 202 28 80000001 3
Sum-Net 192.168.2.0 1.1.1.1 242 28 80000001 2
Sum-Net 192.168.0.0 1.1.1.1 300 28 80000001 1
# Check the routing table of Switch D and perform the ping operation to test the
connectivity.
[SwitchD] display ospf routing
Total Nets: 5
Intra Area: 2 Inter Area: 3 ASE: 0 NSSA: 0
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
#
return
router id 6.6.6.6
#
vlan batch 50
#
interface Vlanif50
ip address 172.17.1.2 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1
area 0.0.0.2
network 172.17.1.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 5-9, OSPF is enabled on all Switches and the entire AS is partitioned into
three areas. SwitchA and SwitchB function as ABRs to forward routes between areas. SwitchD
functions as the ASBR to import static routes.
The requirement is to configure Area 1 as the stub area, thus reducing the LSAs advertised to
this area without affecting the route reachability.
Eth0/0/1 Eth0/0/1
Switch E Switch F
Configuration Roadmap
The configuration roadmap is as follows:
Configuration Procedure
1. 5.4.1 Example for Configuring Basic OSPF Functions.
2. Configure SwitchD to import static routes.
# Import static routes on SwitchD, as follows:
[SwitchD] ip route-static 200.0.0.0 8 null 0
[SwitchD] ospf
[SwitchD-ospf-1] import-route static type 1
[SwitchD-ospf-1] quit
Total Nets: 6
Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0
If the area where SwitchC resides is the common area, you can view that AS external routes
exist in the routing table.
3. Configure Area 1 as a stub area.
# Configure SwitchA.
[SwitchA] ospf
[SwitchA-ospf-1] area 1
[SwitchA-ospf-1-area-0.0.0.1] stub
[SwitchA-ospf-1-area-0.0.0.1] quit
[SwitchA-ospf-1] quit
# Configure SwitchC.
[SwitchC] ospf
[SwitchC-ospf-1] area 1
[SwitchC-ospf-1-area-0.0.0.1] stub
[SwitchC-ospf-1-area-0.0.0.1] quit
[SwitchC-ospf-1] quit
# Configure SwitchE.
[SwitchE] ospf
[SwitchE-ospf-1] area 1
[SwitchE-ospf-1-area-0.0.0.1] stub
[SwitchE-ospf-1-area-0.0.0.1] quit
[SwitchE-ospf-1] quit
Total Nets: 6
Intra Area: 2 Inter Area: 4 ASE: 0 NSSA: 0
When the area where SwitchC resides is configured as a stub area, you may not find the
AS external route but a default route external to the AS.
# Disable Router A from advertising Type3 LSAs to the stub area.
[SwitchA] ospf
[SwitchA-ospf-1] area 1
[SwitchA-ospf-1-area-0.0.0.1] stub no-summary
[SwitchA-ospf-1-area-0.0.0.1] quit
[SwitchA-ospf-1] quit
Total Nets: 3
After the advertisement of Summary-LSA to the stub area is disabled, the route entries are
further reduced. The AS external routes are invisible in the routing table. Instead, there is
a default route.
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
stub no-summary
#
return
NOTE
Configuration files of SwitchB and SwitchF are the same as the configuration file of SwitchA, and
are not mentioned here.
l Configuration file of SwitchC
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.1
network 192.168.1.0 0.0.0.255
Networking Requirements
As shown in Figure 5-10, OSPF is enabled on all Switches and the entire AS is partitioned into
three areas. SwitchA and SwitchB function as ABRs to forward routes between areas. SwitchD
functions as the ASBR to import external routes (static routes).
The requirement is to configure Area 1 as an NSSA area and configure SwitchC as an ASBR to
import external routes (static routes). The routing information can be transmitted correctly in
the AS.
Area 1 Area 2
Eth0/0/2 Eth0/0/2
Eth0/0/1 Eth0/0/1
Switch E Switch F
Configuration Roadmap
The configuration roadmap is as follows:
Configuration Procedure
1. 5.4.1 Example for Configuring Basic OSPF Functions.
2. Configure SwitchD to import static routes. See 5.4.2 Example for Configuring a Stub
Area of OSPF.
3. Configure Area 1 as an NSSA area.
# Configure SwitchA.
[SwitchA] ospf
[SwitchA-ospf-1] area 1
[SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary
[SwitchA-ospf-1-area-0.0.0.1] quit
[SwitchA-ospf-1] quit
# Configure SwitchC.
[SwitchC] ospf
[SwitchC-ospf-1] area 1
[SwitchC-ospf-1-area-0.0.0.1] nssa
[SwitchC-ospf-1-area-0.0.0.1] quit
[SwitchC-ospf-1] quit
# Configure SwitchE.
[SwitchE] ospf
[SwitchE-ospf-1] area 1
[SwitchE-ospf-1-area-0.0.0.1] nssa
[SwitchE-ospf-1-area-0.0.0.1] quit
[SwitchE-ospf-1] quit
NOTE
You should run the default-route-advertise no-summary command on SwitchA. In this manner,
the size of the routing table of devices in the NSSA area can be reduced. For other devices in the
NSSA area, you need to use only the nssa command.
# Check the OSPF routing table of SwitchC.
[SwitchC] display ospf routing
Total Nets: 3
Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0
Total Nets: 6
Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0
You can view one imported AS external route on SwitchD in the NSSA area.
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
area 0.0.0.1
network 192.168.1.0 0.0.0.255
nssa default-route-advertise no-summary
#
return
NOTE
Configuration files of SwitchB, SwitchD, and SwitchF are the same as the configuration file of
SwitchA, and are not mentioned here.
l Configuration file of SwitchC
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 20 40
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif40
ip address 172.16.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
Networking Requirements
As shown in Figure 5-11, Switch A has the highest priority of 100 in the network and is selected
as DR. Switch C has the second highest priority, and is selected as BDR. The priority of Switch
B is 0, so Switch B cannot be selected as DR. The priority of Switch D is not configured and its
default value is 1.
Eth0/0/1 Eth0/0/1
Eth0/0/1 Eth0/0/1
Switch C Switch D
Configuration Roadmap
The configuration roadmap is as follows:
1. Create the ID of a VLAN to which each interface belongs.
2. Assign an IP address to each VLANIF interface.
3. Configure the router ID of each Switch, enable OSPF, and specify network segments.
4. Check the DR or BDR status of each Switch.
5. Set the DR priority of the interface and check the DR or BDR status.
Configuration Procedure
1. Create a VLAN to which each interface belongs.
The configuration details are not mentioned here.
2. Assign an IP address to each interface.
The configuration details are not mentioned here.
3. 5.4.1 Example for Configuring Basic OSPF Functions.
# Configure Switch A.
[SwitchA] router id 1.1.1.1
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Configure Switch B.
[SwitchB] router id 2.2.2.2
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# Configure Switch C.
[SwitchC] router id 3.3.3.3
[SwitchC] ospf
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# Configure Switch D.
[SwitchD] router id 4.4.4.4
[SwitchD] ospf
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
Check information about the neighbor of Switch A. You can view the DR priority and
neighbor status. By default, the DR priority is 1. Now Switch D is a DR and Switch C is a
BDR.
NOTE
When the priority is the same, the Switch with a higher router ID is selected as DR. If one Ethernet
interface of the Switch becomes DR, the other broadcast interfaces of the Switch have a high priority
of being selected as DRs in future DR selection. That is, select the DR Switch as DR. DR cannot be
preempted.
4. Configure DR priorities on the interfaces.
# Configure Switch A.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ospf dr-priority 100
[SwitchA-Vlanif10] quit
# Configure Switch B.
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ospf dr-priority 0
[SwitchB-Vlanif10] quit
# Configure Switch C.
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] ospf dr-priority 2
[SwitchC-Vlanif10] quit
NOTE
Area: 0.0.0.0
IP Address Type State Cost Pri DR BDR
192.168.1.1 Broadcast DR 1 100 192.168.1.1 192.168.1.3
Area: 0.0.0.0
IP Address Type State Cost Pri DR BDR
192.168.1.2 Broadcast DROther 1 0 192.168.1.1 192.168.1.3
All neighbors are in the full state. This indicates that SwitchA sets up neighbor relationships
with all its neighbors. If the neighbor remains "2-Way", it indicates both of them are not
DRs or BDRs. Thus, they need not exchange LSAs.
All other neighbors are DR Others. This indicates that they are neither DRs nor BDRs.
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
router id 1.1.1.1
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
ospf dr-priority 100
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
router id 2.2.2.2
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
ospf dr-priority 0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
router id 3.3.3.3
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.3 255.255.255.0
ospf dr-priority 2
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 5-12:
l SwitchA, SwitchB, SwitchC, and SwitchD connect to each other through OSPF.
l SwitchA, SwitchB, SwitchC, and SwitchD belong to Area 0.
l Load balancing is performed between SwitchB and SwitchC. The traffic of SwitchA is sent
to SwitchD by SwitchB and SwitchC.
SwitchB
Eth0/0/1 Eth0/0/2
Eth0/0/1 Eth0/0/2
SwitchC
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable OSPF on each Switch to implement interconnection.
2. Cancel load balancing and check the routing table.
3. (Optional) Set the preferences for equal-cost routes on SwitchA.
Configuration Procedure
1. Create a VLAN to which each interface belongs.
The configuration details are not mentioned here.
2. Assign an IP address to each interface.
The configuration details are not mentioned here.
3. 5.4.1 Example for Configuring Basic OSPF Functions.
As shown in the routing table, when the maximum number of the equal-cost routes is 1,
the next hop to the destination network segment 172.17.1.0 is 10.1.1.2.
NOTE
In the preceding example, 10.1.1.2 is selected as the optimal next hop. This is because OSPF selects
the next hop of the equal-cost route randomly.
5. Restore the default number of routes for load balancing on SwitchA.
[SwitchA] ospf
[SwitchA-ospf-1] undo maximum load-balancing
[SwitchA-ospf-1] quit
As shown in the routing table, when the default setting of load balancing is restored, the
next hops of SwitchA, that is, 10.1.1.2 (SwitchB) and 10.1.2.2 (SwitchC), become valid
routes. This is because the default number of equal-cost routes is 4.
As shown in the routing table, OSPF selects the next hop 10.1.2.2 as the unique optimal
route. This is because the preference of the next hop 10.1.2.2 (SwitchC) is higher than that
of the next hop 10.1.1.2 (SwitchB) after the preferences of the equal-cost routes are set.
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20 50
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
interface Vlanif50
ip address 172.16.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
#
interface Vlanif60
ip address 172.17.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface Ethernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface Ethernet0/0/3
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 192.168.0.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 172.17.1.0 0.0.0.255
#
return
SwitchB Area 0
SwitchC
VLANIF30 VLANIF30
1000::1/64 1000::2/64
Eth0/0/1 Eth0/0/2 Eth0/0/2
Eth0/0/1
VLANIF20 VLANIF40
1001::1/64 1002::1/64
Eth0/0/1 Eth0/0/2
VLANIF20 VLANIF40
1001::2/64 1002::2/64
SwitchA SwitchD
Eth0/0/3
VLANIF10 Area 2
2000::1/64
Stub
Area 1
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IPv6 addresses for interfaces.
2. Enable the basic OSPFv3 functions on each Switch.
3. Configure Area 2 as a stub area by running the stub command on all the Switches in Area
2 and check the OSPFv3 routing table of Switch D.
4. Configure the Area 2 as a totally stub area and check the OSPFv3 routing table of Switch
D.
Procedure
Step 1 Add interfaces to VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/3] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/3] quit
[SwitchA] vlan 20
[SwitchA-vlan20] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 20
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 20
[SwitchA-Ethernet0/0/1] quit
The configurations of Switch B, Switch C, Switch D are similar to the configuration of Switch
A and are not mentioned here.
Step 2 Assign IPv6 addresses to the VLANIF interfaces.
[SwitchA] ipv6
[SwitchA] interface vlanif 10
The configurations of Switch B, Switch C, Switch D are similar to the configuration of Switch
A and are not mentioned here.
Step 3 Configure the basic OSPFv3 functions.
# Configure Switch A.
[Switch A] ospfv3
[Switch A-ospfv3-1] router-id 1.1.1.1
[Switch A-ospfv3-1] quit
[Switch A] interface vlanif 10
[Switch A-Vlanif10] ospfv3 1 area 1
[Switch A-Vlanif10] quit
[Switch A] interface vlanif 20
[Switch A-Vlanif20] ospfv3 1 area 1
[Switch A-Vlanif20] quit
# Configure Switch B.
[Switch B] ospfv3
[Switch B-ospfv3-1] router-id 2.2.2.2
[Switch B-ospfv3-1] quit
[Switch B] interface vlanif 20
[Switch B-Vlanif20] ospfv3 1 area 1
[Switch B-Vlanif20] quit
[Switch B] interface vlanif 30
[Switch B-Vlanif30] ospfv3 1 area 0
[Switch B-Vlanif30] quit
# Configure Switch C.
[Switch C] ospfv3
[Switch C-ospfv3-1] router-id 3.3.3.3
[Switch C-ospfv3-1] quit
[Switch C] interface vlanif 30
[Switch C-Vlanif30] ospfv3 1 area 0
[Switch C-Vlanif30] quit
[Switch C] interface vlanif 40
[Switch C-Vlanif40] ospfv3 1 area 2
[Switch C-Vlanif40] quit
# Configure Switch D.
[Switch D] ospfv3
[Switch D-ospfv3-1] router-id 4.4.4.4
[Switch D-ospfv3-1] quit
[Switch D] interface vlanif 40
[Switch D-Vlanif40] ospfv3 1 area 2
[Switch D-Vlanif40] quit
# Configure the stub area of Switch C, and set the cost of the default route advertised to the stub
area to 10.
[Switch C] ospfv3
[Switch C-ospfv3-1] area 2
[Switch C-ospfv3-1-area-0.0.0.2] stub
[Switch C-ospfv3-1-area-0.0.0.2] default-cost 10
[Switch C-ospfv3-1-area-0.0.0.2] quit
# View the OSPFv3 routing table of Switch D, and you can see a new default route in the routing
table. The cost of the default route is the sum of the cost of the directly connected routes and the
configured cost.
[Switch D] display ospfv3 routing
OSPFv3 Process (1)
Destination Metric
Next-hop
IA ::/0 11
via FE80::1572:0:5EF4:1, vlanif40
IA 1000::/64 2
via FE80::1572:0:5EF4:1, vlanif40
IA 1001::/64 3
via FE80::1572:0:5EF4:1, vlanif40
1002::/64 1
directly-connected, vlanif40
IA 2000::/64 4
via FE80::1572:0:5EF4:1, vlanif40
# View the OSPFv3 routing table of Switch D, and you can see that the entries in the routing
table are reduced; other non-directly connected routes are suppressed; only the default route is
reserved.
[Switch D] display ospfv3 routing
OSPFv3 Process (1)
Destination Metric
Next-hop
IA ::/0 11
via FE80::1572:0:5EF4:1, vlanif40
1002::/64 1
directly-connected, vlanif40
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
ipv6
#
vlan batch 10 20
#
interface Vlanif10
ipv6 enable
ipv6 address 2000::1/64
ospfv3 1 area 0.0.0.1
#
interface Vlanif20
ipv6 enable
ipv6 address 1001::2/64
ospfv3 1 area 0.0.0.1
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospfv3 1
router-id 1.1.1.1
#
return
ipv6 enable
ipv6 address 1000::1/64
ospfv3 1 area 0.0.0.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospfv3 1
router-id 2.2.2.2
#
return
l Configuration file of Switch C
#
sysname Switch C
#
ipv6
#
vlan batch 30 40
#
interface Vlanif30
ipv6 enable
ipv6 address 1000::2/64
ospfv3 1 area 0.0.0.0
#
interface Vlanif40
ipv6 enable
ipv6 address 1002::1/64
ospfv3 1 area 0.0.0.2
#
interface Ethernet0/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface Ethernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospfv3 1
router-id 3.3.3.3
area 0.0.0.2
stub no-summary
default-cost 10
#
return
l Configuration file of Switch D
#
sysname Switch D
#
ipv6
#
vlan batch 40
#
interface Vlanif40
ipv6 enable
ipv6 address 1002::2/64
ospfv3 1 area 0.0.0.2
#
interface Ethernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospfv3 1
router-id 4.4.4.4
area 0.0.0.2
stub
#
return
Networking Requirements
As shown in Figure 5-14, there are four switches (SwitchA, SwitchB, SwitchC, and SwitchD)
on the network. The four switches need to communicate with each other. SwitchA and SwitchB
can only process a small amount of data because they have lower performance than the other
two switches.
SwitchA
L1
Eth0/0/1
VLANIF10
10.1.1.2/24
Eth0/0/2
SwitchC Eth0/0/1 VLANIF40
Eth0/0/1
VLANIF10 L1/2 VLANIF30 172.16.1.1/24
10.1.1.1/24 192.168.0.2/24
IS-IS
Area 10 Eth0/0/2 Eth0/0/3
VLANIF20 VLANIF30 SwitchD
10.1.2.1/24 192.168.0.1/24 L2
Eth0/0/1 IS-IS
VLANIF20 Area 20
10.1.2.2/24
SwitchB
L1
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IS-IS on each switch so that the switches can be interconnected. Configure SwitchA
and SwitchB as Level-1 devices to enable them to maintain less data.
Procedure
Step 1 Create VLANs and add corresponding interfaces to the VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.2 24
[SwitchA-Vlanif10] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Run the IS-IS progress on each Switch, specify the network entity title, and configure the level.
# Configure SwitchA.
[SwitchA] isis 1
[SwitchA-isis-1] is-level level-1
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
# Configure SwitchB.
[SwitchB] isis 1
[SwitchB-isis-1] is-level level-1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
# Configure SwitchC.
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
# Configure SwitchD.
[SwitchD] isis 1
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] network-entity 20.0000.0000.0004.00
[SwitchD-isis-1] quit
# Configure SwitchB.
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] isis enable 1
[SwitchB-Vlanif20] quit
# Configure SwitchC.
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] isis enable 1
[SwitchC-Vlanif10] quit
[SwitchC] interface vlanif 20
[SwitchC-Vlanif20] isis enable 1
[SwitchC-Vlanif20] quit
[SwitchC] interface vlanif 30
[SwitchC-Vlanif30] isis enable 1
[SwitchC-Vlanif30] quit
# Configure SwitchD.
# View the IS-IS routing table of each Switch. A default route is available in the routing table
of the Level-1 devices and the next hop is a Level-1-2 device. The routing table of the Level-2
device contains all Level-1 and Level-2 routes.
[SwitchA] display isis route
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
isis 1
is-level level-1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
isis enable 1
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return
Networking Requirements
As shown in Figure 5-15, three switches run IS-IS to communicate with each other. SwitchA
is a Level-2 device, SwitchB is a Level-1-2 device, and SwitchC is a Level-1 device. SwitchA
is heavily loaded because there are too many routing entries on the IS-IS network. Therefore,
system resource consumption of SwitchA needs to be reduced.
Eth0/0/2
Network1 VLANIF20
172.1.1.0/24 172.1.1.1/24
SwitchB
SwitchC Eth0/0/1 SwitchA
Eth0/0/3 Eth0/0/1 L1/L2
L1 VLANIF50 L2
VLANIF30 VLANIF10
172.1.2.1/24 172.1.4.2/24 172.2.1.1/24
Network2
172.1.2.0/24 Eth0/0/1 Eth0/0/2
VLANIF10 VLANIF50
172.1.4.1/24 172.2.1.2/24
Area20
Eth0/0/4 Area10
VLANIF40
Network3
172.1.3.1/24
172.1.3.0/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces and enable IS-IS on each switch so that the switches
can be interconnected.
2. Configure route summarization on SwitchB to reduce the routing table size of SwitchA
without affecting data forwarding so that the system resource consumption of SwitchA can
be reduced.
Procedure
Step 1 Create VLANs and add corresponding interfaces to the VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure the basic IS-IS functions.
# Configure SwitchA.
[SwitchA] isis 1
[SwitchA-isis-1] is-level level-2
[SwitchA-isis-1] network-entity 20.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlanif 50
[SwitchA-Vlanif50] isis enable 1
[SwitchA-Vlanif50] quit
# Configure SwitchB.
[SwitchB] isis 1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] isis enable 1
[SwitchB-Vlanif10] quit
[SwitchB] interface vlanif 50
[SwitchB-Vlanif50] isis enable 1
[SwitchB-Vlanif50] quit
# Configure SwitchC.
[SwitchC] isis 1
[SwitchC-isis-1] is-level level-1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] isis enable 1
[SwitchC-Vlanif10] quit
The configurations of the VLANIF 20, VLANIF 30, and VLANIF 40 interfaces are similar to
the configuration of VLANIF 10, and are not mentioned here.
Step 4 Check the IS-IS routing table of SwitchA.
[SwitchA]display isis route
[SwitchB] isis 1
[SwitchB-isis-1] summary 172.1.0.0 255.255.0.0 level-1-2
[SwitchB-isis-1] quit
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 50
#
isis 1
is-level level-2
network-entity 20.0000.0000.0001.00
#
interface Vlanif50
ip address 172.2.1.1 255.255.255.0
isis enable 1
#
interface Ethernet0/0/1
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
return
Eth0/0/1 Eth0/0/1
VLANIF10 VLANIF10
10.1.1.1/24 10.1.1.2/24
Eth0/0/1 Eth0/0/1
VLANIF10 VLANIF10
10.1.1.3/24 10.1.1.4/24
SwitchC SwitchD
L1 L2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IS-IS to enable network interconnectivity.
2. Configure the DIS priority of Switch A to 100 so that SwitchA can be elected as a Level-2
DIS.
Procedure
Step 1 Create VLANs and add corresponding interfaces to the VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 24
[SwitchA-Vlanif10] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 View the MAC address of the VLANIF 10 interface on each Switch.
# View the MAC address of the VLANIF 10 interface on SwitchA.
[SwitchA] display arp interface vlanif 10
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.1.1.1 00e0-fc10-afec I - Vlanif10
------------------------------------------------------------------------------
Total:1 Dynamic:0 Static:0 Interface:1
# Configure SwitchB.
[SwitchB] isis 1
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] isis enable 1
[SwitchB-Vlanif10] quit
# Configure SwitchC.
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0003.00
[SwitchC-isis-1] is-level level-1
[SwitchC-isis-1] quit
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] isis enable 1
[SwitchC-Vlanif10] quit
# Configure SwitchD.
[SwitchD] isis 1
[SwitchD-isis-1] network-entity 10.0000.0000.0004.00
[SwitchD-isis-1] is-level level-2
[SwitchD-isis-1] quit
[SwitchD] interface vlanif 10
[SwitchD-Vlanif10] isis enable 1
[SwitchD-Vlanif10] quit
Total Peer(s): 4
NOTE
When the default DIS priority is used, the interface on SwitchB has the greatest MAC address among all
the interfaces on the Level-1 Switches. Therefore, SwitchB is elected as the Level-1 DIS. The interface on
SwitchD has the greatest MAC address among all the interfaces on the Level-2 Switches. Therefore,
SwitchD is elected as the Level-2 DIS. The Level-1 pseudonode is 0000.0000.0002.01. The Level-2
pseudonode is 0000.0000.0004.01.
64
0000.0000.0004 Vlanif10 0000.0000.0001.01 Up 30s L2
64
Total Peer(s): 4
As shown in the output information, after the DIS priority of the IS-IS interface is changed,
SwitchA immediately becomes a Level-1 and Level-2 DIS and its pseudonode is
0000.0000.0001.01.
# View information about the IS-IS neighbors and IS-IS interfaces on SwitchB.
[SwitchB] display isis peer
Total Peer(s): 4
[SwitchB] display isis interface
# View information about the IS-IS neighbors and IS-IS interfaces on SwitchD.
[SwitchD] display isis peer
Total Peer(s): 2
[SwitchD] display isis interface
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
isis dis-priority 100
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
#
interface Vlanif10
ip address 10.1.1.4 255.255.255.0
isis enable 1
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
Eth0/0/1 Eth0/0/2
VLANIF10 VLANIF30
10.1.1.2/24 192.168.0.1/24
Eth0/0/1 SwitchB Eth0/0/1
VLANIF10 L2 VLANIF30
Eth0/0/3 10.1.1.1/24 192.168.0.2/24 Eth0/0/3
VLANIF50 VLANIF60
172.16.1.1/24 SwitchA Area 10 SwitchD 172.17.1.1/24
L2 L2
Eth0/0/2 Eth0/0/2
VLANIF20 VLANIF40
SwitchC 192.168.1.2/24
10.1.2.1/24
L2 Eth0/0/2
Eth0/0/1
VLANIF20 VLANIF40
10.1.2.2./24 192.168.1.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic IS-IS functions on each switch to implement IP interworking.
2. Configure load balancing to balance traffic from SwitchA to SwitchD between SwitchB
and SwitchC.
Procedure
Step 1 Configure VLANs that the related interfaces belong to.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10 20 50
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
# Configure SwitchA.
[SwitchA] isis 1
[SwitchA-isis-1] is-level level-2
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] isis enable 1
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] isis enable 1
[SwitchA-Vlanif20] quit
[SwitchA] interface vlanif 50
[SwitchA-Vlanif50] isis enable 1
[SwitchA-Vlanif50] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 4 Set the number of equal-cost routes for load balancing to 1 on SwitchA.
[SwitchA] isis 1
[SwitchA-isis-1] maximum load-balancing 1
[SwitchA-isis-1] quit
As shown in the routing table, when the maximum number of equal-cost routes for load balancing
is set to 1, IS-IS selects 10.1.1.2 as the next hop to the destination network 172.17.1.0. This is
because SwitchB has a smaller system ID.
Step 5 Restore the default number of equal-cost routes for load balancing on SwitchA.
[SwitchA] isis 1
[SwitchA-isis-1] undo maximum load-balancing
[SwitchA-isis-1] quit
As shown in the routing table, the number of equal-cost routes for load balancing is restored to
the default value 4. Both the next hops of SwitchA, 10.1.1.2 (SwitchB) and 10.1.2.2 (SwitchC)
now become valid.
As shown in the routing table, the preference of the next hop 10.1.2.2 (SwitchC) with the weight
as 1, is higher than that of 10.1.1.2 (SwitchB), after the weight is set for equal-cost routes.
Therefore, IS-IS selects route with the next hop 10.1.2.2 as the optimal route.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20 50
#
isis 1
is-level level-2
network-entity 10.0000.0000.0001.00
nexthop 10.1.2.2 weight 1
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
isis enable 1
#
interface Vlanif50
ip address 172.16.1.1 255.255.255.0
isis enable 1
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
return
Eth0/0/1
SwitchA SwitchB VLANIF30 SwitchC
100.2.1.2/24
NOTE
BFD for IS-IS cannot be used to detect the multi-hop link between SwitchA and SwitchC, because the IS-
IS neighbor relationship cannot be established between SwitchA and SwitchC.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces and enable IS-IS on each router to ensure reachable
routes between the routers.
2. Enable static BFD for IS-IS on SwitchA and SwitchB so that routers can rapidly detect link
faults.
Procedure
Step 1 Configure VLANs that each interface belongs to.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign the IP addresses for VLANIF interfaces.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 100.1.1.1 24
[SwitchA-Vlanif10] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
# Configure SwitchB.
[SwitchB] isis 1
[SwitchB-isis-1] is-level level-2
[SwitchB-isis-1] network-entity aa.2222.2222.2222.00
[SwitchB-isis-1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] isis enable 1
[SwitchB-Vlanif10] quit
[SwitchB] interface vlanif 30
[SwitchB-Vlanif30] isis enable 1
[SwitchB-Vlanif30] quit
# Configure SwitchC.
[SwitchC] isis 1
[SwitchC-isis-1] is-level level-2
[SwitchC-isis-1] network-entity aa.3333.3333.3333.00
[SwitchC-isis-1] quit
[SwitchC] interface vlanif 30
[SwitchC-Vlanif30] isis enable 1
[SwitchC-Vlanif30] quit
# After the preceding configurations, you can see that the neighbor relationship is established
between SwitchA and SwitchB.
[SwitchA] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-----------------------------------------------------------------------------
2222.2222.2222 Vlanif10 2222.2222.2222.01 Up 23s L2 64
The IS-IS routing table of SwitchA contains the routes to SwitchB and SwitchC.
[SwitchA] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------
100.1.1.0/24 10 NULL Vlanif10 Direct D/-/L/-
100.2.1.0/24 20 NULL Vlanif10 100.1.1.2 A/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, U-Up/Down Bit Set
[SwitchB] bfd
[SwitchB-bfd] quit
[SwitchB] bfd btoa bind peer-ip 100.1.1.1 interface vlanif 10
[SwitchB-bfd-session-btoa] discriminator local 2
[SwitchB-bfd-session-btoa] discriminator remote 1
[SwitchB-bfd-session-btoa] commit
[SwitchB-bfd-session-btoa] quit
After the preceding configurations, run the display bfd session command on SwitchA or
SwitchB, and you can see that the status of the BFD session is Up.
# Configure SwitchA.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] isis bfd static
[SwitchA-Vlanif10] quit
# Configure SwitchB.
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] isis bfd static
[SwitchB-Vlanif10] quit
# On SwitchA, you can view the following log and debugging information, which indicates that
IS-IS deletes the neighbor relationship with SwitchB after being notified by BFD of the fault.
Sep 12 2007 11:32:18 RT2 %%01ISIS/4/PEER_DOWN_BFDDOWN(l): IS-IS process id 1 nei
ghbor 2222.2222.2222 is down on the interface Vlanif10 because BFD node is Down.
The last Hello packet is received at 11:32:10. The maximum interval for sending
Hello packets is 9247. The local router sends 426 Hello packets and receives 61
Hello packets. The Hello packet type is Lan Level-2.
*0.481363988 RT2 ISIS/6/ISIS:
ISIS-1-FastSense: Deleting Neighbour by IP Address 100.1.1.2 On Vlanif10(IS01_1048)
Run the display isis route command or the display isis peer command on SwitchA, and you
can see that no information is displayed. This indicates that the IS-IS neighbor relationship
between SwitchA and SwitchB is deleted.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
info-center source BFD channel 1 log level debugging
#
bfd
#
isis 1
is-level level-2
network-entity aa.1111.1111.1111.00
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
isis enable 1
isis bfd static
#
bfd atob bind peer-ip 100.1.1.2 interface Vlanif10
discriminator local 1
discriminator remote 2
commit
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
#
sysname SwitchC
#
vlan batch 30
#
isis 1
is-level level-2
network-entity aa.3333.3333.3333.00
#
interface Vlanif30
ip address 100.2.1.2 255.255.255.0
isis enable 1
#
interface Ethernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
return
Networking Requirements
As shown in Figure 5-19, three routers are interconnected using IS-IS, and SwitchA and SwitchB
communicate with each other through a Layer 2 switch. When the link that passes through the
switch between SwitchA and SwitchB fails, the two routers need to rapidly respond to the fault,
and traffic can be switched to the link that passes through SwitchC for forwarding.
Eth0/0/1 Eth0/0/1
VLANIF10 VLANIF50
1.1.1.1/24 2.2.2.2/24
Eth0/0/1 Eth0/0/2
VLANIF10 VLANIF50
1.1.1.2/24 2.2.2.1/24
SwitchC
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces and enable IS-IS on each router to ensure reachable
routes between the routers.
2. Set the IS-IS interface cost to control route selection of the routers to make the link that
passes through the switch from SwitchA to SwitchB as the primary link and the link that
passes through SwitchC as the backup link.
3. Configure dynamic BFD for IS-IS on SwitchA, SwitchB, and SwitchC so that link faults
can be detected rapidly and traffic can be switched to the backup link for forwarding.
Procedure
Step 1 Configure VLANs that each interface belongs to.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10 20
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 20
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 20
[SwitchA-Ethernet0/0/2] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 2 Assign the IP addresses for VLANIF interfaces.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 1.1.1.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 3.3.3.1 24
[SwitchA-Vlanif20] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
Step 3 Configure basic IS-IS functions.
# Configure SwitchA.
[SwitchA] isis
[SwitchA-isis-1] is-level level-2
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlanif10
[SwitchA-Vlanif10] isis enable 1
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] isis enable 1
[SwitchA-Vlanif20] quit
# Configure SwitchB.
[SwitchB] isis
[SwitchB-isis-1] is-level level-2
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlanif 50
[SwitchB-Vlanif50] isis enable 1
[SwitchB-Vlanif50] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] isis enable 1
[SwitchB-Vlanif20] quit
[SwitchB] interface vlanif 40
[SwitchB-Vlanif40] isis enable 1
[SwitchB-Vlanif40] quit
# Configure SwitchC.
[SwitchC] isis
[SwitchC-isis-1] is-level level-2
# After the preceding configurations, run the display isis peer command. You can see that the
neighbor relationships are established between SwitchA and SwitchB, and between SwitchA
and SwitchC. The following uses the configuration of SwitchA as an example.
[SwitchA] display isis peer
Peer information for ISIS(1)
----------------------------
System Id Interface Circuit Id State HoldTime Type PRI
0000.0000.0002 Vlanif20 0000.0000.0002.01 Up 9s L2 64
0000.0000.0003 Vlanif10 0000.0000.0001.02 Up 21s L2 64
Total Peer(s): 2
# Switchs have learned routes from each other. The following uses the routing table of
SwitchA as an example.
[SwitchA] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 9
As shown in the routing table, the next-hop address of the route to 172.16.1.0/24 is 3.3.3.2, and
traffic is transmitted on the primary link SwitchA→SwitchB.
Step 4 Set the interface cost.
# Configure SwitchA.
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] isis cost 5
[SwitchA-Vlanif20] quit
# Configure SwitchB.
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] isis cost 5
[SwitchB-Vlanif20] quit
[SwitchB] bfd
[SwitchB-bfd] quit
[SwitchB] isis
[SwitchB-isis-1] bfd all-interfaces enable
[SwitchB-isis-1] quit
# After the preceding configurations, run the display isis bfd session all command on SwitchA,
SwitchB, and SwitchC. You can see that the BFD session status is Up.
The following uses the display on SwitchA as an example.
[SwitchA] display isis bfd session all
As shown in the preceding display, the status of the BFD session between SwitchA and
SwitchB and that between SwitchA and SwitchC is Up.
Step 6 Configure BFD for IS-IS interfaces.
# Configure BFD on VLANIF20 of SwitchA, set the minimum interval for sending packets to
100 ms, the minimum interval for receiving packets to 100 ms, and the local detection multiplier
to 4.
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] isis bfd enable
[SwitchA-Vlanif20] isis bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
[SwitchA-Vlanif20] quit
# Configure BFD on VLANIF20 of SwitchB, set the minimum interval for sending packets to
100 ms, the minimum interval for receiving packets to 100 ms, and the local detection multiplier
to 4.
[SwitchB] bfd
[SwitchB-bfd] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] isis bfd enable
[SwitchB-Vlanif20] isis bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplier 4
[SwitchB-Vlanif20] quit
# After the preceding configurations, run the display isis bfd session all command on SwitchA
or SwitchB. You can see that the BFD parameters have taken effect. The following uses the
display on SwitchB as an example.
As shown in the routing table, the backup link SwitchA→SwitchC→SwitchB takes effect after
the primary link fails, and the next-hop address of the route to 172.16.1.0/24 becomes 1.1.1.2.
# Run the display isis bfd session all command on SwitchA. You can see that the status of the
BFD session between SwitchA and SwitchC is Up.
[SwitchA] display isis bfd session all
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20
#
bfd
#
isis 1
is-level level-2
bfd all-interfaces enable
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 1.1.1.1 255.255.255.0
isis enable 1
#
interface Vlanif20
ip address 3.3.3.1 255.255.255.0
isis enable 1
isis cost 5
isis bfd enable
isis bfd min-tx-interval 100 min-rx-interval 100 detect-multiplier 4
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return
#
return
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IBGP connections between SwitchB, SwitchC, and SwitchD.
2. Configure an EBGP connection between SwitchA and SwitchB.
Procedure
Step 1 Create VLANs and add interfaces to the corresponding VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10 50
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 50
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 50
[SwitchA-Ethernet0/0/2] quit
The configurations of SwitchB, SwitchC, and SwitchD are the same as the configuration of
SwitchA, and are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 200.1.1.2 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 50
[SwitchA-Vlanif50] ip address 8.1.1.1 8
[SwitchA-Vlanif50] quit
The configurations of SwitchB, SwitchC, and SwitchD are the same as the configuration of
SwitchA, and are not mentioned here.
Step 3 Configure IBGP connections.
# Configure SwitchB.
[SwitchB] bgp 65009
[SwitchB-bgp] router-id 2.2.2.2
# Configure SwitchC.
[SwitchC] bgp 65009
[SwitchC-bgp] router-id 3.3.3.3
[SwitchC-bgp] peer 9.1.3.1 as-number 65009
[SwitchC-bgp] peer 9.1.2.2 as-number 65009
[SwitchC-bgp] quit
# Configure SwitchD.
[SwitchD] bgp 65009
[SwitchD-bgp] router-id 4.4.4.4
[SwitchD-bgp] peer 9.1.1.1 as-number 65009
[SwitchD-bgp] peer 9.1.2.1 as-number 65009
[SwitchD-bgp] quit
# Configure SwitchB.
[SwitchB] bgp 65009
[SwitchB-bgp] peer 200.1.1.2 as-number 65008
[SwitchB-bgp] quit
You can view that the BGP connections between SwitchB and all the other Switches are set up.
Step 5 Configure SwitchA to advertise route 8.0.0.0/8.
# Configure SwitchA to advertise routes.
[SwitchA] bgp 65008
[SwitchA-bgp] ipv4-family unicast
[SwitchA-bgp-af-ipv4] network 8.0.0.0 255.0.0.0
[SwitchA-bgp-af-ipv4] quit
[SwitchA-bgp] quit
According to the routing table, you can view that SwitchC has learned the route to the destination
8.0.0.0 in AS 65008, but the next hop 200.1.1.2 is unreachable. Therefore, this route is invalid.
Step 6 Configure BGP to import direct routes.
# Configure SwitchB.
[SwitchB] bgp 65009
[SwitchB-bgp] ipv4-family unicast
[SwitchB-bgp-af-ipv4] import-route direct
[SwitchB-bgp-af-ipv4] quit
[SwitchB-bgp] quit
You can view that the route destined for 8.0.0.0 becomes valid, and the next hop is the address
of SwitchA.
# Perform the ping operation to verify the configuration.
[SwitchC] ping 8.1.1.1
PING 8.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=254 time=31 ms
Reply from 8.1.1.1: bytes=56 Sequence=2 ttl=254 time=47 ms
Reply from 8.1.1.1: bytes=56 Sequence=3 ttl=254 time=31 ms
Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=16 ms
Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=254 time=31 ms
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 50
#
interface Vlanif10
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif50
ip address 8.1.1.1 255.0.0.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
bgp 65008
router-id 1.1.1.1
peer 200.1.1.1 as-number 65009
#
ipv4-family unicast
undo synchronization
network 8.0.0.0
peer 200.1.1.1 enable
#
return
interface Vlanif20
ip address 9.1.3.1 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
bgp 65009
router-id 2.2.2.2
peer 9.1.1.2 as-number 65009
peer 9.1.3.2 as-number 65009
peer 200.1.1.2 as-number 65008
#
ipv4-family unicast
undo synchronization
import-route direct
peer 9.1.1.2 enable
peer 9.1.3.2 enable
peer 200.1.1.2 enable
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20 40
#
interface Vlanif20
ip address 9.1.3.2 255.255.255.0
#
interface Vlanif40
ip address 9.1.2.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
bgp 65009
router-id 3.3.3.3
peer 9.1.2.2 as-number 65009
peer 9.1.3.1 as-number 65009
#
ipv4-family unicast
undo synchronization
peer 9.1.2.2 enable
peer 9.1.3.1 enable
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30 40
#
interface Vlanif30
ip address 9.1.1.2 255.255.255.0
#
interface Vlanif40
ip address 9.1.2.2 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface Ethernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
bgp 65009
router-id 4.4.4.4
peer 9.1.1.1 as-number 65009
peer 9.1.2.1 as-number 65009
#
ipv4-family unicast
undo synchronization
peer 9.1.1.1 enable
peer 9.1.2.1 enable
#
return
Networking Requirements
The network shown in Figure 5-21 is divided into AS 65008 and AS 65009. In AS 65009, an
IGP is used to calculate routes. In this example, OSPF is used as an IGP. The two ASs need to
communicate with each other.
Figure 5-21 Networking diagram for configuring BGP to interact with an IGP
Eth0/0/2 Eth0/0/2
VLANIF30 Eth0/0/1 Eth0/0/1 VLANIF40
8.1.1.1/24 VLANIF10 VLANIF20 9.1.2.1/24
3.1.1.1/24 9.1.1.2/24
Eth0/0/1 Eth0/0/2
Switch A VLANIF10 Switch B VLANIF20 Switch C
3.1.1.2/24 9.1.1.1/24
AS65008 AS65009
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure OSPF on SwitchB and SwitchC so that these devices can access each other.
2. Establish an EBGP connection between SwitchA and SwitchB so that these devices can
exchange routing information.
3. Configure BGP and OSPF to import routes from each other on SwitchB so that the two
ASs can communicate with each other.
4. (Optional) Configure BGP route summarization on SwitchB to simplify the BGP routing
table.
Procedure
Step 1 Create VLANs and add interfaces to the corresponding VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10 30
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 30
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 30
[SwitchA-Ethernet0/0/2] quit
The configurations of SwitchB and SwitchC are the same as the configuration of SwitchA, and
are not mentioned here.
The configurations of SwitchB and SwitchC are the same as the configuration of SwitchA, and
are not mentioned here.
# Configure SwitchB.
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# Configure SwitchC.
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 9.1.2.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# Configure SwitchA.
[SwitchA] bgp 65008
[SwitchA-bgp] router-id 1.1.1.1
[SwitchA-bgp] peer 3.1.1.1 as-number 65009
[SwitchA-bgp] ipv4-family unicast
[SwitchA-bgp-af-ipv4] network 8.1.1.0 255.255.255.0
[SwitchA-bgp-af-ipv4] quit
[SwitchA-bgp] quit
# Configure SwitchB.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 30
#
interface Vlanif10
ip address 3.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 8.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
bgp 65008
router-id 1.1.1.1
peer 3.1.1.1 as-number 65009
#
ipv4-family unicast
undo synchronization
network 8.1.1.0 255.255.255.0
peer 3.1.1.1 enable
#
return
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
bgp 65009
router-id 2.2.2.2
peer 3.1.1.2 as-number 65008
#
ipv4-family unicast
undo synchronization
summary automatic
import-route ospf 1
peer 3.1.1.2 enable
#
ospf 1
import-route bgp
area 0.0.0.0
network 9.1.1.0 0.0.0.255
#
return
Figure 5-22 Networking diagram for configuring MED attributes of routes to control route
selection
Eth0/0/1
VLANIF10
200.1.1.1/24
SwitchB
Eth0/0/1 EBGP
VLANIF10 Eth0/0/2
AS 65008 200.1.1.2/24 VLANIF30
AS 65009 9.1.1.1/24
SwitchA IBGP
Eth0/0/2
Eth0/0/2
VLANIF30
VLANIF20
EBGP 9.1.1.2/24
200.1.2.2/24
SwitchC
Eth0/0/1
VLANIF20
200.1.2.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish EBGP connections between SwitchA and SwitchB and between SwitchA and
SwitchC, and establish an IBGP connection between SwitchB and SwitchC.
2. Apply a routing policy to increase the MED value of the route sent by SwitchB to
SwitchA so that SwitchA will send traffic to AS 65009 through SwitchC.
Procedure
Step 1 Create VLANs and add interfaces to the corresponding VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10 20
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2]port hybrid pvid vlan 20
[SwitchA-Ethernet0/0/2]port hybrid untagged vlan 20
[SwitchA-Ethernet0/0/2] quit
The configurations of SwitchB and SwitchC are the same as the configuration of SwitchA, and
are not mentioned here.
The configurations of SwitchB and SwitchC are the same as the configuration of SwitchA, and
are not mentioned here.
# Configure SwitchB.
[SwitchB] bgp 65009
[SwitchB-bgp] router-id 2.2.2.2
[SwitchB-bgp] peer 200.1.1.2 as-number 65008
[SwitchB-bgp] peer 9.1.1.2 as-number 65009
[SwitchB-bgp] ipv4-family unicast
[SwitchB-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[SwitchB-bgp-af-ipv4] quit
[SwitchB-bgp] quit
# Configure SwitchC.
[SwitchC] bgp 65009
[SwitchC-bgp] router-id 3.3.3.3
[SwitchC-bgp] peer 200.1.2.2 as-number 65008
[SwitchC-bgp] peer 9.1.1.1 as-number 65009
[SwitchC-bgp] ipv4-family unicast
[SwitchC-bgp-af-ipv4] network 9.1.1.0 255.255.255.0
[SwitchC-bgp-af-ipv4] quit
[SwitchC-bgp] quit
According to the routing table, you can view that there are two valid routes destined for
9.1.1.0/24. The route whose next hop is 200.1.1.1 is the optimal route because the router ID of
SwitchB is smaller.
Step 4 Configure load balancing.
# Configure SwitchA.
[SwitchA] bgp 65008
[SwitchA-bgp] ipv4-family unicast
[SwitchA-bgp-af-ipv4] maximum load-balancing 2
[SwitchA-bgp-af-ipv4] quit
[SwitchA-bgp] quit
According to the routing table, you can view that the BGP route 9.1.1.0/24 has two next hops
that are 200.1.1.1 and 200.1.2.1. Both of them are optimal routes.
Step 5 Set the MED.
# Set the MED sent from SwitchB to SwitchA through the policy.
[SwitchB] route-policy 10 permit node 10
[SwitchB-route-policy] apply cost 100
[SwitchB-route-policy] quit
[SwitchB] bgp 65009
[SwitchB-bgp] peer 200.1.1.2 route-policy 10 export
According to the routing table, you can view that the MED of the next hop 200.1.1.1 (SwitchB)
is 100, and that of the next hop 200.1.2.1 is 0. Therefore, the route with the smaller MED is
selected.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20
#
interface Vlanif10
ip address 200.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 200.1.2.2 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
bgp 65008
router-id 1.1.1.1
peer 200.1.1.1 as-number 65009
peer 200.1.2.1 as-number 65009
#
ipv4-family unicast
undo synchronization
maximum load-balancing 2
peer 200.1.1.1 enable
peer 200.1.2.1 enable
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 30
#
interface Vlanif10
ip address 200.1.1.1 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
bgp 65009
router-id 2.2.2.2
peer 9.1.1.2 as-number 65009
peer 200.1.1.2 as-number 65008
#
ipv4-family unicast
undo synchronization
default med 100
network 9.1.1.0 255.255.255.0
peer 9.1.1.2 enable
peer 200.1.1.2 enable
peer 200.1.1.2 route-policy 10 export
#
route-policy 10 permit node 10
apply cost 100
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20 30
#
interface Vlanif20
ip address 200.1.2.1 255.255.255.0
#
interface Vlanif30
ip address 9.1.1.2 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
bgp 65009
router-id 3.3.3.3
peer 9.1.1.1 as-number 65009
peer 200.1.2.2 as-number 65008
#
ipv4-family unicast
undo synchronization
network 9.1.1.0 255.255.255.0
peer 9.1.1.1 enable
peer 200.1.2.2 enable
#
return
Networking Requirements
As shown in Figure 5-23, on the network where OSPF runs, SwitchA receives routes from the
Internet, and provides these routes for the OSPF network. Users want devices on the OSPF
network to access only the network segments 172.1.17.0/24, 172.1.18.0/24, and 172.1.19.0/24,
and SwitchC to access only the network segment 172.1.18.0/24.
Figure 5-23 Networking diagram for filtering the received and advertised routes
SwitchC
Eth0/0/1
172.1.16.0/24
172.1.17.0/24
Eth0/0/2 Eth0/0/1 172.1.18.0/24
Eth0/0/3 172.1.19.0/24
Eth0/0/1 172.1.20.0/24
SwitchB SwitchA
Eth0/0/1
OSPF
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing policy on SwitchA and apply the routing policy during route
advertisement. When routes are advertised, the routing policy allows SwitchA to provide
routes from network segments 172.1.17.0/24, 172.1.18.0/24, and 172.1.19.0/24 for
SwitchB, and allows devices on the OSPF network to access these three network segments.
2. Configure a routing policy on SwitchC and apply the routing policy during route importing.
When routes are imported, the routing policy allows SwitchC to receive only the routes
from the network segment 172.1.18.0/24 and access this network segment.
Procedure
Step 1 Add interfaces to the VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Assign IP addresses to the VLANIF interfaces.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 192.168.1.1 24
[SwitchA-Vlanif10] quit
The configurations of SwitchB, SwitchC, and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Configure the basic OSPF functions.
# Configure SwitchA.
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Configure SwitchB.
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# Configure SwitchC.
[SwitchC] ospf
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# Configure SwitchD.
[SwitchD] ospf
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
Step 4 Configure five static routes on SwitchA and import these routes into OSPF.
[SwitchA] ip route-static 172.1.16.0 24 NULL 0
[SwitchA] ip route-static 172.1.17.0 24 NULL 0
[SwitchA] ip route-static 172.1.18.0 24 NULL 0
[SwitchA] ip route-static 172.1.19.0 24 NULL 0
[SwitchA] ip route-static 172.1.20.0 24 NULL 0
[SwitchA] ospf
[SwitchA-ospf-1] import-route static
[SwitchA-ospf-1] quit
# Check the routing table on SwitchB. You can find that the five static routes are imported into
OSPF.
[SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.2 Vlanif10
192.168.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif20
192.168.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.3.0/24 Direct 0 0 D 192.168.3.1 Vlanif30
192.168.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.1.16.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.17.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.18.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.19.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
172.1.20.0/24 O_ASE 150 1 D 192.168.1.1 Vlanif10
# Configure a policy for advertising routes on SwitchA, and use the IP prefix list named a2b to
filter routes.
[SwitchA] ospf
[SwitchA-ospf-1] filter-policy ip-prefix a2b export static
# Check the routing table on SwitchB. You can find that SwitchB receives only three routes
defined in a2b.
[SwitchB] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
# Set a policy for receiving routes on SwitchC, and use in to filter routes.
[SwitchC] ospf
[SwitchC-ospf-1] filter-policy ip-prefix in import
# Check the routing table on SwitchC. You can find that SwitchC in the local routing table
receives only one route defined in in.
[SwitchC] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 5 Routes : 5
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
filter-policy ip-prefix a2b export static
import-route static
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
ip ip-prefix a2b index 10 permit 172.1.17.0 24
ip ip-prefix a2b index 20 permit 172.1.18.0 24
ip ip-prefix a2b index 30 permit 172.1.19.0 24
#
ip route-static 172.1.16.0 255.255.255.0 NULL0
ip route-static 172.1.17.0 255.255.255.0 NULL0
ip route-static 172.1.18.0 255.255.255.0 NULL0
ip route-static 172.1.19.0 255.255.255.0 NULL0
ip route-static 172.1.20.0 255.255.255.0 NULL0
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 20 30
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.1 255.255.255.0
#
interface Vlanif30
ip address 192.168.3.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20
#
interface Vlanif20
ip address 192.168.2.2 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf 1
filter-policy ip-prefix in import
area 0.0.0.0
network 192.168.2.0 0.0.0.255
#
ip ip-prefix in index 10 permit 172.1.18.0 24
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30
#
interface Vlanif30
ip address 192.168.3.2 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 30
Networking Requirements
As shown in Figure 5-24, SwitchB exchanges routing information with SwitchA through OSPF
and with SwitchC through IS-IS. Users want SwitchB to import IS-IS routes into the OSPF
network. Users also want that the route to 172.17.1.0/24 on the OSPF network has a low
preference and the route to 172.17.2.0/24 has a tag, which makes it easy to reference by a routing
policy.
Figure 5-24 Networking diagram for applying a routing policy for importing routes
OSPF IS-IS
Eth0/02
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing policy on SwitchB, set the cost of the route to 172.17.1.0/24 to 100,
and apply the routing policy when OSPF imports IS-IS routes. The routing policy allows
the route to 172.17.1.0/24 have a low preference.
2. Configure a routing policy on SwitchB, set the tag of the route to 172.17.2.0/24 is 20, and
apply the routing policy when OSPF imports IS-IS routes. In this way, the tag of the route
to 172.17.2.0/24 can take effect, which makes it easy to reference by a routing policy.
Procedure
Step 1 Add interfaces to the VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
# Configure Switch C.
[SwitchC] isis
[SwitchC-isis-1] is-level level-2
[SwitchC-isis-1] network-entity 10.0000.0000.0001.00
[SwitchC-isis-1] quit
[SwitchC] interface vlanif 20
[SwitchC-Vlanif20] isis enable
[SwitchC-Vlanif20] quit
[SwitchC] interface vlanif 30
[SwitchC-Vlanif30] isis enable
[SwitchC-Vlanif30] quit
[SwitchC] interface vlanif 40
[SwitchC-Vlanif40] isis enable
[SwitchC-Vlanif40] quit
[SwitchC] interface vlanif 50
[SwitchC-Vlanif50] isis enable
[SwitchC-Vlanif50] quit
# Configure Switch B.
[SwitchB] isis
[SwitchB-isis-1] is-level level-2
[SwitchB-isis-1] network-entity 10.0000.0000.0002.00
[SwitchB-isis-1] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] isis enable
[SwitchB-Vlanif20] quit
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Check the OSPF routing table on SwitchA. You can find the imported routes.
[SwitchA] display ospf routing
Total Nets: 5
Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0
# Check the OSPF routing table on SwitchA. You can find that the cost of the route to
172.17.1.0/24 is 100; the tag of the route to 172.17.2.0/24 is 20; other route attributes remain
unchanged.
Total Nets: 5
Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
ospf 1
import-route isis 1 route-policy isis2ospf
area 0.0.0.0
network 192.168.1.0 0.0.0.255
#
route-policy isis2ospf permit node 10
if-match ip-prefix prefix-a
apply cost 100
#
route-policy isis2ospf permit node 20
if-match acl 2002
apply tag 20
#
route-policy isis2ospf permit node 30
#
ip ip-prefix prefix-a index 10 permit 172.17.1.0 24
#
return
can connect to multiple VPNs. The MCE solution isolates services of different VPNs while
reducing cost of network devices.
NOTE
The S3300EI can only work as an MCE or CE device.
vpna
vpna
192.168.1.0/24
CE1
SwitchA
GE0/0/1
VLANIF10 GE0/0/1
10.1.1.1/24 VLANIF60
Loopback1 10.3.1.1/24
GE0/0/1 2.2.2.9./32 GE0/0/3
VLANIF10 VPN VLANIF60
10.1.1.2/24 Backbone 10.3.1.2/24
MCE
Loopback1 PE1 PE2
1.1.1.9./32 GE0/0/3 GE0/0/1 GE0/0/2 GE0/0/1
GE0/0/2 VLANIF30 VLANIF30 VLANIF60 VLANIF60 GE0/0/4
VLANIF20 172.1.1.1/24 172.1.1.2/24 10.3.1.3/24 10.3.1.2/24 VLANIF70
10.2.1.2/24 VLANIF70 VLANIF70 10.4.1.2/24
GE0/0/1 10.4.1.3/24 10.4.1.2/24 GE0/0/1
VLANIF20 VLANIF70
10.2.1.1/24 10.4.1.1/24
SwitchB
CE2
192.168.2.0/24
vpnb
vpnb
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure OSPF between PEs so that they can communicate and configure MP-IBGP to
exchange VPN routing information.
2. Configure basic MPLS capabilities and MPLS LDP on the PEs to establish LDP LSPs.
3. Create VPN instances vpna and vpnb on the MCE and PEs to isolate services.
4. Establish EBGP peer relationships between PE1 and its connected CEs, and import BGP
routes to the VPN routing table of PE1.
5. Configure routing between the MCE and VPN sites and between the MCE and PE2.
Procedure
Step 1 Configure VLANs on interfaces and assign IP addresses to the VLANIF interfaces and loopback
interfaces according to Figure 5-25.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] vlan batch 10 20 30
[PE1] interface ethernet 0/0/1
[PE1-Ethernet0/0/1] port hybrid pvid vlan 10
[PE1-Ethernet0/0/1] port hybrid untagged vlan 10
[PE1-Ethernet0/0/1] quit
[PE1] interface ethernet 0/0/2
[PE1-Ethernet0/0/2] port hybrid pvid vlan 20
[PE1-Ethernet0/0/2] port hybrid untagged vlan 20
[PE1-Ethernet0/0/2] quit
[PE1] interface ethernet 0/0/3
[PE1-Ethernet0/0/3] port hybrid pvid vlan 30
[PE1-Ethernet0/0/3] port hybrid untagged vlan 30
[PE1-Ethernet0/0/3] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] ip address 172.1.1.1 24
[PE1-Vlanif30] quit
The configuration on PE2, CE1, CE2, MCE, SwitchA and SwitchB is similar to the configuration
on PE1 and is not mentioned here.
Step 2 Configure OSPF on PEs of the backbone network.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
The configuration on PE2 is similar to the configuration on PE1 and is not mentioned here.
After the configuration is complete, PEs can obtain Loopback1 address of each other.
The information displayed on PE2 is used as an example.
[PE2] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 6 Routes : 6
Step 3 Configure basic MPLS capabilities and MPLS LDP on the PEs to establish LDP LSPs.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] mpls
[PE1-Vlanif30] mpls ldp
[PE1-Vlanif30] quit
The configuration on PE2 is similar to the configuration on PE1 and is not mentioned here.
After the configuration is complete, run the display mpls ldp session command on the PEs. The
command output shows that the MPLS LDP session between the PEs is in Operational state.
The information displayed on PE2 is used as an example.
[PE2] display mpls ldp session
Step 4 Configure VPN instances on the PEs. On PE1, bind the interfaces connected to CE1 and CE2
to the VPN instances respectively. On PE2, bind the interface connected to the MCE to the VPN
instances.
# Configure PE1.
# Configure PE2.
Step 5 Configure VPN instances on the MCE and bind the interfaces connected to SwitchA and SwitchB
to the VPN instances respectively.
<Quidway> system-view
[Quidway] sysname MCE
[MCE] vlan batch 60 70
[MCE] interface ethernet 0/0/1
[MCE-Ethernet0/0/1] port link-type trunk
[MCE-Ethernet0/0/1] port trunk allow-pass vlan 60 70
[MCE-Ethernet0/0/1] quit
[MCE] interface ethernet 0/0/3
[MCE-Ethernet0/0/3] port link-type trunk
[MCE-Ethernet0/0/3] port trunk allow-pass vlan 60
[MCE-Ethernet0/0/3] quit
[MCE] interface ethernet 0/0/4
[MCE-Ethernet0/0/4] port link-type trunk
[MCE-Ethernet0/0/4] port trunk allow-pass vlan 70
[MCE-Ethernet0/0/4] quit
[MCE] ip vpn-instance vpna
[MCE-vpn-instance-vpna] route-distinguisher 100:1
[MCE-vpn-instance-vpna] quit
[MCE] ip vpn-instance vpnb
[MCE-vpn-instance-vpnb] route-distinguisher 100:2
[MCE-vpn-instance-vpnb] quit
[MCE] interface vlanif 60
[MCE-Vlanif60] ip binding vpn-instance vpna
[MCE-Vlanif60] ip address 10.3.1.2 24
[MCE-Vlanif60] quit
[MCE] interface vlanif 70
Step 6 Establish an MP-IBGP peer relationship between PEs. Establish an EBGP peer relationship
between PE1 and CE1, and between PE1 and CE2.
The configuration details are not mentioned here.
After the configuration is complete, run the display bgp vpnv4 all peer command on PE1. The
command output shows that PE1 has established an IBGP peer relationship with PE2 and EBGP
peer relationships with CE1 and CE2. The peer relationships are in Established state.
[PE1] display bgp vpnv4 all peer
l # Configure SwitchB.
Assign IP address 192.168.2.1/24 to the interface connected to vpnb. The configuration is
not provided here.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 70
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port link-type trunk
[SwitchB-Ethernet0/0/1] port trunk allow-pass vlan 70
[SwitchB-Ethernet0/0/1] quit
[SwitchB] interface vlanif 70
[SwitchB-Vlanif70] ip address 10.4.1.1 24
[SwitchB-Vlanif70] quit
[SwitchB] rip 200
[SwitchB-rip-200] version 2
[SwitchB-rip-200] network 10.0.0.0
[SwitchB-rip-200] network 192.168.2.0
[SwitchB-rip-200] quit
NOTE
To configure OSPF multi-instance between the MCE and PE2, complete the following tasks on PE2:
l In the OSPF view, import BGP routes and advertise VPN routes of PE1 to the MCE.
l In the BGP view, import routes of the OSPF processes and advertise the VPN routes of the MCE to
PE1.
Run the display ip routing-table vpn-instance command on the PEs to view the routes to the
remote CEs.
The VPN instance vpna on PE1 is used as an example.
[PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
Destinations : 4 Routes : 4
CE1 and SwitchA can communicate with each other. CE2 and SwitchB can communicate with
each other.
The information displayed on CE1 is used as an example.
[CE1] ping 10.3.1.1
PING 10.3.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=252 time=3 ms
Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=252 time=3 ms
Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=252 time=3 ms
Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=252 time=3 ms
Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=252 time=11 ms
CE1 cannot ping CE2 or SwitchB. SwitchA cannot ping CE2 or SwitchB.
The ping from CE1 to SwitchB is used as an example.
[CE1] ping 10.4.1.1
PING 10.4.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.2 enable
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
bgp 65420
peer 10.2.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.2.1.2 enable
#
return
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20 30
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
#
interface Vlanif30
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
peer 10.1.1.1 as-number 65410
import-route direct
#
ipv4-family vpn-instance vpnb
peer 10.2.1.1 as-number 65420
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 60 70
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface
Vlanif60
ip binding vpn-instance
vpna
ip address 10.3.1.3
255.255.255.0
#
interface
Vlanif70
ip binding vpn-instance
vpnb
ip address 10.4.1.3
255.255.255.0
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
interface Ethernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface Ethernet0/0/2
port link-type
trunk
port trunk allow-pass vlan 60 70
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpna
import-route ospf 100
#
ipv4-family vpn-instance vpnb
import-route ospf 200
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
ospf 100 vpn-instance vpna
import-route bgp
area 0.0.0.0
network 10.3.1.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
import-route bgp
area 0.0.0.0
network 10.4.1.0 0.0.0.255
#
return
l Configuration file of the MCE
#
sysname MCE
#
vlan batch 60 70
#
ip vpn-instance vpna
route-distinguisher 100:1
#
ip vpn-instance vpnb
route-distinguisher 200:2
#
interface Vlanif60
ip binding vpn-instance vpna
ip address 10.3.1.2 255.255.255.0
#
interface Vlanif70
ip binding vpn-instance vpnb
ip address 10.4.1.2 255.255.255.0
#
interface Ethernet0/0/1
port link-type
trunk
port trunk allow-pass vlan 60 70
#
interface Ethernet0/0/3
port link-type
trunk
port trunk allow-pass vlan 60
#
interface Ethernet0/0/4
port link-type
trunk
port trunk allow-pass vlan 70
#
ospf 100 vpn-instance vpna
import-route static
vpn-instance-capability simple
area 0.0.0.0
network 10.3.1.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
import-route rip 200
vpn-instance-capability simple
area 0.0.0.0
network 10.4.1.0 0.0.0.255
#
rip 200 vpn-instance vpnb
version 2
network 10.0.0.0
import-route ospf 200
#
return
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 60
#
interface Vlanif60
ip address 10.3.1.1 255.255.255.0
#
interface Ethernet0/0/1
port link-type
trunk
port trunk allow-pass vlan 60
#
ip route-static 0.0.0.0 0.0.0.0 10.3.1.2
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 70
#
interface Vlanif70
ip address 10.4.1.1 255.255.255.0
#
interface Ethernet0/0/1
port link-type
trunk
port trunk allow-pass vlan 70
#
rip
200
version
2
network
10.0.0.0
network
192.168.2.0
#
return
MLD snooping is configured on Layer 2 multicast devices to resolve the MLD packets between
Layer 3 devices and users. It generates and maintains IPv6 Layer 2 multicast forwarding tables
to distribute multicast data to only the receivers at the data link layer.
Networking Requirements
As shown in Figure 6-1, users receive data in multicast mode. User hosts are located on two
network segments: N1 and N2. Receivers HostA and HostC are located on the two network
segments respectively. The source sends multicast data to group addresses 225.1.1.1 to 225.1.1.5.
HostA orders only the program of group 225.1.1.1, and HostC can receive all the programs.
Configuration Roadmap
To meet the preceding requirements, configure basic IGMP functions and limit the range of
multicast groups on the interface connected to the network segment of HostA. The configuration
roadmap is as follows:
Configure an ACL on the interface of SwitchA connected to the network segment of HostA
to filter multicast data sent to HostA.
Procedure
Step 1 Configure IP addresses for interfaces and configure a unicast routing protocol on each switch.
Configure an IP address and mask for each interface according to Figure 6-1. Configure OSPF
on each switch to ensure IP connectivity between them, and enable them to dynamically update
routing information. The configuration details are not mentioned here.
Step 2 Enable IP multicast routing on each switch and enable PIM-SM on all interfaces.
# On SwitchA, enable multicast routing in the system view, enable PIM-SM on all interfaces,
and configure VLANIF40 of SwitchD as a static RP. The configurations of SwitchB, SwitchC
and SwitchD are similar to the configuration of SwitchA, and are not mentioned here.
Step 3 On SwitchA, SwitchB, and SwitchC, enable IGMP on the interfaces connected to the receiver
network segments.
# Enable IGMP on VLANIF10 of SwitchA. The configurations of SwitchB and SwitchC are
similar to the configuration of SwitchA, and are not mentioned here.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 11
#
multicast routing-enable
#
acl number 2001
rule 5 permit source 225.1.1.1 0
#
interface Vlanif10
ip address 10.110.1.1 255.255.255.0
pim sm
igmp enable
igmp group-policy 2001
#
interface Vlanif11
ip address 192.168.1.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 11
port hybrid untagged vlan 11
#
ospf 1
area 0.0.0.0
network 10.110.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
pim
static-rp 192.168.4.1
#
return
pim sm
#
interface Vlanif40
ip address 192.168.4.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 11
port hybrid untagged vlan 11
#
interface Ethernet0/0/2
port hybrid pvid vlan 21
port hybrid untagged vlan 21
#
interface Ethernet0/0/3
port hybrid pvid vlan 31
port hybrid untagged vlan 31
#
interface Ethernet0/0/4
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
static-rp 192.168.4.1
#
return
Networking Requirements
As shown in Figure 6-2, users receive data in multicast mode. User hosts are located on two
network segments: N1 and N2. Receiver HostA is located on N1, and receivers HostC and HostD
are located on N2. HostA wants to receive data of multicast group 225.1.1.3 for a long time,
while HostC and HostD do not have such requirements.
Configuration Roadmap
To meet the preceding requirements, configure static multicast group 225.1.1.3 on the interface
connected to the network segment of HostA. The configuration roadmap is as follows:
1. Configure a unicast routing protocol to implement IP interworking.
Configure IP addresses for interfaces and configure a unicast routing protocol on each
switch. Multicast routing protocols depend on unicast routing protocols.
2. Configure basic multicast functions to enable multicast data to be forwarded on the network.
Enable PIM-SM and configure a rendezvous point (RP) on each switch. Enable IGMP on
the interfaces connected to the receiver network segments.
3. Enable HostA to receive data of multicast group 225.1.1.3 for a long time.
On SwitchA, statically bind the interface connected to the network segment of HostA to
group 225.1.1.3.
Procedure
Step 1 Configure IP addresses for interfaces and configure a unicast routing protocol on each switch.
Configure an IP address and mask for each interface according to Figure 6-2. Configure OSPF
on each switch to ensure IP connectivity between them, and enable them to dynamically update
routing information. The configuration details are not mentioned here.
Step 2 Enable IP multicast routing on each switch and enable PIM-SM on all interfaces.
# On SwitchA, enable multicast routing in the system view, enable PIM-SM on all interfaces,
and configure VLANIF40 of SwitchD as a static RP. The configurations of SwitchB, SwitchC
and SwitchD are similar to the configuration of SwitchA, and are not mentioned here.
Step 3 On SwitchA, SwitchB, and SwitchC, enable IGMP on the interfaces connected to the receiver
network segments.
# Enable IGMP on VLANIF10 of SwitchA. The configurations of SwitchB and SwitchC are
similar to the configuration of SwitchA, and are not mentioned here.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] igmp enable
[SwitchA-Vlanif10] quit
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 11
#
multicast routing-enable
#
interface Vlanif10
ip address 10.110.1.1 255.255.255.0
pim sm
igmp enable
igmp static-group 225.1.1.3
#
interface Vlanif11
ip address 192.168.1.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 11
port hybrid untagged vlan 11
#
ospf 1
area 0.0.0.0
network 10.110.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
pim
static-rp 192.168.4.1
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 20 21
#
multicast routing-enable
#
interface Vlanif20
ip address 10.110.2.1 255.255.255.0
pim sm
igmp enable
#
interface Vlanif21
ip address 192.168.2.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 21
port hybrid untagged vlan 21
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
pim
static-rp 192.168.4.1
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 20 31
#
multicast routing-enable
#
interface Vlanif20
ip address 10.110.2.2 255.255.255.0
pim sm
igmp enable
#
interface Vlanif31
ip address 192.168.3.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 31
port hybrid untagged vlan 31
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
pim
static-rp 192.168.4.1
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 11 21 31 40
#
multicast routing-enable
#
interface Vlanif11
ip address 192.168.1.2 255.255.255.0
pim sm
#
interface Vlanif21
ip address 192.168.2.2 255.255.255.0
pim sm
#
interface Vlanif31
ip address 192.168.3.2 255.255.255.0
pim sm
#
interface Vlanif40
ip address 192.168.4.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 11
port hybrid untagged vlan 11
#
interface Ethernet0/0/2
port hybrid pvid vlan 21
port hybrid untagged vlan 21
#
interface Ethernet0/0/3
port hybrid pvid vlan 31
port hybrid untagged vlan 31
#
interface Ethernet0/0/4
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
static-rp 192.168.4.1
#
return
Networking Requirements
As shown in Figure 6-3, the multicast network runs PIM-SM, and uses ASM and SSM models
to provide multicast services. The switch interface connected to the receiver network segment
runs IGMPv3, whereas the receiver runs IGMPv2 and does not support IGMPv3. Therefore, the
receiver cannot specify a multicast source from which it wants to receive multicast data when
joining a multicast group.
The range of SSM group addresses on the network is 232.1.1.0/24. Source 1, Source 2, and
Source 3 all send multicast data to the multicast groups in this range. However, the receiver only
wants to receive multicast data from Source 1 and Source 3.
PIM-SM
Source2 Source3
10.10.2.2/24 192.168.2.2/24
VLANIF11 VLANIF31 VLANIF31 VLANIF12
Eth0/0/1 Eth0/0/3 Eth0/0/3 Eth0/0/1
192.168.2.1/24 10.10.3.2/24
SwitchB Eth0/0/2 Eth0/0/2
10.10.2.1/24 VLANIF20 VLANIF21 SwitchC 10.10.3.1/24
192.168.1.2/24 192.168.3.1/24
Configuration Roadmap
To meet the preceding requirements, configure basic multicast functions on the switches, and
then configure SSM mapping on SwitchD. The configuration roadmap is as follows:
Procedure
Step 1 Configure IP addresses for interfaces and configure a unicast routing protocol on each switch.
Configure an IP address and mask for each interface according to Figure 6-3. Configure OSPF
on each switch to ensure IP connectivity between them, and enable them to dynamically update
routing information. The configuration details are not mentioned here.
Step 2 Enable IP multicast routing on each switch, and enable PIM-SM and IGMP on interfaces.
# On SwitchD, enable IP multicast routing in the system view and enable PIM-SM on all
interfaces. Enable IGMP on VLANIF13 and set the IGMP version to v3.
# On SwitchA, enable IP multicast routing in the system view and enable PIM-SM on all
interfaces. The configurations of SwitchB and SwitchC are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Enable SSM mapping on the interface connected to the receiver network segment.
# Enable SSM mapping on VLANIF13 of SwitchD.
Vlanif13 (10.10.4.2):
Total 1 IGMP SSM-Mapping Group reported
Group Address Last Reporter Uptime Expires
232.1.1.1 10.10.4.1 00:01:44 00:00:26
# Run the display pim routing-table command on SwitchD to view the PIM-SM multicast
routing table. The command output is as follows:
<SwitchD> display pim routing-table
VPN-Instance: public net
Total 2 (S, G) entries
(10.10.1.1, 232.1.1.1)
Protocol: pim-ssm, Flag: SG_RCVR
UpTime: 00:19:40
Upstream interface: Vlanif30
Upstream neighbor: 192.168.4.2
RPF prime neighbor: 192.168.4.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif13
Protocol: ssm-map, UpTime: 00:19:40, Expires: -
(10.10.3.1, 232.1.1.1)
Protocol: pim-ssm, Flag: SG_RCVR
UpTime: 00:19:40
Upstream interface: Vlanif21
Upstream neighbor: 192.168.3.1
RPF prime neighbor: 192.168.3.1
Downstream interface(s) information:
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20 30
#
multicast routing-enable
#
acl number 2000
rule 5 permit source 232.1.1.0 0.0.0.255
#
interface Vlanif10
ip address 10.10.1.2 255.255.255.0
pim sm
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
pim sm
#
interface Vlanif30
ip address 192.168.4.2 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1
area 0.0.0.0
network 10.10.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
static-rp 192.168.4.2
ssm-policy 2000
#
return
pim sm
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
pim sm
#
interface Vlanif31
ip address 192.168.2.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 11
port hybrid untagged vlan 11
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 31
port hybrid untagged vlan 31
#
ospf 1
area 0.0.0.0
network 10.10.2.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
pim
static-rp 192.168.4.2
ssm-policy 2000
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 12 21 31
#
multicast routing-enable
#
acl number 2000
rule 5 permit source 232.1.1.0 0.0.0.255
#
interface Vlanif12
ip address 10.10.3.2 255.255.255.0
pim sm
#
interface Vlanif21
ip address 192.168.3.1 255.255.255.0
pim sm
#
interface Vlanif31
ip address 192.168.2.2 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 12
port hybrid untagged vlan 12
#
interface Ethernet0/0/2
port hybrid pvid vlan 21
port hybrid untagged vlan 21
#
interface Ethernet0/0/3
port hybrid pvid vlan 31
port hybrid untagged vlan 31
#
ospf 1
area 0.0.0.0
network 10.10.3.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
pim
static-rp 192.168.4.2
ssm-policy 2000
#
return
Networking Requirements
As shown in Figure 6-4, the shared network segment is connected to the Internet. HostA and
HostB want to receive multicast data from Source.
Figure 6-4 Networking diagram for configuring PIM-SM in the ASM model
SwitchA
PIM-SM 10.110.1.1/24
/0 0 2 4
VLANIF20
h0 IF3 .1/
Eth0/0/2
Et N 8.1
/3
VL .16
Eth0/0/1
2
A
VLANIF10 HostA
19
192.168.5.1/24 Receiver
24
/3 0 2/
/0 IF3 .1.
192.168.5.2/24
h0 N 68
Source VLANIF10
Et LA 2.1
Eth0/0/1 SwitchB
V 9
192.168.4.2/24
1
SwitchD 192.168.2.2/24
VLANIF60 VLANIF90 10.110.2.1/24
Eth0/0/4 Eth0/0/3 VLANIF40
Eth0/0/1 Eth0/0/4 Eth0/0/1 Eth0/0/2
VLANIF80 VLANIF60 SwitchE VLANIF90
10.110.3.1/24 192.168.4.1/24 Eth0/0/2 192.168.2.1/24
VLANIF50 HostB
192.168.3.2/24 Receiver
192.168.3.1/24
VLANIF50
Eth0/0/2
Eth0/0/1
SwitchC VLANIF40
10.110.2.2/24
Configuration Roadmap
Configure the PIM-SM protocol on the switches to enable them to provide the ASM service for
user hosts on the network. Then all the hosts in a multicast group can receive multicast data sent
from any sources to this group.
1. Configure an IP address for each interface and a unicast routing protocol. PIM is an intra-
domain multicast routing protocol that depends on unicast routing protocols.
2. Enable the multicast function on all switches providing multicast services. Before
configuring PIM-SM, you must enable the multicast function.
3. Enable PIM-SM on all interfaces. You can configure other PIM-SM functions only after
PIM-SM is enabled.
4. Enable IGMP on interfaces that connect the switch and hosts. A receiver can join and leave
a multicast group by sending IGMP messages. The leaf switches maintain the multicast
member relationship through IGMP.
NOTE
If both PIM-SM and IGMP need to be configured on interfaces that connect the switch and hosts,
you must configure PIM-SM first, and then configure IGMP.
5. Configure the RP. In PIM-SM domain, RP is essential in providing ASM services and helps
forward multicast data. You are advised to configure RP on switches that have more
multicast flows. For example, you can configure RP on SwitchE in the figure.
Procedure
Step 1 Configure an IP address for each interface and a unicast routing protocol.
# Configure the IP address and mask for each interface shown in Figure 6-4, and configure
OSPF on each switch to ensure that switches can communicate at the network layer and can
dynamically update routes through the unicast routing protocol. The configuration of SwitchB,
SwitchC, SwitchD, and SwitchE are similar to the configuration of SwitchA, and are not
provided here.
[SwitchA] vlan batch 10 20 30
[SwitchA] interface ethernet0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 20
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 20
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet0/0/3
[SwitchA-Ethernet0/0/3] port hybrid pvid vlan 30
[SwitchA-Ethernet0/0/3] port hybrid untagged vlan 30
[SwitchA-Ethernet0/0/3] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 192.168.5.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 10.110.1.1 24
[SwitchA-Vlanif20] quit
[SwitchA] interface vlanif 30
[SwitchA-Vlanif30] ip address 192.168.1.1 24
[SwitchA-Vlanif30] quit
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.110.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.5.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Enable multicast on all switches and PIM-SM on all interfaces. The configuration of SwitchB,
SwitchC, SwitchD, and SwitchE are similar to the configuration of SwitchA, and are not
provided here.
[SwitchA] multicast routing-enable
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] pim sm
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] pim sm
[SwitchA-Vlanif20] quit
[SwitchA] interface vlanif 30
[SwitchA-Vlanif30] pim sm
[SwitchA-Vlanif30] quit
Step 3 Enable IGMP on interfaces that connect the switch and hosts.
# Enable IGMP on interfaces that connect SwitchA and user hosts. The configuration of SwitchB
and SwitchC are similar to the configuration of SwitchA, and are not provided here.
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] igmp enable
# Run the display pim rp-info command to check the RP information on SwitchA. In this
example, the RP information on SwitchA is displayed as follows:
<SwitchA> display pim rp-info
VPN-Instance: public net
PIM SM static RP Number:1
Static RP: 192.168.2.2
# Run the display pim routing-table command to view the PIM routing table. The multicast
source 10.110.3.100/24 sends message to the multicast group 225.1.1.1/24. Host A and Host B
join the multicast group 225.1.1.1/24. Detailed information is displayed as follows:
NOTE
By default, after the receiver's DR receives the first multicast data, an SPT switchover is performed and
(S, G) routing entries are created. Therefore, (S, G) routing entries displayed on the switch are (S, G) entries
after the SPT switchover.
[SwitchA] display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 225.1.1.1)
RP: 192.168.2.2
(10.110.3.100, 225.1.1.1)
RP: 192.168.2.2
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:42
Upstream interface: Vlanif30
Upstream neighbor: 192.168.1.2
RPF prime neighbor: 192.168.1.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif20
Protocol: pim-sm, UpTime: 00:00:42, Expires:-
[SwitchB] display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 225.1.1.1)
RP: 192.168.2.2
Protocol: pim-sm, Flag: WC
UpTime: 00:10:12
Upstream interface: Vlanif90,
Upstream neighbor: 192.168.2.2
RPF prime neighbor: 192.168.2.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif40
Protocol: pim-sm, UpTime: 00:10:12, Expires:-
(10.110.3.100, 225.1.1.1)
RP: 192.168.2.2
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:42
Upstream interface: Vlanif90
Upstream neighbor: 192.168.2.2
RPF prime neighbor: 192.168.2.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif40
Protocol: pim-sm, UpTime: 00:00:30, Expires:-
(10.110.3.100, 225.1.1.1)
RP: 192.168.2.2
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:01:25
Upstream interface: Vlanif50
Upstream neighbor: 192.168.3.2
RPF prime neighbor: 192.168.3.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif40
Protocol: pim-sm, UpTime: 00:01:25, Expires:-
(10.110.3.100, 225.1.1.1)
RP: 192.168.2.2
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:42
Upstream interface: Vlanif80
Upstream neighbor: 10.110.3.100
RPF prime neighbor: 10.110.3.100
Downstream interface(s) information:
Total number of downstreams: 2
1: Vlanif30
1: Vlanif60
Protocol: pim-sm, UpTime: 00:00:42, Expires:-
(*, 225.1.1.1)
RP: 192.168.2.2 (local)
Protocol: pim-sm, Flag: WC
UpTime: 00:13:16
Upstream interface: Register
Upstream neighbor: 192.168.4.1
RPF prime neighbor: 192.168.4.1
Downstream interface(s) information:
Total number of downstreams: 2
1: Vlanif10
1: Vlanif90
Protocol: pim-sm, UpTime: 00:13:16, Expires: 00:03:22
(10.110.5.100, 225.1.1.1)
RP: 192.168.2.2
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:01:22
Upstream interface: Vlanif60
Upstream neighbor: 192.168.4.1
RPF prime neighbor: 192.168.4.1
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif90
Protocol: pim-sm, UpTime: 00:01:22, Expires:-
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20 30
#
multicast routing-enable
#
interface Vlanif10
ip address 192.168.5.1 255.255.255.0
pim sm
#
interface Vlanif20
ip address 10.110.1.1 255.255.255.0
pim sm
igmp enable
#
interface Vlanif30
ip address 192.168.1.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
interface Vlanif50
ip address 192.168.3.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface Ethernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
pim
static-rp 192.168.2.2
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 30 60 80
#
multicast routing-enable
#
interface Vlanif30
ip address 192.168.1.2 255.255.255.0
pim sm
#
interface Vlanif60
ip address 192.168.4.1 255.255.255.0
pim sm
#
interface Vlanif80
ip address 10.110.3.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 80
port hybrid untagged vlan 80
#
interface Ethernet3/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface Ethernet4/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
ospf 1
area 0.0.0.0
network 10.110.3.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
static-rp 192.168.2.2
#
return
l Configuration file of SwitchE
#
sysname SwitchE
#
vlan batch 10 50 60 90
#
multicast routing-enable
#
interface Vlanif10
ip address 192.168.5.2 255.255.255.0
pim sm
#
interface Vlanif50
ip address 192.168.3.2 255.255.255.0
pim sm
#
interface Vlanif60
ip address 192.168.4.2 255.255.255.0
pim sm
#
interface Vlanif90
ip address 192.168.2.2 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface Ethernet0/0/3
port hybrid pvid vlan 90
port hybrid untagged vlan 90
#
interface Ethernet4/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
network 192.168.5.0 0.0.0.255
#
pim
static-rp 192.168.2.2
#
return
Networking Requirements
As shown in Figure 6-5, HostA wants to receive multicast data from S1 and S2, while HostB
wants to receive multicast data from S2.
Figure 6-5 Networking diagram for configuring PIM-SM in the SSM model
PIM-SM
SwitchA
10.110.4.1/24 192.168.1.1/24 10.110.1.1/24
VLANIF70 VLANIF30 VLANIF20
Eth0/0/1 Eth0/0/2 Eth0/0/3
Eth0/0/2
S1 VLANIF30
Eth0/0/1
SwitchF 192.168.1.2/24 HostA
Source VLANIF10
192.168.5.1/24 Receiver
SwitchE 192.168.5.2/24
VLANIF10
10.110.3.1/24 192.168.4.2/24 Eth0/0/1 192.168.2.1/24 10.110.2.1/24
VLANIF80 VLANIF60 VLANIF90 VLANIF40
Eth0/0/1 Eth0/0/4 Eth0/0/1 Eth0/0/2
Eth0/0/4 Eth0/0/3
S2 VLANIF60 VLANIF90
SwitchD 192.168.4.1/24 Eth0/0/2 SwitchB
VLANIF50 192.168.2.2/24
Source
192.168.3.2/24 HostB
192.168.3.1/24 Receiver
VLANIF50
Eth0/0/2
SwitchC
Eth0/0/1
VLANIF40
10.110.2.2/24
Configuration Roadmap
Configure the PIM-SM protocol on the switches to enable them to provide the SSM service for
user hosts on the network. Then hosts in a multicast group can receive multicast data sent from
specified sources to this group.
1. Configure an IP address for each interface and a unicast routing protocol. PIM is an intra-
domain multicast routing protocol that depends on unicast routing protocols.
2. Enable the multicast function on switches providing multicast services. Before configuring
PIM-SM, you must enable the multicast function.
3. Enable PIM-SM on all interfaces. You can configure other PIM-SM functions only after
PIM-SM is enabled.
4. Enable IGMP on interfaces that connect the switch and hosts and set the IGMP version to
IGMPv3. A receiver can join and leave a multicast group of a specified source by sending
IGMP messages. The leaf switches maintain the multicast member relationship through
IGMP.
NOTE
If both PIM-SM and IGMP need to be configured on interfaces that connect the switch and hosts,
you must configure PIM-SM first, and then configure IGMP.
5. Configure the address range for SSM groups on each switch. Ensure that switches in the
PIM-SM domain provide services only for multicast groups in the range of SSM group
addresses. In this manner, multicast can be controlled effectively.
NOTE
SSM group address range configured on each switch must be the same.
Procedure
Step 1 Configure an IP address for each interface and a unicast routing protocol.
# Configure the IP address and mask for each interface shown in Figure 6-5, and configure
OSPF on each switch to ensure that switches can communicate at the network layer and can
dynamically update routes through the unicast routing protocol. The configuration details are
not provided here. The configuration of SwitchB, SwitchC, SwitchD, SwitchE, and SwitchF are
similar to the configuration of SwitchA, and are not mentioned.
[SwitchA] vlan batch 10 20 30
[SwitchA] interface ethernet0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 20
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 20
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet0/0/3
[SwitchA-Ethernet0/0/3] port hybrid pvid vlan 30
[SwitchA-Ethernet0/0/3] port hybrid untagged vlan 30
[SwitchA-Ethernet0/0/3] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 192.168.5.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 10.110.1.1 24
[SwitchA-Vlanif20] quit
[SwitchA] interface vlanif 30
[SwitchA-Vlanif30] ip address 192.168.1.1 24
[SwitchA-Vlanif30] quit
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.110.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.5.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
Step 3 Enable IGMP on interfaces that connect the switch and hosts and set the IGMP version to
IGMPv3.
# Enable IGMP on interfaces that connect SwitchA and user hosts. The configuration of SwitchB
and SwitchC are similar to the configuration of SwitchA, and are not mentioned here.
# Run the display pim routing-table command to view the PIM routing table. HostA receives
information sent from multicast source 10.110.3.100/24 and 10.110.4.100/24 to the multicast
group 232.1.1.1/24. HostB receives information sent from multicast source 10.110.3.100/24 to
multicast group 232.1.1.1/24. The following information is displayed.
[SwitchA] display pim routing-table
VPN-Instance: public net
Total 2 (S, G) entry
(10.110.3.100, 232.1.1.1)
Protocol: pim-ssm, Flag: SG_RCVCR
UpTime: 00:13:46
Upstream interface: Vlanif10,
Upstream neighbor: 192.168.5.2
RPF prime neighbor: 192.168.5.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif20
Protocol: pim-ssm, UpTime: 00:13:46, Expires:-
(10.110.4.100, 232.1.1.1)
Protocol: pim-ssm, Flag: SG_RCVCR
UpTime: 00:00:42
Upstream interface: Vlanif30
Upstream neighbor: 192.168.1.2
RPF prime neighbor: 192.168.1.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif20
Protocol: pim-ssm, UpTime: 00:00:42, Expires:-
[SwitchB] display pim routing-table
VPN-Instance: public net
Total 1 (S, G) entry
(10.110.3.100, 232.1.1.1)
Protocol: pim-ssm, Flag: SG_RCVCR
UpTime: 00:10:12
Upstream interface: Vlanif90,
Upstream neighbor: 192.168.2.2
RPF prime neighbor: 192.168.2.2
Downstream interface(s) information:
(10.110.3.100, 232.1.1.1)
Protocol: pim-ssm, Flag:
UpTime: 00:01:25
Upstream interface: Vlanif50
Upstream neighbor: 192.168.3.2
RPF prime neighbor: 192.168.3.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif40
Protocol: pim-ssm, UpTime: 00:01:25, Expires:-
(10.110.3.100, 232.1.1.1)
Protocol: pim-ssm, Flag: LOC
UpTime: 00:00:42
Upstream interface: Vlanif80
Upstream neighbor: 10.110.3.100
RPF prime neighbor: 10.110.3.100
Downstream interface(s) information:
Total number of downstreams: 2
1: Vlanif60
Protocol: pim-ssm, UpTime: 00:00:42, Expires:-
(10.110.3.100, 232.1.1.1)
Protocol: pim-ssm, Flag: LOC
UpTime: 00:13:16
Upstream interface: Vlanif 60
Upstream neighbor: 192.168.4.1
RPF prime neighbor: 192.168.4.1
Downstream interface(s) information:
Total number of downstreams: 3
1: Vlanif10
2: Vlanif50
3: Vlanif90
Protocol: pim-ssm, UpTime: 00:13:16, Expires: 00:03:22
(10.110.4.100, 232.1.1.1)
Protocol: pim-ssm, Flag: LOC
UpTime: 00:13:16
Upstream interface: Vlanif 70
Upstream neighbor: 10.110.4.100
RPF prime neighbor: 10.110.4.100
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif30
Protocol: pim-ssm, UpTime: 00:15:28, Expires: 00:05:21
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20 30
#
multicast routing-enable
#
acl number 2000
rule 5 permit source 232.1.1.0 0.0.0.255
#
interface Vlanif10
ip address 192.168.5.1 255.255.255.0
pim sm
#
interface Vlanif20
ip address 10.110.1.1 255.255.255.0
pim sm
igmp enable
igmp version 3
#
interface vlanif 30
ip address 192.168.1.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1
area 0.0.0.0
network 10.110.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.5.0 0.0.0.255
#
pim
ssm-policy 2000
#
return
igmp version 3
#
interface Ethernet0/0/1
port hybrid pvid vlan 90
port hybrid untagged vlan 90
#
interface Ethernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
pim
ssm-policy 2000
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 40 50
#
multicast routing-enable
#
acl number 2000
rule 5 permit source 232.1.1.0 0.0.0.255
#
interface Vlanif40
ip address 10.110.2.2 255.255.255.0
pim sm
igmp enable
igmp version 3
#
interface Vlanif50
ip address 192.168.3.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface Ethernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
pim
ssm-policy 2000
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 60 80
#
multicast routing-enable
#
acl number 2000
rule 5 permit source 232.1.1.0 0.0.0.255
#
interface Vlanif60
ip address 192.168.4.1 255.255.255.0
pim sm
#
interface Vlanif80
ip address 10.110.3.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 80
port hybrid untagged vlan 80
#
interface Ethernet0/0/4
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
ospf 1
area 0.0.0.0
network 10.110.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
ssm-policy 2000
#
return
l Configuration file of SwitchE
#
sysname SwitchE
#
vlan batch 10 50 60 90
#
multicast routing-enable
#
acl number 2000
rule 5 permit source 232.1.1.0 0.0.0.255
#
interface Vlanif10
ip address 192.168.5.2 255.255.255.0
pim sm
#
interface Vlanif50
ip address 192.168.3.2 255.255.255.0
pim sm
#
interface Vlanif60
ip address 192.168.4.2 255.255.255.0
pim sm
#
interface Vlanif90
ip address 192.168.2.2 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface Ethernet0/0/3
port hybrid pvid vlan 90
port hybrid untagged vlan 90
#
interface Ethernet4/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
network 192.168.5.0 0.0.0.255
#
pim
ssm-policy 2000
#
return
Networking Requirements
In Figure 6-6, basic PIM-SM configuration has been completed on the Switches. User hosts
receive multicast data from the multicast source. SwitchA is the source DR. SwitchB and
SwitchC are connected to the user host network segment. When the receiver DR changes, other
switches are required to fast respond to the change.
You can set up BFD sessions on the user host network segment so that switches can fast respond
to the change of the DR.
Figure 6-6 Networking diagram for configuring PIM BFD on the shared network segment
SwitchA
Source
10.1.7.1/24 PIM-SM
10.1.3.1/24
VLANIF200
Eth0/0/1
10.1.2.1/24
VLANIF200 SwitchC
Eth0/0/1
SwitchB Eth0/0/2
VLANIF100
Eth0/0/2 10.1.1.2/24
VLANIF100
10.1.1.1/24
VLAN 100
HostA HostB
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure PIM BFD on interfaces that connect the Switch to the user host network segment.
NOTE
Procedure
Step 1 Enable BFD globally and configure PIM BFD in the interface view.
Enable BFD globally on SwitchB and SwitchC and enable PIM BFD on interfaces connecting
to the user host network segment and configure PIM BFD parameters. The configuration of
SwitchC is similar to the configuration of SwitchB, and is not mentioned here.
[SwitchB] bfd
[SwitchB-bfd] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] pim bfd enable
[SwitchB-Vlanif100] pim bfd min-tx-interval 100 min-rx-interval 100 detect-
multiplie 3
# Run the display pim bfd session command to check information about the BFD session on
each Switch. You can check whether the BRD session is set up.
<SwitchB> display pim bfd session
VPN-Instance: public net
Total 1 BFD session Created
# Run the display pim routing-table command to view the PIM routing table. SwitchC functions
as the DR. The (S, G) and (*, G) entries exist. The following information is displayed.
<SwitchC> display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 225.1.1.1)
RP: 10.1.5.2
Protocol: pim-sm, Flag: WC
UpTime: 00:13:46
Upstream interface: Vlanif200,
Upstream neighbor: 10.1.2.2
RPF prime neighbor: 10.1.2.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif100,
Protocol: pim-sm, UpTime: 00:13:46, Expires:-
(10.1.7.1, 225.1.1.1)
RP: 10.1.5.2
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:42
Upstream interface: Vlanif200
Upstream neighbor: 10.1.2.2
RPF prime neighbor: 10.1.2.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif100
Protocol: pim-sm, UpTime: 00:00:42, Expires:-
----End
Configuration Files
l SwitchA needs to be configured with only basic PIM SM functions. The configuration file
is not provided here.
l SwitchB has the following configuration file. The configuration file of SwitchC is similar
to that of SwitchB and is not provided here.
#
sysname SwitchB
#
vlan batch 100 200
#
multicast routing-enable
#
bfd
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
pim sm
pim bfd enable
pim bfd min-tx-interval 100 min-rx-interval 100
igmp enable
#
interface Vlanif200
ip address 10.1.2.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 6-7, SwitchA, SwitchB, and SwitchC run OSPF to implement IP
interworking, and switch interfaces use PIM-SM to provide multicast services. Data sent from
the multicast source (Source) is forwarded to the receiver host (Receiver) through SwitchA and
SwitchB. The link between SwitchA and SwitchB transmits unicast and multicast services
simultaneously. To reduce the loads on this link, multicast data needs to be transmitted along
the path SwitchA→SwitchC→SwitchB.
SwitchC
Eth0/0/3 Eth0/0/2
VLANIF30 VLANIF40
12.1.1.2/24 13.1.1.2/24
12.1.1.1/24 13.1.1.1/24
VLANIF30 PIM-SM VLANIF40
Eth0/0/3 Eth0/0/2
SwitchA SwitchB
Eth0/0/1 Eth0/0/1
Eth0/0/2 VLANIF10 VLANIF10
9.1.1.1/24 9.1.1.2/24 Eth0/0/3
VLANIF20 VLANIF50
8.1.1.1/24 7.1.1.1/24
8.1.1.2/24 7.1.1.2/24
Source Receiver
Configuration Roadmap
The RPF interface used to receive multicast data can be changed by configuring a multicast static
route. After the RPF route is changed, multicast and unicast services are transmitted through
different links so that the load on a single link is reduced. The configuration roadmap is as
follows:
1. Configure IP addresses for interfaces and configure a unicast routing protocol (OSPF in
this example) on each switch. Multicast routing protocols depend on unicast routing
protocols.
2. Enable multicast routing on all switches and PIM-SM on all Layer 3 interfaces. Configure
a static RP and specify the static RP address an all the switches. Enable IGMP on the
interface connected to the network segment of the receiver host. After these basic multicast
functions are configured, the switches can establish a multicast distribution tree using
default parameter settings. Then multicast data can be forwarded to Receiver along the
multicast distribution tree.
3. Configure a multicast RPF static route on SwitchB and specify SwitchC as the RPF
neighbor.
Procedure
Step 1 Configure IP addresses for interfaces and configure OSPF on each switch.
# Create VLANs and add Layer 2 physical interfaces to VLANs on the switches. (The
configurations of the other switches are similar to the configuration of SwitchB.)
# Configure IP addresses and masks for Layer 3 VLANIF interfaces on the switches. (The
configurations of the other switches are similar to the configuration of SwitchB.)
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 9.1.1.2 24
[SwitchB-Vlanif10] quit
[SwitchB] interface vlanif 40
[SwitchB-Vlanif40] ip address 13.1.1.1 24
[SwitchB-Vlanif40] quit
[SwitchB] interface vlanif 50
[SwitchB-Vlanif50] ip address 7.1.1.1 24
[SwitchB-Vlanif50] quit
# Configure OSPF on the switches. (The configurations of the other switches are similar to the
configuration of SwitchB.)
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 7.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
Step 2 Enable multicast routing on the switches and enable PIM-SM on all Layer 3 interfaces.
# Enable multicast routing on all the switches and enable PIM-SM on all Layer 3 interfaces.
Enable IGMP on the interface connected to the network segment of the receiver host. (The
configurations on the other switches are similar to the configuration on SwitchB.)
[SwitchB] multicast routing-enable
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] pim sm
[SwitchB-Vlanif10] quit
[SwitchB] interface vlanif 40
[SwitchB-Vlanif40] pim sm
[SwitchB-Vlanif40] quit
[SwitchB] interface vlanif 50
[SwitchB-Vlanif50] pim sm
[SwitchB-Vlanif50] igmp enable
[SwitchB-Vlanif50] quit
# Run the display multicast rpf-info command on SwitchB to check the RPF route to Source.
The following command output shows that the RPF route is originated from a unicast routing
protocol, and the RPF neighbor is SwitchA.
[SwitchB] display multicast rpf-info 8.1.1.2
VPN-Instance: public net
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20 30
#
multicast routing-enable
#
interface Vlanif10
ip address 9.1.1.1 255.255.255.0
pim sm
#
interface Vlanif20
ip address 8.1.1.1 255.255.255.0
pim sm
#
interface Vlanif30
ip address 12.1.1.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1
area 0.0.0.0
#
interface Ethernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface Ethernet0/0/3
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
pim
static-rp 12.1.1.2
#
return
Networking Requirements
As shown in Figure 6-8, SwitchB and SwitchC run OSPF to implement IP interworking, but
they have no unicast route to SwitchA. Switch interfaces need to run PIM-SM to provide
multicast services. The receiver host (Receiver) can receive data from Source1. Now Receiver
needs to receive data from Source2.
Source1
10.1.3.2/24
10.1.3.1/24 10.1.4.1/24
VLANIF13 VLANIF40
Eth0/0/2 Eth0/0/3 SwitchA
SwitchB
Eth0/0/3
Eth0/0/1 VLANIF40
PIM-SM 10.1.4.2/24 Eth0/0/1
VLANIF20
10.1.2.2/24 VLANIF11
10.1.2.1/24 10.1.5.1/24
VLANIF20
OSPF Eth0/0/1
SwitchC
Eth0/0/2
VLANIF12
10.1.1.1/24
Source2
10.1.5.2/24
Receiver
Configuration Roadmap
An RPF route to Source2 can be established on the path SwitchC→SwitchB→SwitchA by
configuring multicast static routes on SwitchB and SwitchC. The configuration roadmap is as
follows:
1. Configure IP addresses for interfaces of the switches. Configure OSPF on SwitchB and
SwitchC but not on SwitchA, so that SwitchB and SwitchC have no unicast route to
SwitchA.
2. Enable multicast routing on all switches and PIM-SM on all Layer 3 interfaces. Configure
a static RP and specify the static RP address an all the switches. Enable IGMP on the
interface connected to the network segment of the receiver host. After these basic multicast
functions are configured, the switches can establish a multicast distribution tree using
default parameter settings. Then multicast data can be forwarded to Receiver along the
multicast distribution tree.
3. Configure multicast static routes to Source2 on SwitchB and SwitchC.
Procedure
Step 1 Configure IP addresses for interfaces and configure OSPF on each switch.
# Create VLANs and add Layer 2 physical interfaces to VLANs on the switches. (The
configurations of the other switches are similar to the configuration of SwitchB.)
[SwitchB] vlan batch 13 20 40
[SwitchB] interface ethernet0/0/1
[SwitchB-Ethernet0/0/1] port hybrid pvid vlan 20
[SwitchB-Ethernet0/0/1] port hybrid untagged vlan 20
[SwitchB-Ethernet0/0/1] quit
[SwitchB] interface ethernet0/0/2
[SwitchB-Ethernet0/0/2] port hybrid pvid vlan 13
[SwitchB-Ethernet0/0/2] port hybrid untagged vlan 13
[SwitchB-Ethernet0/0/2] quit
[SwitchB] interface ethernet0/0/3
[SwitchB-Ethernet0/0/3] port hybrid pvid vlan 40
[SwitchB-Ethernet0/0/3] port hybrid untagged vlan 40
[SwitchB-Ethernet0/0/3] quit
# Configure IP addresses and masks for Layer 3 VLANIF interfaces on the switches. (The
configurations of the other switches are similar to the configuration of SwitchB.)
[SwitchB] interface vlanif 13
[SwitchB-Vlanif13] ip address 10.1.3.1 24
[SwitchB-Vlanif13] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] ip address 10.1.2.2 24
[SwitchB-Vlanif20] quit
[SwitchB] interface vlanif 40
[SwitchB-Vlanif40] ip address 10.1.4.1 24
[SwitchB-Vlanif40] quit
# Configure OSPF on SwitchB and SwitchC. (The configuration of SwitchC is similar to the
configuration of SwitchB.)
[SwitchB] ospf
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
Step 2 Enable multicast routing on the switches and enable PIM-SM on all Layer 3 interfaces.
# Enable multicast routing on all the switches and enable PIM-SM on all Layer 3 interfaces.
Enable IGMP on the interface connected to the network segment of the receiver host. (The
configurations on the other switches are similar to the configuration on SwitchA.)
Configure SwitchA.
[SwitchA] multicast routing-enable
[SwitchA] interface vlanif11
[SwitchA-Vlanif11] pim sm
[SwitchA-Vlanif11] quit
[SwitchA] interface vlanif 40
[SwitchA-Vlanif40] pim sm
[SwitchA-Vlanif40] quit
Configure SwitchB.
[SwitchB] multicast routing-enable
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] pim sm
[SwitchB-Vlanif20] quit
[SwitchB] interface vlanif 13
[SwitchB-Vlanif13] pim sm
[SwitchB-Vlanif13] quit
[SwitchB] interface vlanif 40
[SwitchB-Vlanif40] pim sm
[SwitchB-Vlanif40] quit
Configure SwitchC.
[SwitchC] multicast routing-enable
[SwitchC] interface vlanif 20
[SwitchC-Vlanif20] pim sm
[SwitchC-Vlanif20] quit
[SwitchC] interface vlanif 12
[SwitchC-Vlanif12] pim sm
[SwitchC-Vlanif12] igmp enable
[SwitchC-Vlanif12] quit
# Source1 (10.1.3.2/24) and Source2 (10.1.5.2/24) send multicast data to group G (225.1.1.1).
After Receiver joins group G, it receives the multicast data sent by Source1 but cannot receive
the multicast data sent by Source2.
# Run the display multicast rpf-info 10.1.5.2 command on SwitchB and SwitchC. No
information is displayed, indicating that SwitchB and SwitchC have no RPF route to Source2.
# Configure a multicast RPF static route to Source2 on SwitchB, and configure SwitchA as the
RPF neighbor.
[SwitchB] ip rpf-route-static 10.1.5.0 255.255.255.0 10.1.4.2
# Configure a multicast RPF static route to Source2 on SwitchC, and configure SwitchB as the
RPF neighbor.
[SwitchC] ip rpf-route-static 10.1.5.0 255.255.255.0 10.1.2.2
# Run the display multicast rpf-info 10.1.5.2 command on SwitchB and SwitchC to check the
RPF route to Source2. The following information is displayed:
[SwitchB] display multicast rpf-info 10.1.5.2
VPN-Instance: public net
RPF information about source: 10.1.5.2
RPF interface: vlanif40, RPF neighbor: 10.1.4.2
Referenced route/mask: 10.1.5.0/24
Referenced route type: mstatic
Route selecting rule: preference-preferred
Load splitting rule: disable
[SwitchC] display multicast rpf-info 10.1.5.2
VPN-Instance: public net
RPF information about source 10.1.5.2:
RPF interface: vlanif20, RPF neighbor: 10.1.2.2
Referenced route/mask: 10.1.5.0/24
Referenced route type: mstatic
Route selection rule: preference-preferred
Load splitting rule: disable
# Run the display pim routing-table command on SwitchC to check the PIM routing table.
SwitchC has multicast entries of Source2, indicating that Receiver can receive multicast data
from Source2.
[SwitchC] display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 2 (S, G) entries
(*, 225.1.1.1)
RP: 10.1.2.2
Protocol: pim-sm, Flag: WC
UpTime: 03:54:19
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif12
Protocol: pim-sm, UpTime: 01:38:19, Expires: never
(10.1.3.2, 225.1.1.1)
RP: 10.1.2.2
Protocol: pim-sm, Flag: ACT
UpTime: 00:00:44
Upstream interface: Vlanif20
Upstream neighbor: 10.1.2.2
RPF prime neighbor: 10.1.2.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif12
Protocol: pim-sm, UpTime: 00:00:44, Expires: never
(10.1.5.2, 225.1.1.1)
RP: 10.1.2.2
Protocol: pim-sm, Flag: ACT
UpTime: 00:00:44
Upstream interface: Vlanif20
Upstream neighbor: 10.1.2.2
RPF prime neighbor: 10.1.2.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif12
Protocol: pim-sm, UpTime: 00:00:44, Expires: never
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
multicast routing-enable
#
vlan batch 11 40
#
interface Vlanif11
ip address 10.1.5.1 255.255.255.0
pim sm
#
interface Vlanif40
ip address 10.1.4.2 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 11
port hybrid untagged vlan 11
#
interface Ethernet0/0/3
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
pim
static-rp 10.1.2.2
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 13 20 40
#
multicast routing-enable
#
interface Vlanif13
ip address 10.1.3.1 255.255.255.0
pim sm
#
interface Vlanif20
ip address 10.1.2.2 255.255.255.0
pim sm
#
interface Vlanif40
ip address 10.1.4.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 13
port hybrid untagged vlan 13
#
interface Ethernet0/0/3
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
#
pim
static-rp 10.1.2.2
#
ip rpf-route-static 10.1.5.0 24 10.1.4.2
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 12 20
#
multicast routing-enable
#
interface Vlanif12
ip address 10.1.1.1 255.255.255.0
pim sm
igmp enable
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 12
port hybrid untagged vlan 12
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
#
pim
static-rp 10.1.2.2
#
ip rpf-route-static 10.1.5.0 24 10.1.2.2
#
return
Networking Requirements
As shown in Figure 6-9, SwitchE connects to HostA and has three equal-cost routes to the
multicast source (Source). According to the default RPF check policy, SwitchE will select one
of equal-cost routes to transmit multicast data. When the rate of multicast traffic is high, the
network may be congested, degrading the quality of multicast services. To ensure the quality of
multicast services, configure multicast load splitting so that multicast data can be transmitted
through multiple equal-cost routes.
Source
24 19
. 1 .2 / 2 0 VL 2 . 1 6
68 IF /1 Et h AN 8 . 4
2.1 AN /0 0/0 IF6 .1/2
1 9 V L E th 0 /2 0 4
SwitchB
4 19
1 /2 2 .1
8 .1 . 6
1 6 0 VL 8.4.
9 2 . I F2 PIM-SM E A 2
1 N 1 th0NIF /24
10.110.1.2/24 VLA 0/0/ /0 / 6 0
VLANIF10 Eth 192.168.2.1/24 SwitchC 1
Eth0/0/4 192.168.5.2/24 SwitchE
VLANIF30 VLANIF80
Eth0/0/2 Eth0/0/2
SwitchA Eth0/0/1 Eth0/0/2
VLANIF30 VLANIF80
Et h /3 Eth0/0/4
0/0100 10.110.2.2/24
0 192.168.2.2/24 192.168.5.1/24
/
VL 0 / 3 t h
19 AN E NIF /24 VLANIF140
2.1 IF4 A .2
68 0 VL 68.6
.3 . 2. 1
1/2 19
Loopback0 4 Et h 2 0
/ 0 4
1.1.1.1/32 19
2.1 VLA 0/0/1 0/0 IF1 .1/2
6 8 N IF EthLAN 68.6
.3 . 4 0 V 2 .1
2/2 19
4
SwitchD
HostA
Configuration Roadmap
The configuration roadmap is as follows:
l Configure IP addresses for interfaces on the switches.
l Configure a unicast routing protocol (IS-IS in this example) to implement interworking
among all the switches and ensure that route costs are the same.
l Enable multicast routing on all the switches and enable PIM-SM on all the Layer 3
interfaces. Configure the loopback interface on SwitchA as a C-BSR and C-RP.
l On SwitchE, configure group address-based load splitting to distribute multicast data traffic
to multiple equal-cost paths.
l On SwitchE, configure static multicast groups on the interface connected to the network
segment of HostA, because HostA needs to receive data of these groups for a long time.
Procedure
Step 1 Configure IP addresses for interfaces on the switches.
# Create VLANs and add Layer 2 physical interfaces to VLANs on the switches. (Configurations
of the other switches are similar to the configuration of SwitchA.)
[SwitchA] vlan batch 10 20 30 40
[SwitchA] interface ethernet0/0/4
[SwitchA-Ethernet0/0/4] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/4] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/4] quit
[SwitchA] interface ethernet0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 20
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 20
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 30
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 30
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet0/0/3
[SwitchA-Ethernet0/0/3] port hybrid pvid vlan 40
[SwitchA-Ethernet0/0/3] port hybrid untagged vlan 40
[SwitchA-Ethernet0/0/3] quit
# Configure IP addresses and masks for Layer 3 interfaces on the switches. (Configurations of
the other switches are similar to the configuration of SwitchA.)
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.110.1.2 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 192.168.1.1 24
[SwitchA-Vlanif20] quit
[SwitchA] interface vlanif 30
[SwitchA-Vlanif30] ip address 192.168.2.1 24
[SwitchA-Vlanif30] quit
[SwitchA] interface vlanif 40
[SwitchA-Vlanif40] ip address 192.168.3.1 24
[SwitchA-Vlanif40] quit
[SwitchA] interface loopback0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] quit
Step 2 Configure IS-IS to implement interworking among all the switches and ensure that route costs
are the same.
# Configure SwitchA. (Configurations of the other switches are similar to the configuration of
SwitchA.)
[SwitchA] isis
[SwitchA-isis-1] network-entity 10.0000.0000.0001.00
[SwitchA-isis-1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] isis enable
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] isis enable
[SwitchA-Vlanif20] quit
[SwitchA] interface vlanif 30
[SwitchA-Vlanif30] isis enable
[SwitchA-Vlanif30] quit
[SwitchA] interface vlanif 40
[SwitchA-Vlanif40] isis enable
[SwitchA-Vlanif40] quit
[SwitchA] interface loopback0
[SwitchA-LoopBack0] isis enable
[SwitchA-LoopBack0] quit
Step 3 Enable multicast routing on all the switches and enable PIM-SM on all the Layer 3 interfaces.
# Configure SwitchA. (Configurations of the other switches are similar to the configuration of
SwitchA.)
[SwitchA] multicast routing-enable
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] pim sm
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] pim sm
[SwitchA-Vlanif20] quit
[SwitchA] interface vlanif 30
[SwitchA-Vlanif30] pim sm
[SwitchA-Vlanif30] quit
[SwitchA] interface vlanif 40
[SwitchA-Vlanif40] pim sm
[SwitchA-Vlanif40] quit
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] quit
Step 4 On all the switches, specify the IP address of Loopback0 on SwitchA as a static RP address.
# Configure SwitchA. (Configurations of the other switches are similar to the configuration of
SwitchA.)
[SwitchA] pim
[SwitchA-pim] static-rp 1.1.1.1
[SwitchA-pim] quit
Step 6 Configure static multicast groups on the interface of SwitchE connected to the network segment
of HostA.
# Configure static multicast groups 225.1.1.1 to 225.1.1.3 on VLANIF140.
[SwitchE] interface Vlanif140
[SwitchE-Vlanif140] igmp static-group 225.1.1.1 inc-step-mask 32 number 3
[SwitchE-Vlanif140] quit
(*, G) and (S, G) entries are evenly distributed on the three equal-cost routes. The upstream
interfaces of the routes are VLANIF100, VLANIF80, and VLANIF60 respectively.
NOTE
The load splitting algorithm processes (*, G) and (S, G) entries separately using the same rule.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20 30 40
#
multicast routing-enable
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 10.110.1.2 255.255.255.0
isis enable 1
pim sm
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
isis enable 1
pim sm
#
interface Vlanif30
ip address 192.168.2.1 255.255.255.0
isis enable 1
pim sm
#
interface Vlanif40
ip address 192.168.3.1 255.255.255.0
isis enable 1
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface Ethernet0/0/3
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface Ethernet0/0/4
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
pim sm
#
pim
static-rp 1.1.1.1
#
return
#
sysname SwitchD
#
vlan batch 40 100
#
multicast routing-enable
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 192.168.3.2 255.255.255.0
isis enable 1
pim sm
#
interface Vlanif100
ip address 192.168.6.1 255.255.255.0
isis enable 1
pim sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
pim
static-rp 1.1.1.1
#
return
l Configuration file of SwitchE
#
sysname SwitchE
#
vlan batch 60 80 100 140
#
multicast routing-enable
multicast load-splitting group
#
isis 1
network-entity 10.0000.0000.0005.00
#
interface Vlanif60
ip address 192.168.4.2 255.255.255.0
isis enable 1
pim sm
#
interface Vlanif80
ip address 192.168.5.2 255.255.255.0
isis enable 1
pim sm
#
interface Vlanif100
ip address 192.168.6.2 255.255.255.0
isis enable 1
pim sm
#
interface Vlanif140
ip address 10.110.2.2 255.255.255.0
isis enable 1
pim sm
igmp static-group 225.1.1.1 inc-step-mask 0.0.0.1 number 3
#
interface Ethernet0/0/1
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface Ethernet0/0/2
port hybrid pvid vlan 80
port hybrid untagged vlan 80
#
interface Ethernet0/0/3
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Ethernet0/0/4
port hybrid pvid vlan 140
port hybrid untagged vlan 140
#
pim
static-rp 1.1.1.1
#
return
Networking Requirements
As shown in Figure 6-10, Router connects to user hosts through a Layer 2 Switch and Router
runs IGMPv2. The multicast source sends data to multicast groups 225.1.1.1 to 225.1.1.5. On
the network, there are three receivers HostA, HostB, and HostC and the three hosts only want
to receive data of multicast groups 225.1.1.1 to 225.1.1.3.
IP/MPLS core
Router
VLAN10
Eth0/0/3
Eth0/0/1 Eth0/0/2
Switch
Configuration Roadmap
To meet the preceding requirements, configure basic IGMP snooping functions and a multicast
group policy on the Layer 2 Switch. The configuration roadmap is as follows:
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid pvid vlan 10
[Switch-Ethernet0/0/1] port hybrid untagged vlan 10
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid pvid vlan 10
[Switch-Ethernet0/0/2] port hybrid untagged vlan 10
[Switch-Ethernet0/0/2] quit
[Switch] interface ethernet 0/0/3
[Switch-Ethernet0/0/3] port hybrid pvid vlan 10
[Switch-Ethernet0/0/3] port hybrid untagged vlan 10
[Switch-Ethernet0/0/3] quit
The command output shows that multicast groups 225.1.1.1 to 225.1.1.3 have dynamically
generated member ports Eth0/0/1 and Eth0/0/2 on the Switch.
# Check the Layer 2 multicast forwarding table on the Switch.
<Switch> display l2-multicast forwarding-table vlan 10
VLAN ID : 10, Forwarding Mode : IP
------------------------------------------------------------------------
(Source, Group) Interface Out-Vlan
------------------------------------------------------------------------
Router-port Ethernet0/0/3 10
(*, 225.1.1.1) Ethernet0/0/1 10
Ethernet0/0/2 10
Ethernet0/0/3 10
(*, 225.1.1.2) Ethernet0/0/1 10
Ethernet0/0/2 10
Ethernet0/0/3 10
(*, 225.1.1.3) Ethernet0/0/1 10
Ethernet0/0/2 10
Ethernet0/0/3 10
----------------------------------------------------------------------
Total Group(s) : 3
The command output shows that the forwarding table contains only information about multicast
groups 225.1.1.1 to 225.1.1.3. The multicast groups 225.1.1.4 to 225.1.1.5 do not forward data
to the hosts.
----End
Configuration Files
l Configuration file of the Switch
#
sysname Switch
#
vlan batch 10
#
igmp-snooping enable
#
acl number 2000
rule 5 deny source 225.1.1.4 0
rule 10 deny source 225.1.1.5 0
#
vlan 10
igmp-snooping enable
igmp-snooping group-policy 2000
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
Networking Requirements
As shown in Figure 6-11, Router connects to user hosts through a Layer 2 swtich. The user-side
VLANIF interface of Router has static groups 225.1.1.1 to 225.1.1.5 configured and does not
run IGMP. There are four receivers on the network: HostA, HostB, HostC, and HostD. HostA
and HostB expect to receive data of multicast groups 225.1.1.1 to 225.1.1.3 for long time. HostC
and HostD expect to receive data of multicast groups 225.1.1.4 to 225.1.1.5.
Figure 6-11 Networking diagram for Layer 2 multicast configuration through static interfaces
Source
IP/MPLS core
Router
VLAN10
Eth0/0/3
Eth0/0/1 Eth0/0/2
Switch
Configuration Roadmap
To meet the preceding requirements, configure a static router port and static member ports of
IGMP snooping on the Layer 2 Switch. The configuration roadmap is as follows:
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid pvid vlan 10
[Switch-Ethernet0/0/1] port hybrid untagged vlan 10
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid pvid vlan 10
[Switch-Ethernet0/0/2] port hybrid untagged vlan 10
[Switch-Ethernet0/0/2] quit
[Switch] interface ethernet 0/0/3
[Switch-Ethernet0/0/3] port hybrid pvid vlan 10
The command output shows that Eth0/0/3 has been configured as static router port.
The command output shows that multicast groups 225.1.1.1 to 225.1.1.3 have a static member
port Eth0/0/1 on the Switch and multicast groups 225.1.1.4 to 225.1.1.5 have a static member
port Eth0/0/2 on the Switch.
The command output shows that multicast groups 225.1.1.1 to 225.1.1.5 have a forwarding table
on the Switch.
----End
Configuration Files
l Configuration file of the Switch
#
sysname Switch
#
vlan batch 10
#
igmp-snooping enable
#
vlan 10
igmp-snooping enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
l2-multicast static-group group-address 225.1.1.1 to 225.1.1.3 vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
l2-multicast static-group group-address 225.1.1.4 to 225.1.1.5 vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
igmp-snooping static-router-port vlan 10
#
return
Networking Requirements
As shown in Figure 6-12, on a pure Layer 2 network, multicast sources Source1 and Source2
send multicast data to multicast groups 224.1.1.1 and 225.1.1.1. HostA and HostC expect to
receive data of multicast group 224.1.1.1 for long time, while HostB and HostD expect to receive
data of multicast group 225.1.1.1 for long time. All the hosts run IGMPv2.
VLAN10
Eth0/0/3 Eth0/0/4
Eth0/0/1 Eth0/0/2 Eth0/0/3
Eth0/0/2
Eth0/0/1
Eth0/0/1 Eth0/0/2
Eth0/0/2 Eth0/0/3
HostD SwitchD SwitchC HostC
Configuration Roadmap
To meet the preceding requirements, enable IGMP snooping on the four switches and configure
an IGMP snooping querier. Enable all the switches to discard unknown multicast packets to
prevent the switches from broadcasting multicast data in the VLAN when there are no Layer 2
multicast forwarding entries on the switches. The configuration roadmap is as follows:
1. On all the switches, create a VLAN and add interfaces to the VLAN according to Figure
6-12.
2. Enable IGMP snooping globally and in the VLAN on all the switches.
3. Configure SwitchA as an IGMP snooping querier.
4. Enable all the Switches to discard unknown multicast packets.
Procedure
Step 1 On all the switches, create a VLAN and add interfaces to the VLAN.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] port hybrid pvid vlan 10
# The configurations of SwitchB, SwitchC and SwitchD are similar to the configuration of
SwitchA, and the configurations are not provided here.
Step 2 Enable IGMP snooping globally and in the VLAN on all the switches.
# Configure SwitchA.
[SwitchA] igmp-snooping enable
[SwitchA] vlan 10
[SwitchA-vlan10] igmp-snooping enable
[SwitchA-vlan10] quit
# The configurations of SwitchB, SwitchC and SwitchD are similar to the configuration of
SwitchA, and the configurations are not provided here.
On the S2300 (except the S2352P-EI), run this command in the system view.
[SwitchA] vlan 10
[SwitchA-vlan10] multicast drop-unknown
[SwitchA-vlan10] quit
# The configurations of SwitchB, SwitchC and SwitchD are similar to the configuration of
SwitchA, and the configurations are not provided here.
# When the IGMP snooping querier begins to work, all the switches except the IGMP snooping
querier receive IGMP General Query messages. Run the display igmp-snooping statistics vlan
10 command on SwitchB to view IGMP message statistics. The command output is as follows:
<SwitchB> display igmp-snooping statistics vlan 10
IGMP Snooping Packets Counter
Statistics for VLAN 10
Recv V1 Report 0
Recv V2 Report 32
Recv V3 Report 0
Recv V1 Query 0
Recv V2 Query 30
Recv V3 Query 0
Recv Leave 0
Recv Pim Hello 0
Send Query(S=0) 0
Send Query(S!=0) 0
Suppress Report 0
Suppress Leave 0
Proxy Send General Query 0
Proxy Send Group-Specific Query 0
Proxy Send Group-Source-Specific Query 0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
igmp-snooping enable
#
vlan 10
multicast drop-unknown
igmp-snooping enable
igmp-snooping querier enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
igmp-snooping enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
Networking Requirements
As shown in Figure 6-13, Router connects to user hosts through a Layer 2 Switch and Router
runs IGMPv3. There are multiple receiver hosts on the network, and the administrator expects
that exchange of IGMP messages will not be a burden to Router.
Figure 6-13 Networking diagram for the IGMP snooping proxy configuration
Source
IP/MPLS core
Router
VLAN10 Eth0/0/3
Eth0/0/1 Eth0/0/2
Switch
… …
HostA HostG HostH HostN
Configuration Roadmap
To meet the preceding requirements, configure IGMP snooping proxy on the Switch. The
configuration roadmap is as follows:
1. Create a VLAN and add interfaces to the VLAN.
2. Enable IGMP snooping globally and in the VLAN.
3. Configure IGMP snooping proxy on the Switch to reduce packet exchange between the
Switch and Router.
4. Disable the Switch from sending IGMP Query messages to the upstream Router to prevent
election of the IGMP querier.
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid pvid vlan 10
[Switch-Ethernet0/0/1] port hybrid untagged vlan 10
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid pvid vlan 10
[Switch-Ethernet0/0/2] port hybrid untagged vlan 10
[Switch-Ethernet0/0/2] quit
# Configure IGMPv3 snooping to enable the Switch to process IGMP messages of all versions.
[Switch-vlan10] igmp-snooping version 3
Step 4 Disable the Switch from sending IGMP Query messages to the upstream Router.
[Switch] interface ethernet 0/0/3
[Switch-Ethernet0/0/3] igmp-snooping proxy-uplink-port vlan 10
[Switch-Ethernet0/0/3] quit
The command output shows that the IGMP snooping proxy takes effect as the Switch functions
as a proxy to send IGMP General Query messages.
----End
Configuration Files
l Configuration file of the Switch
#
sysname Switch
#
vlan batch 10
#
igmp-snooping enable
#
vlan 10
igmp-snooping enable
igmp-snooping version 3
igmp-snooping proxy
#
interface Ethernet0/0/1
port pvid untagged vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port pvid untagged vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port pvid untagged vlan 10
port hybrid untagged vlan 10
igmp-snooping proxy-uplink-port vlan 10
#
return
Networking Requirements
As shown in Figure 6-14, Router connects to user hosts through a Layer 2 Switch. Router runs
IGMPv3 and uses the ASM mode and SSM mode to provide multicast services. User hosts
HostA, HostB, and HostC on the network run IGMPv2 and do not support IGMPv3. The
multicast sources Source1 and Source2 send multicast data to the multicast group 225.1.1.1, but
the user hosts want to receive only the multicast data sent from Source1.
Router
VLAN10
Eth0/0/3
Switch
Eth0/0/1
Configuration Roadmap
To meet the preceding requirements, configure SSM mapping on the Switch. The configuration
roadmap is as follows:
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid pvid vlan 10
[Switch-Ethernet0/0/1] port hybrid untagged vlan 10
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/3
[Switch-Ethernet0/0/3] port hybrid pvid vlan 10
[Switch-Ethernet0/0/3] port hybrid untagged vlan 10
[Switch-Ethernet0/0/3] quit
# Create an ACL, and configure a rule that allows hosts to receive data of multicast group
225.1.1.1.
[Switch] acl number 2008
[Switch-acl-basic-2008] rule 5 permit source 225.1.1.1 0
[Switch-acl-basic-2008] quit
# Apply the SSM mapping policy in the VLAN and treat the multicast group 225.1.1.1 as a
member in the SSM groups.
[Switch] vlan 10
[Switch-vlan10] igmp-snooping ssm-policy 2008
# Configure the Switch to run IGMPv3, enable SSM mapping, and configure a mapping between
the multicast group 225.1.1.1 and the source IP address 10.10.1.1.
[Switch-vlan10] igmp-snooping version 3
[Switch-vlan10] igmp-snooping ssm-mapping enable
The command output shows that a mapping entry (10.10.1.1, 225.1 .1.1) has been generated on
the Switch. The mapping entry indicates that the data is sent by Source1.
NOTE
The preceding stream entries are triggered by unknown streams that are generated because user hosts have
no order for services delivered from multicast source 10.10.2.1.
----End
Configuration Files
l Configuration file of the Switch
#
sysname Switch
#
vlan batch 10
#
igmp-snooping enable
#
acl number 2008
rule 5 permit source 225.1.1.1 0
#
vlan 10
igmp-snooping enable
igmp-snooping ssm-mapping enable
igmp-snooping version 3
igmp-snooping ssm-policy 2008
igmp-snooping ssm-mapping 225.1.1.1 255.255.255.255 10.10.1.1
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
Networking Requirements
As shown in Figure 6-15, service VLAN 10 is used to transmit multicast data between RouterA
and SwitchA. HostA, HostB, and HostC belong to VLAN 100, VLAN 200, and VLAN 300
respectively. All of them want to receive multicast data from Source.
You can configure 1-to-N multicast VLAN replication based on user VLANs, so that RouterA
only needs to copy multicast data for VLAN 10 to respond to the same multicast data request
from different user hosts. This reduces bandwidth consumption between RouterA and SwitchA.
Figure 6-15 Configuring 1-to-N multicast VLAN replication based on user VLANs
VLAN10
Eth0/0/1 SwitchA
Eth0/0/2 Eth0/0/4
Eth0/0/3
VLAN100 VLAN200 VLAN300
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IGMP snooping in the system view.
2. Create user VLANs and enable IGMP snooping in the user VLANs.
3. Create a multicast VLAN and enable IGMP snooping in the multicast VLAN.
Procedure
Step 1 Enable IGMP snooping in the system view.
<SwitchA> system-view
[SwitchA] igmp-snooping enable
Step 2 Create user VLANs and enable IGMP snooping in the user VLANs.
[SwitchA] vlan 100
[SwitchA-vlan100] igmp-snooping enable
[SwitchA-vlan100] quit
[SwitchA] vlan 200
[SwitchA-vlan200] igmp-snooping enable
[SwitchA-vlan200] quit
[SwitchA] vlan 300
[SwitchA-vlan300] igmp-snooping enable
[SwitchA-vlan300] quit
Step 3 Create a multicast VLAN and enable IGMP snooping in the multicast VLAN.
[SwitchA] vlan 10
[SwitchA-vlan10] igmp-snooping enable
[SwitchA-vlan10] multicast-vlan enable
Step 4 Bind user VLANs 100, 200, and 300 to multicast VLAN 10.
[SwitchA-vlan10] multicast-vlan user-vlan 100 200 300
[SwitchA-vlan10] quit
# Add Eth0/0/2, Eth0/0/3, and Eth0/0/4 to user VLANs 100, 200, and 300 respectively.
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] port hybrid pvid vlan 200
[SwitchA-Ethernet0/0/3] port hybrid untagged vlan 200
[SwitchA-Ethernet0/0/3] quit
[SwitchA] interface ethernet 0/0/4
[SwitchA-Ethernet0/0/4] port hybrid pvid vlan 300
[SwitchA-Ethernet0/0/4] port hybrid untagged vlan 300
[SwitchA-Ethernet0/0/4] quit
Step 6 Verify the configuration. View information about the multicast VLAN and user VLANs on
SwitchA.
[SwitchA] display multicast-vlan vlan
Total multicast vlan 1
multicast-vlan user-vlan number snooping-state
----------------------------------------------------------------
10 3 IGMP Enable /MLD Disable
[SwitchA] display user-vlan vlan
Total user vlan 3
user-vlan snooping-state multicast-vlan snooping-state
-----------------------------------------------------------------------------
100 IGMP Enable /MLD Disable 10 IGMP Enable /MLD Disable
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 100 200 300
#
igmp-snooping enable
#
vlan 10
igmp-snooping enable
multicast-vlan enable
multicast-vlan user-vlan 100 200 300
#
vlan 100
igmp-snooping enable
#
vlan 200
igmp-snooping enable
#
vlan 300
igmp-snooping enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Ethernet0/0/3
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface Ethernet0/0/4
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
return
Networking Requirements
As shown in Figure 6-16, the Switch is connected to RouterA, RouterB, and the Receiver
through Eth0/0/1, Eth0/0/2, and Eth0/0/3 respectively. S1 and S2 are multicast sources provided
by different ISPs.
You can configure N-to-N multicast VLAN replication based on user VLANs and distinguish
ISPs by different multicast VLANs, so that the user host can receive multicast data sent from
S1 to the multicast group 225.1.1.1 and from S2 to the multicast group 225.1.2.1.
Figure 6-16 Configuring N-to-N multicast VLAN replication based on user VLANs
S1 RouterA RouterB S2
MVLAN10 MVLAN20
Eth0/0/1 Eth0/0/2
Eth0/0/3 Switch
VLAN100
Receiver
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Enable IGMP snooping in the system view.
<Switch> system-view
[Switch] igmp-snooping enable
Step 2 Create user VLAN 100 and enable IGMP snooping in the user VLAN. Enable the triggering of
the multicast flow in the user VLAN.
[Switch] vlan 100
[Switch-vlan100] igmp-snooping enable
[Switch-vlan100] multicast flow-trigger enable
[Switch-vlan100] quit
Step 3 Create multicast VLANs 10 and 20 and enable IGMP snooping in the multicast VLANs.
[Switch] vlan 10
[Switch-vlan10] igmp-snooping enable
[Switch-vlan10] multicast-vlan enable
[Switch-vlan10] quit
[Switch] vlan 20
[Switch-vlan20] igmp-snooping enable
[Switch-vlan20] multicast-vlan enable
[Switch-vlan20] quit
Step 4 Add user VLAN 100 to multicast VLANs 10 and 20 and configure static multicast flow in the
multicast VLANs.
[Switch] vlan 10
[Switch-vlan10] multicast-vlan user-vlan 100
[Switch-vlan10] multicast static-flow 225.1.1.1
[Switch-vlan10] quit
[Switch] vlan 20
[Switch-vlan20] multicast-vlan user-vlan 100
[Switch-vlan20] multicast static-flow 225.1.2.1
[Switch-vlan20] quit
# Run the display multicast static-flow command. You can see that the static multicast flow in
the multicast VLAN, which indicates that users in the user VLAN can be added to the multicast
group.
[Switch] display multicast static-flow
-------------------------------------------------------------------
Vlan (Source, Group)
-------------------------------------------------------------------
10 (*, 225.1.1.1)
20 (*, 225.1.2.1)
-------------------------------------------------------------------
Total Table(s) : 2
----End
Configuration Files
l Configuration file of the Switch
#
sysname Switch
#
vlan batch 10 20 100
#
igmp-snooping enable
#
vlan 10
igmp-snooping enable
multicast-vlan enable
multicast static-flow 225.1.1.1
multicast-vlan user-vlan 100
#
vlan 20
igmp-snooping enable
multicast-vlan enable
multicast static-flow 225.1.2.1
multicast-vlan user-vlan 100
#
vlan 100
multicast flow-trigger enable
igmp-snooping enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
Networking Requirements
As shown in Figure 6-17, Eth0/0/1 of the SwitchA is connected to the Router. Eth0/0/2 provides
services for ISP1, and Eth0/0/3 provides services for ISP2. ISP1 and ISP2 use multicast VLAN
2 and VLAN 3 respectively to provide multicast services for users. Eth0/0/2 and Eth0/0/3 have
the same user VLAN (VLAN 10).
To protect interests of the ISPs and ensure that multicast packets of each ISP are sent only to
users of the ISP, the interface-based multicast VLAN replication is required. After the
configuration is complete, multicast data of an ISP will be sent only to the interface connected
to the ISP.
Router GE1/0/0
Source
Eth0/0/1
Eth0/0/2
Eth0/0/3
SwitchA
ISP1 ISP2
VLAN10 VLAN10
Receiver Receiver
HostA HostB
Multicast Packet
Multicast VLAN 2
Multicast VLAN 3
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IGMP snooping in the system view.
2. Create user VLAN 10.
3. Create multicast VLANs 2 and 3 and enable IGMP snooping in the multicast VLANs.
4. Bind user VLAN 10 to multicast VLANs on Eth0/0/2 and Eth0/0/3 respectively.
5. Add the network-side interface and user-side interfaces to VLANs as hybrid interfaces.
Procedure
Step 1 Create user VLAN 10.
<SwitchA> system-view
[SwitchA] vlan batch 10
Step 2 Create multicast VLANs 2 and 3 and enable IGMP snooping in the multicast VLANs.
[SwitchA] igmp-snooping enable
[SwitchA] vlan 2
[SwitchA-vlan2] igmp-snooping enable
[SwitchA-vlan2] quit
[SwitchA] vlan 3
[SwitchA-vlan3] igmp-snooping enable
[SwitchA-vlan3] quit
Step 3 Bind user VLAN 10 to multicast VLANs on Eth0/0/2 and Eth0/0/3 respectively.
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] l2-multicast-bind vlan 10 mvlan 2
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] l2-multicast-bind vlan 10 mvlan 3
[SwitchA-Ethernet0/0/3] quit
Step 4 Add Eth0/0/1 to the multicast VLANs. Add Eth0/0/2 and Eth0/0/3 to the user VLAN.
# Add Eth0/0/1 to multicast VLANs 2 and 3 as a trunk interface.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port link-type trunk
[SwitchA-Ethernet0/0/1] port trunk allow-pass vlan 2 3
[SwitchA-Ethernet0/0/1] quit
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 3 10
#
igmp-snooping enable
#
vlan 2
igmp-snooping enable
#
vlan 3
igmp-snooping enable
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
l2-multicast-bind vlan 10 mvlan 2
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
Networking Requirements
As shown in Figure 6-18, multicast groups G1 (225.0.0.1), G2 (225.0.0.2), G3 (225.0.0.3), and
G4 (225.0.0.4) exist on the network connected to the router. You are required to configure users
in VLAN 10 and VLAN 20 to watch only G1 and G2 and users in VLAN 30 and VLAN 40 to
watch all multicast groups.
NOTE
This example illustrates how to configure controllable multicast on an IPv4 network. Controllable multicast
configuration on an IPv6 network is similar. You only need to replace IGMP snooping with MLD snooping
on the IPv6 network.
Network
G2(11.1.1.1,225.0.0.2) G4(13.1.1.1,225.0.0.4)
Switch
/1 Eth
th 0/0 0/0
Et h
E /4
0/2
0/
0/0
h
Et
/3
Configuration Roadmap
You can configure controllable multicast on the switch.The configuration roadmap is as follow:
1. Configure IGMP snooping on the switch.
2. Configure controllable multicast.
l Configure two multicast group lists L1 (G1, G2) and L2 (G3, G4).
l Configure two multicast profiles P1 and P2.
Configuration Procedure
1. Configure user VLANs and add interfaces to these user VLANs.
<Switch> system-view
[Switch] vlan batch 10 20 30 40
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid untagged vlan 10
[Switch-Ethernet0/0/1] port hybrid pvid vlan 10
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid untagged vlan 20
[Switch-Ethernet0/0/2] port hybrid pvid vlan 20
[Switch-Ethernet0/0/2] quit
[Switch] interface ethernet 0/0/3
[Switch-Ethernet0/0/3] port hybrid untagged vlan 30
[Switch-Ethernet0/0/3] port hybrid pvid vlan 30
[Switch-Ethernet0/0/3] quit
[Switch] interface ethernet 0/0/4
[Switch-Ethernet0/0/4] port hybrid untagged vlan 40
[Switch-Ethernet0/0/4] port hybrid pvid vlan 40
[Switch-Ethernet0/0/4] quit
[Switch-btv] multicast-profile P1
[Switch-btv-profile-P1] add multicast-list name L1 watch
[Switch-btv-profile-P1] quit
[Switch-btv] multicast-profile P2
[Switch-btv-profile-P2] add multicast-list name L1 watch
[Switch-btv-profile-P2] add multicast-list name L2 watch
[Switch-btv-profile-P2] quit
[Switch-btv] quit
# Apply multicast profiles to VLANs.
[Switch] vlan 10
[Switch-vlan10] attach multicast-profile P1
[Switch-vlan10] quit
[Switch] vlan 20
[Switch-vlan20] attach multicast-profile P1
[Switch-vlan20] quit
[Switch] vlan 30
[Switch-vlan30] attach multicast-profile P2
[Switch-vlan30] quit
[Switch] vlan 40
[Switch-vlan40] attach multicast-profile P2
[Switch-vlan40] quit
4. Verify the configuration.
[Switch] display multicast-profile-apply
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Vlan10 -- --
8
1 P1
Vlan20 -- --
8
1 P1
Vlan30 -- --
8
2 P2
Vlan40 -- --
8
2 P2
Total: 4
[Switch] display multicast-profile
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
1 P1 1 2
2 P2 2 2
Total: 2
[Switch] display multicast-list
-------------------------------------------------------------------------
Index Multicast-list-name Multicast-
group
-------------------------------------------------------------------------
1 L1
2
2 L2
2
Total: 2
-------------------------------------------------------------------------
1 G1 225.0.0.1
2 G2 225.0.0.2
3 G3 225.0.0.3
4 G4 225.0.0.4
Total: 4
Configuration Files
sysname Switch
#
vlan batch 10 20 30 40
#
igmp-snooping enable
#
btv
multicast-group G1 ip-address 225.0.0.1
multicast-group G2 ip-address 225.0.0.2
multicast-group G3 ip-address 225.0.0.3
multicast-group G4 ip-address 225.0.0.4
multicast-list L1
add multicast-group name G1
add multicast-group name G2
multicast-list L2
add multicast-group name G3
add multicast-group name G4
multicast-profile P1
add multicast-list name L1 watch
multicast-profile P2
add multicast-list name L1 watch
add multicast-list name L2 watch
#
vlan 10
igmp-snooping enable
attach multicast-profile P1
#
vlan 20
igmp-snooping enable
attach multicast-profile P1
#
vlan 30
igmp-snooping enable
attach multicast-profile P2
#
vlan 40
igmp-snooping enable
attach multicast-profile P2
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/3
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface Ethernet0/0/4
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
return
Networking Requirements
On the IPv6 network shown in Figure 6-19, unicast routes are working properly. The multicast
function needs to be enabled on the network so that hosts can receive multicast data.
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the IPv6 multicast function so that multicast data can be forwarded on the network.
To achieve this purpose, enable PIM-SM (IPv6) on each switch.
2. Enable MLD on the interfaces connected to hosts so that hosts can receive multicast data.
Procedure
Step 1 Create VLANs and VLANIF interfaces on the switches and assign IPv6 addresses to the
VLANIF interfaces. The configuration details are not mentioned here.
Step 2 Enable the IPv6 multicast function and enable MLD and PIM-SM (IPv6) on the interfaces
connected to hosts.
# Enable the IPv6 multicast function on SwitchA, and enable MLD and PIM-SM (IPv6) on
VLANIF 100.
<SwitchA> system-view
[SwitchA] multicast ipv6 routing-enable
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] pim ipv6 sm
[SwitchA-Vlanif100] mld enable
[SwitchA-Vlanif100] quit
[SwitchA] interface vlanif 101
[SwitchA-Vlanif101] pim ipv6 sm
[SwitchA-Vlanif101] quit
# The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and
are not mentioned here.
# Run the display mld interface command to check information about MLD configuration and
running on each interface of the switches. MLD information about VLANIF 200 on SwitchB is
as follows:
<SwitchB> display mld interface vlanif 200 verbose
Interface information
Vlanif200(FE80::200:5EFF:FE66:5100):
MLD is enabled
Current MLD version is 2
MLD state: up
MLD group policy: none
MLD limit: -
Value of query interval for MLD (negotiated): 125 s
Value of query interval for MLD (configured): 125 s
Value of other querier timeout for MLD: 0 s
Value of maximum query response time for MLD: 10 s
Value of last listener query time: 2 s
Value of last listener query interval: 1 s
Value of startup query interval: 31 s
Value of startup query count: 2
General query timer expiry (hours:minutes:seconds): 00:00:28
Querier for MLD: FE80::200:5EFF:FE66:5100 (this router)
MLD activity: 0 joins, 0 dones
Robustness (negotiated): 2
Robustness (configured): 2
Require-router-alert: disabled
Send-router-alert: enabled
Ip-source-policy: disabled
Query Ip-source-policy: disabled
Prompt-leave: disabled
SSM-Mapping: disabled
Startup-query-timer-expiry: on
Other-querier-present-timer-expiry: off
The command output shows that SwitchB is a querier. This is because the IPv6 address of
VLANIF 200 on SwitchB is smaller than those of other multicast switches on the same network
segment.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100 101
#
ipv6
#
multicast ipv6 routing-enable
#
interface Vlanif100
ipv6 enable
ipv6 address 3000::12/64
pim ipv6 sm
mld enable
#
interface Vlanif101
ipv6 enable
ipv6 address 2002::1/64
pim ipv6 sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Ethernet0/0/2
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
return
#
ipv6
#
multicast ipv6 routing-enable
#
interface Vlanif200
ipv6 enable
ipv6 address 3001::12/64
pim ipv6 sm
mld enable
#
interface Vlanif301
ipv6 enable
ipv6 address 2004::1/64
pim ipv6 sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface Ethernet0/0/2
port hybrid pvid vlan 301
port hybrid untagged vlan 301
#
return
Networking Requirements
In Figure 6-20, multicast services are deployed on the network. The MLD limit needs to be
configured for the entire system and an interface on SwitchA, SwitchB, and SwitchC to limit
the number of multicast groups that users can join. When the number of multicast memberships
reaches the MLD limit, no new MLD entry can be created. This configuration ensures that users
in existing multicast groups receive stable multicast data.
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the IPv6 multicast function so that multicast data can be forwarded on the network.
To achieve this purpose, enable PIM-SM (IPv6) on each switch.
2. Enable MLD on the interfaces connected to hosts.
3. Configure the MLD limit on SwitchA, SwitchB, and SwitchC.
Procedure
Step 1 Create VLANs and VLANIF interfaces on the switches and assign IPv6 addresses to the
VLANIF interfaces. The configuration details are not mentioned here.
Step 2 Enable the multicast function and enable MLD and PIM-SM (IPv6) on the interfaces connected
to hosts.
# Enable the IPv6 multicast function on SwitchA, and enable MLD and PIM-SM (IPv6) on
VLANIF 100.
<SwitchA> system-view
[SwitchA] multicast ipv6 routing-enable
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] pim ipv6 sm
[SwitchA-Vlanif100] mld enable
[SwitchA-Vlanif100] quit
[SwitchA] interface vlanif 101
[SwitchA-Vlanif101] pim ipv6 sm
[SwitchA-Vlanif101] quit
# The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and
are not mentioned here.
Step 3 Set the MLD limit on the last-hop switch.
# Set the MLD limit on SwitchA to 50.
[SwitchA] mld global limit 50
# The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and
are not mentioned here.
Step 4 Verify the configuration.
# Run the display mld interface command to check information about MLD configuration and
running on each interface of the switches. MLD information about VLANIF 100 on SwitchB is
as follows:
[SwitchB] display mld interface vlanif 100
Interface information
Vlanif100(FE80::200:5EFF:FE66:5100):
MLD is enabled
Current MLD version is 2
MLD state: up
MLD group policy: none
MLD limit: 30
Value of query interval for MLD (negotiated): 125 s
The command output shows that the MLD limit on VLANIF 100 of SwitchB is 30.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100 101
#
ipv6
#
mld global limit 50
#
multicast ipv6 routing-enable
#
interface Vlanif100
ipv6 enable
ipv6 address 3000::12/64
pim ipv6 sm
mld enable
mld limit 30
#
interface Vlanif101
ipv6 enable
ipv6 address 2001::1/64
pim ipv6 sm
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Ethernet0/0/2
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
return
#
interface Ethernet0/0/1
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface Ethernet0/0/2
port hybrid pvid vlan 201
port hybrid untagged vlan 201
#
return
Networking Requirements
In Figure 6-21, the router connects to the user network through the Layer 2 Switch on an IPv6
network. When the multicast source sends data to multicast group FF16::1 to FF16::5, HostA,
HostB, and HostC on the network only want to receive date of multicast groups FF16::1 to
FF16::3.
IP/MPLS core
Router
VLAN10
Eth0/0/3
Eth0/0/1 Eth0/0/2
Switch
Configuration Roadmap
To meet the requirement, basic MLD snooping functions and multicast group policy need to be
configured on the Layer 2 device. The configuration roadmap is as follows:
1. Create a VLAN on the Switch and add the interface to the VLAN.
2. Enable MLD snooping globally and in a VLAN.
3. Configure a multicast group policy in a VLAN.
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid pvid vlan 10
[Switch-Ethernet0/0/1] port hybrid untagged vlan 10
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid pvid vlan 10
[Switch-Ethernet0/0/2] port hybrid untagged vlan 10
[Switch-Ethernet0/0/2] quit
[Switch] interface ethernet 0/0/3
[Switch-Ethernet0/0/3] port hybrid pvid vlan 10
[Switch-Ethernet0/0/3] port hybrid untagged vlan 10
[Switch-Ethernet0/0/3] quit
The command output shows that Eth0/0/1 and Eth0/0/2 on the Switch have joined the group
FF16::1 to FF16::3.
----End
Configuration Files
l Configuration file of the Switch
#
sysname Switch
#
vlan batch 10
#
mld-snooping enable
#
acl ipv6 number 2000
Networking Requirements
In Figure 6-22, the router connects to the user network through the Layer 2 switch on an IPv6
network. HostA, HostB, and HostC are the receivers. The user-side VLANIF interface of Router
has static groups FF16::1 to FF16::5 configured and does not run MLD. HostA and HostB require
to steadily receive data from FF16::1 to FF16::3 while HostC wants to steadily receive data from
FF16::4 to FF16::5.
Figure 6-22 Networking diagram for configuring a static interface to implement Layer 2
multicast
Source
IP/MPLS core
Router
VLAN10
Eth0/0/3
Eth0/0/1 Eth0/0/2
Switch
Configuration Roadmap
To meet the requirement, MLD snooping static router and member ports need to configured on
the Switch.
1. Create a VLAN and add interfaces to the VLAN.
2. Enable MLD snooping globally and in a VLAN.
3. Configure a static router port.
4. Configure a static member port.
Procedure
Step 1 Create VLAN 10 and add the interface to VLAN 10.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid pvid vlan 10
[Switch-Ethernet0/0/1] port hybrid untagged vlan 10
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid pvid vlan 10
[Switch-Ethernet0/0/2] port hybrid untagged vlan 10
[Switch-Ethernet0/0/2] quit
[Switch] interface ethernet 0/0/3
[Switch-Ethernet0/0/3] port hybrid pvid vlan 10
[Switch-Ethernet0/0/3] port hybrid untagged vlan 10
[Switch-Ethernet0/0/3] quit
The command output shows that Eth0/0/3 becomes the static router port.
The command output shows that Eth0/0/1 on the Switch joins multicast groups FF16::1 to
FF16::3 and Eth0/0/2 on the Switch joins multicast groups FF16::4 to FF16::5.
----End
Configuration Files
l Configuration file of the Switch
#
sysname Switch
#
vlan batch 10
#
mld-snooping enable
#
vlan 10
mld-snooping enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
mld-snooping static-group ff16:0:0:0:0:0:0:1 vlan 10
mld-snooping static-group ff16:0:0:0:0:0:0:2 vlan 10
mld-snooping static-group ff16:0:0:0:0:0:0:3 vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
mld-snooping static-group ff16:0:0:0:0:0:0:4 vlan 10
mld-snooping static-group ff16:0:0:0:0:0:0:5 vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
mld-snooping static-router-port vlan 10
#
return
Networking Requirements
In Figure 6-23, Source1 and Source2 on a Layer 2 network send multicast data to FF16::1 and
FF16::2. HostA and HostC need to receive data of multicast group FF16::1 and HostB and Host
D need to receive data of multicast group FF16::2.
VLAN10
Eth0/0/3 Eth0/0/4
Eth0/0/1 Eth0/0/2 Eth0/0/3
Eth0/0/2
Eth0/0/1
Eth0/0/1 Eth0/0/2
Eth0/0/2 Eth0/0/3
HostD SwitchD SwitchC HostC
Configuration Roadmap
Enable MLD snooping on each switch in the network and configure MLD snooping querier to
meet the service requirement. Enable each switch to discard unknown multicast packets to
prevent the device from broadcasting multicast packets in a VLAN when there is no
corresponding Layer 2 forwarding entry.
1. According to Figure 6-23, create a VLAN on the switches and add interfaces to the VLAN.
2. Enable MLD snooping globally and in a VLAN on all the switches.
3. Configure SwitchA closest to the multicast source as the MLD snooping querier.
4. Enable all the switches to discard unknown multicast packets.
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/3] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/3] quit
# The configurations of SwitchB, SwitchC and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 2 Enable MLD snooping.
# Configure SwitchA.
[SwitchA] mld-snooping enable
[SwitchA] vlan 10
[SwitchA-vlan10] mld-snooping enable
[SwitchA-vlan10] quit
# The configurations of SwitchB, SwitchC and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 3 Configure MLD snooping querier.
# Configure SwitchA as the querier.
[SwitchA] vlan 10
[SwitchA-vlan10] mld-snooping querier enable
[SwitchA-vlan10] quit
On the S2300 (except the S2352P-EI), run this command in the system view.
[SwitchA] vlan 10
[SwitchA-vlan10] multicast drop-unknown
[SwitchA-vlan10] quit
# The configurations of SwitchB, SwitchC and SwitchD are similar to the configuration of
SwitchA, and are not mentioned here.
Step 5 Verify the configuration.
# After the MLD snooping querier is started, all devices except the querier can receive MLD
General Query messages. You can use the following command to check MLD packet statistics.
For example, you can check statistics of received MLD packets on SwitchB.
<SwitchB> display mld-snooping statistics vlan 10
MLD Snooping Packets Counter
Statistics for VLAN 10
Recv V1 Report 316
Recv V2 Report 0
Recv V1 Query 305
Recv V2 Query 0
Recv Done 2
Recv Pim Hello 85
Send Query(S=0) 1
Send Query(S!=0)0
Send General Query 0
Send Group-Specific Query 0
Send Group-Source-Specific Query 0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
mld-snooping enable
#
vlan 10
multicast drop-unknown
mld-snooping enable
mld-snooping querier enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
#
sysname SwitchC
#
vlan batch 10
#
mld-snooping enable
#
vlan 10
multicast drop-unknown
mld-snooping enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
Networking Requirements
In Figure 6-24, the router connects to the user network through the Layer 2 Switch on an IPv6
network. Eth0/0/1 and Eth0/0/2 on the Switch respectively connect to only one receiver host.
Therefore, when receiving MLD Done messages from the two interfaces, the Switchdeletes the
forwarding entries of the multicast group that the hosts leave, without waiting for the timeout
of the aging timer. This saves the bandwidth and system resources.
Figure 6-24 Networking diagram for configuring prompt leave for interfaces
Source
IP/MPLS core
Router
VLAN10
Eth0/0/3
Eth0/0/1 Eth0/0/2
Switch
HostA HostB
Configuration Roadmap
Enabling MLD snooping and configuring prompt leave for interfaces on the Switch can meet
the requirements.
l Create a VLAN and add interfaces to the VLAN.
l Enable MLD snooping globally and in a VLAN.
l Enable prompt leave for interfaces in a VLAN.
Procedure
Step 1 Create VLAN 10 and add interfaces to VLAN 10.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid pvid vlan 10
[Switch-Ethernet0/0/1] port hybrid untagged vlan 10
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid pvid vlan 10
[Switch-Ethernet0/0/2] port hybrid untagged vlan 10
[Switch-Ethernet0/0/2] quit
[Switch] interface ethernet 0/0/3
[Switch-Ethernet0/0/3] port hybrid pvid vlan 10
[Switch-Ethernet0/0/3] port hybrid untagged vlan 10
[Switch-Ethernet0/0/3] quit
# Run the display mld-snooping command on the Switch to check VLAN 10 configuration.
<Switch> display mld-snooping vlan 10
MLD Snooping Vlan Information for VLAN 10
MLD Snooping is Enabled
MLD Version is Set to default 1
MLD Query Interval is Set to default 125
MLD Max Response Interval is Set to default 10
MLD Robustness is Set to default 2
MLD Last Member Query Interval is Set to default 1
MLD Router Port Aging Interval is Set to 180s or holdtime in hello
MLD Filter Group-Policy is Set to default : Permit All
MLD Prompt Leave Enable
MLD Router Alert is Not Required
MLD Send Router Alert Enable
MLD Snooping Querier Disable
As shown in the preceding command output, "MLD Prompt Leave enable" indicates that the
configuration of prompt leave for interfaces in VLAN 10 is successful.
----End
Configuration Files
#
sysname Switch
#
mld-snooping enable
#
vlan batch 10
#
vlan 10
mld-snooping enable
mld-snooping prompt-leave
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
Networking Requirements
On an IPv6 multicast network in Figure 6-25, four switches form a ring network to improve the
network reliability. To prevent routing loops, STP runs on the four switches. HostA and HostB
need to receive multicast data from the multicast source.
Figure 6-25 Networking diagram for configuring MLD snooping to respond to Layer 2 network
topology change
Source
IP/MPLS
core
Router
Eth0/0/3 VLAN10
SwitchA
Eth0/0/1 Eth0/0/2
Eth0/0/3
HostA
Configuration Roadmap
Enable MLD snooping and configure MLD snooping to respond to Layer 2 network topology
change on the Switch.
1. Configure STP on all Switches.
2. Create VLAN 10 on all Switches and add interfaces to VLAN 10.
Procedure
Step 1 Configure STP on all Switches.
# Configure STP on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp enable
The configurations of other switches are similar to the configuration of SwitchA, and are not
mentioned here.
Step 2 Create VLAN 10 on all Switches and add interfaces to VLAN 10.
# Add interfaces on SwitchA to VLAN 10.
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/3] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/3] quit
The configurations of other switches are similar to the configuration of SwitchA, and are not
mentioned here.
Step 3 Enable MLD snooping on all the Switches.
# Enable MLD snooping on SwitchA globally and in VLAN 10.
[SwitchA] mld-snooping enable
[SwitchA] vlan 10
[SwitchA-vlan10] mld-snooping enable
[SwitchA-vlan10] quit
The configurations of other switches are similar to the configuration of SwitchA, and are not
mentioned here.
Step 4 Enable MLD snooping of SwitchA to respond to the Layer 2 network topology change.
[SwitchA] mld-snooping send-query enable
[SwitchA] mld-snooping send-query source-address fe80::1
0
Recv VLAN Del Event Times
0
Recv Port Up Event Times
0
Recv Port Down Event Times
0
Recv Port Del Event Times
0
Recv Port Inc Event Times
0
Recv Port Exc Event Times
0
Recv MSTP Block Event Times
0
Recv MSTP Forward Event Times
0
Recv LINK Change Event Times
0
MLD Snooping Packets
Counter
Statistics for VLAN
10
Recv V1 Report
12
Recv V2 Report
0
Recv V1 Query
15
Recv V2 Query
0
Recv Done
0
Recv Pim Hello 3
Send Query(S=0)
0
Send Query(S!=0)
0
Send General Query
0
Send Group-Specific Query
0
Send Group-Source-Specific Query 0
The command output shows that SwitchA does not send Query messages.
2. Run the display stp brief command on all Switches to check the interfaces that are blocked
and the transmission path of multicast data.
The command output shows that Eth0/0/1 of SwitchB is blocked.
<SwitchB> display stp brief
MSTID Port Role STP State
Protection
0 Ethernet0/0/1 ALTE DISCARDING NONE
0 Ethernet0/0/2 ROOT FORWARDING
NONE
0 Ethernet0/0/3 DESI FORWARDING
NONE
The multicast data is forwarded to HostA over the path: SwitchA-SwitchC-SwitchB and
to HostB over the path: SwitchA-SwitchD.
3. Run the shutdown command on Eth0/0/1 of SwitchC to shut down the interface so that the
topology of the STP network changes.
4. Check whether HostA and HostB can still receive multicast data after the network topology
changes.
# Check MLD packet statistics on SwitchA.
<SwitchA> display mld-snooping statistics
MLD Snooping Events
Counter
Recv VLAN Up Event Times
0
Recv VLAN Down Event Times
0
Recv VLAN Del Event Times
0
Recv Port Up Event Times
0
Recv Port Down Event Times
1
Recv Port Del Event Times
0
Recv Port Inc Event Times
1
Recv Port Exc Event Times
2
Recv MSTP Block Event Times
0
Recv MSTP Forward Event Times
1
Recv LINK Change Event Times
70
MLD Snooping Packets
Counter
Statistics for VLAN
10
Recv V1 Report
18
Recv V2 Report
0
Recv V1 Query
15
Recv V2 Query
0
Recv Done
0
Recv Pim Hello
38
Send Query(S=0)
8
Send Query(S!=0)
0
Send General Query
0
Send Group-Specific Query
0
Send Group-Source-Specific Query 0
The command output indicates that SwitchA has sent Query messages with source address
0.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
mld-snooping enable
mld-snooping send-query enable
mld-snooping send-query source-address fe80:0:0:0:0:0:0:1
#
vlan batch 10
#
stp enable
#
vlan 10
mld-snooping enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
mld-snooping enable
#
vlan batch 10
#
stp enable
#
vlan 10
mld-snooping enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
mld-snooping enable
#
vlan batch 10
#
stp enable
#
vlan 10
mld-snooping enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
mld-snooping enable
#
vlan batch 10
#
stp enable
#
vlan 10
mld-snooping enable
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
Quality of service (QoS) defines a service provider's ability to meet the level of service required
by a customers' traffic. The QoS-enabled device controls enterprise network traffic, implements
congestion congestion and congestion avoidance, reduces the packet loss ratio, and provides
dedicated bandwidth for enterprise users or differentiated services.
Networking Requirements
As shown in Figure 7-1, SwitchA and SwitchB are connected to the router, and enterprise
branches 1 and 2 can access the network through LSW1 and LSW2. Enterprise branch 1 requires
better QoS guarantee, so DSCP priorities of data packets from enterprise branches 1 and 2 are
mapped to 45 and 30 respectively. The Switch trusts DSCP priorities of packets. When
congestion occurs, the Switch first processes packets of higher DSCP priority.
Core Network
Router
SwitchA SwitchB
Eth0/0/2 Eth0/0/2
Eth0/0/1 Eth0/0/1
LSW1 LSW2
Enterprise Enterprise
Branches 1 Branches 2
VLAN 100 VLAN 200
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and configure interfaces so that the enterprise can access the network.
2. Configure priority mapping to map DSCP priorities of data packets from enterprise
branches 1 and 2 to 45 and 30 respectively.
Procedure
Step 1 Configure SwitchA.
# Set the link type of Eth 0/0/1 and Eth 0/0/2 to trunk and add them to VLAN 100.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port link-type trunk
[SwitchA-Ethernet0/0/1] port trunk allow-pass vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port link-type trunk
[SwitchA-Ethernet0/0/2] port trunk allow-pass vlan 100
[SwitchA-Ethernet0/0/2] quit
# Set the link type of Eth 0/0/1 and Eth 0/0/2 to trunk and add them to VLAN 200.
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port link-type trunk
[SwitchB-Ethernet0/0/1] port trunk allow-pass vlan 200
[SwitchB-Ethernet0/0/1] quit
[SwitchB] interface ethernet 0/0/2
[SwitchB-Ethernet0/0/2] port link-type trunk
[SwitchB-Ethernet0/0/2] port trunk allow-pass vlan 200
[SwitchB-Ethernet0/0/2] quit
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
trust dscp
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
trust dscp
#
qos map-table dscp-dscp
input 0 to 44 output 45
input 46 to 63 output 45
#
return
This document describes security features of the switch such as AAA and user management,
DHCP snooping, ARP security, IP source guard, local attack defense, traffic suppression, and
ACL from aspects of function introduction, configuration methods, maintenance, and
configuration examples.
8.1 AAA Configuration
The AAA-capable device checks validity of users and assigns rights to authorized users to ensure
network security.
8.2 NAC Configuration
This chapter describes NAC principles and configuration methods and provides configuration
examples.
8.3 ACL Configuration
This chapter explains how to configure an Access Control List (ACL) on a Switch to filter
packets.
8.4 DHCP Snooping Configuration
This chapter describes the principle and configuration method of DHCP snooping and provides
configuration examples.
8.5 Local Attack Defense Configuration
Local attack defense limits the rate of packets sent to the CPU, ensuring device security and
uninterrupted services when attacks occur.
8.6 Attack Defense Configuration
Attack defense is a network security feature. Attack defense allows the device to identify various
types of network attacks and protect itself and the connected network against malicious attacks
to ensure device and network operation.
8.7 IPSG Configuration
You can configure IPSG to enable an interface to filter and control forwarded packets, preventing
invalid packets.
8.8 URPF Configuration
URPF can prevent network attacks based on source IP address spoofing.
8.9 ARP Security Configuration
This chapter describes the principle and configuration methods of ARP security and provides
configuration examples.
8.10 MFF Configuration
This chapter provides MAC-Forced Forwarding (MFF) basics, configuration method,
configuration examples, and common configuration errors.
8.11 Traffic Suppression and Storm Control Configuration
This chapter describes basic concepts, configuration procedures and examples, and common
configuration errors.
8.12 PPPoE+ Configuration
Point-to-Point Protocol over Ethernet (PPPoE+), also called PPPoE Intermediate Agent,
intercepts PPPoE packets sent by the PPPoE client, adds information about the interface
connecting the PPPoE client to the PPPoE packets, and sends the packets to the PPPoE server.
In this manner, the user account and access interface information are both authenticated, which
prevents user account embezzling.
8.13 Keychain Configuration
A keychain is a widely used application that controls authentication algorithms and key-string
in a centralized way.
8.14 ND Snooping Configuration
This chapter describes the principle and configuration method of ND snooping and provides
configuration examples.
8.15 SAVI Configurations
This chapter describes the principle and configuration methods of Source Address Validation
Improvements (SAVI) and provides configuration examples.
Networking Requirements
As shown in Figure 8-1, users access the network through Switch A and belong to the domain
huawei. Switch B functions as the network access server of the destination network. Request
packets from users need to traverse the network where Switch A and Switch B are located to
reach the authentication server. Users can access the destination network through Switch B only
after being authenticated. The remote authentication on Switch B is described as follows:
l The RADIUS server will authenticate access users for SwitchB. If RADIUS authentication
fails, local authentication is used.
l The RADIUS server at 129.7.66.66/24 functions as the primary authentication and
accounting server. The RADIUS server at 129.7.66.67/24 functions as the secondary
authentication and accounting server. The default authentication port and accounting port
are 1812 and 1813.
Domain Huawei
Switch A Switch B
129.7.66.66/24
Network
129.7.66.67/24
Destination
Network
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a RADIUS server template.
2. Configure an authentication scheme and an accounting scheme.
3. Apply the RADIUS server template, authentication scheme, and accounting scheme to the
domain.
NOTE
Procedure
Step 1 Configure a RADIUS server template.
# Configure a RADIUS template shiva.
<Quidway> system-view
[Quidway] radius-server template shiva
# Configure the IP address and port numbers of the primary RADIUS authentication and
accounting server.
[Quidway-radius-shiva] radius-server authentication 129.7.66.66 1812
[Quidway-radius-shiva] radius-server accounting 129.7.66.66 1813
# Configure the IP address and port numbers of the secondary RADIUS authentication and
accounting server.
[Quidway-radius-shiva] radius-server authentication 129.7.66.67 1812 secondary
[Quidway-radius-shiva] radius-server accounting 129.7.66.67 1813 secondary
# Configure the shared key and retransmission count of the RADIUS server.
[Quidway-radius-shiva] radius-server shared-key cipher hello
[Quidway-radius-shiva] radius-server retransmit 2
[Quidway-radius-shiva] quit
# Configure the accounting scheme abc that uses RADIUS accounting and the policy that the
device is kept online when accounting fails.
[Quidway-aaa] accounting-scheme abc
[Quidway-aaa-accounting-abc] accounting-mode radius
[Quidway-aaa-accounting-abc] accounting start-fail online
[Quidway-aaa-accounting-abc] quit
Step 3 Configure a domain huawei and apply authentication scheme auth, accounting scheme abc,
and RADIUS server template shiva to the domain.
[Quidway-aaa] domain huawei
[Quidway-aaa-domain-huawei] authentication-scheme 1
[Quidway-aaa-domain-huawei] accounting-scheme 1
[Quidway-aaa-domain-huawei] radius-server shiva
Run the display radius-server configuration template command on Switch B, and you can
see that the configuration of the RADIUS server template meets the requirements.
<Quidway> display radius-server configuration template shiva
------------------------------------------------------------------------------
Server-template-name : shiva
Protocol-version : standard
Traffic-unit : B
Shared-secret-key : %$%$1"y;E[c;<.(_RS/w*!`IOxof%$%$
Timeout-interval(in second) : 5
Primary-authentication-server : 129.7.66.66 :1812 LoopBack:NULL
Primary-accounting-server : 129.7.66.66 :1813 LoopBack:NULL
Secondary-authentication-server : 129.7.66.67 :1812 LoopBack:NULL
Secondary-accounting-server : 129.7.66.67 :1813 LoopBack:NULL
Retransmission : 2
Domain-included : YES
Calling-station-id MAC-format : xxxx-xxxx-xxxx
------------------------------------------------------------------------------
----End
Configuration Files
Configuration files on Switch B
#
radius-server template shiva
radius-server shared-key cipher %$%$1"y;E[c;<.(_RS/w*!`IOxof%$%$
radius-server authentication 129.7.66.66 1812
radius-server authentication 129.7.66.67 1812 secondary
radius-server accounting 129.7.66.66 1813
radius-server accounting 129.7.66.67 1813 secondary
radius-server retransmit 2
#
aaa
authentication-scheme auth
authentication-mode radius local
accounting-scheme abc
accounting-mode radius
accounting start-fail online
domain huawei
authentication-scheme auth
accounting-scheme abc
radius-server shiva
#
return
Networking Requirements
As shown in Figure 8-2, the customer requirements are as follows:
l The HWTACACS server will authenticate access users for SwitchB. If HWTACACS
authentication fails, local authentication is used.
l HWTACACS authentication is required before the level of access users is upgraded. If
HWTACACS authentication fails, local authentication is used.
l The HWTACACS server will authorize access users for SwitchB. If HWTACACS
authorization fails, local authorization is used.
l HWTACACS accounting is used by SwitchB for access users.
l Real-time accounting is performed every 3 minutes.
l The IP addresses of primary and secondary HWTACACS servers are 129.7.66.66/24 and
129.7.66.67/24. The port number for authentication, accounting, and authorization is 49.
Domain Huawei
Switch A Switch B
129.7.66.66/24
Network
129.7.66.67/24
Destination
Network
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure an HWTACACS server template.
# Configure the IP addresses and port numbers of the primary HWTACACS authentication,
authorization, and accounting servers.
[Quidway-hwtacacs-ht] hwtacacs-server authentication 129.7.66.66 49
[Quidway-hwtacacs-ht] hwtacacs-server authorization 129.7.66.66 49
[Quidway-hwtacacs-ht] hwtacacs-server accounting 129.7.66.66 49
# Configure the IP addresses and port numbers of the secondary HWTACACS authentication,
authorization, and accounting servers.
[Quidway-hwtacacs-ht] hwtacacs-server authentication 129.7.66.67 49 secondary
[Quidway-hwtacacs-ht] hwtacacs-server authorization 129.7.66.67 49 secondary
[Quidway-hwtacacs-ht] hwtacacs-server accounting 129.7.66.67 49 secondary
Step 2 Configure the authentication scheme, authorization scheme, and accounting scheme.
# Create an authentication scheme l-h. In the authentication scheme, the system performs
HWTACACS authentication first, and performs local authentication if HWTACACS
authentication fails. HWTACACS authentication is used first if the level of users is upgraded.
[Quidway] aaa
[Quidway-aaa] authentication-scheme l-h
[Quidway-aaa-authen-l-h] authentication-mode hwtacacs local
[Quidway-aaa-authen-l-h] authentication-super hwtacacs super
[Quidway-aaa-authen-l-h] quit
# Create an authorization scheme hwtacacs. In the authorization scheme, the system performs
HWTACACS authorization first, and performs local authorization if HWTACACS
authorization fails.
[Quidway-aaa] authorization-scheme hwtacacs
[Quidway-aaa-author-hwtacacs] authorization-mode hwtacacs local
[Quidway-aaa-author-hwtacacs] quit
Step 3 Configure a domain huawei, and apply the authentication scheme l-h, authorization scheme
hwtacacs, accounting scheme hwtacacs, and the HWTACACS server template ht to the domain.
[Quidway-aaa] domain huawei
[Quidway-aaa-domain-huawei] authentication-scheme l-h
[Quidway-aaa-domain-huawei] authorization-scheme hwtacacs
[Quidway-aaa-domain-huawei] accounting-scheme hwtacacs
[Quidway-aaa-domain-huawei] hwtacacs-server ht
[Quidway-aaa-domain-huawei] quit
[Quidway-aaa] quit
[Quidway] quit
Run the display domain command on SwitchB, and you can see that the configuration of the
domain meets the requirements.
<Quidway> display domain name huawei
Domain-name : huawei
Domain-state : Active
Authentication-scheme-name : l-h
Accounting-scheme-name : hwtacacs
Authorization-scheme-name : hwtacacs
Service-scheme-name : -
RADIUS-server-template : -
HWTACACS-server-template : ht
----End
Configuration Files
Configuration files on Switch B
#
hwtacacs-server template ht
hwtacacs-server authentication 129.7.66.66
hwtacacs-server authentication 129.7.66.67 secondary
hwtacacs-server authorization 129.7.66.66
hwtacacs-server authorization 129.7.66.67 secondary
hwtacacs-server accounting 129.7.66.66
hwtacacs-server accounting 129.7.66.67 secondary
hwtacacs-server shared-key cipher %$%$|)<+J>dN>=IqD<gO/Fj$xo%$%$
#
aaa
authentication-scheme default
authentication-scheme l-h
authentication-mode hwtacacs local
authentication-super hwtacacs super
authorization-scheme default
authorization-scheme hwtacacs
authorization-mode hwtacacs local
accounting-scheme default
accounting-scheme hwtacacs
accounting-mode hwtacacs
accounting realtime 3
accounting start-fail online
domain default
domain default_admin
domain huawei
authentication-scheme l-h
accounting-scheme hwtacacs
authorization-scheme hwtacacs
hwtacacs-server ht
#
return
Networking Requirements
As shown in Figure 8-3, many users on a company access network through Eth0/0/1 of the
Switch (used as an access device). After the network operates for a period of time, attacks are
detected. The administrator must control network access rights of user terminals to ensure
network security. The Switch allows user terminals to access Internet resources only after they
are authenticated.
Configuration Roadmap
To control the network access permission of users, the administrator can configure 802.1x
authentication on the Switch after the server with the IP address 192.168.2.30 is used as the
RADIUS server.
1. Create and configure a RADIUS server template, an AAA scheme, and an ISP domain.
Bind the RADIUS server template and the AAA scheme to the ISP domain. The Switch
can then exchange information with the RADIUS server.
2. Configure 802.1x authentication.
Procedure
Step 1 Create and configure a RADIUS server template, an AAA scheme, and an ISP domain.
# Create and configure RADIUS server template rd1.
<Quidway> system-view
[Quidway] radius-server template rd1
[Quidway-radius-rd1] radius-server authentication 192.168.2.30 1812
[Quidway-radius-rd1] radius-server shared-key cipher hello
[Quidway-radius-rd1] radius-server retransmit 2
[Quidway-radius-rd1] quit
# Create AAA scheme abc and set the authentication mode to RADIUS.
[Quidway] aaa
[Quidway-aaa] authentication-scheme abc
[Quidway-aaa-authen-abc] authentication-mode radius
[Quidway-aaa-authen-abc] quit
# Create ISP domain isp1, and bind AAA scheme abc and RADIUS server template rd1 to ISP
domain isp1.
[Quidway-aaa] domain isp1
[Quidway-aaa-domain-isp1] authentication-scheme abc
[Quidway-aaa-domain-isp1] radius-server rd1
[Quidway-aaa-domain-isp1] quit
[Quidway-aaa] quit
# Set the maximum number of concurrent access users for 802.1x authentication on an interface
to 200.
[Quidway-Ethernet0/0/1] dot1x max-user 200
[Quidway-Ethernet0/0/1] quit
# Set the maximum number of times that an authentication request packet is sent to the user to
3.
[Quidway] dot1x retry 3
----End
Configuration Files
#
dot1x enable
dot1x retry 3
#
radius-server template rd1
radius-server shared-key cipher %$%$lrWRXXUmJ/5W\uBqID/6EULC%$%$
radius-server authentication 192.168.2.30 1812
radius-server retransmit 2
#
aaa
authentication-scheme abc
authentication-mode radius
domain isp1
authentication-scheme abc
radius-server rd1
#
interface Ethernet0/0/1
dot1x mac-bypass
dot1x max-user 200
dot1x guest-vlan 10
#
return
Printer
Eth0/0/1 Internet
……
Printer
Update Server
Configuration Roadmap
Printers cannot install and use the 802.1x client. The administrator can configure MAC address
authentication on the Switch to control the network access rights of the printers.
The configuration roadmap is as follows (configured on the Switch):
1. Create and configure a RADIUS server template, an AAA scheme, and an ISP domain;
bind the RADIUS server template and the AAA scheme to the ISP domain. The Switch
can then exchange information with the RADIUS server.
2. Configure MAC address authentication.
a. Enable MAC address authentication globally and on the interface.
b. A maximum of 100 MAC address authentication users are allowed to access an
interface, preventing excessive concurrent access users.
c. Configure VLAN10 as the guest VLAN, so that users can access resources in the guest
VLAN without authentication.
Procedure
Step 1 Create and configure a RADIUS server template, an AAA scheme, and an ISP domain.
# Create and configure RADIUS server template rd1.
<Quidway> system-view
[Quidway] radius-server template rd1
[Quidway-radius-rd1] radius-server authentication 192.168.2.30 1812
[Quidway-radius-rd1] radius-server shared-key cipher hello
[Quidway-radius-rd1] radius-server retransmit 2
[Quidway-radius-rd1] quit
# Create AAA scheme abc and set the authentication mode to RADIUS.
[Quidway] aaa
[Quidway-aaa] authentication-scheme abc
[Quidway-aaa-authen-abc] authentication-mode radius
[Quidway-aaa-authen-abc] quit
# Create ISP domain isp1, and bind AAA scheme abc and RADIUS server template rd1 to ISP
domain isp1.
[Quidway-aaa] domain isp1
[Quidway-aaa-domain-isp1] authentication-scheme abc
[Quidway-aaa-domain-isp1] radius-server rd1
[Quidway-aaa-domain-isp1] quit
[Quidway-aaa] quit
#Set the maximum number of concurrent MAC authentication access users on the interface to
100.
[Quidway-Ethernet0/0/1] mac-authen max-user 100
[Quidway-Ethernet0/0/1] quit
Step 3 Run the display mac-authen interface command to view the configuration of MAC address
authentication.
[Quidway] display mac-authen interface ethernet 0/0/1
Ethernet0/0/1 state: UP. MAC address authentication is enabled
Maximum users: 100
Current users: 0
Authentication Success: 0, Failure: 0
Guest VLAN 10 is not effective
----End
Configuration Files
#
vlan batch 10
#
mac-authen
#
radius-server template rd1
radius-server shared-key cipher %$%$lrWRXXUmJ/5W\uBqID/6EULC%$%$
radius-server authentication 192.168.2.30 1812
radius-server retransmit 2
#
aaa
authentication-scheme abc
authentication-mode radius
domain isp1
authentication-scheme abc
radius-server rd1
#
interface Ethernet0/0/1
mac-authen
mac-authen guest-vlan 10
mac-authen max-user 100
#
return
Printer
Eth0/0/1 Internet
……
Printer
Update Server
Configuration Roadmap
To control the network access permission of users, the administrator can configure Portal
authentication on the Switch after the server with the IP address 192.168.2.30 is used as the
RADIUS server, and configure the IP address 192.168.3.20 as the IP address for the Portal server.
The configuration roadmap is as follows (configured on the Switch):
1. Create and configure a RADIUS server template, an AAA scheme, and an ISP domain.
Bind the RADIUS server template and the AAA scheme to the ISP domain. The Switch
can then exchange information with the RADIUS server.
2. Configure Portal authentication.
a. Create and configure a Portal server template to ensure normal information exchange
between the device and the Portal server.
b. Enable Portal authentication to authenticate access users.
c. Configure a shared key that the device uses to exchange information with the Portal
server to improve communication security.
Procedure
Step 1 Create and configure a RADIUS server template, an AAA scheme, and an ISP domain.
# Create AAA scheme abc and set the authentication mode to RADIUS.
[Quidway] aaa
[Quidway-aaa] authentication-scheme abc
[Quidway-aaa-authen-abc] authentication-mode radius
[Quidway-aaa-authen-abc] quit
# Create ISP domain isp1, and bind AAA scheme abc and RADIUS server template rd1 to ISP
domain isp1.
[Quidway-aaa] domain isp1
[Quidway-aaa-domain-isp1] authentication-scheme abc
[Quidway-aaa-domain-isp1] radius-server rd1
[Quidway-aaa-domain-isp1] quit
[Quidway-aaa] quit
# Run the display web-auth-server configuration command to check the configuration of the
Portal authentication server.
[Quidway] display web-auth-server configuration
Listening port : 2000
Portal : version 1, version 2
Include reply message : enabled
------------------------------------------------------------------------
Web-auth-server Name : abc
IP-address : 192.168.3.20
Shared-key : %$%$C[>q!et)j7"I{`7hK)`7T*!u%$%$
Port / PortFlag : 50100 / NO
URL :
Bounded Vlanif : 10
------------------------------------------------------------------------
1 Web authentication server(s) in total
----End
Configuration Files
#
vlan batch 10
#
web-auth-server abc
server-ip 192.168.3.20
port 50100
shared-key cipher %$%$9|vQ3(`Js#[:m\+~xK:W7cZQ%$%$
server-detect interval 60 max-times 3 critical-num 0 action
log
user-sync
#
radius-server template rd1
radius-server shared-key cipher %$%$lrWRXXUmJ/5W\uBqID/6EULC%$%$
radius-server authentication 192.168.2.30 1812
radius-server retransmit 2
#
aaa
authentication-scheme abc
authentication-mode radius
domain isp1
authentication-scheme abc
radius-server rd1
#
interface Vlanif10
web-auth-server abc
#
return
Figure 8-6 Configuring a basic ACL to limit user access to the FTP server
PC A
172.16.105.111/24
FTP Server
PC B
Network
172.16.107.111/24
Switch
172.16.104.110/24
PC C
10.10.10.1/24
Configuration Roadmap
The configuration roadmap is as follows:
l Create a basic ACL on the Switch and configure rules in the basic ACL.
l Configure basic FTP functions on the Switch.
l Apply a basic ACL to the Switch to limit user access.
Procedure
Step 1 Configure a time range.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] time-range ftp-access from 0:0 2009/1/1 to 23:59 2011/12/31
[Switch] time-range ftp-access 14:00 to 18:00 off-day
Run the ftp 172.16.104.110 command on PC C (10.10.10.1/24). PC C cannot connect to the FTP
server.
----End
Configuration Files
# Configuration file of the Switch
#
sysname Switch
#
ftp server enable
ftp acl 2001
#
time-range ftp-access 14:00 to 18:00 off-day
time-range ftp-access from 00:00 2009/1/1 to 23:59 2011/12/31
#
acl number 2001
rule 5 permit source 172.16.105.0 0.0.0.255
rule 10 permit source 172.16.107.0 0.0.0.255 time-range ftp-access
rule 15 deny
#
return
Eth0/0/2 Eth0/0/4
Eth0/0/1
Switch
Eth0/0/3
Marketing department
10.164.2.0/24 President's office
10.164.1.0/24
R&D department
10.164.3.0/24
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Assign IP addresses to interfaces.
Add Eth 0/0/1, Eth 0/0/2, and Eth 0/0/3 to VLAN 10, VLAN 20, and VLAN 30 respectively,
and add Eth 0/0/4 to VLAN 100. The first IP address of a network segment is taken as the address
of the VLANIF interface of the same network segment. The configuration on Eth 0/0/1 is used
as an example here. The configurations of other interfaces are similar to the configuration on
Eth 0/0/1, and are not mentioned here.
<Quidway> system-view
[Quidway] vlan batch 10 20 30 100
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] port link-type access
[Quidway-Ethernet0/0/1] port default vlan 10
[Quidway-Ethernet0/0/1] quit
[Quidway] interface vlanif 10
[Quidway-Vlanif10] ip address 10.164.1.1 255.255.255.0
[Quidway-Vlanif10] quit
# Configure the ACL for the marketing department to access the salary query server.
[Quidway] acl 3002
[Quidway-acl-adv-3002] rule deny ip source 10.164.2.0 0.0.0.255 destination
10.164.9.9 0.0.0.0 time-range satime
[Quidway-acl-adv-3002] quit
# Configure the ACL for the R&D department to access the salary query server.
[Quidway] acl 3003
[Quidway-acl-adv-3003] rule deny ip source 10.164.3.0 0.0.0.255 destination
10.164.9.9 0.0.0.0 time-range satime
[Quidway-acl-adv-3003] quit
# Configure the traffic classifier c_market to classify the packets that match ACL 3002.
# Configure the traffic classifier c_rd to classify the packets that match ACL 3003.
[Quidway] traffic classifier c_rd
[Quidway-classifier-c_rd] if-match acl 3003
[Quidway-classifier-c_rd] quit
# Configure the traffic policy p_market and associate the traffic classifier c_market and the
traffic behavior b_market with the traffic policy.
[Quidway] traffic policy p_market
[Quidway-trafficpolicy-p_market] classifier c_market behavior b_market
[Quidway-trafficpolicy-p_market] quit
# Configure the traffic policy p_rd and associate the traffic classifier c_rd and the traffic
behavior b_rd with the traffic policy.
[Quidway] traffic policy p_rd
[Quidway-trafficpolicy-p_rd] classifier c_rd behavior b_rd
[Quidway-trafficpolicy-p_rd] quit
Classifier: c_rd
Operator: AND
Rule(s) : if-match acl 3003
Policy: p_rd
Classifier: c_rd
Operator: AND
Behavior: b_rd
Deny
----End
Configuration Files
#
vlan batch 10 20 30 100
#
time-range satime 08:00 to 17:30 working-day
#
acl number 3002
rule 5 deny ip source 10.164.2.0 0.0.0.255 destination 10.164.9.9 0 time-range
satime
#
acl number 3003
rule 5 deny ip source 10.164.3.0 0.0.0.255 destination 10.164.9.9 0 time-range
satime
#
traffic classifier c_market operator and
if-match acl 3002
traffic classifier c_rd operator and
if-match acl 3003
#
traffic behavior b_market
deny
traffic behavior b_rd
deny
#
traffic policy p_market
classifier c_market behavior b_market
traffic policy p_rd
classifier c_rd behavior b_rd
#
interface Vlanif10
ip address 10.164.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.164.2.1 255.255.255.0
#
interface Vlanif30
ip address 10.164.3.1 255.255.255.0
#
interface Vlanif100
ip address 10.164.9.1 255.255.255.0
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
traffic-policy p_market inbound
#
interface Ethernet0/0/3
port link-type access
port default vlan 30
traffic-policy p_rd inbound
#
interface Ethernet0/0/4
port link-type access
port default vlan 100
#
return
Networking Requirements
As shown in Figure 8-8, the Switch that functions as the gateway is connected to PCs. ACL
needs to be configured to prevent the packets with the source MAC address 00e0-f201-0101 and
the destination MAC address 0260-e207-0002 from passing through.
Eth0/0/2 Eth0/0/1
IP network
Switch
00e0-f201-0101
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an ACL.
Procedure
Step 1 Configure an ACL.
# Configure a Layer 2 ACL.
<Quidway> system-view
[Quidway] acl 4000
[Quidway-acl-L2-4000] rule deny source-mac 00e0-f201-0101 ffff-ffff-ffff
destination-mac 0260-e207-0002 ffff-ffff-ffff
[Quidway-acl-L2-4000] quit
----End
Configuration Files
#
acl number 4000
rule 5 deny destination-mac 0260-e207-0002 source-mac 00e0-f201-0101
#
traffic classifier tc1 operator and
if-match acl 4000
#
traffic behavior tb1
deny
#
traffic policy tp1
classifier tc1 behavior tb1
#
interface Ethernet0/0/2
traffic-policy tp1 inbound
#
return
PC A
Eth0/0/1 Eth0/0/2
Switch
PC B
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an ACL.
2. Configure a traffic classifier.
3. Configure a traffic behavior.
4. Configure a traffic policy.
5. Apply the traffic policy to an interface.
Procedure
Step 1 Configure an ACL.
# Configure a user-defined ACL.
[Quidway] acl 5000
[Quidway-acl-user-5000] rule deny l2-head 0x0180C200 0xFFFFFFFF 14
[Quidway-acl-user-5000] quit
----End
Configuration Files
#
acl number 5000
rule 5 deny 0x0180c200 0xffffffff 14
#
traffic classifier tc1 operator and
if-match acl 5000
#
traffic behavior tb1
deny
#
traffic policy tp1
classifier tc1 behavior tb1
#
interface Ethernet0/0/1
traffic-policy tp1 inbound
#
return
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an ACL6.
2. Configure the traffic classifier.
3. Configure the traffic behavior.
4. Configure the traffic policy.
5. Apply the traffic policy to an interface.
Procedure
Step 1 Enable IPv6 forwarding capability on SwitchA and SwitchB, and set the parameters for the
interfaces.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] ipv6
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port link-type trunk
[SwitchA-Ethernet0/0/1] port trunk allow-pass vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address 3001::1 64
[SwitchA-Vlanif10] quit
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] ipv6
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ipv6 enable
[SwitchB-LoopBack2] ipv6 address 3002::2 64
[SwitchB-LoopBack2] quit
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port link-type trunk
[SwitchB-Ethernet0/0/1] port trunk allow-pass vlan 10
[SwitchB-Ethernet0/0/1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ipv6 enable
[SwitchB-Vlanif10] ipv6 address 3001::2 64
[SwitchB-Vlanif10] quit
Step 2 Create an ACL6 rule and apply the rule to the interface to deny the IPv6 packets from 3001::2.
# Configure SwitchA.
[SwitchA] acl ipv6 number 3001
[SwitchA-acl6-adv-3001] rule deny ipv6 source 3001::2/64
[SwitchA-acl6-adv-3001] quit
[SwitchA] traffic classifier class1
[SwitchA-classifier-class1] if-match ipv6 acl 3001
[SwitchA-classifier-class1] quit
[SwitchA] traffic behavior behav1
[SwitchA-behavior-behav1] deny
[SwitchA-behavior-behav1] quit
[SwitchA] traffic policy policy1
[SwitchA-trafficpolicy-policy1] classifier class1 behavior behav1
[SwitchA-trafficpolicy-policy1] quit
[SwitchA] interface ethernet 0/0/1
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
acl ipv6 number 3001
rule 0 deny ipv6 source 3001::2/64
#
traffic classifier class1 operator and
if-match ipv6 acl 3001
#
traffic behavior behav1
deny
#
traffic policy policy1
classifier class1 behavior behav1
#
interface Vlanif10
ipv6 enable
ipv6 address 3001::1/64
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
traffic-policy policy1 inbound
#
ipv6 route-static 3002:: 64 3001::2
#
return
Product Support
S3300 Supported
Figure 8-11 Networking diagram for configuring DHCP snooping attack defense
DHCP Client1
Eth0/0/1
Eth0/0/3
IP:10.1.1.1/24
DHCP Server
MAC:0001-0002-0003 Eth0/0/1
Eth0/0/2 SwitchA
Eth0/0/2 Eth0/0/3
Client2 SwitchC
(DHCP Relay)
Eth0/0/2
Eth0/0/1
SwitchB
DHCP Client3
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable DHCP snooping and configure the device to process only DHCPv4 messages.
2. Configure an interface as the trusted interface to ensure that DHCP clients obtain IP
addresses from the authorized server.
3. Enable association between ARP and DHCP snooping to enable the device to update the
binding entries when a DHCP user is disconnected.
4. Enable the device to generate static MAC address entries on the interface based on DHCP
snooping binding entries to prevent attacks from non-DHCP users.
5. Enable the device to check DHCP messages against the binding table to prevent bogus
DHCP message attacks.
6. Set the maximum rate of sending DHCP messages to the processing unit to prevent DHCP
flood attacks.
7. Set the maximum number of access DHCP clients and enable the device to check whether
the MAC address in the Ethernet frame header matches the CHADDR field in the DHCP
message to prevent DHCP server DoS attacks.
Procedure
Step 1 Enable DHCP snooping.
# Enable DHCP snooping globally and configure the device to process only DHCPv4 messages.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] dhcp enable
[SwitchC] dhcp snooping enable ipv4
# Enable DHCP snooping on the user-side interface. Eth0/0/1 is used as an example. The
configuration on Eth0/0/2 is the same as the configuration on Eth0/0/1 and is not mentioned
here.
Step 2 Configure the interface connected to the DHCP server as the trusted interface.
[SwitchC] interface ethernet 0/0/3
[SwitchC-Ethernet0/0/3] dhcp snooping trusted
[SwitchC-Ethernet0/0/3] quit
Step 4 Enable the device to generate static MAC address entries on the interface based on DHCP
snooping binding entries.
Step 5 Enable the device to check DHCP messages against the DHCP snooping binding table.
Step 6 Set the maximum rate of sending DHCP messages to the processing unit to 90 pps.
[SwitchC] dhcp snooping check dhcp-rate enable
[SwitchC] dhcp snooping check dhcp-rate 90
Step 7 Set the maximum number of access users allowed on the interface and enable the device to check
the CHADDR field.
Step 8 Configure the trap function for the number of discarded messages and the rate limit.
# Enable the trap function for discarding messages and set the alarm threshold. Eth0/0/1 is used
as an example. The configuration on Eth0/0/2 is the same as the configuration on Eth0/0/1 and
is not mentioned here.
[SwitchC] interface ethernet 0/0/1
[SwitchC-Ethernet0/0/1] dhcp snooping alarm dhcp-chaddr enable
[SwitchC-Ethernet0/0/1] dhcp snooping alarm dhcp-request enable
[SwitchC-Ethernet0/0/1] dhcp snooping alarm dhcp-reply enable
[SwitchC-Ethernet0/0/1] dhcp snooping alarm dhcp-chaddr threshold 120
[SwitchC-Ethernet0/0/1] dhcp snooping alarm dhcp-request threshold 120
[SwitchC-Ethernet0/0/1] dhcp snooping alarm dhcp-reply threshold 120
# Enable the trap function for the rate limit and set the alarm threshold.
[SwitchC-Ethernet0/0/1] dhcp snooping alarm dhcp-rate enable
[SwitchC-Ethernet0/0/1] dhcp snooping alarm dhcp-rate threshold 500
[SwitchC-Ethernet0/0/1] quit
# Run the display dhcp snooping interface command to view DHCP snooping information on
an interface.
----End
Configuration Files
# Configuration file of the SwitchC
#
sysname SwitchC
#
dhcp enable
#
dhcp snooping enable ipv4
dhcp snooping check dhcp-rate enable
dhcp snooping check dhcp-rate 90
arp dhcp-snooping-detect enable
#
interface Ethernet0/0/1
dhcp snooping enable
dhcp snooping check dhcp-request enable alarm dhcp-request enable threshold 120
dhcp snooping check dhcp-chaddr enable alarm dhcp-chaddr enable threshold 120
dhcp snooping alarm dhcp-reply enable threshold 120
#
interface Ethernet0/0/3
dhcp snooping trusted
#
return
Networking Requirements
As shown in Figure 8-12, users from different LANs connect to the Internet through the
Switch. The Switch is connected to a large number of users, and receives many packets sent to
the CPU. In this case, the CPU of the Switch may be attacked by packets.
l The administrator needs to know about the CPU status in real time and check whether the
CPU is attacked. When potential attacks occur, the device sends alarms to the administrator
to protect the CPU.
l Users on Net1 are forbidden to access the network because they often attack the CPU.
l The CPU usage occupied by ARP Request packets is `reduced because attackers may send
a large number of ARP Request packets to deteriorate CPU performance.
l Stable and reliable data transmission is required between the administrator host and the
Switch.
Net1: 1.1.1.0/24
Internet
Switch
Net2: 2.2.2.0/24
Net3: 3.3.3.0/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Attack source tracing provides traffic analysis and statistics, attack source identification
and alarm function. Enable attack source tracing and its alarm function. In this way, the
administrator can know about the CPU status in real time.
2. Add users on Net1 to the blacklist to prevent users on Net1 from accessing the network.
3. Configure the rate limit for ARP Request packets sent to the CPU to reduce the CPU usage
occupied by ARP Request packets.
4. ALP protects session-based application layer data and ensures service reliability and
stability on the application layer. Configure rate limit of FTP packets sent to the CPU when
an FTP connection is set up (by default, ALP is enabled for FTP packets) to ensure data
transmission between the administrator host and the Switch.
Procedure
Step 1 Configure a rule for filtering packets sent to the CPU.
# Define an ACL rule.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] acl number 2001
[Switch-acl-basic-2001] rule permit source 1.1.1.0 0.0.0.255
[Switch-acl-basic-2001] quit
# Configure a blacklist.
[Switch-cpu-defend-policy-test1] blacklist 1 acl 2001
Configure the rate limit for ARP Request packets sent to the CPU.
[Switch-cpu-defend-policy-test1] car packet-type arp-request cir 128
# Set the CIR for sending FTP packets to the CPU when FTP connections are set up.
[Switch-cpu-defend-policy-test1] linkup-car packet-type ftp cir 5000
[Switch-cpu-defend-policy-test1] quit
----End
Configuration Files
Configuration file of Switch
#
sysname Switch
#
acl number 2001
rule 5 permit source 1.1.1.0 0.0.0.255
#
cpu-defend policy test1
blacklist 1 acl 2001
car packet-type arp-request cir 128 cbs 24064
linkup-car packet-type ftp cir 5000 cbs 940000
auto-defend enable
auto-defend alarm enable
#
cpu-defend-policy test1 global
#
return
Networking Requirements
As shown in Figure 8-13, if a hacker on the LAN initiates malformed packet attacks, packet
fragment attacks, and flood attacks to SwitchA, SwitchA may break down. The administrator
requires that attack defense measures be deployed on SwitchA to provide a secure network
environment and ensure normal services.
Campus Network
SwitchA
Attack
Defense
…… ……
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable defense against malformed packet attacks so that SwitchA can defend against such
attacks.
2. Enable defense against packet fragment attacks so that SwitchA can defend against such
attacks.
3. Enable defense against packet flood attacks so that SwitchA can defend against such
attacks.
Procedure
Step 1 Enable defense against malformed packet attacks.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] anti-attack abnormal enable
Step 2 Enable defense against packet fragment attacks and set the rate limit at which packet fragments
are received to 15000 bit/s.
[SwitchA] anti-attack fragment enable
[SwitchA] anti-attack fragment car cir 15000
# Enable defense against UDP flood attacks to discard UDP packets sent from specified ports.
[SwitchA] anti-attack udp-flood enable
# Enable defense against ICMP flood attacks and set the rate limit at which ICMP flood packets
are received to 15000 bit/s.
[SwitchA] anti-attack icmp-flood enable
[SwitchA] anti-attack icmp-flood car cir 15000
On SwitchA, there are statistics on discarded TCP SYN packets, indicating that the attack
defense function takes effect.
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
anti-attack fragment car cir 15000
anti-attack tcp-syn car cir 15000
anti-attack icmp-flood car cir 15000
#
return
Support
Product Support
S3300 Supported
Networking Requirements
As shown in Figure 8-14, HostA and HostB are connected to Eth0/0/1 and Eth0/0/2 on the
Switch respectively. It is required that HostB not forge the IP address and MAC address of HostA
and IP packets from HostA be sent to the server.
Switch
Eth0/0/1 Eth0/0/2
Packets:
SIP:10.0.0.1/24
SMAC:1-1-1
Configuration Roadmap
Assume that the user is configured with an IP address statically. The configuration roadmap is
as follows:
1. Enable IP packet check on the interfaces connecting HostA and HostB.
This configuration example provides only the commands related to IP source guard.
Procedure
Step 1 Configure IP packet check.
# Enable IP packet check on Eth0/0/1 connected to HostA.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] ip source check user-bind enable
# Enable the alarm function of IP packet check and set the alarm threshold on Eth0/0/1 connected
to HostA.
[Switch-Ethernet0/0/1] ip source check user-bind alarm enable
[Switch-Ethernet0/0/1] ip source check user-bind alarm threshold 200
[Switch-Ethernet0/0/1] quit
# Enable the alarm function of IP packet check and set the alarm threshold on Eth0/0/2 connected
to HostB.
[Switch-Ethernet0/0/2] ip source check user-bind alarm enable
[Switch-Ethernet0/0/2] ip source check user-bind alarm threshold 200
[Switch-Ethernet0/0/2] quit
--------------------------------------------------------------------------------
10.0.0.1 0001-0001-0001 10 /-- /-- Eth0/0/1
--------------------------------------------------------------------------------
Print count: 1 Total count: 1
The command output indicates that HostA has been configured in the static binding table.
----End
Configuration Files
Configuration file of Switch
#
sysname Switch
#
user-bind static ip-address 10.0.0.1 mac-address 0001-0001-0001 interface
Ethernet 0/0/1 vlan 10
#
interface Ethernet0/0/1
ip source check user-bind enable
ip source check user-bind alarm enable
ip source check user-bind alarm threshold 200
#
interface Ethernet0/0/2
ip source check user-bind enable
ip source check user-bind alarm enable
ip source check user-bind alarm threshold 200
#
return
Networking Requirements
As shown in Figure 8-15, the Switch is connected to the ISP router through Eth0/0/2 and
connected to user networks through Eth0/0/1.The administrator hopes that the Switch can defend
against source address spoofing attacks. If the Switch cannot provide this function, unauthorized
users will occupy too many service resources by sending valid service requests, and authorized
users cannot communicate with each other due to no response.
GE0/0/1 GE0/0/2
User ISP
network
Switch
Configuration Roadmap
Configure URPF on the user-side interface Eth0/0/1 of the device and enable allow-default-
route to prevent source IP address spoofing attacks from users.
NOTE
Route symmetry is ensured in this example; so the URPF strict check is used.
Procedure
Step 1 Configure the URPF check mode on the interface.
<Quidway> system-view
[Quidway] sysname Switch
Run the display this command on Eth0/0/1 to check the URPF configuration.
[Switch-Ethernet0/0/1] display this
#
interface Ethernet0/0/1
urpf strict allow-default-route
#
return
----End
Configuration Files
Configuration file of Switch
#
sysname Switch
#
interface Ethernet0/0/1
urpf strict allow-default-route
#
Networking Requirements
As shown in Figure 8-16, the switch functioning as the gateway connects to a server using
Eth0/0/3 and connects to four users in VLAN 10 and VLAN 20 using Eth0/0/1 and Eth0/0/2.
The following ARP threats exist on the network:
l Attackers send bogus ARP packets or bogus gratuitous ARP packets to the switch. ARP
entries on the switch are modified, leading to packet sending and receiving failures.
l Attackers send a large number of IP packets with unresolvable destination IP addresses to
the switch, leading to CPU overload.
l User1 sends a large number of ARP packets with fixed MAC addresses but variable source
IP addresses to the switch. As a result, ARP entries on the switch are exhausted.
l User3 sends a large number of ARP packets with fixed source IP addresses to the switch.
As a result, the CPU of the switch is insufficient to process other services.
The administrator wants to prevent the preceding ARP flood attacks and provide users with
stable services on a secure network.
VLAN10 VLAN20
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure strict ARP learning and ARP entry fixing to prevent ARP entries from being
modified by bogus ARP packets.
2. Configure rate limit on ARP Miss messages based on the source IP address. This function
defends against attacks from ARP Miss messages triggered by a large number of IP packets
with unresolvable IP addresses (ARP Miss packets). At the same time, the switch must
have the capability to process a large number of ARP Miss packets from the server to ensure
network communication.
3. Configure ARP entry limit. This function defend against ARP flood attacks caused by a
large number of ARP packets with fixed MAC addresses but variable IP addresses and
prevent ARP entries from being exhausted.
4. Configure rate limit on ARP packets based on the source IP address. This function defends
against ARP flood attacks from User3 with a fixed IP address and prevents CPU overload.
Procedure
Step 1 Create VLANs, add interfaces to the VLANs, and configure VLANIF interfaces.
# Create VLAN 10, VLAN 20, VLAN 30, and add Eth0/0/1 to VLAN 10, Eth0/0/2 to VLAN
20, and Eth0/0/3 to VLAN 30.
<Quidway> system-view
[Quidway] vlan batch 10 20 30
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] port link-type trunk
[Quidway-Ethernet0/0/1] port trunk allow-pass vlan 10
[Quidway-Ethernet0/0/1] quit
# Create VLANIF 10, VLANIF 20, and VLANIF 30, and assign IP addresses to them.
[Quidway] interface vlanif 10
[Quidway-Vlanif10] ip address 8.8.8.4 24
[Quidway-Vlanif10] quit
[Quidway] interface vlanif 20
[Quidway-Vlanif20] ip address 9.9.9.4 24
[Quidway-Vlanif20] quit
[Quidway] interface vlanif 30
[Quidway-Vlanif30] ip address 10.10.10.3 24
[Quidway-Vlanif30] quit
Step 4 Configure rate limit on ARP Miss messages based on the source IP address.
# Set the maximum rate of ARP Miss messages triggered by the server with the IP address
10.10.10.2 to 40 pps, and set the maximum rate of ARP Miss messages triggered by other hosts
to 20 pps.
[Quidway] arp-miss speed-limit source-ip maximum 20
[Quidway] arp-miss speed-limit source-ip 10.10.10.2 maximum 40
Step 6 Configure rate limit on ARP packets based on the source IP address.
# Set the maximum rate of ARP packets from User3 with the source IP address 9.9.9.2 to 10
pps.
[Quidway] arp speed-limit source-ip 9.9.9.2 maximum 10
# Run the display arp-limit command to check the maximum number of ARP entries that the
interface can dynamically learn.
[Quidway] display arp-limit interface ethernet 0/0/1
Interface LimitNum VlanID LearnedNum(Mainboard)
---------------------------------------------------------------------------
Ethernet0/0/1 20 10 0
---------------------------------------------------------------------------
Total:1
# Run the display arp anti-attack configuration all command to check the configuration of
ARP anti-attack.
[Quidway] display arp anti-attack configuration all
ARP anti-attack packet-check function: disable
# Run the display arp packet statistics command to check statistics on ARP-based packets.
[Quidway] display arp packet statistics
ARP Pkt Received: sum 8678904
ARP-Miss Msg Received: sum 183
ARP Learnt Count: sum 37
ARP Pkt Discard For Limit: sum 146
ARP Pkt Discard For SpeedLimit: sum
40529
ARP Pkt Discard For Proxy Suppress: sum 0
ARP Pkt Discard For Other: sum 8367601
In the preceding command output, the numbers of ARP packets and ARP Miss messages
discarded by the switch is displayed, indicating that the ARP security functions have taken effect.
----End
Configuration File
#
vlan batch 10 20 30
#
arp-miss speed-limit source-ip 10.10.10.2 maximum 40
arp speed-limit source-ip 9.9.9.2 maximum 10
arp anti-attack entry-check fixed-mac enable
#
arp-miss speed-limit source-ip maximum 20
#
interface Vlanif10
ip address 8.8.8.4 255.255.255.0
#
interface Vlanif20
ip address 9.9.9.4 255.255.255.0
#
interface Vlanif30
ip address 10.10.10.3
255.255.255.0
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
arp-limit vlan 10 maximum 20
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
return
Networking Requirements
As shown in Figure 8-17, SwitchA connects to the DHCP server using Eth0/0/4, connects to
DHCP clients UserA and UserB using Eth0/0/1 and Eth0/0/2, and connects to UserC configured
with a static IP address using Eth0/0/3. Eth0/0/1, Eth0/0/2, Eth0/0/3, and Eth0/0/4 on SwitchA
all belong to VLAN 10. The administrator wants to prevent ARP MITM attacks and theft on
authorized user information, and learn the frequency and range of ARP MITM attacks.
Figure 8-17 Networking diagram for defending against ARP MITM attacks
SwitchB
DHCP Server
Eth0/0/4
SwitchA
Eth0/0/1
Eth0/0/2 Eth0/0/3
IP:10.0.0.2/24
DHCP Client DHCP Client
MAC:1-1-1
VLAN ID:10
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable DAI so that SwitchA compares the source IP address, source MAC address,
interface number, and VLAN ID of the ARP packet with DHCP snooping binding entries.
This prevents ARP MITM attacks.
2. Enable packet discarding alarm function upon DAI so that SwitchA collects statistics on
ARP packets matching no DHCP snooping binding entry and generates alarms when the
number of discarded ARP packets exceeds the alarm threshold. The administrator learns
the frequency and range of the current ARP MITM attacks based on the alarms and the
number of discarded ARP packets.
3. Enable DHCP snooping and configure a static binding table to make DAI take effect.
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
# Create VLAN 10, and add Eth0/0/1, Eth0/0/2, Eth0/0/3, and Eth0/0/4 to VLAN 10.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port link-type access
[SwitchA-Ethernet0/0/1] port default vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port link-type access
# Enable DAI and the packet discarding alarm function on Eth0/0/1, Eth0/0/2, and Eth0/0/3.
Eth0/0/1 is used as an example. Configurations of other interfaces are similar to the configuration
of Eth0/0/1, and are not mentioned here.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] arp anti-attack check user-bind enable
[SwitchA-Ethernet0/0/1] arp anti-attack check user-bind alarm enable
[SwitchA-Ethernet0/0/1] quit
# Run the display arp anti-attack configuration check user-bind interface command to check
the DAI configuration on each interface. Eth0/0/1 is used as an example.
[SwitchA] display arp anti-attack configuration check user-bind interface ethernet
0/0/1
arp anti-attack check user-bind enable
arp anti-attack check user-bind alarm enable
# Run the display arp anti-attack statistics check user-bind interface command to check the
number of ARP packets discarded based on DAI. Eth0/0/1 is used as an example.
[SwitchA] display arp anti-attack statistics check user-bind interface ethernet
0/0/1
Dropped ARP packet number is 966
Dropped ARP packet number since the latest warning is 605
In the preceding command output, the number of discarded ARP packets on Eth0/0/1 is
displayed, indicating that the defense against ARP MITM attacks has taken effect.
When you run the display arp anti-attack statistics check user-bind interface command for
multiple times on each interface, the administrator can learn the frequency and range of ARP
MITM attacks based on the number of discarded ARP packets.
----End
Configuration File
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
dhcp enable
dhcp snooping enable
user-bind static ip-address 10.0.0.2 mac-address 0001-0001-0001 interface
Ethernet0/0/3 vlan 10
#
vlan 10
dhcp snooping enable
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
arp anti-attack check user-bind enable
arp anti-attack check user-bind alarm enable
#
interface Ethernet0/0/2
port link-type access
port default vlan 10
arp anti-attack check user-bind enable
arp anti-attack check user-bind alarm enable
#
interface Ethernet0/0/3
port link-type access
port default vlan 10
arp anti-attack check user-bind enable
arp anti-attack check user-bind alarm enable
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10
dhcp snooping trusted
#
return
Support
Product Support
S3300 Supported
Networking Requirements
As shown in Figure 8-18, all the users obtain IP addresses from the DHCP server and all the
devices are located in VLAN 10. To isolate the user hosts at Layer 2 and enable them to
communicate at Layer 3, configure MFF on SwitchA and SwitchB.
10.10.10.1/24
Eth0/0/2
SwitchB Eth0/0/3
Eth0/0/1
Eth0/0/1
SwitchA
Eth0/0/4 Eth0/0/3
Eth0/0/2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DHCP snooping to enable SwitchA and SwitchB to learn user binding entries
by snooping DHCP packets.
2. Enable MFF on SwitchA and SwitchB and configure basic MFF functions.
3. Configure the application server IP address so that users can communicate with the
application server at Layer 2.
4. Configure transparent transmission of ARP request packets so that the gateway can detect
the user status immediately.
Procedure
Step 1 Configure DHCP snooping.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] dhcp enable
[SwitchA] dhcp snooping enable
# Enable DHCP snooping on the interfaces of SwitchA. Eth0/0/4 is used as an example. The
configurations on Eth0/0/2, Eth0/0/3, and Eth0/0/1 are the same as the configuration on
Eth0/0/4 and are not mentioned here.
[SwitchA] interface ethernet 0/0/4
[SwitchA-Ethernet0/0/4] dhcp snooping enable
[SwitchA-Ethernet0/0/4] quit
# Enable DHCP snooping on the interfaces of SwitchB. Eth0/0/1 is used as an example. The
configurations on Eth0/0/2 and Eth0/0/3 are the same as the configuration on Eth0/0/1 and are
not mentioned here.
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] dhcp snooping enable
[SwitchB-Ethernet0/0/1] quit
[SwitchA] vlan 10
[SwitchA-vlan10] mac-forced-forwarding enable
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
dhcp enable
dhcp snooping enable
mac-forced-forwarding enable
#
vlan 10
mac-forced-forwarding enable
mac-forced-forwarding user-detect transparent
mac-forced-forwarding gateway-detect
mac-forced-forwarding server 10.10.10.1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
dhcp snooping enable
dhcp snooping trusted
mac-forced-forwarding network-port
#
interface Ethernet0/0/2
port link-type access
port default vlan 10
Networking Requirements
As shown in Figure 8-19, Switch A is connected to the Layer 2 network and Layer 3 router.
Switch A prevents broadcast storms caused by a large number of broadcast packets, multicast
packets, or unknown unicast packets forwarded at Layer 2.
Eth0/0/1 Eth0/0/2
L2 network L3 network
Switch A
Configuration Roadmap
The roadmap of configuring traffic suppression is as follows:
1. Configure traffic suppression in the view of Eth0/0/1 to prevent broadcast storms caused
by a large number of broadcast packets, multicast packets, or unknown unicast packets
forwarded at Layer 2 and prevent broadcast storms.
Procedure
Step 1 Enter the interface view.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface ethernet 0/0/1
----End
Configuration Files
Configuration file of Switch A
#
sysname SwitchA
#
interface Ethernet0/0/1
unicast-suppression 80
multicast-suppression 80
broadcast-suppression 80
#
return
Networking Requirements
As shown in Figure 8-20, Switch A is connected to the Layer 2 network and Layer 3 router.
Switch A prevents broadcast storms caused by a large number of broadcast packets, multicast
packets, or unknown unicast packets forwarded at Layer 2
Eth0/0/1 Eth0/0/2
L2 network L3 network
Switch A
Configuration Roadmap
The roadmap of configuring storm control is as follows:
1. Configure storm control in the interface view on Eth0/0/1 to prevent broadcast storms
caused by a large number of broadcast packets, multicast packets, or unknown unicast
packets forwarded at Layer 2 and prevent broadcast storms.
Procedure
Step 1 Enter the interface view.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface ethernet0/0/1
----End
Configuration Files
Configuration file of Switch A
#
sysname SwitchA
#
interface Ethernet0/0/1
storm-control broadcast min-rate 1000 max-rate 2000
storm-control multicast min-rate 1000 max-rate 2000
storm-control unicast min-rate 1000 max-rate 2000
storm-control interval 90
storm-control action block
storm-control enable log
#
return
Product Support
S3300 Supported
Networking Requirements
As shown in Figure 8-21, the Switch is connected to an upstream BRAS and a downstream
PPPoE client. The BRAS functions as a PPPoE server. On networks, unauthorized users listen
to PPPoE packets of authorized users and even embezzle accounts of authorized users. The
administrator wants to prevent these problems and ensure user account security.
RADIUS Server
Internet
BRAS
PPPoE Server
Eth0/0/1
PPPoE+ Switch
Eth0/0/2 Eth0/0/3
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable PPPoE+ globally to authenticate the user account and access interface information,
preventing the user account from embezzling.
2. Configure the interface connecting the Switch and the PPPoE server as a trusted interface,
preventing PPPoE packets from being listened by unauthorized users when the packets are
forwarded to non-PPPoE service port.
3. Configure the policy for processing user-side PPPoE packets on the Switch, enabling the
Switch to properly communicate with the PPPoE server.
Procedure
Step 1 Enable PPPoE+.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] pppoe intermediate-agent information enable
NOTE
Step 3 Set the policy for processing original fields in user-side PPPoE packets to replace on all
interfaces, and replace original fields in PPPoE packets with the circuit ID and remote ID of the
Switch.
[Switch] pppoe intermediate-agent information policy replace
# Run the display pppoe intermediate-agent information policy command to verify the policy
for processing original fields in user-side packets.
[Switch] display pppoe intermediate-agent information policy
The current information Policy :REPLACE
The current ignore-reply Policy:ENABLE
# Run the display pppoe intermediate-agent information format to verify the format of
circuit-id.
[Switch] display pppoe intermediate-agent information format
The current information format :
Circuit ID : EXTEND
Remote ID : COMMON
For example:
interface Ethernet0/0/1 SVLAN:200 CVLAN:100
The PPPOE Intermediate Agent information follow:
Circuit ID:00 04 00 c8 00 00
Remote ID:0022-0033-0044
----End
Configuration Files
Configuration file of Switch
#
sysname Switch
#
pppoe intermediate-agent information enable
pppoe intermediate-agent information format circuit-id extend
#
interface Ethernet0/0/1
pppoe uplink-port trusted
#
return
Vlanif 10 Vlanif 10
192.168.1.1/24 192.168.1.2/24
GE0/0/1 GE0/0/1
SwitchA SwitchB
Configuration Roadmap
To ensure stable RIP connections, RIP protocol packets must be correctly transmitted. You are
advised to authenticate and encrypt the packets to ensure transmission security. In addition, to
prevent unauthorized users from forging algorithms and key strings used in authentication and
encryption, you are advised to dynamically change algorithms and key strings to ensure secure
RIP packet transmission. Therefore, the keychain protocol is used to ensure stability of RIP
connections.
The configuration roadmap is as follows:
1. Configure basic RIP functions.
2. Configure a keychain.
3. Apply the keychain to RIP.
Procedure
Step 1 Configure basic RIP functions.
# Configure Switch A.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] rip 1
[SwitchA-rip-1] version 2
[SwitchA-rip-1] network 192.168.1.0
[SwitchA-rip-1] quit
# Configure Switch B.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] rip 1
[SwitchB-rip-1] version 2
[SwitchB-rip-1] network 192.168.1.0
[SwitchB-rip-1] quit
# Configure Switch B.
[SwitchB] keychain huawei mode absolute
[SwitchB-keychain] receive-tolerance 100
[SwitchB-keychain] key-id 1
[SwitchB-keychain-keyid-1] algorithm md5
[SwitchB-keychain-keyid-1] key-string plain hello
[SwitchB-keychain-keyid-1] send-time utc 0:00 2012-3-12 to 23:59 2012-3-12
[SwitchB-keychain-keyid-1] receive-time utc 0:00 2012-3-12 to 23:59 2012-3-12
[SwitchB-keychain-keyid-1] quit
[SwitchB-keychain] quit
# Configure Switch B.
[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 192.168.1.2 24
[SwitchB-Vlanif10] rip authentication-mode md5 nonstandard keychain huawei
[SwitchB-Vlanif10] quit
Key ID Information:
----------------------
Key ID : 1
Key string : hello(plain)
Algorithm : MD5
SEND TIMER :
Start time : 2012-03-12 00:00
End time : 2012-03-12 23:59
Status : Active
RECEIVE TIMER :
Start time : 2012-03-12 00:00
End time : 2012-03-12 23:59
Status : Active
After the keychain is applied to RIP, run the display rip process-id interface verbose command
to check the authentication mode of RIP packets. The display on Switch A is used as an example.
<SwitchA> display rip 1 interface verbose
Vlanif10(192.168.1.1)
State : UP MTU : 500
Metricin : 0
Metricout : 1
Input : Enabled Output : Enabled
Protocol : RIPv2 Multicast
Send version : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets
Poison-reverse : Disabled
Split-Horizon : Enabled
Authentication type : MD5 (Non-standard - Keychain: huawei)
Last Sequence Number Sent : 0x0
Replay Protection : Disabled
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
keychain huawei mode absolute
receive-tolerance 100
#
key-id 1
algorithm md5
key-string plain hello
send-time utc 00:00 2012-03-12 to 23:59 2012-03-12
receive-time utc 00:00 2012-03-12 to 23:59 2012-03-12
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
rip authentication-mode md5 nonstandard keychain huawei
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
rip 1
version 2
network 192.168.1.0
#
return
Vlanif 10 Vlanif 10
192.168.1.1/24 192.168.1.2/24
GE0/0/1 GE0/0/1
SwitchA SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the basic keychain functions.
2. Configure a keychain for Switch to authenticate BGP.
Procedure
Step 1 Configure a keychain.
# Configure Switch A.
<Quidway> system-view
[Quidway] sysname SwitchA
# Configure Switch B.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] keychain huawei mode periodic weekly
[SwitchB-keychain] tcp-kind 182
[SwitchB-keychain] tcp-algorithm-id md5 17
[SwitchB-keychain] receive-tolerance 100
[SwitchB-keychain] key-id 1
[SwitchB-keychain-keyid-1] algorithm md5
[SwitchB-keychain-keyid-1] key-string plain hello
[SwitchB-keychain-keyid-1] send-time day fri sat
[SwitchB-keychain-keyid-1] receive-time day fri sat
[SwitchB-keychain-keyid-1] quit
[SwitchB-keychain] quit
# Configure Switch A.
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 192.168.1.1 24
[SwitchA-Vlanif10] quit
[SwitchA] bgp 1
[SwitchA-bgp] router-id 1.1.1.1
[SwitchA-bgp] peer 192.168.1.2 as-number 1
[SwitchA-bgp] peer 192.168.1.2 keychain huawei
[SwitchA-bgp] quit
# Configure Switch B.
[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 192.168.1.2 24
[SwitchB-Vlanif10] quit
[SwitchB] bgp 1
[SwitchB-bgp] router-id 2.2.2.2
[SwitchB-bgp] peer 192.168.1.1 as-number 1
[SwitchB-bgp] peer 192.168.1.1 keychain huawei
[SwitchB-bgp] quit
Run the display keychain keychain-name command to check the key-id status of the keychain.
<SwitchA> display keychain huawei
Keychain Information:
---------------------
Keychain Name : huawei
Timer Mode : Weekly periodic
Receive Tolerance(min) : 100
TCP Kind : 182
TCP Algorithm IDs :
HMAC-MD5 : 5
HMAC-SHA1-12 : 2
HMAC-SHA1-20 : 6
HMAC-SHA-256 : 7
SHA-256 : 8
MD5 : 3
SHA1 : 4
Number of Key IDs : 1
Active Send Key ID : 1
Active Receive Key IDs : 01
Default send Key ID : Not configured
Key ID Information:
-------------------
Key ID : 1
Key string : hello (plain)
Algorithm : MD5
SEND TIMER :
Day(s) : Fri Sat
Status : Active
RECEIVE TIMER :
Day(s) : Fri Sat
Status : Active
After the keychain is applied to BGP, run the display bgp peer ipv4-address verbose command
to check authentication information about the BGP peer. The display on Switch A is used as an
example.
<SwitchA> display bgp peer 192.168.1.2 verbose
Refresh messages 0
Authentication type configured: Keychain(huawei)
Last keepalive received: 2012/04/20 11:37:27
Last keepalive sent : 2012/04/20 11:37:27
Minimum route advertisement interval is 15 seconds
Optional capabilities:
Route refresh capability has been enabled
4-byte-as capability has been enabled
Peer Preferred Value: 0
Routing policy configured:
No routing policy is configured
----End
Configuration Files
l # Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
keychain huawei mode periodic weekly
receive-tolerance 100
tcp-kind 182
tcp-algorithm-id md5 17
#
key-id 1
algorithm md5
key-string plain hello
send-time day fri sat
receive-time day fri sat
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
bgp 1
router-id 1.1.1.1
peer 192.168.1.2 as-number 1
peer 192.168.1.2 keychain huawei
#
ipv4-family unicast
undo synchronization
peer 192.168.1.2 enable
#
ip address 192.168.1.2
255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
bgp 1
router-id 2.2.2.2
peer 192.168.1.1 as-number 1
peer 192.168.1.1 keychain huawei
#
ipv4-family unicast
undo synchronization
peer 192.168.1.1 enable
#
Product Support
S3300 Supported
Eth0/0/1
Eth0/0/2
L2 L3
network Gateway
network
User
network
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable ND snooping globally and in the interface view. Switch generates an ND snooping
dynamic binding table based on the DAD NS packets. Then Switch checks the validity of
other ND packets to prevent ND attacks such as address spoofing.
2. Configure the interface connecting to the gateway as the trusted interface. Switch generates
a prefix management table based on RA packets received from the trusted interface so that
user addresses can be managed flexibly. Interfaces connecting to hosts are untrusted
interfaces by default. After ND snooping is enabled, Switch filters out RA packets received
from untrusted interfaces to prevent RA attacks.
3. Configure automatic user status detection for users mapping ND snooping dynamic binding
entries so that mapping entries can be deleted in time when ND users are offline.
Procedure
Step 1 Enable ND snooping.
# Enable ND snooping globally.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] dhcp enable
[Switch] nd snooping enable
Step 3 Enable automatic user status detection for users mapping ND snooping dynamic binding entries.
# Enable automatic user status detection for users mapping ND snooping dynamic binding entries
and set the number of times and interval for sending NS packets to detect the user status.
[Switch] nd user-bind detect enable
[Switch] nd user-bind detect retransmit 5 interval 600
Run the display this command in the system view to check whether ND snooping and automatic
user status detection for users mapping ND snooping dynamic binding entries are enabled
globally.
[Switch] display this
dhcp enable
nd snooping enable
nd user-bind detect enable
nd user-bind detect retransmit 5 interval 600
Run the display this command to verify that ND snooping has been enabled on Eth0/0/2 and
Eth0/0/1 has been configured as the trusted interface.
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] display this
#
interface Ethernet0/0/2
nd snooping enable
#
return
[Switch-Ethernet0/0/2] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] display this
#
interface Ethernet0/0/1
nd snooping trusted
#
return
[Switch-Ethernet0/0/1] quit
[Switch] quit
Run the display nd snooping prefix command to view the prefix management table of ND
users.
<Switch> display nd snooping prefix
prefix-table:
Prefix Length Valid-Time Preferred-Time
--------------------------------------------------------------------------------
3001:: 64 100000 100000
--------------------------------------------------------------------------------
Prefix table total count: 1
Run the display nd snooping user-bind all command to view the ND snooping dynamic binding
table.
<Switch> display nd snooping user-bind all
ND Dynamic Bind-table:
Flags:O - outer vlan ,I - inner vlan ,P - map vlan
IP Address MAC Address VSI/VLAN(O/I/P) Lease
--------------------------------------------------------------------------------
3001::E58C:A2E7:AA4C:8E59 00e0-4c7c-af8f 10 /-- /-- 2011.05.06-20:09
--------------------------------------------------------------------------------
print count: 1 total count: 1
If the prefix management table and ND snooping dynamic binding table are generated on Switch,
ND snooping is configured successfully.
----End
Configuration File
#
sysname Switch
#
dhcp enable
nd snooping enable
nd user-bind detect enable
nd user-bind detect retransmit 5 interval 600
#
interface Ethernet0/0/1
nd snooping trusted
#
interface Ethernet0/0/2
nd snooping enable
#
return
Networking Requirements
As shown in Figure 8-25, SwitchA functions as an access device to connect to hosts in an
enterprise department. Many hosts exist in the department. To manage IPv6 addresses
efficiently, all hosts in the department obtain IPv6 addresses using DHCPv6. If an attacker sends
a large number of invalid DHCPv6 protocol packets or invalid IPv6 data packets, communication
of authorized users may be interrupted, and user accounts and passwords may be embezzled. To
prevent these problems, the administrator wants to configure SwitchA to defend against invalid
DHCPv6 protocol packets and invalid IPv6 data packets (with invalid source addresses) and
provides users with stable services on a secure network.
Figure 8-25 Networking diagram for configuring the SAVI function in a DHCPv6-Only scenario
DHCPv6 Server
DHCPv6 Client
G
E0
…… /0
/1 SwitchA Gateway
VLAN 2
GE0/0/2 Campus
Network
DHCPv6 Client VLAN 2
GE0/0/3
Attacker
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DHCPv6 snooping so that bindings between address and ports can be generated
for validity of the source addresses in DHCPv6 protocol packets and IPv6 data packets.
2. Enable the SAVI function so that the device can check the validity of the source addresses
in DHCPv6 protocol packets based on the DHCPv6 snooping binding entries and filter out
invalid packets.
3. Enable IP source guard so that the device can check the validity of the source addresses in
IPv6 data packets based on the DHCPv6 snooping binding entries and filter out invalid
packets.
Procedure
Step 1 Enable the SAVI function.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] savi enable
# Enable DHCPv6 protocol packet validity check against the DHCPv6 snooping binding table
in VLAN 2.
[SwitchA-vlan2] dhcp snooping check dhcp-request enable
[SwitchA-vlan2] quit
# Run the display this command in the VLAN view. The command output shows that DHCPv6
snooping, DHCPv6 protocol packet validity check against the DHCPv6 snooping binding table,
and IP source guard have been enabled in VLAN 2.
[SwitchA] vlan 2
[SwitchA-vlan2] display this
#
vlan 2
dhcp snooping enable
dhcp snooping check dhcp-request enable
ip source check user-bind
enable
#
return
[SwitchA-vlan2] quit
# Run the display this command in the interface view to verify that Eth0/0/3 connecting to the
DHCP server are configured as a trusted interface.
----End
Configuration File
Configuration file of SwitchA.
#
sysname SwitchA
#
vlan batch 2
#
dhcp enable
#
dhcp snooping enable
#
savi enable
#
vlan 2
dhcp snooping enable
dhcp snooping check dhcp-request enable
ip source check user-bind enable
#
interface Ethernet0/0/1
port link-type access
port default vlan 2
#
interface Ethernet0/0/2
port link-type access
port default vlan 2
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2
dhcp snooping trusted
#
return
Networking Requirements
As shown in Figure 8-26, SwitchA functions as an access device to connect to hosts in an
enterprise department. No DHCPv6 server is deployed on the network, and hosts in the
department can obtain IPv6 addresses using only SLAAC. If an attacker sends a large number
of invalid ND protocol packets or invalid IPv6 data packets, communication of authorized users
may be interrupted, and user accounts and passwords may be embezzled. To prevent these
problems, the administrator wants to configure SwitchA to defend against invalid ND protocol
packets and invalid IPv6 data packets (with invalid source addresses) and provides users with
stable services on a secure network.
Figure 8-26 Networking diagram for configuring the SAVI function in an SLAAC-Only
scenario
Host A
G
…… E0
/0 SwitchA Gateway
/1
VLAN 2
GE0/0/2 Internet
VLAN 2
Host B
GE0/0/3
Attacker
Configuration Roadmap
1. Configure ND snooping so that bindings between address and ports can be generated for
validity of the source addresses in ND protocol packets and IPv6 data packets.
2. Enable the SAVI function so that the device can check the validity of the source addresses
in ND protocol packets based on the ND snooping binding entries and filter out invalid
packets.
3. Enable IP source guard so that the device can check the validity of the source addresses in
IPv6 data packets based on the ND snooping binding entries and filter out invalid packets.
Procedure
Step 1 Enable the SAVI function.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] savi enable
# Run the display this command in the VLAN view. The command output shows that ND
snooping, ND6 protocol packet validity check, and IP source guard have been enabled in VLAN
2.
[SwitchA] vlan 2
[SwitchA-vlan2] display this
#
vlan 2
nd snooping enable
nd snooping check ns enable
nd snooping check na enable
ip source check user-bind
enable
#
return
[SwitchA-vlan2] quit
# Run the display this command in the interface view to verify that Eth0/0/3 connecting to the
ND server are configured as a trusted interface.
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] display this
#
interface GigabitEthernet0/0/3
port link-type trunk
----End
Configuration File
Configuration file of SwitchA.
#
sysname SwitchA
#
vlan batch 2
#
nd snooping enable
savi enable
#
vlan 2
nd snooping enable
nd snooping check ns enable
nd snooping check na enable
ip source check user-bind enable
#
interface Ethernet0/0/1
port link-type access
port default vlan 2
#
interface Ethernet0/0/2
port link-type access
port default vlan 2
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2
nd snooping trusted
#
return
Networking Requirements
As shown in Figure 8-27, SwitchA functions as an access device to connect to hosts in an
enterprise department. Some hosts in the department obtain IPv6 addresses using SLAAC, and
other hosts obtain IPv6 addresses using DHCPv6. If an attacker sends a large number of invalid
ND protocol packets, invalid DHCPv6 protocol packets, or invalid IPv6 data packets,
communication of authorized users may be interrupted, and user accounts and passwords may
be embezzled. To prevent these problems, the administrator wants to configure SwitchA to
defend against invalid ND protocol packets, invalid DHCPv6 protocol packets, and invalid IPv6
data packets (with invalid source addresses) and provides users with stable services on a secure
network.
Figure 8-27 Networking diagram for configuring the SAVI function in a DHCPv6+SLAAC
scenario
DHCPv6 Server
DHCPv6 Client
G
…… E0
/0 Gateway
/1 SwitchA
VLAN 2
GE0/0/2 Campus
Network
Host VLAN 2
GE0/0/3
Attacker
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DHCPv6 snooping so that bindings between address and ports can be generated
for validity of the source addresses in DHCPv6 protocol packets and IPv6 data packets.
2. Configure ND snooping so that bindings between address and ports can be generated for
validity of the source addresses in ND protocol packets and IPv6 data packets.
3. Enable the SAVI function so that the device can check the validity of the source addresses
in DHCPv6 protocol packets and ND protocol packets based on the DHCPv6 snooping and
ND snooping binding entries and filter out invalid packets.
4. Enable IP source guard so that the device can check the validity of the source addresses in
IPv6 data packets based on the DHCPv6 snooping and ND snooping binding entries and
filter out invalid packets.
Procedure
Step 1 Enable the SAVI function.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] savi enable
# Enable DHCPv6 protocol packet validity check against the DHCPv6 snooping binding table
in VLAN 2.
[SwitchA-vlan2] dhcp snooping check dhcp-request enable
[SwitchA-vlan2] quit
dhcp enable
#
dhcp snooping enable
#
nd snooping enable
savi enable
#
return
# Run the display this command in the VLAN view. The command output shows that DHCPv6
snooping, DHCPv6 protocol packet validity check against the DHCPv6 snooping binding table,
ND snooping, ND protocol packet validity check, and IP source guard have been enabled in
VLAN 2.
[SwitchA] vlan 2
[SwitchA-vlan2] display this
#
vlan 2
dhcp snooping enable
dhcp snooping check dhcp-request enable
nd snooping enable
nd snooping check ns enable
nd snooping check na enable
ip source check user-bind enable
#
return
[SwitchA-vlan2] quit
# Run the display this command in the interface view to verify that Eth0/0/3 is configures as
the DHCP snooping trusted interface and the ND snooping trusted interface.
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] display this
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2
dhcp snooping trusted
nd snooping trusted
#
return
----End
Configuration File
Configuration file of SwitchA.
#
sysname SwitchA
#
vlan batch 2
#
dhcp enable
#
dhcp snooping enable
#
nd snooping enable
savi enable
#
vlan 2
dhcp snooping enable
dhcp snooping check dhcp-request enable
nd snooping enable
nd snooping check ns enable
nd snooping check na enable
ip source check user-bind enable
#
interface Ethernet0/0/1
This document describes the configuration of BFD, DLDP, VRRP, SmartLink, RRPP, ERPS,
Ethernet OAM and MAC swap loopback to ensure reliability on the device.
Ethernet in the First Mile (EFM) can be enabled on both devices of a point-to-point link to
monitor connectivity and link quality.
9.10 CFM Configuration
Connectivity fault management (CFM) defines OAM functions and applies to large-scale end-
to-end Ethernet networks. It monitors network connectivity and locates connectivity faults.
9.11 Y.1731 Configuration
Y.1731 provides fault detection and fault management on an Ethernet end-to-end link.
Networking Requirements
As shown in Figure 9-1, SwitchA and SwitchB are connected through a Layer 2 interface. Faults
on the link between SwitchA and SwitchB need to be fast detected.
SwitchA SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
Configure BFD sessions on SwitchA and SwitchB to detect faults on the link between
SwitchA and SwitchB.
Procedure
Step 1 Configure single-hop BFD on SwitchA.
# Enable BFD on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] bfd
[SwitchA-bfd] quit
After the configuration is complete, run the display bfd session all verbose command on
SwitchA and SwitchB. You can see that a single-hop BFD session is set up and its status is
Down. The display on SwitchA is used as an example.
<SwitchA> display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 4097 (One Hop) State : Down Name : atob
--------------------------------------------------------------------------------
Local Discriminator : 1 Remote Discriminator : 2
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Interface(Ethernet0/0/1)
Bind Session Type : Static
Bind Peer IP Address : 224.0.0.184
NextHop Ip Address : 224.0.0.184
Bind Interface : Ethernet0/0/1
FSM Board Id : 0 TOS-EXP : 7
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): 13000 Actual Rx Interval (ms): 13000
Local Detect Multi : 3 Detect Interval (ms) : -
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
bfd
#
bfd atob bind peer-ip default-ip interface Ethernet0/0/1
discriminator local 1
discriminator remote 2
commit
#
return
Networking Requirements
As shown in Figure 9-2, SwitchA connects to SwitchB through the VLANIF interface. Faults
on the link between SwitchA and SwitchB need to be fast detected.
Figure 9-2 Networking diagram for configuring single-hop BFD on a VLANIF interface
VLANIF100 VLANIF100
10.1.1.5/24 10.1.1.6/24
Eth0/0/1 Eth0/0/1
SwitchA SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
Configure BFD sessions on SwitchA and SwitchB.
Procedure
Step 1 On SwitchA and SwitchB, create VLANs, configure Eth0/0/1 interfaces as hybrid interfaces,
and add Eth0/0/1 interfaces to VLANs. The configuration details are not mentioned here.
Step 2 Configure IP addresses for VLANIF interfaces so that SwitchA and SwitchB can communicate
at Layer 3. The configuration details are not mentioned here.
Step 3 Configure single-hop BFD.
# Enable BFD and create a BFD session on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] bfd
[SwitchA-bfd] quit
[SwitchA] bfd atob bind peer-ip 10.1.1.6 interface vlanif 100
[SwitchA-bfd-session-atob] discriminator local 1
[SwitchA-bfd-session-atob] discriminator remote 2
[SwitchA-bfd-session-atob] commit
[SwitchA-bfd-session-atob] quit
# Run the shutdown command on the Eth0/0/1 interface of SwitchA to simulate a link fault.
[SwitchA] interface Ethernet 0/0/1
[SwitchA-Ethernet0/0/1] shutdown
[SwitchA-Ethernet0/0/1] quit
After the configuration is complete, run the display bfd session all verbose command on
SwitchA and SwitchB. You can see that a single-hop BFD session is set up and its status is
Down. Take the display on SwitchA as an example.
[SwitchA] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 4097 (One Hop) State : Down Name : atob
--------------------------------------------------------------------------------
Local Discriminator : 1 Remote Discriminator : 2
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Interface(Vlanif100)
Bind Session Type : Static
Bind Peer IP Address : 10.1.1.6
NextHop Ip Address : 10.1.1.6
Bind Interface : Vlanif100
FSM Board Id : 0 TOS-EXP : 7
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): 13000 Actual Rx Interval (ms): 13000
Local Detect Multi : 3 Detect Interval (ms) : -
Echo Passive : Disable Acl Number : -
Destination Port : 3784 TTL : 255
Proc Interface Status : Disable
WTR Interval (ms) : -
Active Multi : 3
Last Local Diagnostic : Control Detection Time Expired
Bind Application : No Application Bind
Session TX TmrID : 16897 Session Detect TmrID : -
Session Init TmrID : - Session WTR TmrID : -
Session Echo Tx TmrID : -
PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description : -
--------------------------------------------------------------------------------
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
bfd
#
interface Vlanif100
ip address 10.1.1.5 255.255.255.0
#
interface Ethernet0/0/1
Networking Requirements
As shown in Figure 9-3, SwitchA is indirectly connected to SwitchC. Static routes are
configured so that SwitchA can communicate with SwitchC. Faults on the link between
SwitchA and SwitchC need to be fast detected.
VLAN 10 VLAN 20
SwitchA SwitchB SwitchC
Configuration Roadmap
The configuration roadmap is as follows:
Configure BFD sessions on SwitchA and SwitchC to detect the multi-hop route.
Procedure
Step 1 Add interfaces to VLANs, create VLANIF interfaces, and assign IP addresses to VLANIF
interfaces. The configuration details are not mentioned here.
Step 2 Configure a reachable static route between SwitchA and SwitchC.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] ip route-static 10.2.0.0 16 10.1.1.2
The configuration of SwitchC is similar to the configuration of SwitchA, and is not mentioned
here.
Step 3 Configure multi-hop BFD.
# Create a BFD session between SwitchA and SwitchC.
[SwitchA] bfd
[SwitchA-bfd] quit
[SwitchA] bfd atoc bind peer-ip 10.2.1.2
[SwitchA-bfd-session-atoc] discriminator local 10
[SwitchA-bfd-session-atoc] discriminator remote 20
[SwitchA-bfd-session-atoc] commit
[SwitchA-bfd-session-atoc] quit
--------------------------------------------------------------------------------
# Run the shutdown command on the Eth0/0/1 interface of SwitchA to simulate a link fault.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] shutdown
[SwitchA-Ethernet0/0/1] quit
After the configuration, run the display bfd session all verbose command on SwitchA and
SwitchB. You can see that a multi-hop BFD session is set up and the status is Down. Take the
display on SwitchA as an example.
<SwitchA> display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 4097 (Multi Hop) State :Down Name : atoc
--------------------------------------------------------------------------------
Local Discriminator : 10 Remote Discriminator : 20
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Peer IP Address
Bind Session Type : Static
Bind Peer IP Address : 10.2.1.2
Bind Interface : -
FSM Board Id : 0 TOS-EXP : 7
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): 13000 Actual Rx Interval (ms): 13000
Local Detect Multi : 3 Detect Interval (ms) : -
Echo Passive : Disable Acl Number : -
Destination Port : 3784 TTL : 255
Proc Interface Status : Disable
WTR Interval (ms) : -
Active Multi : 3
Last Local Diagnostic : Control Detection Time Expired
Bind Application : No Application Bind
Session TX TmrID : 16897 Session Detect TmrID : -
Session Init TmrID : - Session WTR TmrID : -
Session Echo Tx TmrID : -
PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description : -
--------------------------------------------------------------------------------
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
bfd
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
bfd atoc bind peer-ip 10.2.1.2
discriminator local 10
discriminator remote 20
commit
#
#
bfd ctoa bind peer-ip 10.1.1.1
discriminator local 20
discriminator remote 10
commit
#
ip route-static 10.1.0.0 255.255.0.0 10.2.1.1
#
return
9.1.4 Example for Associating the BFD Session Status with the
Interface Status
Networking Requirements
As shown in Figure 9-4, SwitchA is directly connected to SwitchB and Layer 2 transmission
devices, SwitchC and SwitchD, are deployed between them. It is required that SwitchA and
SwitchB fast detect link faults to trigger fast route convergence.
Figure 9-4 Associating the BFD session status with the interface status
VLAINF10 VLAINF10
10.1.1.1/24 10.1.1.2/24
GE0/0/1 GE0/0/1
SwitchA SwitchC SwitchD SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure BFD sessions on SwitchA and SwitchB to detect faults on the link between
SwitchA and SwitchB.
2. Configure association between the BFD session status and interface status on SwitchA and
SwitchB after the BFD session becomes Up.
Procedure
Step 1 Set IP addresses of the directly connected interfaces on SwitchA and SwitchB.
# Assign an IP address to the interface of SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 10
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 10
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 24
[SwitchA-Vlanif10] quit
# Enable BFD on SwitchB and set up the BFD session between SwitchA and SwitchB.
[SwitchB] bfd
[SwitchB-bfd] quit
# After the configuration is complete, run the display bfd session all verbose command on
SwitchA and SwitchB. You can see that a single-hop BFD session is set up and its status is Up.
The display on SwitchA is used as an example.
[SwitchA] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 16384 (One Hop) State : Up Name : atob
--------------------------------------------------------------------------------
Local Discriminator : 10 Remote Discriminator : 20
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Interface(Ethernet0/0/1)
Bind Session Type : Static
Bind Peer Ip Address : 224.0.0.184
NextHop Ip Address : 224.0.0.184
Bind Interface : Ethernet0/0/1
FSM Board Id : 0 TOS-EXP : 7
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000
Local Detect Multi : 3 Detect Interval (ms) : 3000
Echo Passive : Disable Acl Number : --
Destination Port : 3784 TTL : 255
Proc interface status : Disable Process PST : Disable
WTR Interval (ms) : --
Active Multi : 3
Last Local Diagnostic : No Diagnostic
Bind Application : No Application Bind
Session TX TmrID : -- Session Detect TmrID : --
Session Init TmrID : -- Session WTR TmrID : --
Session Echo Tx TmrID : -
PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description : --
--------------------------------------------------------------------------------
Step 3 Configuring association between BFD session status and interface status.
# Configure association between the BFD session status and the interface status on SwitchA.
[SwitchA] bfd atob
[SwitchA-bfd-session-atob] process-interface-status
[SwitchA-bfd-session-atob] quit
# Configure association between the BFD session status and the interface status on SwitchB.
[SwitchB] bfd btoa
[SwitchB-bfd-session-btoa] process-interface-status
[SwitchB-bfd-session-btoa] quit
Run the shutdown command on Eth0/0/1 of SwitchB to make the BFD session go Down.
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] shutdown
[SwitchB-Ethernet0/0/1] quit
Run the display bfd session all verbose and display interface ethernet 0/0/1 commands on
SwitchA. You can see that the BFD session status is Down, and the status of GE0/0/1 is UP
(BFD status down).
[SwitchA] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 16384 (One Hop) State : Down Name : atob
--------------------------------------------------------------------------------
Local Discriminator : 10 Remote Discriminator : 20
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Interface(Ethernet0/0/1)
Bind Session Type : Static
Bind Peer Ip Address : 224.0.0.184
NextHop Ip Address : 224.0.0.184
Bind Interface : Ethernet0/0/1
FSM Board Id : 0 TOS-EXP : 7
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 10
Actual Tx Interval (ms): 13000 Actual Rx Interval (ms): 13000
Local Detect Multi : 3 Detect Interval (ms) : 30
Echo Passive : Disable Acl Number : --
Destination Port : 3784 TTL : 255
Proc interface status : Enable Process PST : Disable
WTR Interval (ms) : --
Active Multi : 3
Last Local Diagnostic : Control Detection Time Expired
Bind Application : IFNET
Session TX TmrID : -- Session Detect TmrID : --
Session Init TmrID : -- Session WTR TmrID : --
Session Echo Tx TmrID : -
PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description : --
--------------------------------------------------------------------------------
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
bfd
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
bfd atob bind peer-ip default-ip interface Ethernet0/0/1
discriminator local 10
discriminator remote 20
process-interface-status
commit
#
return
vlan batch 10
#
bfd
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
bfd btoa bind peer-ip default-ip interface Ethernet0/0/1
discriminator local 20
discriminator remote 10
process-interface-status
commit
#
return
Networking Requirements
As shown in Figure 9-5, CE1 is dual-homed to PE1 and PE2, and CE2 is dual-homed to PE3
and PE4. Traffic is forwarded through the primary path CE1 -> PE1 -> PE3 -> CE2. It is required
that faults on links between PEs be fast detected so that CEs can detect faults and traffic is
switched to the standby path CE1 -> PE2 -> PE4 -> CE2.
NOTE
The CEs must be directly connected to the PEs and no Layer 2 devices are deployed between CE1 and PE1
and between CE2 and PE2.
Figure 9-5 Networking diagram for configuring association between a BFD session and an
interface
GE0/0/2
PE1 Vlanif20 PE3
20.1.1.1/24
GE0/0/2
GE0/0/1 Vlanif30
Vlanif10 GE0/0/1
Vlanif20 30.1.1.1/24
10.1.1.2/24
20.1.1.2/24
GE0/0/1 GE0/0/1
GE0/0/3 CE2 GE0/0/3
Vlanif10 Vlanif30
Vlanif100 Vlanif110
10.1.1.1/24 30.1.1.2/24
100.1.1.1/24 110.1.1.1/24
CE1
GE0/0/2 GE0/0/2
Vlanif40 Vlanif60
40.1.1.1/24 GE0/0/2 60.1.1.1/24
Vlanif50
GE0/0/1 GE0/0/2
50.1.1.1/24
Vlanif40 Vlanif60
40.1.1.2/24 GE0/0/1 60.1.1.2/24
PE2 Vlanif50 PE4
50.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure devices to advertise routes through OSPF and set the OSPF cost of VLANIF 40
on CE1 and VLANIF 60 on CE2 to 10 so that traffic is transmitted through the primary
path CE1 -> PE1 -> PE3 -> CE2.
2. Create a BFD session on PE1 to detect the directly connected link between PE1 and PE2.
3. Create a BFD session on PE3 to detect the directly connected link between PE2 and PE1.
4. Associate the BFD session with GE0/0/1 on PE1, and associate the BFD session with
GE0/0/2 on PE3.
Procedure
Step 1 Configure interface IP addresses.
Configure VLANs allowed by interfaces and assign IP addresses to VLANIF interfaces
according to Figure 9-5.
The configuration details are not mentioned here.
Step 2 Configure a routing protocol.
OSPF is used in this example.
Run OSPF on CEs and PEs. To ensure that traffic is transmitted through the path CE1 -> PE1 -
> PE3 -> CE2, increase the OSPF cost of VLANIF 40 on CE1 and VLANIF 60 on CE2. For
example, change the cost to 10.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
The configurations of PE2, PE3, and PE4 are similar to the configuration of PE1, and are not
mentioned here.
# Configure CE1.
[CE1] ospf 1
[CE1-ospf-1] area 0.0.0.0
[CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[CE1-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[CE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[CE1-ospf-1-area-0.0.0.0] quit
[CE1-ospf-1] quit
[CE1] interface vlanif 40
[CE1-Vlanif40] ospf cost 10
[CE1-Vlanif40] quit
# Configure CE2.
[CE2] ospf 1
[CE2-ospf-1] area 0.0.0.0
[CE2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[CE2-ospf-1-area-0.0.0.0] network 60.1.1.0 0.0.0.255
[CE2-ospf-1-area-0.0.0.0] network 110.1.1.0 0.0.0.255
[CE2-ospf-1-area-0.0.0.0] quit
[CE2-ospf-1] quit
[CE2] interface vlanif 60
[CE2-Vlanif60] ospf cost 10
[CE2-Vlanif60] quit
Run the display ip routing-table command on CE1. You can see that the outbound interface
for the route from CE1 to 110.1.1.0/24 is VLANIF 10, indicating that traffic is transmitted along
the primary path.
[CE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
# Configure PE1.
[PE1] bfd
[PE1-bfd] quit
[PE1] bfd pe1tope3 bind peer-ip 20.1.1.2 interface vlanif 20
[PE1-bfd-session-pe1tope3] discriminator local 1
[PE1-bfd-session-pe1tope3] discriminator remote 2
[PE1-bfd-session-pe1tope3] commit
[PE1-bfd-session-pe1tope3] quit
# Configure PE3.
[PE3] bfd
[PE3-bfd] quit
[PE3] bfd pe3tope1 bind peer-ip 20.1.1.1 interface vlanif 20
[PE3-bfd-session-pe3tope1] discriminator local 2
[PE3-bfd-session-pe3tope1] discriminator remote 1
[PE3-bfd-session-pe3tope1] commit
[PE3-bfd-session-pe3tope1] quit
# Configure PE1.
[PE1] oam-mgr
[PE1-oam-mgr] oam-bind bfd-session 1 trigger if-down interface ethernet 0/0/1
[PE1-oam-mgr] quit
# Configure PE3.
[PE3] oam-mgr
[PE3-oam-mgr] oam-bind bfd-session 2 trigger if-down interface ethernet 0/0/2
[PE3-oam-mgr] quit
Run the shutdown command on Eth0/0/1 of PE3 to simulate a link fault. After receiving the
fault notification message encapsulated into a BFD packet sent by the OAM management
module, CE1 can detect the link fault between PE1 and PE3.
Run the display bfd session all verbose command on PE1. You can see that the BFD session
becomes Down and the value of Bind Application is ETHOAM.
[PE1] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 258 (One Hop) State : Down Name : pe1tope3
--------------------------------------------------------------------------------
Local Discriminator : 1 Remote Discriminator : 2
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Interface(Vlanif20)
Bind Session Type : Static
Bind Peer IP Address : 20.1.1.2
NextHop Ip Address : 20.1.1.2
Bind Interface : Vlanif20
FSM Board Id : 0 TOS-EXP : 7
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): 11000 Actual Rx Interval (ms): 11000
Local Detect Multi : 3 Detect Interval (ms) : -
Echo Passive : Disable Acl Number : -
Destination Port : 3784 TTL : 255
Proc Interface Status : Disable Process PST : Disable
WTR Interval (ms) : -
Active Multi : 3
Last Local Diagnostic : Control Detection Time Expired
Bind Application : ETHOAM
Session TX TmrID : 16483 Session Detect TmrID : -
Session Init TmrID : - Session WTR TmrID : -
Session Echo Tx TmrID : -
PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description : -
--------------------------------------------------------------------------------
Run the display ip routing table command on CE1 to check the route from CE1 to CE2. The
next hop of 110.1.1.0/24 is 40.1.1.2. That is, the traffic is forwarded through the standby path.
[CE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10 40 100
#
bfd
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif40
ip address 40.1.1.1 255.255.255.0
ospf cost 10
#
interface Vlanif100
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
network 100.1.1.0 0.0.0.255
#
return
#
ospf 1
area 0.0.0.0
network 30.1.1.0 0.0.0.255
network 60.1.1.0 0.0.0.255
network 110.1.1.0 0.0.0.255
#
return
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20
#
bfd
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
bfd pe1tope3 bind peer-ip 20.1.1.2 interface Vlanif20
discriminator local 1
discriminator remote 2
commit
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
oam-mgr
oam-bind ingress interface GigabitEthernet0/0/1 egress bfd-session 1 trigger
if-down
oam-bind ingress bfd-session 1 trigger if-down egress interface
GigabitEthernet0/0/1
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 40 50
#
bfd
#
interface Vlanif40
ip address 40.1.1.2 255.255.255.0
#
interface Vlanif50
ip address 50.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1
area 0.0.0.0
network 40.1.1.0 0.0.0.255
network 50.1.1.0 0.0.0.255
#
return
l Configuration file of PE3
#
sysname PE3
#
vlan batch 20 30
#
bfd
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 30.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
bfd pe3tope1 bind peer-ip 20.1.1.1 interface Vlanif20
discriminator local 2
discriminator remote 1
commit
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
oam-mgr
oam-bind ingress interface GigabitEthernet0/0/2 egress bfd-session 2 trigger
if-down
oam-bind ingress bfd-session 2 trigger if-down egress interface
GigabitEthernet0/0/2
#
return
l Configuration file of PE4
#
sysname PE4
#
vlan batch 50 60
#
bfd
#
interface Vlanif50
ip address 50.1.1.2 255.255.255.0
#
interface Vlanif60
ip address 60.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
ospf 1
area 0.0.0.0
network 50.1.1.0 0.0.0.255
network 60.1.1.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 9-6, SwitchA connects to SwitchB through a direct link. SwitchA supports
BFD, whereas SwitchB does not support BFD. Faults on the link between SwitchA and
SwitchB need to be fast detected.
Figure 9-6 Networking diagram for configuring the BFD echo function
Configuration Roadmap
The configuration roadmap is as follows:
l Configure the BFD echo function on SwitchA to detect faults on the link between
SwitchA and SwitchB.
Procedure
Step 1 On SwitchA and SwitchB, create VLANs, and configure Eth0/0/1 interfaces as hybrid interfaces
and add the interfaces to VLANs.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 13
[SwitchA-vlan13] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 13
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 13
[SwitchA-Ethernet0/0/1] quit
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan 13
[SwitchB-vlan13] quit
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port hybrid pvid vlan 13
[SwitchB-Ethernet0/0/1] port hybrid untagged vlan 13
[SwitchB-Ethernet0/0/1] quit
Step 2 Set IP addresses of VLANIF interfaces so that SwitchA can communicate with SwitchB at Layer
3.
# Configure SwitchA.
[SwitchA] interface vlanif13
[SwitchA-Vlanif13] ip address 10.1.1.5 24
[SwitchA-Vlanif13] quit
# Configure SwitchB.
[SwitchB] interface vlanif13
[SwitchB-Vlanif13] ip address 10.1.1.6 24
[SwitchB-Vlanif13] quit
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 13
#
bfd
#
interface Vlanif13
ip address 10.1.1.5 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 13
port hybrid untagged vlan 13
#
bfd atob bind peer-ip 10.1.1.6 interface Vlanif13 source-ip 10.1.1.5 one-arm-
echo
discriminator local 1
min-echo-rx-interval 100
commit
#
return
Networking Requirements
As shown in Figure 9-7, SwitchA and SwitchB are connected through a pair of optical fibers.
On an optical fiber, Rx indicates the receive end, and Tx indicates the transmit end. The
requirement is to detect unidirectional links.
Eth0/0/1 Eth0/0/1
Tx Rx
Switch A Switch B
Rx Tx
Configuration Roadmap
1. Configure the interfaces on both ends to work in non-auto-negotiation mode.
2. Enable DLDP to detect unidirectional links between SwitchA and SwitchB.
3. Adjust DLDP parameters to detect unidirectional links more efficiently.
Procedure
Step 1 Configure the interfaces on SwitchA to work in non-auto negotiation mode.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] undo negotiation auto
[SwitchA-Ethernet0/0/1] quit
Step 4 Set the interval for sending Advertisement packets to 10 seconds on SwitchA.
[SwitchA] dldp interval 10
Step 5 Set the timeout value of the DelayDown timer to 4 seconds on SwitchA.
[SwitchA] dldp delaydown-timer 4
Step 6 Set the authentication mode of DLDP packets to simple password authentication and set the
password to 12345 on SwitchA.
[SwitchA] dldp authentication-mode simple 12345
Interface Ethernet0/0/1
DLDP port state: advertisement
DLDP link state: up
The neighbor number of the port is: 1.
Neighbor mac address:80fb-0636-792d
Neighbor port index:49
Neighbor state:two way
Neighbor aged time:16
Simulate an optical fiber disconnection by removing the receive optical fiber from SwitchA.
DLDP automatically shuts down Eth0/0/1 on SwitchB when a unidirectional link occurs between
SwitchA and Eth0/0/1 on SwitchB.
# Run the display dldp command on SwitchA and SwitchB. The command output shows that
the DLDP status of Eth0/0/1 on SwitchA is inactive, and the DLDP status of Eth0/0/1 on
SwitchB is disable.
[SwitchA] display dldp interface ethernet 0/0/1
Interface Ethernet0/0/1
DLDP port state: inactive
DLDP link state: down
The neighbor number of the port is: 0.
[SwitchB] display dldp interface ethernet 0/0/1
Interface Ethernet0/0/1
DLDP port state: disable
DLDP link state: up
The neighbor number of the port is: 0.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
dldp enable
dldp interval 10
dldp delaydown-timer 4
dldp authentication-mode simple 12345
#
interface Ethernet0/0/1
dldp enable
undo negotiation auto
#
return
Networking Requirements
As shown in Figure 9-8, SwitchA and SwitchB are connected through a pair of optical fibers.
On an optical fiber, Rx indicates the receive end, and Tx indicates the transmit end. Optical
fibers may be cross connected, as shown in Figure 9-9. The requirement is to detect
unidirectional links caused by cross connections of optical fibers.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the interfaces on both ends to work in non-auto-negotiation mode.
2. Enable DLDP to detect unidirectional links between SwitchA and SwitchB.
3. Adjust DLDP parameters to detect unidirectional links more efficiently.
Procedure
Step 1 Configure the interfaces on SwitchA to work in non-auto negotiation mode.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] undo negotiation auto
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] undo negotiation auto
[SwitchA-Ethernet0/0/2] quit
Step 4 Set the interval for sending Advertisement packets to 10 seconds on SwitchA.
[SwitchA] dldp interval 10
Step 5 Set the timeout value of the DelayDown timer to 4 seconds on SwitchA.
[SwitchA] dldp delaydown-timer 4
Step 6 Set the authentication mode of DLDP packets to simple password authentication and set the
password to 12345 on SwitchA.
[SwitchA] dldp authentication-mode simple 12345
As shown in Figure 9-9, if a unidirectional link occurs between the interfaces on SwitchA and
SwitchB due to cross connections of optical fibers, DLDP will shut down the interfaces.
Run the display dldp command on SwitchA and SwitchB. The command output shows that the
DLDP status of interfaces on SwitchA and SwitchB is disable.
[SwitchA] display dldp interface ethernet 0/0/1
Interface Ethernet0/0/1
DLDP port state: disable
DLDP link state: up
The neighbor number of the port is: 0
[SwitchA] display dldp interface ethernet 0/0/2
Interface Ethernet0/0/2
DLDP port state: disable
DLDP link state: up
The neighbor number of the port is: 0
[SwitchB] display dldp interface ethernet 0/0/1
Interface Ethernet0/0/1
DLDP port state: disable
DLDP link state: up
The neighbor number of the port is: 0
[SwitchB] display dldp interface ethernet 0/0/2
Interface Ethernet0/0/2
DLDP port state: disable
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
dldp enable
dldp interval 10
dldp delaydown-timer 4
dldp authentication-mode simple 12345
#
interface Ethernet0/0/1
dldp enable
undo negotiation auto
#
interface Ethernet0/0/2
dldp enable
undo negotiation auto
#
return
Networking Requirements
On SwitchB, Eth0/0/1 connects to an Ethernet network and Eth0/0/2 connects to users. A local
MAC swap loopback test needs to be performed to test connectivity and performance of the
Ethernet network. The local MAC swap loopback test checks performance of SwitchB.
Tester
Users
SwitchA SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VLAN and add Eth0/0/1 and Eth0/0/2 to the VLAN.
2. Configure local MAC swap loopback on SwitchB.
3. Enable the MAC swap loopback function on SwitchB to detect network connectivity and
network quality.
Procedure
Step 1 Create VLAN 100 on SwitchB, configure Eth0/0/1 as a trunk interface and Eth0/0/2 as a hybrid
interface, and add the interfaces to VLAN 100.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 100
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port link-type trunk
[SwitchB-Ethernet0/0/1] port trunk allow-pass vlan 100
[SwitchB-Ethernet0/0/1] quit
[SwitchB] interface ethernet 0/0/2
[SwitchB-Ethernet0/0/2] port hybrid pvid vlan 100
[SwitchB-Ethernet0/0/2] port hybrid untagged vlan 100
Step 2 Configure local MAC swap loopback on Eth0/0/2 of SwitchB and specify Eth0/0/1 as the
outbound interface of loopback Ethernet frames. Enable the MAC swap loopback function.
[SwitchB-Ethernet0/0/2] loopback local swap-mac source-mac 0018-2000-0085 dest-mac
018-2000-0070 vlan 100 interface ethernet 0/0/1 timeout 80
[SwitchB-Ethernet0/0/2] loopback swap-mac start
[SwitchB-Ethernet0/0/2] quit
----End
Configuration Files
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 100
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
loopback local swap-mac source-mac 0018-2000-0085 dest-mac 0018-2000-0070
vlan 100 interface Ethernet0/0/1 timeout 80
#
return
Networking Requirements
Eth0/0/1 on SwitchB connects to an Ethernet network. A remote MAC swap loopback test needs
to be performed to test connectivity and performance of the Ethernet network. The remote MAC
swap loopback test does not check performance of SwitchB.
Tester
Ethernet Eth0/0/1
Users
SwitchA SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Create VLAN 100 on SwitchB, configure Eth0/0/1 as a trunk interface, and add Eth0/0/1 to
VLAN 100.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 100
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port link-type trunk
[SwitchB-Ethernet0/0/1] port trunk allow-pass vlan 100
[SwitchB-Ethernet0/0/1] quit
Step 2 Configure remote MAC swap loopback on Eth0/0/1 of SwitchB and enable the MAC swap
loopback function.
[SwitchB-Ethernet0/0/1] loopback remote swap-mac source-mac 0018-2000-0085 dest-
mac 018-2000-0070 vlan 100 timeout 80
[SwitchB-Ethernet0/0/1] loopback swap-mac start
[SwitchB-Ethernet0/0/1] quit
# After completing the configuration, run the display loopback swap-mac information
command to verify the configuration. If the configuration is correct, send Ethernet frames from
the tester to test network performance.
[SwitchB] display loopback swap-mac information
Loopback type : remote
Loopback state : running
Loopback test time(s) : 80
Loopback interface : Ethernet0/0/1
Loopback output interface : Ethernet0/0/1
Loopback source MAC : 0018-2000-0085
Loopback destination MAC : 0018-2000-0070
Loopback vlan : 100
Loopback inner vlan : 0
Loopback packets : 0
----End
Configuration Files
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 100
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
loopback remote swap-mac source-mac 0018-2000-0085 dest-mac 0018-2000-0070
vlan 100 timeout 80
#
return
Networking Requirements
As shown in Figure 9-12, the user-side network is connected to the MAN in dual-homing mode
to ensure network reliability. Multiple VLAN data flows exist on the network. To increase the
link use efficiency, the two uplinks both forward the data flows. The service interruption duration
is restricted to millisecond level.
Figure 9-12 Example for configuring load balancing between active and standby links of a Smart
Link group
Core
Network
SwitchB SwitchC
Eth0/0/2 Eth0/0/2
Eth0/0/1 Eth0/0/1
VLAN
100 500
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a Smart Link group on Switch A and add the corresponding interface to the Smart
Link group.
2. Map VLAN 100 and VLAN 500 to load balancing Instance 10.
3. Configure load balancing on Switch A and forward the data flows from VLANs mapped
to instance 10 through the backup link.
4. Enable revertive switching on Switch A to switch traffic to the original active link.
5. Enable the function of sending Flush packets on Switch A.
6. Enable the function of receiving Flush packets on Switch B and Switch C.
7. Enable Smart Link on Switch A.
Procedure
Step 1 Create VLANs on SwitchA, and configure interfaces to allow these VLANs.
<SwitchA> system-view
[SwitchA] vlan batch 10 100 500
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port link-type trunk
[SwitchA-Ethernet0/0/1] port trunk allow-pass vlan 10 100 500
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port link-type trunk
[SwitchA-Ethernet0/0/2] port trunk allow-pass vlan 10 100 500
[SwitchA-Ethernet0/0/2] quit
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and are
not mentioned here.
Step 2 Configure VLAN mapping on SwitchA.
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 10 vlan 100 500
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
Step 3 Disable STP on uplink interfaces, add the interfaces to the Smart Link group, and specify the
master and slave interfaces.
# Configure SwitchA.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] stp disable
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] stp disable
[SwitchA-Ethernet0/0/2] quit
[SwitchA] smart-link group 1
[SwitchA-smlk-group1] port ethernet 0/0/1 master
[SwitchA-smlk-group1] port ethernet 0/0/2 slave
# Configure SwitchC.
[SwitchC] interface ethernet 0/0/1
[SwitchC-Ethernet0/0/1] smart-link flush receive control-vlan 10 password simple
123
[SwitchC-Ethernet0/0/1] quit
[SwitchC] interface ethernet 0/0/2
[SwitchC-Ethernet0/0/2] smart-link flush receive control-vlan 10 password simple
123
[SwitchC-Ethernet0/0/2] quit
# Run the shutdown command to shut down Eth 0/0/1, and you can find that Eth 0/0/1 is in
Inactive state and Eth 0/0/2 is in Active state.
[SwitchA-Ethernet0/0/1] shutdown
[SwitchA-Ethernet0/0/1] display smart-link group 1
Smart Link group 1 information :
Smart Link group was enabled
Wtr-time is: 30 sec.
Load-Balance Instance: 10
There is no protected-vlan reference-instance
DeviceID: 0018-2000-0083 Control-vlan ID: 10
Member Role State Flush Count Last-Flush-Time
------------------------------------------------------------------------
Ethernet0/0/1 Master Inactive 0 2009/01/05 10:33:46 UTC
+05:00
Ethernet0/0/2 Slave Active 1 2009/01/05 10:34:46 UTC
+05:00
# Run the undo shutdown command to enable Eth 0/0/1 and wait for 30 seconds, and you can
find that Eth 0/0/1 is in Active state and Eth 0/0/2 is in Inactive state.
[SwitchA-Ethernet0/0/1] undo shutdown
[SwitchA-Ethernet0/0/1] display smart-link group 1
Smart Link group 1 information :
Smart Link group was enabled
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 100 500
#
stp region-configuration
instance 10 vlan 100 500
active region-configuration
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100 500
stp disable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100 500
stp disable
#
smart-link group 1
load-balance instance 10 slave
restore enable
smart-link enable
port Ethernet0/0/1 master
port Ethernet0/0/2 slave
timer wtr 30
flush send control-vlan 10 password simple 123
#
return
Networking Requirements
As shown in Figure 9-13, SwitchC on the MAN is connected to user networks. It accesses the
backbone network through upstream devices SwitchA and SwitchB in dual-homing mode.
A monitoring mechanism is required to prevent service interruption caused by uplink faults.
When the uplink fails, the downlink rapidly detects the fault. Therefore, link switching is
performed in a timely manner, which shortens the interruption duration.
Figure 9-13 Example for configuring the integrated application of Smart Link and Monitor Link
IP/MPLS
core
network
SwitchC
Active link
User1 User2
Inactive link
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a Smart Link group on SwitchA and SwitchC and add corresponding interfaces
to the Smart Link group.
2. Configure a Monitor Link group on SwitchA and set the Smart Link group as uplinks. Smart
Link and Monitor Link are used together. The Smart Link group improves the uplink
reliability in the Monitor Link group.
3. Configure a Monitor Link group on SwitchB to enable the Smart Link group on SwitchC
to rapidly detect uplink faults. The application scope of Smart Link functions is broadened.
4. Enable the function of sending Flush packets on SwitchA andSwitchC.
5. Enable the function of receiving Flush packets on SwitchA and SwitchB.
Procedure
Step 1 Configure the same control VLAN on SwitchA, SwitchB and SwitchC. Add the interfaces of
the Smart Link group or Monitor Link group to this VLAN.
The configuration procedure is not mentioned here. For details, see "VLAN Configuration" in
Configuration Guide—Ethernet.
Step 2 Create a Smart Link group.
# Configure SwitchA.
<SwitchA> system-view
[SwitchA] smart-link group 1
[SwitchA-smlk-group1] quit
# Configure SwitchC.
<SwitchC> system-view
[SwitchC] smart-link group 2
[SwitchC-smlk-group1] quit
Step 3 Add interfaces to the Smart Link group and specify the master and slave interfaces.
# Configure SwitchA.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] stp disable
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] stp disable
[SwitchA-Ethernet0/0/2] quit
[SwitchA] smart-link group 1
[SwitchA-smlk-group1] port ethernet 0/0/1 master
[SwitchA-smlk-group1] port ethernet 0/0/2 slave
# Configure SwitchC.
[SwitchC] interface ethernet 0/0/1
[SwitchC-Ethernet0/0/1] stp disable
[SwitchC-Ethernet0/0/1] quit
[SwitchC] interface ethernet 0/0/2
[SwitchC-Ethernet0/0/2] stp disable
[SwitchC-Ethernet0/0/2] quit
[SwitchC] smart-link group 2
[SwitchC-smlk-group2] port ethernet 0/0/1 master
[SwitchC-smlk-group2] port ethernet 0/0/2 slave
# Configure SwitchC.
[SwitchC-smlk-group2] restore enable
[SwitchC-smlk-group2] timer wtr 30
# Configure SwitchB.
<SwitchB> system-view
[SwitchB] interface ethernet 0/0/3
[SwitchB-Ethernet0/0/3] smart-link flush receive control-vlan 10 password simple
123
[SwitchB-Ethernet0/0/3] quit
[SwitchB] interface ethernet 0/0/4
[SwitchB-Ethernet0/0/4] smart-link flush receive control-vlan 10 password simple
123
[SwitchB-Ethernet0/0/4] quit
# Configure SwitchC.
[SwitchC-smlk-group2] flush send control-vlan 10 password simple 123
# Configure SwitchC.
[SwitchC] smart-link group 2
[SwitchC-smlk-group2] smart-link enable
[SwitchC-smlk-group2] quit
Step 7 Create a Monitor Link group and add the uplink and downlink interfaces to the Monitor Link
group.
# Configure SwitchA.
[SwitchA] monitor-link group 1
[SwitchA-mtlk-group1] smart-link group 1 uplink
[SwitchA-mtlk-group1] port ethernet 0/0/3 downlink 1
# Configure SwitchB.
[SwitchB] monitor-link group 2
[SwitchB-mtlk-group2] port ethernet 0/0/1 uplink
[SwitchB-mtlk-group2] port ethernet 0/0/3 downlink 1
# Configure SwitchB.
[SwitchB-mtlk-group2] timer recover-time 10
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
smart-link flush receive control-vlan 10 password simple 123
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10
smart-link flush receive control-vlan 10 password simple 123
#
smart-link group 1
restore enable
smart-link enable
port Ethernet0/0/1 master
port Ethernet0/0/2 slave
timer wtr 30
flush send control-vlan 10 password simple 123
#
monitor-link group 1
smart-link group 1 uplink
port Ethernet0/0/3 downlink 1
timer recover-time 10
#
return
9.4.3 Example for Configuring the Smart Link with the Function of
Notifying the VPLS Module of Detecting Link Switching
Networking Requirements
As shown in Figure 9-14, CE-A accesses the VPLS network using the Dot1q sub-interfaces of
PE-D and PE-C in dual-homing mode. The Smart Link protocol runs between two interfaces of
CE-A. Normally, only the active link transmits service data.
If the active link fails, Smart Link unblocks the blocked interface. Then, service data is
transmitted to the connected PE through this interface. After receiving Flush packets from CEs,
the PEs prompt the VPLS module to clear the forwarding entries of the local VSI and the devices
connected to the PEs to clear the forwarding entries of the VSI. In this case, the returning traffic
of CE-B can be switched to other links that work properly.
Figure 9-14 Networking Diagram for Connecting CEs to the VPLS in Dual-homing Mode
Through Smart Link
PE-D PE-E
Smart Link GE1/0/1.5
GE1/0/1.5
GE1/0/1
GE1/0/2 VPLS
User1 GE1/0/1 User2
GE1/0/2 GE1/0/2.5
GE1/0/2.5 CE-B
CE-A
PE-C PE-F
Active link
Inactive link
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a VPLS network.
2. Configure a Smart Link on CE-A and connect CE-A to the VPLS network using PE-C and
PE-D in dual-homing mode.
3. Enable revertive switching on CE-A and switch the traffic to the original active link when
the faulty link recovers.
4. Enable CE-A to send Flush packets.
5. Enable PE-C and PE-D to receive Flush packets and enable interfaces on PE-C and PE-D
to notify the VPLS module. In this manner, CE-B on the peer network can rapidly detect
change in the network to which CE-A is connected.
6. Enable the VPLS function on PEs.
Procedure
Step 1 Connect the Dot1q sub-interfaces to the VPLS network.
For details, see "QinQ Configuration" in Configuration Guide—Ethernet.
Step 2 Configure the VLAN on CE-A and add uplink interfaces to the VLAN.
The configuration procedure is not mentioned here. For details, see "VLAN Configuration" in
Configuration Guide—Ethernet.
Step 3 Disable STP on uplink interfaces, add the interfaces to the Smart Link group, and specify the
master and slave interfaces.
# Disable STP on interfaces.
[CE-A] interface gigabitethernet 1/0/1
[CE-A-GigabitEthernet1/0/1] stp disable
[CE-A-GigabitEthernet1/0/1] quit
[CE-A] interface gigabitethernet 1/0/2
[CE-A-GigabitEthernet1/0/2] stp disable
[CE-A-GigabitEthernet1/0/2] quit
# Configure the master and slave interfaces in the Smart Link group.
Step 7 Enable PE-C and PE-D to receive Flush packets and enable the interface to notify the VPLS
module when receiving Flush packets.
# Configure PE-C.
[PE-C] interface gigabitethernet 1/0/2
[PE-C-GigabitEthernet1/0/2] smart-link flush receive control-vlan 10 password
simple 123
[PE-C-GigabitEthernet1/0/2] smart-link vpls-notify enable
[PE-C-GigabitEthernet1/0/2] quit
[PE-C] interface gigabitethernet 1/0/1
[PE-C-GigabitEthernet1/0/1] smart-link flush receive control-vlan 10 password
simple 123
[PE-C-GigabitEthernet1/0/1] quit
# Configure PE-D.
[PE-D] interface gigabitethernet 1/0/1
[PE-D-GigabitEthernet1/0/1] smart-link flush receive control-vlan 10 password
simple 123
[PE-D-GigabitEthernet1/0/1] smart-link vpls-notify enable
[PE-D-GigabitEthernet1/0/1] quit
[PE-D] interface gigabitethernet 1/0/2
[PE-D-GigabitEthernet1/0/2] smart-link flush receive control-vlan 10 password
simple 123
[PE-D-GigabitEthernet1/0/2] quit
Step 8 Configure the VPLS network on PE-C, PE-D, PE-E, and PE-F.
The configuration procedure is not mentioned here. For details, see "VPLS Configuration" in
Configuration Guide—VPN.
Step 9 Check the configuration.
# Run the display smart-link group command to view information about the Smart Link group
on CE-A. If the following information is displayed, it indicates that the configuration is
successful.
l The Smart Link function is enabled.
l The control VLAN ID is 10.
l GE 1/0/1 is the active interface and is in Active state, and GE 1/0/2 is the standby interface
and is in Inactive state.
<CE-A> display smart-link group 1
Smart Link group 1 information :
Smart Link group was enabled
Wtr-time is: 30 sec.
There is no Load-Balance
There is no protected-vlan reference-instance
DeviceID: 0018-2000-0083 Control-vlan ID: 10
# Run the shutdown command to shut down GE 1/0/1, and you can find that GE 1/0/1 is in
Inactive state and GE 1/0/2 is in Active state.
[CE-A-GigabitEthernet1/0/1] shutdown
[CE-A-GigabitEthernet1/0/1] display smart-link group 1
Smart Link group 1 information :
Smart Link group was enabled
Wtr-time is: 30 sec.
There is no Load-Balance
There is no protected-vlan reference-instance
DeviceID: 0018-2000-0083 Control-vlan ID: 10
Member Role State Flush Count Last-Flush-Time
------------------------------------------------------------------------
GigabitEthernet1/0/1 Master Inactive 1 2009/01/05 10:33:46 UTC
+05:00
GigabitEthernet1/0/2 Slave Active 1 2009/01/05 10:37:58 UTC
+05:00
# After a period of time, run the display mac-address command on CE-B to check MAC
addresses, and you can find that the outbound interface of CE-A is GE 1/0/2. This indicates that
the active/standby switchover on CE-A triggers the switching of returning links of CE-B.
----End
Configuration Files
NOTE
This instance describes only the Smart Link configuration. For VPLS configuration files, see "VPLS
Configuration" in Configuration Guide—VPN.
l Configuration file of CE-A
#
sysname CE-A
#
vlan batch 10
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10
stp disable
#
smart-link group 1
restore enable
smart-link enable
port GigabitEthernet1/0/1 master
port GigabitEthernet1/0/2 slave
timer wtr 30
flush send control-vlan 10 password simple 123
#
return
vlan batch 10
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10
smart-link flush receive control-vlan 10 password simple 123
smart-link vpls-notify enable
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10
smart-link flush receive control-vlan 10 password simple 123
#
interface GigabitEthernet1/0/2.5
dot1q termination vid 20
l2 binding vsi vsi1
#
return
See Example for Configuring the Integrated Application of Monitor Link and Smart Link
Networking Requirements
As shown in Figure 9-15, a ring topology is used at the aggregation layer to improve network
reliability. Switches A to E form a ring network that implements service aggregation at Layer 2
and processes Layer 3 services. Devices on the ring network can be manufactured by different
vendors.
The ring network needs to run a protocol that prevents loops and supports rapid switchover. In
addition, devices of different vendors supporting this protocol must be compatible with each
other.
You can enable ERPS on the nodes of the ring network to prevent loops and support rapid
switchover. ERPS is a standard protocol issued by ITU-T and ensures communication between
devices of different vendors.
Packets belong to VLANs 100 through 200. To prevent loops on the ring network, configure
ERPS on devices. Packets sent from CE1 are forwarded through SwitchB and SwitchA. Packets
sent from CE2 are forwarded through SwitchC, SwitchB, and SwitchA. Packets sent from CE3
are forwarded through SwitchD and SwitchE.
Network
NPE1 NPE2
GE0/0/2 SwitchE
SwitchA
GE0/0/1
GE0/0/1 GE0/0/2
GE0/0/2
GE0/0/1 ERPS SwitchD
SwitchB
GE0/0/1
GE0/0/2 RPL
GE0/0/1
GE0/0/2
RPL Owner CE3
CE1 SwitchC
VLAN100-
VLAN100- 200
200 CE2
VLAN100-
200
Blocked Port
Data Flow1
Data Flow2
Data Flow3
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the basic Layer 2 forwarding function on switches A to E.
2. Create an ERPS ring, and configure a control VLAN and protected instance. The control
VLAN is used to forward RAPS PDUs. The VLAN in which RAPS PDUs and data packets
are transmitted must be mapped to a protected instance so that ERPS forwards or blocks
these packets based on rules.
3. Add Layer 2 ports to the ERPS ring and configure GE0/0/2 of SwitchC as the RPL Owner
port. The port is blocked to prevent loops. When a link on the ring network fails, ERPS
unblocks the interface in a timely manner to perform protection switchover for links and
restore the communication between nodes.
4. Set the Guard timer and WTR timer for the ERPS ring based on the network requirements.
Procedure
Step 1 Create VLANs and add ports to VLANs on Switches A to E to implement Layer 2 forwarding.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 100 to 200
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 200
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 200
[SwitchA-GigabitEthernet0/0/2] quit
# The configurations of SwitchB, SwitchC, SwitchD and SwitchE are similar to the configuration
of SwitchA, and are not mentioned here.
Step 2 Create an ERPS ring, configure VLAN 10 as the control VLAN to transmit RAPS PDUs, and
bind VLANs 100 through 200 to a protected instance.
# Configure SwitchA.
[SwitchA] erps ring 1
[SwitchA-erps-ring1] control-vlan 10
[SwitchA-erps-ring1] protected-instance 1
[SwitchA-erps-ring1] quit
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 1 vlan 10 100 to 200
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# The configurations of SwitchB, SwitchC, SwitchD and SwitchE are similar to the configuration
of SwitchA, and are not mentioned here.
Step 3 Disable STP on ports and add ports to the ERPS ring and configure GE0/0/2 of SwitchC as the
RPL Owner port.
# Configure SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp disable
[SwitchA-GigabitEthernet0/0/1] erps ring 1
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp disable
[SwitchA-GigabitEthernet0/0/2] erps ring 1
[SwitchA-GigabitEthernet0/0/2] quit
# Configure SwitchC.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp disable
[SwitchC-GigabitEthernet0/0/1] erps ring 1
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp disable
[SwitchC-GigabitEthernet0/0/2] erps ring 1 rpl owner
[SwitchC-GigabitEthernet0/0/2] quit
# The configurations of SwitchB, SwitchD and SwitchE are similar to the configuration of
SwitchA, and are not mentioned here.
Step 4 Set the Guard timer and WTR timer for the ERPS ring.
# Configure SwitchA.
[SwitchA] erps ring 1
[SwitchA-erps-ring1] wtr-timer 6
[SwitchA-erps-ring1] guard-timer 100
[SwitchA-erps-ring1] quit
# The configurations of SwitchB, SwitchC, SwitchD and SwitchE are similar to the configuration
of SwitchA, and are not mentioned here.
Step 5 Verify the configurations.
After completing the preceding configurations, perform the following operations to verify the
configuration. SwitchC is used as an example.
l Run the display erps ring 1 command to view brief information about the ERPS ring and
ports of SwitchC that have been added to the ring.
[SwitchC] display erps ring 1
D : Discarding
F : Forwarding
R : RPL Owner
Ring Control WTR Timer Guard Timer Port 1 Port 2
ID VLAN (min) (csec)
-------------------------------------------------------------------------------
-
1 10 6 100 (F)GE0/0/1 (D,R)GE0/0/2
-------------------------------------------------------------------------------
-
l Run the display erps ring 1 verbose command to view detailed information about the ERPS
ring and ports of SwitchC that have been added to the ring.
[SwitchC] display erps ring 1 verbose
Ring ID : 1
Description : Ring 1
Control Vlan : 10
Protected Instance : 1
WTR Timer Setting (min) : 6 Running (s) : 0
Guard Timer Setting (csec) : 100 Running (csec) : 0
Holdoff Timer Setting (deciseconds) : 0 Running (deciseconds) : 0
Ring State : Idle
RAPS_MEL : 7
Time since last topology change : 0 days 0h:33m:4s
-------------------------------------------------------------------------------
-
Port Port Role Port Status Signal Status
-------------------------------------------------------------------------------
-
GE0/0/1 Common Forwarding Non-failed
GE0/0/2 RPL Owner Discarding Non-failed
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 100 to 200
#
stp region-configuration
instance 1 vlan 10 100 to 200
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 100 to 200
#
stp region-configuration
instance 1 vlan 10 100 to 200
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10 100 to 200
#
stp region-configuration
instance 1 vlan 10 100 to 200
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1 rpl owner
#
return
#
return
Networking Requirements
As shown in Figure 9-16, a ring topology is used at the aggregation layer to improve network
reliability. Switches A to E form a ring network that implements service aggregation at Layer 2
and processes Layer 3 services. Devices on the ring network can be manufactured by different
vendors.
The ring network needs to run a protocol that prevents loops and supports rapid switchover.
Devices of different vendors supporting this protocol must be compatible with each other. In
addition, customers hope that resources on links are fully used to transmit data.
You can enable ERPS on the nodes of the ring network to prevent loops and support rapid
switchover. ERPS is a standard protocol issued by ITU-T and ensures communication between
devices of different vendors. Huawei ERPS protocol also supports multi-instance allowing data
in VLANs to be forwarded along different paths.
User packets belonging to VLANs 100 through 200 and VLANs 300 through 400 are forwarded
to Layer 3 network over this ring network. To prevent loops on the ring network, configure ERPS
on devices. To fully using resources on links, customers require that packets belonging to
VLANs 100 through 200 be forwarded through SwitchC, SwitchB, and SwitchA, and packets
belonging to VLANs 300 through 400 be forwarded through SwitchC, SwitchD, and SwitchE.
Network
NPE1 NPE2
GE0/0/2 SwitchE
SwitchA
GE0/0/1
GE0/0/1 GE0/0/2
GE0/0/2
GE0/0/1 ERPS SwitchD
SwitchB
GE0/0/1
GE0/0/2
GE0/0/1 GE0/0/2
Configuration Roadmap
The configuration roadmap is as follows:
In this way, packets belonging to VLANs 300 through 400 and VLANs 100 through 200
are forwarded along different paths.
7. Set the Guard timer and WTR timer for ERPS ring 2 based on the network requirements.
Procedure
Step 1 Create VLANs and add ports to VLANs on Switches A to E to implement Layer 2 forwarding.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 100 to 200 300 to 400
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 200 300 to 400
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 200 300 to 400
[SwitchA-GigabitEthernet0/0/2] quit
# The configurations of SwitchB, SwitchC, SwitchD and SwitchE are similar to the configuration
of SwitchA, and are not mentioned here.
Step 2 Create ERPS ring 1, configure VLAN 10 as the control VLAN to transmit RAPS PDUs, and
bind VLANs 100 through 200 to a protected instance.
# Configure SwitchA.
[SwitchA] erps ring 1
[SwitchA-erps-ring1] control-vlan 10
[SwitchA-erps-ring1] protected-instance 1
[SwitchA-erps-ring1] quit
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 1 vlan 10 100 to 200
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# The configurations of SwitchB, SwitchC, SwitchD and SwitchE are similar to the configuration
of SwitchA, and are not mentioned here.
Step 3 Disable STP on ports and add ports to ERPS ring 1 and configure GE0/0/2 of SwitchC as the
RPL Owner port.
# Configure SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp disable
[SwitchA-GigabitEthernet0/0/1] erps ring 1
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp disable
[SwitchA-GigabitEthernet0/0/2] erps ring 1
[SwitchA-GigabitEthernet0/0/2] quit
# Configure SwitchC.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp disable
[SwitchC-GigabitEthernet0/0/1] erps ring 1
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp disable
[SwitchC-GigabitEthernet0/0/2] erps ring 1 rpl owner
[SwitchC-GigabitEthernet0/0/2] quit
# The configurations of SwitchB, SwitchD and SwitchE are similar to the configuration of
SwitchA, and are not mentioned here.
Step 4 Set the Guard timer and WTR timer for ERPS ring 1.
# Configure SwitchA.
[SwitchA] erps ring 1
[SwitchA-erps-ring1] wtr-timer 6
[SwitchA-erps-ring1] guard-timer 100
[SwitchA-erps-ring1] quit
# The configurations of SwitchB, SwitchC, SwitchD and SwitchE are similar to the configuration
of SwitchA, and are not mentioned here.
Step 5 Create ERPS ring 2, configure VLAN 20 as the control VLAN to transmit RAPS PDUs, and
bind VLANs 300 through 400 to a protected instance.
# Configure SwitchA.
[SwitchA] erps ring 2
[SwitchA-erps-ring1] control-vlan 20
[SwitchA-erps-ring1] protected-instance 2
[SwitchA-erps-ring1] quit
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 2 vlan 20 300 to 400
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# The configurations of SwitchB, SwitchC, SwitchD and SwitchE are similar to the configuration
of SwitchA, and are not mentioned here.
Step 6 Disable STP on ports and add ports to ERPS ring 2 and configure GE0/0/1 of SwitchC as the
RPL Owner port.
# Configure SwitchA.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] stp disable
[SwitchA-GigabitEthernet0/0/1] erps ring 2
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] stp disable
[SwitchA-GigabitEthernet0/0/2] erps ring 2
[SwitchA-GigabitEthernet0/0/2] quit
# Configure SwitchC.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] stp disable
[SwitchC-GigabitEthernet0/0/1] erps ring 2 rpl owner
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] stp disable
[SwitchC-GigabitEthernet0/0/2] erps ring 2
[SwitchC-GigabitEthernet0/0/2] quit
# The configurations of SwitchB, SwitchD and SwitchE are similar to the configuration of
SwitchA, and are not mentioned here.
Step 7 Set the Guard timer and WTR timer for ERPS ring 2.
# Configure SwitchA.
[SwitchA] erps ring 2
[SwitchA-erps-ring1] wtr-timer 6
# The configurations of SwitchB, SwitchC, SwitchD and SwitchE are similar to the configuration
of SwitchA, and are not mentioned here.
Step 8 Verify the configurations.
After completing the preceding configurations, perform the following operations to verify the
configuration. SwitchC is used as an example.
l Run the display erps ring 1 command to view brief information about ERPS ring 1 and ports
of SwitchC that have been added to the ring.
[SwitchC] display erps ring 1
D : Discarding
F : Forwarding
R : RPL Owner
Ring Control WTR Timer Guard Timer Port 1 Port 2
ID VLAN (min) (csec)
-------------------------------------------------------------------------------
-
1 10 6 100 (F)GE0/0/1 (D,R)GE0/0/2
-------------------------------------------------------------------------------
-
l Run the display erps ring 2 command to view brief information about ERPS ring 2 and ports
of SwitchC that have been added to the ring.
[SwitchC] display erps ring 2
D : Discarding
F : Forwarding
R : RPL Owner
Ring Control WTR Timer Guard Timer Port 1 Port 2
ID VLAN (min) (csec)
-------------------------------------------------------------------------------
-
2 20 6 100 (D,R)GE0/0/1 (F)GE0/0/2
-------------------------------------------------------------------------------
-
l Run the display erps ring 1 verbose command to view detailed information about ERPS
ring 1 and ports of SwitchC that have been added to the ring.
[SwitchC] display erps ring 1 verbose
Ring ID : 1
Description : Ring 1
Control Vlan : 10
Protected Instance : 1
WTR Timer Setting (min) : 6 Running (s) : 0
Guard Timer Setting (csec) : 100 Running (csec) : 0
Holdoff Timer Setting (deciseconds) : 0 Running (deciseconds) : 0
Ring State : Idle
RAPS_MEL : 7
Time since last topology change : 0 days 0h:33m:4s
-------------------------------------------------------------------------------
-
Port Port Role Port Status Signal Status
-------------------------------------------------------------------------------
-
GE0/0/1 Common Forwarding Non-failed
GE0/0/2 RPL Owner Discarding Non-failed
l Run the display erps ring 2 verbose command to view detailed information about ERPS
ring 2 and ports of SwitchC that have been added to the ring.
[SwitchC] display erps ring 2 verbose
Ring ID : 2
Description : Ring 2
Control Vlan : 20
Protected Instance : 2
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20 100 to 200 300 to 400
#
stp region-configuration
instance 1 vlan 10 100 to 200
instance 2 vlan 20 300 to 400
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
return
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10 20 100 to 200 300 to 400
#
stp region-configuration
instance 1 vlan 10 100 to 200
instance 2 vlan 20 300 to 400
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2 rpl owner
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1 rpl owner
erps ring 2
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 10 20 100 to 200 300 to 400
#
stp region-configuration
instance 1 vlan 10 100 to 200
instance 2 vlan 20 300 to 400
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
erps ring 2
#
return
Networking Requirements
As shown in Figure 9-17, HostA is dual-homed to SwitchA and SwitchB through the switch.
The requirements are as follows:
l The host uses SwitchA as the default gateway to connect to the Internet. When SwitchA
becomes faulty, SwitchB functions as the gateway. This implements gateway backup.
l After SwitchA recovers, it becomes the gateway within 20s.
Configuration Roadmap
The configuration roadmap is as follows:
1. Assign an IP address to each interface and configure a routing protocol to ensure network
connectivity.
2. Configure a VRRP group on SwitchA and SwitchB, set a higher priority for SwitchA so
that SwitchA functions as the master to forward traffic and set the preemption delay to 20s
on SwitchA, and set a lower priority for SwitchB so that SwitchB functions as the backup.
3. Configure a loop prevention protocol (STP for example) on SwitchA, SwitchB and
Switch.
Procedure
Step 1 Configure devices to ensure network connectivity.
# Configure OSPF between SwitchA, SwitchB, and SwitchC. SwitchA is used as an example.
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Run the display ip routing-table command on SwitchA and SwitchB. The command output
shows that a direct route to the virtual IP address exists in the routing table of SwitchA and an
OSPF route to the virtual IP address exists in the routing table of SwitchB. The command output
on SwitchA and SwitchB is as follows:
<SwitchA> display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
# Run the shutdown command on Eth0/0/2 and Eth0/0/5 of SwitchA to simulate a link fault.
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] shutdown
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet 0/0/5
[SwitchA-Ethernet0/0/5] shutdown
[SwitchA-Ethernet0/0/5] quit
# Run the display vrrp command on SwitchB to view the VRRP status. The command output
shows that SwitchB is in Master state.
<SwitchB> display vrrp
Vlanif100 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.2
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
# Run the undo shutdown command on Eth0/0/2 and Eth0/0/5 of SwitchA. After 20s, run the
display vrrp command on SwitchA to view the VRRP status. SwitchA restores to be in Master
state.
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] undo shutdown
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet 0/0/5
[SwitchA-Ethernet0/0/5] undo shutdown
[SwitchA-Ethernet0/0/5] quit
[SwitchA] display vrrp
Vlanif100 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20
TimerRun : 1
TimerConfig : 1
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100 300
#
stp enable
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.111
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
#
interface Vlanif300
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Ethernet0/0/5
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 9-18, HostA and HostC are dual-homed to SwitchA and SwitchB through
the switch. Load balancing is required in this scenario. HostA uses SwitchA as the default
gateway to connect to the Internet, and SwitchB functions as the backup gateway. HostC uses
SwitchB as the default gateway to connect to the Internet, and SwitchA functions as the backup
gateway.
Figure 9-18 Networking diagram for configuring VRRP in load balancing mode
VRRP VRID 1 SwitchA
Virtual IP Address: VRID 1:Master
10.1.1.111 VRID 2:Backup
Eth0/0/1
HostA 192.168.1.1/24
10.1.1.100/24
Eth0/0/2 Eth0/0/1
Eth0/0/1 10.1.1.1/24 192.168.1.2/24
Switch Eth0/0/3 Internet
SwitchC 20.1.1.100/24
Eth0/0/2 Eth0/0/2 Eth0/0/2
10.1.1.2/24 192.168.2.2/24
HostC Eth0/0/1
10.1.1.101/24 192.168.2.1/24
SwitchB
VRID 1:Backup
VRRP VRID 2 VRID 2:Master
Virtual IP Address:
10.1.1.112
Configuration Roadmap
The configuration roadmap is as follows:
1. Assign an IP address to each interface and configure a routing protocol to ensure network
connectivity.
2. Create VRRP groups 1 and 2 on SwitchA and SwitchB. In VRRP group 1, configure
SwitchA as the master and SwitchB as the backup. In VRRP group 2, configure SwitchB
as the master and SwitchA as the backup.
Procedure
Step 1 Configure devices to ensure network connectivity.
# Assign an IP address to each interface. SwitchA is used as an example. The configurations of
SwitchB and SwitchC are similar to the configuration of SwitchA, and are not mentioned here.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 100 300
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 300
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 300
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/2] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
[SwitchA] interface vlanif 300
[SwitchA-Vlanif300] ip address 192.168.1.1 24
[SwitchA-Vlanif300] quit
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid pvid vlan 100
[Switch-Ethernet0/0/2] port hybrid untagged vlan 100
[Switch-Ethernet0/0/2] quit
# Configure OSPF between SwitchA, SwitchB, and SwitchC. SwitchA is used as an example.
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Configure VRRP group 2 on SwitchA and SwitchB, set the priority of SwitchB to 120 and the
preemption delay to 20s, and set the default priority for SwitchA.
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] vrrp vrid 2 virtual-ip 10.1.1.112
[SwitchB-Vlanif100] vrrp vrid 2 priority 120
[SwitchB-Vlanif100] vrrp vrid 2 preempt-mode timer delay 20
[SwitchB-Vlanif100] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] vrrp vrid 2 virtual-ip 10.1.1.112
[SwitchA-Vlanif100] quit
Master IP : 10.1.1.2
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
# After the configuration is complete, run the display vrrp command on SwitchB. You can see
that SwitchB is the backup in VRRP group 1 and the master in VRRP group 2.
<SwitchB> display vrrp
Vlanif100 | Virtual Router 1
State : Backup
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100 300
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.111
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
vrrp vrid 2 virtual-ip 10.1.1.112
#
interface Vlanif300
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 100 200
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.111
vrrp vrid 2 virtual-ip 10.1.1.112
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 20
#
interface Vlanif200
ip address 192.168.2.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 200 300 400
#
interface Vlanif200
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif300
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif400
ip address 20.1.1.100 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
interface Ethernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface Ethernet0/0/3
port hybrid pvid vlan 400
port hybrid untagged vlan 400
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 9-19, hosts on a LAN are dual-homed to SwitchA and SwitchB through the
switch. A VRRP group is established on SwitchA and SwitchB, and SwitchA is the master.
When SwitchA or the link between SwitchA and the switch is faulty, the switchover period is
within 1s. This reduces the impact of the fault on service transmission.
Figure 9-19 Association between VRRP and BFD to implement a rapid active/standby
switchover
VRRP VRID 1
Virtual IP Address:
10.1.1.3/24 Eth0/0/1
Master
VLANIF100 SwitchA
10.1.1.1/24
HostA
Eth0/0/1
Switch Internet
Eth0/0/2
HostB Eth0/0/1
VLANIF100 SwitchB
10.1.1.2/24 Backup BFD packets
Configuration Roadmap
The configuration roadmap is as follows:
1. Assign an IP address to each interface and configure a routing protocol to ensure network
connectivity.
2. Configure a VRRP group on SwitchA and SwitchB. SwitchA functions as the master, its
priority is 120, and the preemption delay is 20s. SwitchB functions as the backup and uses
the default priority.
3. Configure a static BFD session on SwitchA and SwitchB to monitor the link of the VRRP
group.
4. Association between VRRP and BFD is configured on SwitchB. When the link is faulty,
an active/standby switchover can be performed rapidly.
Procedure
Step 1 Configure devices to ensure network connectivity.
# Assign an IP address to each interface. SwitchA is used as an example. The configuration of
SwitchB is similar to the configuration of SwitchA, and is not mentioned here.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
# Configure OSPF between SwitchA and SwitchB. SwitchA is used as an example. The
configuration of SwitchB is similar to the configuration of SwitchA, and is not mentioned here.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
Run the display bfd session command on SwitchA and SwitchB. You can see that the BFD
session is Up. The display on SwitchA is used as an example.
<SwitchA> display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
1 2 10.1.1.2 Up S_IP_IF Vlanif100
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
# Run the shutdown command on Eth0/0/1 of SwitchA to simulate a link fault. Then run the
display vrrp command on SwitchA and SwitchB. You can see that SwitchA is in Initialize state,
SwitchB becomes the master, and the associated BFD session becomes Down.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] shutdown
[SwitchA-Ethernet0/0/1] quit
# Run the undo shutdown command on Eth0/0/1 of SwitchA. After 20s, run the display vrrp
command on SwitchA and SwitchB. You can see that SwitchA restores to be the master,
SwitchB restores to be the backup, and the associated BFD session is in Up state.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] undo shutdown
[SwitchA-Ethernet0/0/1] quit
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
bfd
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.3
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
bfd atob bind peer-ip 10.1.1.2 interface Vlanif100
discriminator local 1
discriminator remote 2
min-tx-interval 100
min-rx-interval 100
commit
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 9-20, HostA is dual-homed to SwitchA and SwitchB through the switch on
the IPv6 network. The requirements are as follows:
l The host uses SwitchA as the default gateway to connect to the Internet. When SwitchA
becomes faulty, SwitchB functions as the gateway. This implements gateway backup.
l After SwitchA recovers, it becomes the gateway within 20s.
Eth0/0/5
Eth0/0/1
Eth0/0/1 2002::2/64
SwitchC
Eth0/0/3
Switch Internet
2003::2/64
HostA Eth0/0/2 Eth0/0/2
Eth0/0/5 2001::2/64
2000::3/64
Eth0/0/1
Eth0/0/2 2001::1/64
2000::2/64 SwitchB
Backup
Configuration Roadmap
The configuration roadmap is as follows:
1. Assign an IP address to each interface and configure a routing protocol to ensure network
connectivity.
2. Configure a VRRP6 group on SwitchA and SwitchB, set a higher priority for SwitchA so
that SwitchA functions as the master to forward traffic and set the preemption delay to 20s
on SwitchA, and set a lower priority for SwitchB so that SwitchB functions as the backup.
3. Configure a loop prevention protocol (STP for example) on SwitchA, SwitchB and
Switch.
Procedure
Step 1 Configure devices to ensure network connectivity.
# Configure OSPFv3 between SwitchA, SwitchB, and SwitchC. SwitchA is used as an example.
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
[SwitchA] ospfv3
[SwitchA-ospfv3-1] router-id 1.1.1.1
[SwitchA-ospfv3-1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ospfv3 1 area 0
[SwitchA-Vlanif100] quit
[SwitchA] interface vlanif 300
[SwitchA-Vlanif300] ospfv3 1 area 0
[SwitchA-Vlanif300] quit
# Configure VRRP6 group 1 on SwitchA, and set the priority of SwitchA to 120 and the
preemption delay to 20s.
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] vrrp6 vrid 1 virtual-ip FE80::1 link-local
[SwitchA-Vlanif100] vrrp6 vrid 1 virtual-ip 2000::100
[SwitchA-Vlanif100] vrrp6 vrid 1 priority 120
[SwitchA-Vlanif100] vrrp6 vrid 1 preempt-mode timer delay 20
[SwitchA-Vlanif100] quit
# After the configuration is complete, run the display vrrp6 command on SwitchA and
SwitchB. You can see that SwitchA is in Master state and SwitchB is in Backup state.
<SwitchA> display vrrp6
Vlanif100 | Virtual Router 1
State : Master
Virtual IP : FE80::1
2000::100
Master IP : FE80::218:82FF:FED3:2AF3
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20
TimerRun : 100
TimerConfig : 100
Virtual MAC : 0000-5e00-0201
Check hop limit : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
<SwitchB> display vrrp6
Vlanif100 | Virtual Router 1
State : Backup
Virtual IP : FE80::1
2000::100
Master IP : FE80::218:82FF:FED3:2AF3
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 100
TimerConfig : 100
Virtual MAC : 0000-5e00-0201
Check hop limit : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
# Run the shutdown command on Eth0/0/2 and Eth0/0/5 of SwitchA to simulate a link fault.
Run the display vrrp6 command on SwitchA and SwitchB. You can see that SwitchA is in
Initialize state and SwitchB is in Master state.
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] shutdown
[SwitchA-Ethernet0/0/2] quit
# Run the undo shutdown command on Eth0/0/2 and Eth0/0/5 of SwitchA. After 20s, run the
display vrrp6 command on SwitchA and SwitchB. You can see that SwitchA is in Master state
and SwitchB is in Backup state.
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] undo shutdown
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet 0/0/5
[SwitchA-Ethernet0/0/5] undo shutdown
[SwitchA-Ethernet0/0/5] quit
[SwitchA] display vrrp6
Vlanif100 | Virtual Router 1
State : Master
Virtual IP : FE80::1
2000::100
Master IP : FE80::218:82FF:FED3:2AF3
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20
TimerRun : 100
TimerConfig : 100
Virtual MAC : 0000-5e00-0201
Check hop limit : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
<SwitchB> display vrrp6
Vlanif100 | Virtual Router 1
State : Backup
Virtual IP : FE80::1
2000::100
Master IP : FE80::218:82FF:FED3:2AF3
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 100
TimerConfig : 100
Virtual MAC : 0000-5e00-0201
Check hop limit : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 100 300
#
ospfv3 1
router-id 1.1.1.1
#
interface Vlanif100
ipv6 enable
ipv6 address 2000::1/64
ospfv3 1 area 0.0.0.0
vrrp6 vrid 1 virtual-ip FE80::1 link-local
vrrp6 vrid 1 virtual-ip 2000::100
vrrp6 vrid 1 priority 120
vrrp6 vrid 1 preempt-mode timer delay 20
#
interface Vlanif300
ipv6 enable
ipv6 address 2002::1/64
ospfv3 1 area 0.0.0.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Ethernet0/0/5
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
#
sysname SwitchB
#
ipv6
#
vlan batch 100 200
#
ospfv3 1
router-id 2.2.2.2
#
interface Vlanif100
ipv6 enable
#
sysname SwitchC
#
vlan batch 200 300 400
#
ipv6
#
ospfv3 1
router-id 3.3.3.3
#
interface Vlanif200
ipv6 enable
ipv6 address 2001::2/64
ospfv3 1 area 0.0.0.0
#
interface Vlanif300
ipv6 enable
ipv6 address 2002::2/64
ospfv3 1 area 0.0.0.0
#
interface Vlanif400
ipv6 enable
ipv6 address 2003::2/64
ospfv3 1 area 0.0.0.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
interface Ethernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface Ethernet0/0/3
port hybrid pvid vlan 400
port hybrid untagged vlan 400
#
return
l Configuration file of the switch
#
sysname Switch
#
vlan batch 100
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
Networking Requirements
As shown in Figure 9-21, HostA and HostC are dual-homed to SwitchA and SwitchB through
the switch on the IPv6 network. Load balancing is required in this scenario. HostA uses
SwitchA as the default gateway to connect to the Internet, and SwitchB functions as the backup
gateway. HostC uses SwitchB as the default gateway to connect to the Internet, and SwitchA
functions as the backup gateway.
Figure 9-21 Networking diagram for a VRRP6 group in load balancing mode
VRRP6 VRID 1
Virtual IP Address: SwitchA
2000::100/64 VRID 1:Master
VRID 2:Backup
HostA Eth0/0/1
2000::3/64 2002::1/64
Eth0/0/2 Eth0/0/1
Eth0/0/1 2000::1/64 2002::2/64
Switch SwitchC Eth0/0/3 Internet
2003::2/64
Eth0/0/2 Eth0/0/2 Eth0/0/2
2000::2/64 2001::2/64
HostC Eth0/0/1
2000::4/64 2001::1/64
SwitchB
VRID 1:Backup
VRID 2:Master
VRRP6 VRID 2
Virtual IP Address:
2000::60/64
Configuration Roadmap
The configuration roadmap is as follows:
1. Assign an IP address to each interface and configure a routing protocol to ensure network
connectivity.
2. Create VRRP6 groups 1 and 2 on SwitchA and SwitchB. In VRRP6 group 1, configure
SwitchA as the master and SwitchB as the backup. In VRRP6 group 2, configure
SwitchB as the master and SwitchA as the backup.
Procedure
Step 1 Configure devices to ensure network connectivity.
# Configure OSPFv3 between SwitchA, SwitchB, and SwitchC. SwitchA is used as an example.
The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and
are not mentioned here.
[SwitchA] ospfv3
[SwitchA-ospfv3-1] router-id 1.1.1.1
[SwitchA-ospfv3-1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ospfv3 1 area 0
[SwitchA-Vlanif100] quit
[SwitchA] interface vlanif 300
[SwitchA-Vlanif300] ospfv3 1 area 0
[SwitchA-Vlanif300] quit
# Configure VRRP6 group 2 on SwitchA and SwitchB, set the priority of SwitchB to 120 and
the preemption delay to 20s, and set the default priority for SwitchA.
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] vrrp6 vrid 2 virtual-ip FE80::2 link-local
[SwitchB-Vlanif100] vrrp6 vrid 2 virtual-ip 2000::60
[SwitchB-Vlanif100] vrrp6 vrid 2 priority 120
[SwitchB-Vlanif100] vrrp6 vrid 2 preempt-mode timer delay 20
[SwitchB-Vlanif100] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] vrrp6 vrid 2 virtual-ip FE80::2 link-local
[SwitchA-Vlanif100] vrrp6 vrid 2 virtual-ip 2000::60
[SwitchA-Vlanif100] quit
Virtual IP : FE80::2
2000::60
Master IP : FE80::218:82FF:FE68:7455
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 100
TimerConfig : 100
Virtual MAC : 0000-5e00-0202
Check hop limit : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
# After the configuration is complete, run the display vrrp6 command on SwitchB. You can
see that SwitchB is the backup in VRRP6 group 1 and the master in VRRP6 group 2.
<SwitchB> display vrrp6
Vlanif100 | Virtual Router 1
State : Backup
Virtual IP : FE80::1
2000::100
Master IP : FE80::218:82FF:FED3:2AF3
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 100
TimerConfig : 100
Virtual MAC : 0000-5e00-0201
Check hop limit : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ipv6
#
vlan batch 100 300
#
ospfv3 1
router-id 1.1.1.1
#
interface Vlanif100
ipv6 enable
#
sysname SwitchB
#
ipv6
#
vlan batch 100 200
#
ospfv3 1
router-id 2.2.2.2
#
interface Vlanif100
ipv6 enable
ipv6 address 2000::2/64
ospfv3 1 area 0.0.0.0
vrrp6 vrid 1 virtual-ip FE80::1 link-local
vrrp6 vrid 1 virtual-ip 2000::100
vrrp6 vrid 2 virtual-ip FE80::2 link-local
vrrp6 vrid 2 virtual-ip 2000::60
vrrp6 vrid 2 priority 120
vrrp6 vrid 2 preempt-mode timer delay 20
#
interface Vlanif200
ipv6 enable
ipv6 address 2001::1/64
ospfv3 1 area 0.0.0.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 200 300 400
#
ipv6
#
ospfv3 1
router-id 3.3.3.3
#
interface Vlanif200
ipv6 enable
ipv6 address 2001::2/64
ospfv3 1 area 0.0.0.0
#
interface Vlanif300
ipv6 enable
ipv6 address 2002::2/64
ospfv3 1 area 0.0.0.0
#
interface Vlanif400
ipv6 enable
ipv6 address 2003::2/64
ospfv3 1 area 0.0.0.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
interface Ethernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface Ethernet0/0/3
port hybrid pvid vlan 400
port hybrid untagged vlan 400
#
return
Networking Requirements
As shown in Figure 9-22, SwitchA, SwitchB, and SwitchC constitute a ring network. The
network is required to prevent loops when the ring is complete and implement fast convergence
to rapidly restore communication between nodes on the ring when the ring fails. You can enable
RRPP on SwitchA, SwitchB, and SwitchC to meet this requirement.
SwitchB
Eth0/0/2
Eth0/0/1 Eth0/0/1
Ring 1
Eth0/0/2 Eth0/0/2 SwitchC
Eth0/0/1
SwitchA
Primary interface
Secondary interface
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure interfaces to be added to the RRPP domain on the devices so that data can pass
through the interfaces. Disable protocols that conflict with RRPP, such as STP.
2. Create an RRPP domain and its control VLAN.
3. Map data that needs to pass through the VLANs on the RRPP ring to Instance 1, including
data VLANs 100 to 300 and control VLANs 20 and 21 (VLAN 21 is the sub-control VLAN
generated by the device).
4. In the RRPP domain, configure a protected VLAN, create an RRPP ring and configure
SwitchA, SwitchB, and SwitchC as nodes on Ring 1 in Domain 1. Configure SwitchA as
the master node on Ring 1, and configure SwitchB and SwitchC as transit nodes on Ring
1.
5. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.
NOTE
VLANs that are not mentioned in this example are considered nonexistent. However, interfaces on the device
join VLAN1 by default. You need to remove corresponding interfaces from VLAN1. The removing process is
not provided here.
Procedure
Step 1 Create an RRPP domain and its control VLAN.
# On SwitchA, the master node on Ring 1, create RRPP domain 1 and configure VLAN 20 as
the major control VLAN.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] control-vlan 20
[SwitchA-rrpp-domain-region1] quit
# The configurations on SwitchB and SwitchC are similar to that on SwitchA and not mentioned
here. For details, see the configuration files.
Step 2 Map Instance 1 to control VLANs 20 and 21 and data VLANs 100 to 300. The VLAN creation
process is not provided here.
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 1 vlan 20 21 100 to 300
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# The configurations on SwitchB and SwitchC are similar to that on SwitchA and not mentioned
here. For details, see the configuration files.
Step 3 Configure the interfaces to be added to the RRPP ring as trunk interfaces, allow data VLANs
100 to 300 to pass through the interfaces, and disable STP on the interfaces.
# Configure SwitchA.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port link-type trunk
[SwitchA-Ethernet0/0/1] port trunk allow-pass vlan 100 to 300
[SwitchA-Ethernet0/0/1] stp disable
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port link-type trunk
[SwitchA-Ethernet0/0/2] port trunk allow-pass vlan 100 to 300
[SwitchA-Ethernet0/0/2] stp disable
[SwitchA-Ethernet0/0/2] quit
# The configurations on SwitchB and SwitchC are similar to that on SwitchA and not mentioned
here. For details, see the configuration files.
Step 4 Specify a protected VLAN, and create and enable an RRPP ring.
# Configure the protected VLAN on SwitchA and configure SwitchA as the master node on
Ring 1 and specify the primary and secondary interfaces.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchA-rrpp-domain-region1] ring 1 node-mode master primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[SwitchA-rrpp-domain-region1] ring 1 enable
[SwitchA-rrpp-domain-region1] quit
# Configure the protected VLAN on SwitchB and configure SwitchB as a transit node on Ring
1 and specify the primary and secondary interfaces.
[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchB-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[SwitchB-rrpp-domain-region1] ring 1 enable
[SwitchB-rrpp-domain-region1] quit
# Configure the protected VLAN on SwitchC and configure SwitchC as a transit node on Ring
1 and specify the primary and secondary interfaces.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchC-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[SwitchC-rrpp-domain-region1] ring 1 enable
[SwitchC-rrpp-domain-region1] quit
After the RRPP ring configuration is complete, enable RRPP on each node of the ring to activate
the RRPP ring. The configuration procedure is as follows:
After the preceding configurations are complete and the network becomes stable, run the
following commands to verify the configuration. The display on Switch A is used as an example.
l Run the display rrpp brief command on SwitchA. The command output is as follows:
<SwitchA> display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
-------------------------------------------------------------------------------
-
1 0 M Ethernet0/0/1 Ethernet0/0/2 Yes
The command output shows that RRPP is enabled on SwitchA, the major control VLAN of
domain 1 is VLAN 20 and the sub-control VLAN is VLAN 21, and SwitchA is the master
node on Ring 1. The primary interface is Ethernet0/0/1 and the secondary interface is
Ethernet0/0/2.
l Run the display rrpp verbose domain command on SwitchA. The command output is as
follows:
S
# Display detailed information about SwitchA in domain 1.
<SwitchA> display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port : Ethernet0/0/2 Port status: BLOCKED
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-
configuration
instance 1 vlan 20 to 21 100 to
300
active region-
configuration
#
rrpp domain 1
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode master primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return
Networking Requirements
A metro Ethernet network uses two-layer rings: one is the aggregation layer between aggregation
devices PE-AGGs and the other is the access layer between PE-AGGs and UPEs.
Figure 9-23 Networking diagram of intersecting RRPP rings with a single instance
RRPP Domain
UPE1 PE-AGG2
Edge Master
Sub PE-AGG1
Ring 1
Master
Major P Core Net
Ring S
UPE Sub Block NPE
LANSwitch Ring 2
Assistant
PE-AGG3 PE-AGG:PE-Aggregation
Master NPE:Network Provider Edge
UPE:Underlayer Provider Edge
CE
As shown in Figure 9-23, the network is required to prevent loops when the ring is complete
and implement fast convergence to rapidly restore communication between nodes on the ring
when the ring fails. RRPP can meet this requirement. RRPP supports multiple rings. You can
configure the aggregation layer as the major ring and the access layer as the sub-ring, simplifying
the network configuration. To enable devices from different vendors to communicate with each
other on the network, you can use the RRPP version defined by the national standard of China.
As shown in Figure 9-24, SwitchB, SwitchA, SwitchD, and SwitchC map PE-AGG1, PE-
AGG2, PE-AGG3, and UPE1 in Figure 9-23 respectively. Figure 9-24 is used as an example
to describe how to configure intersecting RRPP rings with a single instance in the RRPP version
defined by national standard of China.
Figure 9-24 Networking diagram of intersecting RRPP rings with a single instance (RRPP
defined by the national standard of China)
SwitchA
GE1/0/3 GE1/0/1
GE1/0/3 GE1/0/1
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure interfaces to be added to the RRPP domain on the devices so that data can pass
through the interfaces. Disable protocols that conflict with RRPP, such as STP.
2. Create an RRPP domain and its control VLAN.
3. Map the VLANs that needs to pass through the RRPP ring to Instance 1, including data
VLANs 2 to 9 and control VLANs 10 and 11 (VLAN 11 is the sub-control VLAN generated
by the device).
4. Configure the devices to use the RRPP version defined by the national standard of China.
5. Configure a protected VLAN and create an RRPP ring in the RRPP domain.
a. Configure Ring 1 (major ring) in RRPP Domain 1 on SwitchA, SwitchB, and
SwitchD.
b. Configure Ring 2 (sub-ring) in RRPP Domain 1 on SwitchA, SwitchC, and SwitchD.
c. Configure SwitchB as the master node on the major ring and configure SwitchA and
SwitchD as transit nodes on the major ring.
d. Configure SwitchC as the master node on the sub-ring and configure SwitchA and
SwitchD as edge transit nodes on the sub-ring.
6. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.
NOTE
VLANs that are not mentioned in this example are considered nonexistent. However, interfaces on the device
join VLAN1 by default. You need to remove corresponding interfaces from VLAN1.
Procedure
Step 1 Configure SwitchB as the master node on the major ring.
# Create data VLANs 2 to 9 on SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 2 to 9
Configure Instance 1, and map it to the data VLANs and control VLANs allowed by the RRPP
interface.
[SwitchB] stp region-configuration
[SwitchB-mst-region] instance 1 vlan 2 to 11
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
# Configure Domain 1 on SwitchB. Configure VLAN 10 as the major control VLAN and bind
Instance 1 to the protected VLAN in Domain 1.
[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] control-vlan 10
[SwitchB-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchB-rrpp-domain-region1] quit
# Disable STP on the interface to be added to the RRPP ring and configure the RRPP interface
as a trunk interface to allow data from VLANs 2 to 9 to pass through.
[SwitchB] interface gigabitethernet 2/0/1
[SwitchB-GigabitEthernet2/0/1] port link-type trunk
[SwitchB-GigabitEthernet2/0/1] port trunk allow-pass vlan 2 to 9
[SwitchB-GigabitEthernet2/0/1] stp disable
[SwitchB-GigabitEthernet2/0/1] quit
[SwitchB] interface gigabitethernet 2/0/2
[SwitchB-GigabitEthernet2/0/2] port link-type trunk
[SwitchB-GigabitEthernet2/0/2] port trunk allow-pass vlan 2 to 9
[SwitchB-GigabitEthernet2/0/2] stp disable
[SwitchB-GigabitEthernet2/0/2] quit
# Configure SwitchB to use the RRPP version defined by the national standard of China.
[SwitchB] rrpp work-mode gb
# Configure the primary interface and secondary interface on the master node of the major ring.
[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet
2/0/1 secondary-port gigabitethernet 2/0/2 level 0
[SwitchB-rrpp-domain-region1] ring 1 enable
[SwitchB-rrpp-domain-region1] quit
Configure Instance 1, and map it to the data VLANs and control VLANs allowed by the RRPP
interface.
[SwitchC] stp region-configuration
[SwitchC-mst-region] instance 1 vlan 2 to 11
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit
# Configure Domain 1 on SwitchC. Configure VLAN 10 as the major control VLAN and bind
Instance 1 to the protected VLAN in Domain 1.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] control-vlan 10
[SwitchC-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchC-rrpp-domain-region1] quit
# Disable STP on the interface to be added to the RRPP ring and configure the RRPP interface
as a trunk interface to allow data from VLANs 2 to 9 to pass through.
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 to 9
[SwitchC-GigabitEthernet1/0/1] stp disable
[SwitchC-GigabitEthernet1/0/1] quit
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 to 9
[SwitchC-GigabitEthernet1/0/2] stp disable
[SwitchC-GigabitEthernet1/0/2] quit
# Configure SwitchC to use the RRPP version defined by the national standard of China.
[SwitchC] rrpp work-mode gb
# Configure the primary interface and secondary interface on the master node of the sub-ring.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] ring 2 node-mode master primary-port gigabitethernet
1/0/1 secondary-port gigabitethernet 1/0/2 level 1
[SwitchC-rrpp-domain-region1] ring 2 enable
[SwitchC-rrpp-domain-region1] quit
Step 3 Configure SwitchA as the transit node on the major ring and the edge node on the sub-ring.
# Create data VLANs 2 to 9 on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 2 to 9
Configure Instance 1, and map it to the data VLANs and control VLANs allowed by the RRPP
interface.
# Configure Domain 1 on SwitchA. Then configure VLAN 10 as the major control VLAN and
bind Instance 1 to protected VLANs in Domain 1.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] control-vlan 10
[SwitchA-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchA-rrpp-domain-region1] quit
# Disable STP on the interface to be added to the RRPP ring and configure the RRPP interface
as a trunk interface to allow data from VLANs 2 to 9 to pass through.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 to 9
[SwitchA-GigabitEthernet1/0/1] stp disable
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 to 9
[SwitchA-GigabitEthernet1/0/2] stp disable
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 to 9
[SwitchA-GigabitEthernet1/0/3] stp disable
[SwitchA-GigabitEthernet1/0/3] quit
# Configure SwitchA to use the RRPP version defined by the national standard of China.
[SwitchA] rrpp work-mode gb
# Configure the primary interface and secondary interface on the transit node of the major ring.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet 1/0/2 secondary-port gigabitethernet 1/0/1 level 0
[SwitchA-rrpp-domain-region1] ring 1 enable
[SwitchA-rrpp-domain-region1] quit
# Configure the edge interface of the edge transit node on the sub-ring.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] ring 2 node-mode transit secondary-port
gigabitethernet 1/0/3
[SwitchA-rrpp-domain-region1] ring 2 enable
[SwitchA-rrpp-domain-region1] quit
Step 4 Configure SwitchD as the transit node on the major ring and the edge node on the sub-ring.
Configure Instance 1, and map it to the data VLANs and control VLANs allowed by the RRPP
interface.
[SwitchD] stp region-configuration
[SwitchD-mst-region] instance 1 vlan 2 to 11
[SwitchD-mst-region] active region-configuration
[SwitchD-mst-region] quit
# On SwitchD, configure Domain 1. Configure VLAN 10 as the major control VLAN and bind
Instance 1 to the protected VLAN in Domain 1.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] control-vlan 10
[SwitchD-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchD-rrpp-domain-region1] quit
# Disable STP on the interface to be added to the RRPP ring and configure the RRPP interface
as a trunk interface.
[SwitchD] interface gigabitethernet 1/0/1
[SwitchD-GigabitEthernet1/0/1] port link-type trunk
[SwitchD-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 to 9
[SwitchD-GigabitEthernet1/0/1] stp disable
[SwitchD-GigabitEthernet1/0/1] quit
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] port link-type trunk
[SwitchD-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 to 9
[SwitchD-GigabitEthernet1/0/2] stp disable
[SwitchD-GigabitEthernet1/0/2] quit
[SwitchD] interface gigabitethernet 1/0/3
[SwitchD-GigabitEthernet1/0/3] port link-type trunk
[SwitchD-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 to 9
[SwitchD-GigabitEthernet1/0/3] stp disable
[SwitchD-GigabitEthernet1/0/3] quit
# Configure SwitchD to use the RRPP version defined by the national standard of China.
[SwitchD] rrpp work-mode gb
# Configure the primary interface and secondary interface on the transit node of the major ring.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet 1/0/2 secondary-port gigabitethernet 1/0/1 level 0
[SwitchD-rrpp-domain-region1] ring 1 enable
[SwitchD-rrpp-domain-region1] quit
# Configure the edge interface of the edge transit node on the sub-ring.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] ring 2 node-mode transit secondary-port
gigabitethernet 1/0/3
[SwitchD-rrpp-domain-region1] ring 2 enable
[SwitchD-rrpp-domain-region1] quit
# The configurations on SwitchB, SwitchC, and SwitchD are similar to that on SwitchA and not
mentioned here. For details, see the configuration files.
Step 6 Verify the configuration.
After the preceding configurations are complete and the network becomes stable, run the
following commands to verify the configuration.
l Run the display rrpp brief command on SwitchB. The command output is as follows:
<SwitchB> display rrpp brief
Abbreviations for Switch Node Mode :
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
The command output shows that RRPP is enabled on SwitchB. The major control VLAN is
VLAN 10, and the sub-control VLAN is VLAN 11; SwitchB is the master node on the major
ring, with GE2/0/1 as the primary interface and GE2/0/2 as the secondary interface.
l Run the display rrpp verbose domain command on SwitchB. The command output is as
follows:
<SwitchB> display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet2/0/1 Port status: UP
Secondary port : GigabitEthernet2/0/2 Port status: BLOCKED
The command output shows that the ring is in Complete state, and the secondary interface
on the master node is blocked.
l Run the display rrpp brief command on SwitchC. The command output is as follows:
<SwitchC> display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , EM - Edge Master, ET - Edge Transit
The command output shows that RRPP is enabled on SwitchC. The major control VLAN is
VLAN 10, and the sub-control VLAN is VLAN 11. SwitchC is the master node on the sub-
ring, with GE1/0/1 as the primary interface and GE1/0/2 as the secondary interface.
l Run the display rrpp verbose domain command on SwitchC. The command output is as
follows:
<SwitchC> display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
RRPP Ring : 2
Ring Level : 1
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/1 Port status: UP
Secondary port: GigabitEthernet1/0/2 Port status: BLOCKED
You can find that the sub-ring is in Complete state, and the secondary interface of the master
node on the sub-ring is blocked.
l Run the display rrpp brief command on SwitchA. The command output is as follows:
<SwitchA> display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , EM - Edge Master, ET - Edge Transit
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
-------------------------------------------------------------------------
1 0 T GigabitEthernet1/0/2 GigabitEthernet1/0/1 Yes
2 1 ET GigabitEthernet1/0/2 GigabitEthernet1/0/3 Yes
GigabitEthernet1/0/1
The command output shows that RRPP is enabled on SwitchA. The major control VLAN is
VLAN 10, and the sub-control VLAN is VLAN 11. SwitchA is the master node on the major
ring, with GE1/0/2 as the primary interface and GE1/0/1 as the secondary interface.
SwitchA is also the edge transit node on the sub-ring, with GE1/0/3 as the edge interface.
l Run the display rrpp verbose domain command on SwitchA. The command output is as
follows:
<SwitchA> display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/2 Port status: UP
Secondary port: GigabitEthernet1/0/1 Port status: UP
RRPP Ring : 2
Ring Level : 1
Node Mode : Edge Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Secondary port: GigabitEthernet1/0/3 Port status: UP
l Run the display rrpp brief command on SwitchD. The command output is as follows:
<SwitchD> display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , EM - Edge Master, ET - Edge Transit
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
-------------------------------------------------------------------------
1 0 T GigabitEthernet1/0/2 GigabitEthernet1/0/1 Yes
2 1 ET GigabitEthernet1/0/2 GigabitEthernet1/0/3 Yes
GigabitEthernet1/0/1
The command output shows that RRPP is enabled on SwitchD. The major control VLAN is
VLAN 10, and the sub-control VLAN is VLAN 11. SwitchD is the transit node on the major
ring, with GE1/0/2 as the primary interface and GE1/0/1 as the secondary interface.
SwitchD is also the edge transit node on the sub-ring, with GE1/0/3 as the edge interface.
l Run the display rrpp verbose domain command on SwitchD. The command output is as
follows:
<SwitchD> display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/2 Port status: UP
Secondary port: GigabitEthernet1/0/1 Port status: UP
RRPP Ring :2
Ring Level :1
Node Mode :Edge Transit
Ring State :Linkup
Is Enabled :Enable Is Active : Yes
Primary port :GigabitEthernet1/0/2 Port status: UP
GigabitEthernet1/0/1 Port status: UP
Secondary port: GigabitEthernet1/0/3 Port status: UP
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 11
#
rrpp enable
rrpp working-mode GB
#
stp region-
configuration
instance 1 vlan 2 to
11
active region-
configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Gigabitethernet1/0/2 secondary-port
Gigabitethernet1/0/1 level 0
ring 1 enable
ring 2 node-mode transit secondary-port Gigabitethernet1/0/3
ring 2 enable
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface GigabitEthernet1/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 2 to 11
#
rrpp enable
rrpp working-mode GB
#
stp region-
configuration
instance 1 vlan 2 to
11
active region-
configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 1 node-mode master primary-port Gigabitethernet2/0/1 secondary-port
Gigabitethernet2/0/2 level 0
ring 1 enable
#
interface GigabitEthernet2/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface GigabitEthernet2/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 2 to 11
#
rrpp enable
rrpp working-mode GB
#
stp region-
configuration
instance 1 vlan 2 to
11
active region-
configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 2 node-mode master primary-port GigabitEthernet1/0/1 secondary-port
GigabitEthernet1/0/2 level 1
ring 2 enable
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 2 to 11
#
rrpp enable
rrpp working-mode GB
#
stp region-
configuration
instance 1 vlan 2 to
11
active region-
configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet1/0/2 secondary-port
GigabitEthernet1/0/1 level 0
ring 1 enable
ring 2 node-mode transit secondary-port GigabitEthernet1/0/3
ring 2 enable
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface GigabitEthernet1/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
return
Networking Requirements
A metro Ethernet network uses two-layer rings: one is the aggregation layer between aggregation
devices PE-AGGs and the other is the access layer between PE-AGGs and UPEs.
Figure 9-25 Networking diagram of intersecting RRPP rings with a single instance
RRPP Domain
UPE1 PE-AGG2
Edge Master
Sub PE-AGG1
Ring 1
Master
Major P Core Net
Ring S
UPE Sub Block NPE
LANSwitch Ring 2
Assistant
PE-AGG3 PE-AGG:PE-Aggregation
Master NPE:Network Provider Edge
UPE:Underlayer Provider Edge
CE
As shown in Figure 9-25, the network is required to prevent loops when the ring is complete
and implement fast convergence to rapidly restore communication between nodes on the ring
when the ring fails. RRPP can meet this requirement. RRPP supports multiple rings. You can
configure the aggregation layer as the major ring and the access layer as the sub-ring, simplifying
the network configuration.
As shown in Figure 9-26, SwitchB, SwitchA, SwitchD, and SwitchC map PE-AGG1, PE-
AGG2, PE-AGG3, and UPE1 in Figure 9-25 respectively. Figure 9-26 is used as an example
to describe how to configure intersecting RRPP rings with a single instance in the RRPP version
defined by Huawei.
Figure 9-26 Networking diagram of intersecting RRPP rings with a single instance (RRPP
defined by Huawei)
SwitchA
Eth0/0/3 Eth0/0/1
Eth0/0/3 Eth0/0/1
SwitchD
Configuration Roadmap
The configuration roadmap is as follows:
1. Create an RRPP domain and its control VLAN.
2. Map the VLANs that needs to pass through the RRPP ring to Instance 1, including data
VLANs 2 to 9 and control VLANs 10 and 11 (VLAN 11 is the sub-control VLAN generated
by the device).
3. Configure interfaces to be added to the RRPP domain on the devices so that data can pass
through the interfaces. Disable protocols that conflict with RRPP, such as STP.
4. Configure a protected VLAN and create an RRPP ring in the RRPP domain.
a. Configure Ring 1 (major ring) in Domain 1 on SwitchA, SwitchB, and SwitchD.
b. Configure Ring 2 (sub-ring) in Domain 1 on SwitchA, SwitchC, and SwitchD.
c. Configure SwitchB as the master node on the major ring and configure SwitchA and
SwitchD as transit nodes on the major ring.
d. Configure SwitchC as the master node on the sub-ring, configure SwitchA as the edge
node on the sub-ring, and configure SwitchD as the assistant edge node on the sub-
ring.
5. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.
NOTE
VLANs that are not mentioned in this example are considered nonexistent. However, interfaces on the device
join VLAN1 by default. You need to remove corresponding interfaces from VLAN1.
Procedure
Step 1 Configure SwitchB as the master node on the major ring.
# Create data VLANs 2 to 9 on SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 2 to 9
Configure instance 1, and map it to the data VLANs and control VLANs allowed by the RRPP
interface.
[SwitchB] stp region-configuration
[SwitchB-mst-region] instance 1 vlan 2 to 11
# Configure Domain 1 on SwitchB. Configure VLAN 10 as the major control VLAN and bind
Instance 1 to the protected VLAN in Domain 1.
[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] control-vlan 10
[SwitchB-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchB-rrpp-domain-region1] quit
# Configure the RRPP interface as a trunk interface to allow data from VLANs 2 to 9 to pass
through and disable STP on the interface to be added to the RRPP ring.
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port link-type trunk
[SwitchB-Ethernet0/0/1] port trunk allow-pass vlan 2 to 9
[SwitchB-Ethernet0/0/1] stp disable
[SwitchB-Ethernet0/0/1] quit
[SwitchB] interface ethernet 0/0/2
[SwitchB-Ethernet0/0/2] port link-type trunk
[SwitchB-Ethernet0/0/2] port trunk allow-pass vlan 2 to 9
[SwitchB-Ethernet0/0/2] stp disable
[SwitchB-Ethernet0/0/2] quit
# Configure the primary interface and secondary interface on the master node of the major ring.
[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] ring 1 node-mode master primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[SwitchB-rrpp-domain-region1] ring 1 enable
[SwitchB-rrpp-domain-region1] quit
Configure Instance 1, and map it to the data VLANs and control VLANs allowed by the RRPP
interface.
[SwitchC] stp region-configuration
[SwitchC-mst-region] instance 1 vlan 2 to 11
[SwitchC-mst-region] active region-configuration
[SwitchC-mst-region] quit
# Configure Domain 1 on SwitchC. Configure VLAN 10 as the major control VLAN and bind
Instance 1 to the protected VLAN in Domain 1.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] control-vlan 10
[SwitchC-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchC-rrpp-domain-region1] quit
# Disable STP on the interface to be added to the RRPP ring and configure the RRPP interface
as a trunk interface to allow data from VLANs 2 to 9 to pass through.
[SwitchC] interface ethernet 0/0/1
[SwitchC-Ethernet0/0/1] port link-type trunk
[SwitchC-Ethernet0/0/1] port trunk allow-pass vlan 2 to 9
[SwitchC-Ethernet0/0/1] stp disable
[SwitchC-Ethernet0/0/1] quit
[SwitchC] interface ethernet 0/0/2
[SwitchC-Ethernet0/0/2] port link-type trunk
[SwitchC-Ethernet0/0/2] port trunk allow-pass vlan 2 to 9
# Configure the primary interface and secondary interface on the master node of the sub-ring.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] ring 2 node-mode master primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 1
[SwitchC-rrpp-domain-region1] ring 2 enable
[SwitchC-rrpp-domain-region1] quit
Step 3 Configure SwitchA as the transit node on the major ring and the edge node on the sub-ring.
# Create data VLANs 2 to 9 on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 2 to 9
Configure Instance 1, and map it to the data VLANs and control VLANs allowed by the RRPP
interface.
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 1 vlan 2 to 11
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# Configure Domain 1 on SwitchA. Configure VLAN 10 as the major control VLAN and bind
Instance 1 to the protected VLAN in Domain 1.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] control-vlan 10
[SwitchA-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchA-rrpp-domain-region1] quit
# Disable STP on the interface to be added to the RRPP ring and configure the RRPP interface
as a trunk interface to allow data from VLANs 2 to 9 to pass through.
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port link-type trunk
[SwitchA-Ethernet0/0/1] port trunk allow-pass vlan 2 to 9
[SwitchA-Ethernet0/0/1] stp disable
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface ethernet 0/0/2
[SwitchA-Ethernet0/0/2] port link-type trunk
[SwitchA-Ethernet0/0/2] port trunk allow-pass vlan 2 to 9
[SwitchA-Ethernet0/0/2] stp disable
[SwitchA-Ethernet0/0/2] quit
[SwitchA] interface ethernet 0/0/3
[SwitchA-Ethernet0/0/3] port link-type trunk
[SwitchA-Ethernet0/0/3] port trunk allow-pass vlan 2 to 9
[SwitchA-Ethernet0/0/3] stp disable
[SwitchA-Ethernet0/0/3] quit
# Configure the primary interface and secondary interface on the transit node of the major ring.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/2
secondary-port ethernet 0/0/1 level 0
[SwitchA-rrpp-domain-region1] ring 1 enable
[SwitchA-rrpp-domain-region1] quit
# Configure the common interface and edge interface on the edge node of the sub-ring.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] ring 2 node-mode edge common-port ethernet 0/0/2
edge-port ethernet 0/0/3
[SwitchA-rrpp-domain-region1] ring 2 enable
[SwitchA-rrpp-domain-region1] quit
Step 4 Configure SwitchD as the transit node on the major ring and the assistant edge node on the sub-
ring.
# Create data VLANs 2 to 9 on SwitchD.
<Quidway> system-view
[Quidway] sysname SwitchD
[SwitchD] vlan batch 2 to 9
Configure Instance 1, and map it to the data VLANs and control VLANs allowed by the RRPP
interface.
[SwitchD] stp region-configuration
[SwitchD-mst-region] instance 1 vlan 2 to 11
[SwitchD-mst-region] active region-configuration
[SwitchD-mst-region] quit
# On SwitchD, configure Domain 1. Configure VLAN 10 as the major control VLAN and bind
Instance 1 to the protected VLAN in Domain 1.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] control-vlan 10
[SwitchD-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchD-rrpp-domain-region1] quit
# Disable STP on the interface to be added to the RRPP ring, configure the RRPP interface as
a trunk interface, and configure the interfaces to allow service packets of VLAN 2 to VLAN 9
to pass through.
[SwitchD] interface ethernet 0/0/1
[SwitchD-Ethernet0/0/1] port link-type trunk
[SwitchD-Ethernet0/0/1] port trunk allow-pass vlan 2 to 9
[SwitchD-Ethernet0/0/1] stp disable
[SwitchD-Ethernet0/0/1] quit
[SwitchD] interface ethernet 0/0/2
[SwitchD-Ethernet0/0/2] port link-type trunk
[SwitchD-Ethernet0/0/2] port trunk allow-pass vlan 2 to 9
[SwitchD-Ethernet0/0/2] stp disable
[SwitchD-Ethernet0/0/2] quit
[SwitchD] interface ethernet 0/0/3
[SwitchD-Ethernet0/0/3] port link-type trunk
[SwitchD-Ethernet0/0/3] port trunk allow-pass vlan 2 to 9
[SwitchD-Ethernet0/0/3] stp disable
[SwitchD-Ethernet0/0/3] quit
# Configure the primary interface and secondary interface on the transit node of the major ring.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/2
secondary-port ethernet 0/0/1 level 0
[SwitchD-rrpp-domain-region1] ring 1 enable
[SwitchD-rrpp-domain-region1] quit
# Configure the common interface and edge interface on the assistant edge node of the sub-ring.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port ethernet
0/0/2 edge-port ethernet 0/0/3
[SwitchD-rrpp-domain-region1] ring 2 enable
[SwitchD-rrpp-domain-region1] quit
# The configurations on SwitchB, SwitchC, and SwitchD are similar to that on SwitchA and not
mentioned here. For details, see the configuration files.
After the preceding configurations are complete and the network becomes stable, run the
following commands to verify the configuration.
l Run the display rrpp brief command on SwitchB. The command output is as follows:
<SwitchB> display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
-------------------------------------------------------------------------------
-
1 0 M Ethernet0/0/1 Ethernet0/0/2 Yes
The command output shows that RRPP is enabled on SwitchB. The major control VLAN is
VLAN 10, and the sub-control VLAN is VLAN 11; SwitchB is the master node on the major
ring, with Eth0/0/1 as the primary interface and Eth0/0/2 as the secondary interface.
l Run the display rrpp verbose domain command on SwitchB. The command output is as
follows:
<SwitchB> display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port : Ethernet0/0/2 Port status: BLOCKED
The command output shows that the ring is in Complete state, and the secondary interface
on the master node is blocked.
l Run the display rrpp brief command on SwitchC. The command output is as follows:
<SwitchC> display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
-------------------------------------------------------------------------------
-
2 1 M Ethernet0/0/1 Ethernet0/0/2 Yes
You can find that RRPP is enabled on SwitchC. The major control VLAN is VLAN 10, and
the sub-control VLAN is VLAN 11; SwitchC is the master node on the sub-ring, with
Eth0/0/1 as the primary interface and Eth0/0/2 as the secondary interface.
l Run the display rrpp verbose domain command on SwitchC. The command output is as
follows:
<SwitchC> display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 2
Ring Level : 1
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port : Ethernet0/0/2 Port status: BLOCKED
The command output shows that the sub-ring is in Complete state, and the secondary interface
on the master node of the sub-ring is blocked.
l Run the display rrpp brief command on SwitchA. The command output is as follows:
<SwitchA> display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
-------------------------------------------------------------------------------
-
1 0 T Ethernet0/0/2 Ethernet0/0/1 Yes
2 1 E Ethernet0/0/2 Ethernet0/0/3 Yes
The command output shows that RRPP is enabled on SwitchA. The major control VLAN is
VLAN 10, and the sub-control VLAN is VLAN 11. SwitchA is the transit node on the major
ring. The primary interface is Eth0/0/2 and the secondary interface is Eth0/0/1.
SwitchA is also the edge node on the sub-ring, with Eth0/0/2 as the common interface and
Eth0/0/3 as the edge interface.
l Run the display rrpp verbose domain command on SwitchA. The command output is as
follows:
<SwitchA> display rrpp verbose domain 1
Domain Index : 1
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/2 Port status: UP
Secondary port: Ethernet0/0/1 Port status: UP
RRPP Ring : 2
Ring Level : 1
Node Mode : Edge
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Common port : Ethernet0/0/2 Port status: UP
Edge port : Ethernet0/0/3 Port status: UP
l Run the display rrpp brief command on SwitchD. The command output is as follows:
<SwitchD> display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
-------------------------------------------------------------------------------
-
1 0 T Ethernet0/0/2 Ethernet0/0/1 Yes
2 1 A Ethernet0/0/2 Ethernet0/0/3 Yes
The command output shows that RRPP is enabled on SwitchD. The major control VLAN is
VLAN 10, and the sub-control VLAN is VLAN 11. SwitchD is the transit node on the major
ring, with Eth0/0/2 as the primary interface and Eth0/0/1 as the secondary interface.
SwitchD is also the assistant edge node on the sub-ring, with Eth0/0/2 as the common
interface and Eth0/0/3 as the edge interface.
l Run the display rrpp verbose domain command on SwitchD. The command output is as
follows:
<SwitchD> display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/2 Port status: UP
Secondary port: Ethernet0/0/1 Port status: UP
RRPP Ring : 2
Ring Level : 1
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 11
#
rrpp enable
#
stp region-
configuration
instance 1 vlan 2 to 11
active region-
configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/2 secondary-port
Ethernet0/0/1 level 0
ring 1 enable
ring 2 node-mode edge common-port Ethernet0/0/2 edge-port Ethernet0/0/3
ring 2 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface Ethernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
return
control-vlan 10
protected-vlan reference-instance 1
ring 1 node-mode master primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 2 to 11
#
rrpp enable
#
stp region-
configuration
instance 1 vlan 2 to 11
active region-
configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 2 node-mode master primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 1
ring 2 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 2 to 11
#
rrpp enable
#
stp region-
configuration
instance 1 vlan 2 to 11
active region-
configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/2 secondary-port
Ethernet0/0/1 level 0
ring 1 enable
ring 2 node-mode assistant-edge common-port Ethernet0/0/2 edge-port
Ethernet0/0/3
ring 2 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 11
stp disable
#
interface Ethernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 9 11
stp disable
#
return
Networking Requirements
A metro Ethernet network uses two-layer rings:
l One layer is the aggregation layer between aggregation devices PE-AGGs, such as RRPP
Domain 1 in Figure 9-27.
l The other layer is the access layer between PE-AGGs and UPEs, such as RRPP Domain 2
and RRPP Domain 3 in Figure 9-27.
Master
UPE1
UPE2 PE-AGG3
RRPP Transit 1
Domain2
Master
PE-AGG1
UPE RRPP P IP/MPLS
Domain1 Core
UPE S
UPE Block NPE
RRPP Transit 2
Domain3
PE-AGG2
Master PE-AGG:PE-Aggregation
UPE NPE:Network Provider Edge
UMG:Universal Media Gateway
UPE:Underlayer Provider Edge
DSLAM:Digital Subscriber Line Access Multiplexer
As shown in Figure 9-27, the network is required to prevent loops when the ring is complete
and implement fast convergence to rapidly restore communication between nodes on the ring
when the ring fails. RRPP can meet this requirement. RRPP supports multiple rings. You can
configure the aggregation layer and access layer as RRPP rings and the two rings are tangent,
simplifying the network configuration.
As shown in Figure 9-28, SwitchE, SwitchD, SwitchC, SwitchA, and SwitchB map PE-AGG1,
PE-AGG2, PE-AGG3, UPE 1, and UPE 2 in Figure 9-27 respectively. Figure 9-28 is used as
an example to describe how to configure tangent RRPP rings with a single instance.
Domain 2 Domain 1
Configuration Roadmap
The configuration roadmap is as follows:
1. Create different RRPP domains and control VLANs to configure an RRPP ring.
2. Map the VLANs that need to pass through Ring 1 to Instance 1, including data VLANs and
control VLANs to configure protected VLANs.
Map the VLANs that need to pass through Ring 2 to Instance 2, including data VLANs and
control VLANs to configure protected VLANs.
3. Configure timers for different RRPP domains.
NOTE
You can configure two timers for tangent points because two tangent rings locate in different domains.
4. Configure interfaces to be added to the RRPP domain on the devices so that data can pass
through the interfaces. Disable protocols that conflict with RRPP, such as STP.
5. Configure protected VLANs and create RRPP rings in RRPP domains.
a. Configure Ring 2 in Domain 2 on SwitchA, SwitchB, and SwitchC.
b. Configure Ring 1 in Domain 1 on SwitchC, SwitchD, and SwitchE.
c. Configure SwitchA as the master node on Ring 2, and configure SwitchB and
SwitchC as transit nodes on Ring 2.
d. Configure SwitchE as the master node on Ring 1, and configure SwitchC and
SwitchD as transit nodes on Ring 1.
6. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.
NOTE
VLANs that are not mentioned in this example are considered nonexistent. However, interfaces on the device
join VLAN1 by default. You need to remove corresponding interfaces from VLAN1.
Procedure
Step 1 Configure instance 2, and map it to the data VLANs and control VLANs allowed by the RRPP
interface.
# Configure Switch A.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 2 vlan 20 to 21
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
# The configurations on SwitchB, SwitchC, SwitchD, and SwitchE are similar to that on
SwitchA and not mentioned here. For details, see the configuration files.
Step 2 Create RRPP domains and configure control VLANs and protected VLANs in the domains.
# Configure Domain 1 on SwitchE, which is the master node on Ring 1. Configure VLAN 10
as the major control VLAN in Domain 1, and bind Instance 1 to protected VLANs.
[SwitchE] rrpp domain 1
[SwitchE-rrpp-domain-region1] control-vlan 10
[SwitchE-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchE-rrpp-domain-region1] quit
# The configurations on SwitchB, SwitchC, and SwitchD are similar to that on SwitchA and not
mentioned here. For details, see the configuration files.
Step 3 Set the timers of RRPP domains.
# Set the timers for SwitchE, the master node on Ring 1.
[SwitchE] rrpp domain 1
[SwitchE-rrpp-domain-region1] timer hello-timer 2 fail-timer 7
# The configurations on SwitchB, SwitchC, SwitchD, and SwitchE are similar to that on
SwitchA and not mentioned here. For details, see the configuration files.
Step 5 Create and enable RRPP rings.
Configure nodes on Ring 2. The configuration procedure is as follows:
# Configure SwitchA as the master node on Ring 2 and specify the primary and secondary
interfaces.
[SwitchA] rrpp domain 2
[SwitchA-rrpp-domain-region2] ring 2 node-mode master primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[SwitchA-rrpp-domain-region2] ring 2 enable
[SwitchA-rrpp-domain-region2] quit
# Configure SwitchB as a transit node on Ring 2 (major ring) and specify the primary and
secondary interfaces.
[SwitchB] rrpp domain 2
[SwitchB-rrpp-domain-region2] ring 2 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
# Configure SwitchC as a transit node on Ring 2 and specify the primary and secondary
interfaces.
[SwitchC] rrpp domain 2
[SwitchC-rrpp-domain-region2] ring 2 node-mode transit primary-port ethernet 0/0/3
secondary-port ethernet 0/0/4 level 0
[SwitchC-rrpp-domain-region2] ring 2 enable
[SwitchC-rrpp-domain-region2] quit
# Configure SwitchC as a transit node on Ring 1 and specify the primary and secondary
interfaces.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[SwitchC-rrpp-domain-region1] ring 1 enable
[SwitchC-rrpp-domain-region1] quit
# Configure SwitchD as a transit node on Ring 1 and specify the primary and secondary
interfaces.
[SwitchD] rrpp domain 1
[SwitchD-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[SwitchD-rrpp-domain-region1] ring 1 enable
[SwitchD-rrpp-domain-region1] quit
# The configurations on SwitchB, SwitchC, SwitchD, and SwitchE are similar to that on
SwitchA and not mentioned here. For details, see the configuration files.
Step 7 Verify the configuration.
After the preceding configurations are complete and the network topology becomes stable,
perform the following operations to verify the configuration. The tangent point SwitchC is used
as an example.
l Run the display rrpp brief command on SwitchC. The command output is as follows:
[SwitchC] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 2 sec(default is 1 sec) Fail Timer : 7 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port
Enabled
-------------------------------------------------------------------------------
-
1 0 T Ethernet0/0/1 Ethernet0/0/2 Yes
Domain Index : 2
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 2
Hello Timer : 3 sec(default is 1 sec) Fail Timer : 10 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port
Enabled
-------------------------------------------------------------------------------
-
2 0 T Ethernet0/0/3 Ethernet0/0/4 Yes
The command output shows that RRPP is enabled on SwitchC. In Domain 1, the major control
VLAN is VLAN 10, and the sub-control VLAN is VLAN 11. SwitchC is the transit node on
the major ring, with Ethernet0/0/1 as the primary interface and Ethernet0/0/2 as the secondary
interface.
In Domain 2, the major control VLAN is VLAN 20, and the sub-control VLAN is VLAN
21. SwitchC is a transit node on Ring 2. Ethernet0/0/3 is the primary interface and
Ethernet0/0/4 is the secondary interface.
l Run the display rrpp verbose domain command on SwitchC. The command output is as
follows:
# Display detailed information about Domain 1 on SwitchC.
[SwitchC] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 2 sec(default is 1 sec) Fail Timer : 7 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port : Ethernet0/0/2 Port status: UP
RRPP Ring : 2
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 20 to 21
#
rrpp enable
#
stp region-
configuration
instance 2 vlan 20 to
21
active region-configuration
#
rrpp domain 2
control-vlan 20
protected-vlan reference-instance 2
timer hello-timer 3 fail-timer 10
ring 2 node-mode master primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 2 enable
#
interface Ethernet0/0/1
undo port hybrid vlan 1
port hybrid tagged vlan 20 to 21
stp disable
#
interface Ethernet0/0/2
undo port hybrid vlan 1
port hybrid tagged vlan 20 to 21
stp disable
#
instance 1 vlan 10 to
11
active region-configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
timer hello-timer 2 fail-timer 7
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
#
interface Ethernet0/0/1
undo port hybrid vlan 1
port hybrid tagged vlan 10 to 11
stp disable
#
interface Ethernet0/0/2
undo port hybrid vlan 1
port hybrid tagged vlan 10 to 11
stp disable
#
return
l Configuration file of SwitchE
#
sysname SwitchE
#
vlan batch 10 to 11
#
rrpp enable
#
stp region-
configuration
instance 1 vlan 10 to
11
active region-configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
timer hello-timer 2 fail-timer 7
ring 1 node-mode master primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
#
interface Ethernet0/0/1
undo port hybrid vlan 1
port hybrid tagged vlan 10 to 11
stp disable
#
interface Ethernet0/0/2
undo port hybrid vlan 1
port hybrid tagged vlan 10 to 11
stp disable
#
return
Networking Requirements
As shown in Figure 9-29, on a ring network, idle links are required to forward data. In this way,
data in different VLANs are forwarded along different paths, improving network efficiency and
implementing load balancing.
Figure 9-29 Networking diagram of single RRPP ring with multiple instances
UPE B
Eth0/0/1 Eth0/0/2
CE 1
VLAN 100-300
PE-AGG
Eth0/0/1 Ring Eth0/0/1
Master 1 Backbone
UPEA 1
network
Master 2
Eth0/0/2 Eth0/0/2
CE 2
VLAN 100-300
Domain 1 ring 1
Eth0/0/2 Eth0/0/1
Domain 2 ring 1
UPEC
Table 9-1 shows the mapping between protected VLANs and instances in Domain 1 and Domain
2.
Table 9-2 shows the master node on each ring and the primary and secondary interfaces on each
master node.
Table 9-2 Master node and its primary and secondary interfaces
Configuration Roadmap
The configuration roadmap is as follows:
2. Map the VLANs that need to pass through Ring 1 in Domain 1 to Instance 1, including data
VLANs and control VLANs.
Map the VLANs that need to pass through Ring 1 in Domain 2 to Instance 2, including data
VLANs and control VLANs.
3. Configure interfaces to be added to the RRPP domain on the devices so that data can pass
through the interfaces. Disable protocols that conflict with RRPP, such as STP.
4. Configure protected VLANs and create RRPP rings in RRPP domains.
a. Add UPEA, UPEB, UPEC, and PE-AGG to Ring 1 in Domain 1. Configure PE-AGG
as the master node on Ring 1 in Domain 1 and configure UPEA, UPEB, and UPEC
as transit nodes.
b. Add UPEA, UPEB, UPEC, and PE-AGG to Ring 1 in Domain 2. Configure PE-AGG
as the master node on Ring 1 in Domain 2 and configure UPEA, UPEB, and UPEC
as transit nodes.
5. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.
NOTE
VLANs that are not mentioned in this example are considered nonexistent. However, interfaces on the device
join VLAN1 by default. You need to remove corresponding interfaces from VLAN1.
Procedure
Step 1 Create instances.
# Create data VLANs 100 to 300 on UPEA.
<Quidway> system-view
[Quidway] sysname UPEA
[UPEA] vlan batch 100 to 300
# Create Instance 1, and map the control VLANs 5 and 6 and data VLANs 100 to 200 in Domain
1 to Instance 1.
[UPEA] stp region-configuration
[UPEA-mst-region] instance 1 vlan 5 6 100 to 200
# Create Instance 2, and map the control VLANs 10 and 11 and data VLANs 201 to 300 in
Domain 2 to Instance 2.
[UPEA-mst-region] instance 2 vlan 10 11 201 to 300
# The configurations on UPEB, UPEC, and PE-AGG are similar to that on UPEA and not
mentioned here. For details, see the configuration files.
Step 2 Configure the interfaces to be added into the RRPP rings.
# Configure the RRPP interface as a trunk interface to allow data from VLANs 100 to 300 to
pass through and disable STP on the interface to be added to the RRPP ring.
[UPEA] interface ethernet 0/0/1
[UPEA-Ethernet0/0/1] port link-type trunk
[UPEA-Ethernet0/0/1] port trunk allow-pass vlan 100 to 300
[UPEA-Ethernet0/0/1] stp disable
[UPEA-Ethernet0/0/1] quit
[UPEA] interface ethernet 0/0/2
[UPEA-Ethernet0/0/2] port link-type trunk
# The configurations on UPEB, UPEC, and PE-AGG are similar to that on UPEA and not
mentioned here. For details, see the configuration files.
Step 3 Create RRPP domains and configure protected VLANs and control VLANs.
# Configure the VLANs mapped to Instance 1 as the protected VLANs in Domain 1, and VLAN
5 as the control VLAN.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEA-rrpp-domain-region1] control-vlan 5
[UPEA-rrpp-domain-region1] quit
# Configure the VLANs mapped to Instance 2 as the protected VLANs in Domain 2, and VLAN
10 as the control VLAN.
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] protected-vlan reference-instance 2
[UPEA-rrpp-domain-region2] control-vlan 10
[UPEA-rrpp-domain-region2] quit
# The configurations on UPEB, UPEC, and PE-AGG are similar to that on UPEA and not
mentioned here. For details, see the configuration files.
# Configure UPEA as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces on UPEA.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEA-rrpp-domain-region1] ring 1 enable
[UPEA-rrpp-domain-region1] quit
# Configure UPEA as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces on UPEA.
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEA-rrpp-domain-region2] ring 1 enable
[UPEA-rrpp-domain-region2] quit
# Configure UPEB as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces on UPEB.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEB-rrpp-domain-region1] ring 1 enable
[UPEB-rrpp-domain-region1] quit
# Configure UPEB as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces on UPEB.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEB-rrpp-domain-region2] ring 1 enable
[UPEB-rrpp-domain-region2] quit
# Configure UPEC as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces on UPEC.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEC-rrpp-domain-region1] ring 1 enable
[UPEC-rrpp-domain-region1] quit
# Configure UPEC as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces on UPEC.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEC-rrpp-domain-region2] ring 1 enable
[UPEC-rrpp-domain-region2] quit
# Configure PE-AGG as the master node on Ring 1 in Domain 1, with Eth0/0/1 as the primary
interface and Eth0/0/2 as the secondary interface.
[PE-AGG] rrpp domain 1
[PE-AGG-rrpp-domain-region1] ring 1 node-mode master primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[PE-AGG-rrpp-domain-region1] ring 1 enable
[PE-AGG-rrpp-domain-region1] quit
# Configure PE-AGG as the master node on Ring 1 in Domain 2, with Eth0/0/2 as the primary
interface and Eth0/0/1 as the secondary interface.
[PE-AGG] rrpp domain 2
[PE-AGG-rrpp-domain-region2] ring 1 node-mode master primary-port ethernet 0/0/2
secondary-port ethernet 0/0/1 level 0
[PE-AGG-rrpp-domain-region2] ring 1 enable
[PE-AGG-rrpp-domain-region2] quit
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
In Domain 1, the major control VLAN is VLAN 5 and the protected VLANs are VLANs mapping
Instance 1. UPEA is a transit node on Ring 1. Ethernet0/0/1 is the primary interface and
Ethernet0/0/2 is the secondary interface.
In Domain 2, the major control VLAN is VLAN 10 and the protected VLANs are VLANs
mapping Instance 2. UPEA is a transit node on Ring 1. Ethernet0/0/1 is the primary interface
and Ethernet0/0/2 is the secondary interface.
l Run the display rrpp brief command on PE-AGG. The command output is as follows:
[PE-AGG] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN: Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
In Domain 1, the major control VLAN is VLAN 5, the protected VLAN is the VLAN mapped
to Instance 1, and the master node on Ring 1 is PE-AGG. Ethernet0/0/1 is the primary interface
and Ethernet0/0/2 is the secondary interface.
In Domain 2, the major control VLAN is VLAN 10, the protected VLAN is the VLAN mapped
to Instance 2, and the master node on Ring 1 is PE-AGG. Ethernet0/0/2 is the primary interface
and Ethernet0/0/1 is the secondary interface.
# Check detailed information about UPEA in Domain 1. Run the display rrpp verbose
domain command on UPEA. The command output is as follows:
[UPEA] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN: Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/2 Port status: UP
The command output shows that the control VLAN in Domain 1 is VLAN 5, and the protected
VLANs are the VLANs mapping Instance 1. UPEA is a transit node in Domain 1 and is in
LinkUp state.
# Check detailed information about UPEA in Domain 2.
[UPEA] display rrpp verbose domain 2
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN: Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/2 Port status: UP
The command output shows that, in Domain 2, the control VLAN is VLAN 10 and the protected
VLAN is the VLAN mapped to Instance 2. UPEA is a transit node in Domain 2 and is in LinkUp
state.
# Run the display rrpp verbose domain command on PE-AGG. The command output is as
follows:
# Check detailed information about PE-AGG in Domain 1.
[PE-AGG] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN: Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/2 Port status: BLOCKED
The command output shows that the control VLAN in Domain 1 is VLAN 5, and the protected
VLANs are the VLANs mapping Instance 1.
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/2 Port status: UP
Secondary port: Ethernet0/0/1 Port status: BLOCKED
The command output shows that, in Domain 2, the control VLAN is VLAN 10, and the protected
VLAN is the VLAN mapped to Instance 2.
PE-AGG is the master node in Domain 2 and is in Complete state.
The primary interface is Ethernet0/0/2 and the secondary interface is Ethernet0/0/1.
----End
Configuration Files
l Configuration file of UPEA
#
sysname UPEA
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return
l Configuration file of UPEB
#
sysname UPEB
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return
l Configuration file of UPEC
#
sysname UPEC
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return
Networking Requirements
As shown in Figure 9-30, on a ring network, idle links are required to forward data. In this way,
data in different VLANs are forwarded along different paths, improving network efficiency and
implementing load balancing. To enable devices from different vendors to communicate with
each other on the network, you can use the RRPP version defined by the national standard of
China.
Figure 9-30 Networking diagram of intersecting RRPP rings with multiple instances
Backbone
network
GE1/0/0 GE2/0/0
PE-AGG
Master 1
GE2/0/0 Master 2 GE1/0/0
UPEA Domain 1 ring 1 UPED
GE1/0/0 Domain 2 ring 1 GE2/0/0
Domain 1
Domain 2
Table 9-3 shows the mapping between protected VLANs and instances in Domain 1 and Domain
2.
Table 9-4 shows the master node on each ring and the primary and secondary interfaces on each
master node.
Table 9-4 Master node and its primary and secondary interfaces
Ring ID Master Node Primary Port Secondary Port Ring Type
Table 9-5 shows the edge transit nodes and edge nodes on the sub-rings.
Table 9-5 Edge transit nodes and edge nodes on the sub-rings
Ring ID Edge-Transit Edge Port Edge-Transit Edge Port
Node Node
Configuration Roadmap
The configuration roadmap is as follows:
1. Create different RRPP domains and control VLANs.
2. Map the VLANs that need to pass through Domain 1 to Instance 1, including data VLANs
and control VLANs.
Map the VLANs that need to pass through Domain 2 to Instance 2, including data VLANs
and control VLANs.
3. Configure interfaces to be added to the RRPP domain on the devices so that data can pass
through the interfaces. Disable protocols that conflict with RRPP, such as STP.
4. Configure the devices to use the RRPP version defined by the national standard of China.
5. Configure protected VLANs and create RRPP rings in RRPP domains.
a. Add UPEA, UPEB, UPEC, UPED, and PE-AGG to Ring 1 in Domain 1 and Ring 1
in Domain 2.
b. Add CE1, UPEB, and UPEC to Ring 2 in Domain 1 and Ring 2 in Domain 2.
c. Add CE2, UPEB, and UPEC to Ring 3 in Domain 1 and Ring 3 in Domain 2.
d. Configure PE-AGG as the master node and configure UPEA, UPEB, UPEC, and
UPED as transit nodes on Ring 1 in Domain 1 and Ring 1 in Domain 2.
e. Configure CE1 as the master node and configure UPEB and UPEC as transit nodes
on Ring 2 in Domain 1 and Ring 2 in Domain 2.
f. Configure CE2 as the master node and configure UPEB and UPEC as transit nodes
on Ring 3 in Domain 1 and Ring 3 in Domain 2.
6. To prevent topology flapping, set the LinkUp timer on the master nodes.
7. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.
NOTE
VLANs that are not mentioned in this example are considered nonexistent. However, interfaces on the device
join VLAN1 by default. You need to remove corresponding interfaces from VLAN1.
Procedure
Step 1 Create instances.
l Configure CE1.
# Create Instance 1, and map the control VLANs 5 and 6 and data VLANs 100 to 200 in Domain
1 to Instance 1.
[CE1] stp region-configuration
[CE1-mst-region] instance 1 vlan 5 6 100 to 200
# Create Instance 2, and map the control VLANs 10 and 11 and data VLANs 201 to 300 in
Domain 2 to Instance 2.
[CE1-mst-region] instance 2 vlan 10 11 201 to 300
# The configurations on CE2, UPEA, UPEB, UPEC, UPED, and PE-AGG are similar to that on
CE1 and not mentioned here. For details, see the configuration files.
# Disable STP on the interfaces to be added to the RRPP ring on CE1. Configure the interfaces
to allow data from VLANs 100 to 300 to pass through.
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port link-type trunk
[CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 to 300
[CE1-GigabitEthernet1/0/0] stp disable
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] port link-type trunk
[CE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 100 to 300
[CE1-GigabitEthernet2/0/0] stp disable
[CE1-GigabitEthernet2/0/0] quit
# Configure the VLANs mapping Instance 2 as protected VLANs in Domain 2, and configure
VLAN 10 as the control VLAN.
[CE1] rrpp domain 2
[CE1-rrpp-domain-region2] protected-vlan reference-instance 2
[CE1-rrpp-domain-region2] control-vlan 10
[CE1-rrpp-domain-region2] quit
# Configure CE1 as the master node on Ring 2 in Domain 2. Configure GE2/0/0 as the primary
interface and GE1/0/0 as the secondary interface.
[CE1] rrpp domain 2
[CE1-rrpp-domain-region2] ring 2 node-mode master primary-port gigabitethernet
2/0/0 secondary-port gigabitethernet 1/0/0 level 1
[CE1-rrpp-domain-region2] ring 2 enable
[CE1-rrpp-domain-region2] quit
l Configure CE2.
# Configure CE2 as the master node on Ring 3 in Domain 1. Configure GE1/0/0 as the primary
interface and GE2/0/0 as the secondary interface.
[CE2] rrpp domain 1
[CE2-rrpp-domain-region1] ring 3 node-mode master primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 1
[CE2-rrpp-domain-region1] ring 3 enable
[CE2-rrpp-domain-region1] quit
# Configure CE2 as the master node on Ring 3 in Domain 2. Configure GE2/0/0 as the primary
interface and GE1/0/0 as the secondary interface.
[CE2] rrpp domain 2
[CE2-rrpp-domain-region2] ring 3 node-mode master primary-port gigabitethernet
2/0/0 secondary-port gigabitethernet 1/0/0 level 1
[CE2-rrpp-domain-region2] ring 3 enable
[CE2-rrpp-domain-region2] quit
l Configure UPEA.
# Configure UPEA as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces on UPEA.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPEA-rrpp-domain-region1] ring 1 enable
[UPEA-rrpp-domain-region1] quit
# Configure UPEA as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces on UPEA.
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPEA-rrpp-domain-region2] ring 1 enable
[UPEA-rrpp-domain-region2] quit
l Configure UPEB.
# Configure UPEB as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces on UPEB.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPEB-rrpp-domain-region1] ring 1 enable
[UPEB-rrpp-domain-region1] quit
# Configure UPEB as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces on UPEB.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPEB-rrpp-domain-region2] ring 1 enable
[UPEB-rrpp-domain-region2] quit
# Configure UPEB as an edge transit node on Ring 2 in Domain 1 and configure GE3/0/0 as the
edge interface.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 2 node-mode transit secondary-port gigabitethernet
3/0/0
[UPEB-rrpp-domain-region1] ring 2 enable
[UPEB-rrpp-domain-region1] quit
# Configure UPEB as an edge transit node on Ring 2 in Domain 2 and configure GE3/0/0 as the
edge interface.
# Configure UPEB as an edge transit node on Ring 3 in Domain 1 and configure GE3/0/1 as the
edge interface.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 3 node-mode transit secondary-port gigabitethernet
3/0/1
[UPEB-rrpp-domain-region1] ring 3 enable
[UPEB-rrpp-domain-region1] quit
# Configure UPEB as an edge transit node on Ring 3 in Domain 2 and configure GE3/0/1 as the
edge interface.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 3 node-mode transit secondary-port gigabitethernet
3/0/1
[UPEB-rrpp-domain-region2] ring 3 enable
[UPEB-rrpp-domain-region2] quit
l Configure UPEC.
# Configure UPEC as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces on UPEC.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPEC-rrpp-domain-region1] ring 1 enable
[UPEC-rrpp-domain-region1] quit
# Configure UPEC as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces on UPEC.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPEC-rrpp-domain-region2] ring 1 enable
[UPEC-rrpp-domain-region2] quit
# Configure UPEC as an edge transit node on Ring 2 in Domain 1 and configure GE3/0/0 as the
edge interface.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 2 node-mode transit secondary-port gigabitethernet
3/0/0
[UPEC-rrpp-domain-region1] ring 2 enable
[UPEC-rrpp-domain-region1] quit
# Configure UPEC as an edge transit node on Ring 2 in Domain 2 and configure GE3/0/0 as the
edge interface.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 2 node-mode transit secondary-port gigabitethernet
3/0/0
[UPEC-rrpp-domain-region2] ring 2 enable
[UPEC-rrpp-domain-region2] quit
# Configure UPEC as an edge transit node on Ring 3 in Domain 1 and configure GE3/0/1 as the
edge interface.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 3 node-mode transit secondary-port gigabitethernet
3/0/1
# Configure UPEC as an edge transit node on Ring 3 in Domain 2 and configure GE3/0/1 as the
edge interface.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 3 node-mode transit secondary-port gigabitethernet
3/0/1
[UPEC-rrpp-domain-region2] ring 3 enable
[UPEC-rrpp-domain-region2] quit
l Configure UPED.
# Configure UPED as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces on UPED.
[UPED] rrpp domain 1
[UPED-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPED-rrpp-domain-region1] ring 1 enable
[UPED-rrpp-domain-region1] quit
# Configure UPED as a transit node of Ring 1 in Domain 2 and specify primary and secondary
interfaces on UPED.
[UPED] rrpp domain 2
[UPED-rrpp-domain-region2] ring 1 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPED-rrpp-domain-region2] ring 1 enable
[UPED-rrpp-domain-region2] quit
l Configure PE-AGG.
# Configure PE-AGG as the master node on Ring 1 in Domain 1, with GE1/0/0 as the primary
interface and GE2/0/0 as the secondary interface.
[PE-AGG] rrpp domain 1
[PE-AGG-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[PE-AGG-rrpp-domain-region1] ring 1 enable
[PE-AGG-rrpp-domain-region1] quit
# Configure PE-AGG as the master node on Ring 1 in Domain 2, with GE2/0/0 as the primary
interface and GE1/0/0 as the secondary interface.
[PE-AGG] rrpp domain 2
[PE-AGG-rrpp-domain-region2] ring 1 node-mode master primary-port gigabitethernet
2/0/0 secondary-port gigabitethernet 1/0/0 level 0
[PE-AGG-rrpp-domain-region2] ring 1 enable
[PE-AGG-rrpp-domain-region2] quit
After the RRPP ring configuration is complete, enable RRPP on each node of the ring to activate
the RRPP ring. The configuration procedure is as follows:
l Configure CE1.
# Enable RRPP.
[CE1] rrpp enable
# The configurations on CE2, UPEA, UPEB, UPEC, UPED, and PE-AGG are similar to that on
CE1 and not mentioned here. For details, see the configuration files.
l Configure CE2.
l Configure PE-AGG.
After the preceding configurations are complete and the network becomes stable, run the
following commands to verify the configuration. UPEB and PE-AGG are used as examples.
l Run the display rrpp brief command on UPEB. The command output is as follows:
[UPEB] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , EM - Edge Master, ET - Edge Transit
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet1/0/0 GigabitEthernet2/0/0 Yes
2 1 ET GigabitEthernet1/0/0 GigabitEthernet3/0/0 Yes
GigabitEthernet2/0/0
3 1 ET GigabitEthernet1/0/0 GigabitEthernet3/0/1 Yes
GigabitEthernet2/0/0
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet1/0/0 GigabitEthernet2/0/0 Yes
2 1 ET GigabitEthernet1/0/0 GigabitEthernet3/0/0 Yes
GigabitEthernet2/0/0
3 1 ET GigabitEthernet1/0/0 GigabitEthernet3/0/1 Yes
GigabitEthernet2/0/0
In Domain 1:
The major control VLAN is VLAN 5, and the protected VLANs are the VLANs mapped to
Instance 1.
UPEB is a transit node on Ring 1. GigabitEthernet1/0/0 is the primary interface and GE2/0/0 is
the secondary interface.
UPEB is an edge transit node on Ring 2. The edge interface is GigabitEthernet3/0/0.
UPEB is an edge transit node on Ring 3. The edge interface is GigabitEthernet3/0/1.
In Domain 2:
The major control VLAN is VLAN 10, and the protected VLANs are the VLANs mapped to
Instance 2.
UPEB is a transit node on Ring 1. GigabitEthernet1/0/0 is the primary interface and
GigabitEthernet2/0/0 is the secondary interface.
UPEB is an edge transit node on Ring 2. The edge interface is GigabitEthernet3/0/0.
UPEB is an edge transit node on Ring 3. The edge interface is GigabitEthernet3/0/1.
l Run the display rrpp brief command on PE-AGG. The command output is as follows:
[PE-AGG]display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , EM - Edge Master, ET - Edge Transit
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
---------------------------------------------------------------------------
1 0 M GigabitEthernet1/0/0 GigabitEthernet2/0/0 Yes
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN: Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
---------------------------------------------------------------------------
1 0 M GigabitEthernet2/0/0 GigabitEthernet1/0/0 Yes
The command output shows that RRPP is enabled on PE-AGG, and the LinkUp timer is 1 second.
In Domain 1, the major control VLAN is VLAN 5, the protected VLAN is the VLAN mapped
to Instance 1, and the master node on Ring 1 is PE-AGG. GigabitEthernet1/0/0 is the primary
interface and GigabitEthernet2/0/0 is the secondary interface.
In Domain 2, the major control VLAN is VLAN 10, the protected VLAN is the VLAN mapped
to Instance 2, and the master node on Ring 1 is PE-AGG. GigabitEthernet2/0/0 is the primary
interface and GigabitEthernet1/0/0 is the secondary interface.
l Run the display rrpp verbose domain command on UPEB. The command output is as
follows:
# Check detailed information about UPEB in Domain 1.
[UPEB] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet1/0/0 Port status: UP
Secondary port : GigabitEthernet2/0/0 Port status: UP
RRPP Ring :
2
Ring Level :
1
Node Mode :
Edge Transit
Ring State :
LinkUp
Is Enabled :
Enable Is Active: Yes
Primary port :
GigabitEthernet1/0/0 Port status: UP
GigabitEthernet2/0/0 Port status: UP
Secondary port : GigabitEthernet3/0/0 Port status: UP
RRPP Ring :
3
Ring Level :
1
Node Mode :
Edge Transit
Ring State :
LinkUp
Is Enabled :
Enable Is Active: Yes
Primary port :
GigabitEthernet1/0/0 Port status: UP
GigabitEthernet2/0/0 Port status: UP
Secondary port : GigabitEthernet3/0/1 Port status: UP
The command output shows that the control VLAN in Domain 1 is VLAN 5, and the protected
VLANs are the VLANs mapping Instance 1.
UPEB is a transit node on Ring 2 in Domain 1 and is in LinkUp state. GE3/0/0 is the edge
interface.
UPEB is an edge transit node of Ring 3 in Domain 1 and is in LinkUp state. GE3/0/1 is the edge
interface.
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet1/0/0 Port status: UP
Secondary port : GigabitEthernet2/0/0 Port status: UP
RRPP Ring :
2
Ring Level :
1
Node Mode :
Edge Transit
Ring State :
LinkUp
Is Enabled :
Enable Is Active: Yes
Primary port :
GigabitEthernet1/0/0 Port status: UP
GigabitEthernet2/0/0 Port status: UP
Secondary port : GigabitEthernet3/0/0 Port status: UP
RRPP Ring : 3
Ring Level : 1
Node Mode :
Edge Transit
Ring State :
LinkUp
Is Enabled :
Enable Is Active: Yes
Primary port :
GigabitEthernet1/0/0 Port status: UP
GigabitEthernet2/0/0 Port status: UP
Secondary port : GigabitEthernet3/0/1 Port status: UP
The command output shows that, in Domain 2, the control VLAN is VLAN 10, and the protected
VLAN is the VLAN mapped to Instance 2.
UPEB is a transit node in Domain 2 and is in LinkUp state.
UPEB is a transit node on Ring 2 in Domain 2 and is in LinkUp state. GE3/0/0 is the edge
interface.
UPEB is an edge transit node of Ring 3 in Domain 2 and is in LinkUp state. GE3/0/1 is the edge
interface.
l Run the display rrpp verbose domain command on PE-AGG. The command output is as
follows:
# Check detailed information about PE-AGG in Domain 1.
[PE-AGG] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet1/0/0 Port status: UP
Secondary port : GigabitEthernet2/0/0 Port status: BLOCKED
The command output shows that the control VLAN in Domain 1 is VLAN 5, and the protected
VLANs are the VLANs mapping Instance 1.
PE-AGG is the master node in Domain 1 and is in Complete state.
GigabitEthernet1/0/0 is the primary interface and GigabitEthernet2/0/0 is the secondary
interface.
# Check detailed information about PE-AGG in Domain 2.
[PE-AGG] display rrpp verbose domain 2
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet2/0/0 Port status: UP
Secondary port : GigabitEthernet1/0/0 Port status: BLOCKED
The command output shows that, in Domain 2, the control VLAN is VLAN 10, and the protected
VLAN is the VLAN mapped to Instance 2.
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp working-mode GB
rrpp enable
rrpp linkup-delay-timer 1
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 2 node-mode master primary-port GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 level 1
ring 2 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 2 node-mode master primary-port GigabitEthernet2/0/0 secondary-port
GigabitEthernet1/0/0 level 1
ring 2 enable
#
interface GigabitEthernet1/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface GigabitEthernet2/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
return
control-vlan 5
protected-vlan reference-instance 1
ring 3 node-mode master primary-port GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 level 1
ring 3 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 3 node-mode master primary-port GigabitEthernet2/0/0 secondary-port
GigabitEthernet1/0/0 level 1
ring 3 enable
#
interface GigabitEthernet1/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface GigabitEthernet2/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
Return
l Configuration file of UPEA
#
sysname UPEA
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp working-mode GB
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 level 0
ring 1 enable
#
interface GigabitEthernet1/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet2/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return
l Configuration file of UPEB
#
sysname UPEB
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp working-mode GB
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 level 0
ring 1 enable
ring 2 node-mode transit secondary-port GigabitEthernet3/0/0
ring 2 enable
ring 3 node-mode transit secondary-port GigabitEthernet3/0/1
ring 3 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 level 0
ring 1 enable
ring 2 node-mode transit secondary-port GigabitEthernet3/0/0
ring 2 enable
ring 3 node-mode transit secondary-port GigabitEthernet3/0/1
ring 3 enable
#
interface GigabitEthernet1/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet2/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet3/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface GigabitEthernet3/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
return
l Configuration file of UPEC
#
sysname UPEC
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp working-mode GB
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 level 0
ring 1 enable
ring 2 node-mode transit secondary-port GigabitEthernet3/0/0
ring 2 enable
ring 3 node-mode transit secondary-port GigabitEthernet3/0/1
ring 3 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 level 0
ring 1 enable
ring 2 node-mode transit secondary-port GigabitEthernet3/0/0
ring 2 enable
ring 3 node-mode transit secondary-port GigabitEthernet3/0/1
ring 3 enable
#
interface GigabitEthernet1/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet2/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet3/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface GigabitEthernet3/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
Return
l Configuration file of UPED
#
sysname UPED
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp working-mode GB
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port GigabitEthernet1/0/0 secondary-port
GigabitEthernet2/0/0 level 0
ring 1 enable
#
interface GigabitEthernet1/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface GigabitEthernet2/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return
Networking Requirements
As shown in Figure 9-31, on a ring network, idle links are required to forward data. In this way,
data in different VLANs are forwarded along different paths, improving network efficiency and
implementing load balancing.
Figure 9-31 Networking diagram of intersecting RRPP rings with multiple instances
Backbone
network
Eth0/0/1 Eth0/0/2
PE-AGG
Master 1
Eth0/0/1 Master 2 Eth0/0/1
UPEA Domain 1 ring 1 UPED
Eth0/0/2 Domain 2 ring 1 Eth0/0/2
Domain 1
Domain 2
Table 9-6 shows the mapping between protected VLANs and instances in Domain 1 and Domain
2.
Table 9-7 shows the master node on each ring and the primary and secondary interfaces on each
master node.
Table 9-7 Master node and its primary and secondary interfaces
Ring ID Master Node Primary Port Secondary Port Ring Type
Table 9-8 shows the edge nodes, assistant edge nodes, common interface, and edge interfaces
of the sub-rings.
Table 9-8 Edge nodes, assistant edge nodes, common interface, and edge interfaces of the sub-
rings
Ring Edge Common Edge Edge-Assistant Common Edge
ID Node Port Port Node Port Port
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Create instances.
# Create Instance 1, and map the control VLANs 5 and 6 and data VLANs 100 to 200 in Domain
1 to Instance 1.
[CE1] stp region-configuration
[CE1-mst-region] instance 1 vlan 5 6 100 to 200
# Create Instance 2, and map the control VLANs 10 and 11 and data VLANs 201 to 300 in
Domain 2 to Instance 2.
[CE1-mst-region] instance 2 vlan 10 11 201 to 300
# The configurations on CE2, UPEA, UPEB, UPEC, UPED, and PE-AGG are similar to that on
CE1 and not mentioned here. For details, see the configuration files.
# Configure the RRPP interface as a trunk interface to allow data from VLANs 100 to 300 to
pass through and disable STP on the interface to be added to the RRPP ring.
[CE1] interface ethernet 0/0/1
[CE1-Ethernet0/0/1] port link-type trunk
[CE1-Ethernet0/0/1] port trunk allow-pass vlan 100 to 300
[CE1-Ethernet0/0/1] stp disable
[CE1-Ethernet0/0/1] quit
[CE1] interface ethernet 0/0/2
[CE1-Ethernet0/0/2] port link-type trunk
[CE1-Ethernet0/0/2] port trunk allow-pass vlan 100 to 300
[CE1-Ethernet0/0/2] stp disable
[CE1-Ethernet0/0/2] quit
# The configurations on CE2, UPEA, UPEB, UPEC, UPED, and PE-AGG are similar to that on
CE1 and not mentioned here. For details, see the configuration files.
Step 3 Create RRPP domains and configure protected VLANs and control VLANs.
# Configure the VLANs mapped to Instance 1 as the protected VLANs in Domain 1, and VLAN
5 as the control VLAN.
[CE1] rrpp domain 1
[CE1-rrpp-domain-region1] protected-vlan reference-instance 1
[CE1-rrpp-domain-region1] control-vlan 5
[CE1-rrpp-domain-region1] quit
# Configure the VLANs mapped to Instance 2 as the protected VLANs in Domain 2, and VLAN
10 as the control VLAN.
[CE1] rrpp domain 2
[CE1-rrpp-domain-region2] protected-vlan reference-instance 2
[CE1-rrpp-domain-region2] control-vlan 10
[CE1-rrpp-domain-region2] quit
# The configurations on CE2, UPEA, UPEB, UPEC, UPED, and PE-AGG are similar to that on
CE1 and not mentioned here. For details, see the configuration files.
# Configure PE-AGG as the master node on Ring 1 in Domain 1, with Eth0/0/1 as the primary
interface and Eth0/0/2 as the secondary interface.
[PE-AGG] rrpp domain 1
[PE-AGG-rrpp-domain-region1] ring 1 node-mode master primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[PE-AGG-rrpp-domain-region1] ring 1 enable
[PE-AGG-rrpp-domain-region1] quit
# Configure PE-AGG as the master node on Ring 1 in Domain 2, with Eth0/0/2 as the primary
interface and Eth0/0/1 as the secondary interface.
[PE-AGG] rrpp domain 2
[PE-AGG-rrpp-domain-region2] ring 1 node-mode master primary-port ethernet 0/0/2
secondary-port ethernet 0/0/1 level 0
[PE-AGG-rrpp-domain-region2] ring 1 enable
[PE-AGG-rrpp-domain-region2] quit
# Configure UPEA as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEA-rrpp-domain-region1] ring 1 enable
[UPEA-rrpp-domain-region1] quit
# Configure UPEA as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces.
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEA-rrpp-domain-region2] ring 1 enable
[UPEA-rrpp-domain-region2] quit
# Configure UPED as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces.
[UPED] rrpp domain 1
[UPED-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPED-rrpp-domain-region1] ring 1 enable
[UPED-rrpp-domain-region1] quit
# Configure UPED as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces.
[UPED] rrpp domain 2
[UPED-rrpp-domain-region2] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPED-rrpp-domain-region2] ring 1 enable
[UPED-rrpp-domain-region2] quit
# Configure UPEB as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEB-rrpp-domain-region1] ring 1 enable
[UPEB-rrpp-domain-region1] quit
# Configure UPEB as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEB-rrpp-domain-region2] ring 1 enable
[UPEB-rrpp-domain-region2] quit
# Configure UPEB as an edge node on Ring 2 in Domain 1, with Eth0/0/1 as the common
interface and Eth0/0/3 as the edge interface.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 2 node-mode edge common-port ethernet 0/0/1 edge-
port ethernet 0/0/3
[UPEB-rrpp-domain-region1] ring 2 enable
[UPEB-rrpp-domain-region1] quit
# Configure UPEB as an edge node on Ring 2 in Domain 2, with Eth0/0/1 as the common
interface and Eth0/0/3 as the edge interface.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 2 node-mode edge common-port ethernet 0/0/1 edge-
# Configure UPEB as an edge node on Ring 3 in Domain 1, with Eth0/0/1 as the common
interface and Eth0/0/4 as the edge interface.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 3 node-mode edge common-port ethernet 0/0/1 edge-
port ethernet 0/0/4
[UPEB-rrpp-domain-region1] ring 3 enable
[UPEB-rrpp-domain-region1] quit
# Configure UPEB as an edge node on Ring 3 in Domain 2, with Eth0/0/1 as the common
interface and Eth0/0/4 as the edge interface.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 3 node-mode edge common-port ethernet 0/0/1 edge-
port ethernet 0/0/4
[UPEB-rrpp-domain-region2] ring 3 enable
[UPEB-rrpp-domain-region2] quit
# Configure UPEC as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEC-rrpp-domain-region1] ring 1 enable
[UPEC-rrpp-domain-region1] quit
# Configure UPEC as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEC-rrpp-domain-region2] ring 1 enable
[UPEC-rrpp-domain-region2] quit
# Configure UPEC as an assistant edge node on Ring 2 in Domain 1, with Eth0/0/2 as the common
interface and Eth0/0/4 as the edge interface.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port ethernet
0/0/2 edge-port ethernet 0/0/4
[UPEC-rrpp-domain-region1] ring 2 enable
[UPEC-rrpp-domain-region1] quit
# Configure UPEC as an assistant edge node on Ring 2 in Domain 2, with Eth0/0/2 as the common
interface and Eth0/0/4 as the edge interface.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 2 node-mode assistant-edge common-port ethernet
0/0/2 edge-port ethernet 0/0/4
[UPEC-rrpp-domain-region2] ring 2 enable
[UPEC-rrpp-domain-region2] quit
# Configure UPEC as an assistant edge node on Ring 3 in Domain 1, with Eth0/0/2 as the common
interface and Eth0/0/3 as the edge interface.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 3 node-mode assistant-edge common-port ethernet
0/0/2 edge-port ethernet 0/0/3
[UPEC-rrpp-domain-region1] ring 3 enable
[UPEC-rrpp-domain-region1] quit
# Configure UPEC as an assistant edge node on Ring 3 in Domain 2, with Eth0/0/2 as the common
interface and Eth0/0/3 as the edge interface.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 3 node-mode assistant-edge common-port ethernet
0/0/2 edge-port ethernet 0/0/3
[UPEC-rrpp-domain-region2] ring 3 enable
[UPEC-rrpp-domain-region2] quit
# Configure CE1 as the master node on Ring 2 in Domain 1, with Eth0/0/1 as the primary
interface and Eth0/0/2 as the secondary interface.
[CE1] rrpp domain 1
[CE1-rrpp-domain-region1] ring 2 node-mode master primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 1
[CE1-rrpp-domain-region1] ring 2 enable
[CE1-rrpp-domain-region1] quit
# Configure CE1 as the master node on Ring 2 in Domain 2, with Eth0/0/2 as the primary
interface and Eth0/0/1 as the secondary interface.
[CE1] rrpp domain 2
[CE1-rrpp-domain-region2] ring 2 node-mode master primary-port ethernet 0/0/2
secondary-port ethernet 0/0/1 level 1
[CE1-rrpp-domain-region2] ring 2 enable
[CE1-rrpp-domain-region2] quit
# Configure CE2 as the master node on Ring 3 in Domain 1, with Eth0/0/1 as the primary
interface and Eth0/0/2 as the secondary interface.
[CE2] rrpp domain 1
[CE2-rrpp-domain-region1] ring 3 node-mode master primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 1
[CE2-rrpp-domain-region1] ring 3 enable
[CE2-rrpp-domain-region1] quit
# Configure CE2 as the master node on Ring 3 in Domain 2, with Eth0/0/2 as the primary
interface and Eth0/0/1 as the secondary interface.
[CE2] rrpp domain 2
[CE2-rrpp-domain-region2] ring 3 node-mode master primary-port ethernet 0/0/2
secondary-port ethernet 0/0/1 level 1
[CE2-rrpp-domain-region2] ring 3 enable
[CE2-rrpp-domain-region2] quit
After the RRPP ring configuration is complete, enable RRPP on each node of the ring to activate
the RRPP ring. The configuration procedure is as follows:
# Enable RRPP.
[CE1] rrpp enable
# The configurations on CE2, UPEA, UPEB, UPEC, UPED, and PE-AGG are similar to that on
CE1 and not mentioned here. For details, see the configuration files.
# Create ring group 1, which consists of four sub-rings: Ring 2 in Domain 1, Ring 3 in Domain
1, Ring 2 in Domain 2, and Ring 3 in Domain 2.
[UPEC] rrpp ring-group 1
[UPEC-rrpp-ring-group1] domain 1 ring 2 to 3
[UPEC-rrpp-ring-group1] domain 2 ring 2 to 3
[UPEC-rrpp-ring-group1] quit
# Create ring group 1, which consists of four sub-rings: Ring 2 in Domain 1, Ring 3 in Domain
1, Ring 2 in Domain 2, and Ring 3 in Domain 2.
[UPEB] rrpp ring-group 1
[UPEB-rrpp-ring-group1] domain 1 ring 2 to 3
[UPEB-rrpp-ring-group1] domain 2 ring 2 to 3
[UPEB-rrpp-ring-group1] quit
After the preceding configurations are complete and the network topology becomes stable,
perform the following operations to verify the configuration. UPEB and PE-AGG are used as
examples.
Run the display rrpp brief command on UPEB. The command output is as follows:
[UPEB] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
---------------------------------------------------------------------------------
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
--------------------------------------------------------------------------------
1 0 T Ethernet0/0/1 Ethernet0/0/2 Yes
2 1 E Ethernet0/0/1 Ethernet0/0/3 Yes
3 1 E Ethernet0/0/1 Ethernet0/0/4 Yes
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN: Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
--------------------------------------------------------------------------------
1 0 T Ethernet0/0/1 Ethernet0/0/2 Yes
2 1 E Ethernet0/0/1 Ethernet0/0/3 Yes
3 1 E Ethernet0/0/1 Ethernet0/0/4 Yes
In Domain 1:
The major control VLAN is VLAN 5 and the protected VLANs are the VLANs mapped to
Instance 1.
UPEB is a transit node on Ring 1. The primary interface is Eth0/0/1 and the secondary interface
is Eth0/0/2.
On Ring 2, UPEB is the edge node. Eth0/0/1 is the common interface and Eth0/0/3 is the edge
interface.
On Ring 3, UPEB is the edge node. Eth0/0/1 is the common interface and Eth0/0/4 is the edge
interface.
In Domain 2:
The major control VLAN is VLAN 10, and the protected VLANs are the VLANs mapped to
Instance 2.
UPEB is a transit node on Ring 1. The primary interface is Eth0/0/1 and the secondary interface
is Eth0/0/2.
On Ring 2, UPEB is the edge node. Eth0/0/1 is the common interface and Eth0/0/3 is the edge
interface.
On Ring 3, UPEB is the edge node. Eth0/0/1 is the common interface and Eth0/0/4 is the edge
interface.
Run the display rrpp brief command on PE-AGG. The command output is as follows:
[PE-AGG] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
--------------------------------------------------------------------------------
1 0 M Ethernet0/0/2 Ethernet0/0/1 Yes
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN: Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
--------------------------------------------------------------------------------
1 0 M Ethernet0/0/2 Ethernet0/0/1 Yes
The command output shows that RRPP is enabled on PE-AGG, and the LinkUp timer is 2
seconds.
In Domain 1, the major control VLAN is VLAN 5, the protected VLAN is the VLAN mapped
to Instance 1, and the master node on Ring 1 is PE-AGG. The primary interface is Eth0/0/1 and
the secondary interface is Eth0/0/2.
In Domain 2, the major control VLAN is VLAN 10, the protected VLAN is the VLAN mapped
to Instance 2, and the master node on Ring 1 is PE-AGG. The primary interface is Eth0/0/2 and
the secondary interface is Eth0/0/1.
Run the display rrpp verbose domain command on UPEB. The command output is as follows:
# Check detailed information about UPEB in Domain 1.
[UPEB] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN: Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/2 Port status: UP
RRPP Ring : 2
Ring Level : 1
Node Mode : Edge
Ring State : LinkUp
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/3 Port status: UP
RRPP Ring : 3
Ring Level : 1
Node Mode : Edge
Ring State : LinkUp
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/4 Port status: UP
The command output shows that the control VLAN in Domain 1 is VLAN 5, and the protected
VLANs are the VLANs mapping Instance 1.
UPEB is a transit node on Ring 1 in Domain 1 and is in LinkUp state.
UPEB is the edge node on Ring 2 in Domain 1 and is in LinkUp state. Eth0/0/1 is the common
interface and Eth0/0/3 is the edge interface.
UPEB is the edge node on Ring 3 in Domain 1 and is in LinkUp state. Eth0/0/1 is the common
interface and Eth0/0/4 is the edge interface.
# Check detailed information about UPEB in Domain 2.
<UPEB> display rrpp verbose domain 2
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN: Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/2 Port status: UP
RRPP Ring : 2
Ring Level : 1
Node Mode : Edge
Ring State : LinkUp
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/3 Port status: UP
RRPP Ring : 3
Ring Level : 1
Node Mode : Edge
Ring State : LinkUp
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/4 Port status: UP
You can find that, in Domain 2, the control VLAN is VLAN 10, and the protected VLAN is the
VLAN mapped to Instance 2.
UPEB is the edge node on Ring 2 in Domain 2 and is in LinkUp state. Eth0/0/1 is the common
interface and Eth0/0/3 is the edge interface.
UPEB is the edge node on Ring 3 in Domain 2 and is in LinkUp state. Eth0/0/1 is the common
interface and Eth0/0/4 is the edge interface.
Run the display rrpp verbose domain 1 command on PE-AGG. The command output is as
follows:
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/2 Port status: BLOCKED
The command output shows that the control VLAN in Domain 1 is VLAN 5, and the protected
VLANs are the VLANs mapping Instance 1.
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/2 Port status: UP
Secondary port: Ethernet0/0/1 Port status: BLOCKED
The command output shows that, in Domain 2, the control VLAN is VLAN 10, and the protected
VLAN is the VLAN mapped to Instance 2.
Run the display rrpp ring-group command on UPEB to check the configuration of the ring
group.
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
rrpp linkup-delay-timer 1
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 2 node-mode master primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 1
ring 2 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 2 node-mode master primary-port Ethernet0/0/2 secondary-port
Ethernet0/0/1 level 1
ring 2 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
return
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 3 node-mode master primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 1
ring 3 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 3 node-mode master primary-port Ethernet0/0/2 secondary-port
Ethernet0/0/1 level 1
ring 3 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
return
#
return
l Configuration file of UPEB
#
sysname UPEB
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
ring 2 node-mode edge common-port Ethernet0/0/1 edge-port Ethernet0/0/3
ring 2 enable
ring 3 node-mode edge common-port Ethernet0/0/1 edge-port Ethernet0/0/4
ring 3 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
ring 2 node-mode edge common-port Ethernet0/0/1 edge-port Ethernet0/0/3
ring 2 enable
ring 3 node-mode edge common-port Ethernet0/0/1 edge-port Ethernet0/0/4
ring 3 enable
#
rrpp ring-group 1
domain 1 ring 2 to 3
domain 2 ring 2 to 3
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface Ethernet0/0/4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
return
l Configuration file of UPEC
#
sysname UPEC
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
ring 2 node-mode assistant-edge common-port Ethernet0/0/2 edge-port
Ethernet0/0/4
ring 2 enable
ring 3 node-mode assistant-edge common-port Ethernet0/0/2 edge-port
Ethernet0/0/3
ring 3 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
ring 2 node-mode assistant-edge common-port Ethernet0/0/2 edge-port
Ethernet0/0/4
ring 2 enable
ring 3 node-mode assistant-edge common-port Ethernet0/0/2 edge-port
Ethernet0/0/3
ring 3 enable
#
rrpp ring-group 1
domain 1 ring 2 to 3
domain 2 ring 2 to 3
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
interface Ethernet0/0/4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 6 11 100 to 300
stp disable
#
return
l Configuration file of UPED
#
sysname UPED
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return
l Configuration file of PE-AGG
#
sysname PE-AGG
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
rrpp linkup-delay-timer 1
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode master primary-port Ethernet0/0/1 secondary-port
Ethernet0/0/2 level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode master primary-port Ethernet0/0/2 secondary-port
Ethernet0/0/1 level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
Networking Requirements
As shown in Figure 9-32, on a ring network, idle links are required to forward data. In this way,
data in different VLANs are forwarded along different paths, improving network efficiency and
implementing load balancing.
Figure 9-32 Networking diagram of tangent RRPP rings with multiple instances
UPEB UPEE
Eth0/0/1 Eth0/0/2
Eth0/0/1 Eth0/0/2
Domain 1 ring 1
CE Eth0/0/2 Eth0/0/1
Eth0/0/3 Eth0/0/1 UPEF
Master 1
UPEA
Master 2 UPED Master 3
VLAN 100-300 Eth0/0/1 Eth0/0/2 Eth0/0/4 Eth0/0/2
Domain 2 ring 1 Domain 3 ring 1
UPEC UPEG
domain 1
domain 2
domain 3
Table 9-9 shows the mapping between protected VLANs and instances in Domain 1, Domain
2, and Domain 3.
Table 9-10 shows the master node on each ring, and its primary and secondary interfaces.
Table 9-10 Master node and its primary and secondary interfaces
Configuration Roadmap
The configuration roadmap is as follows:
1. Create different RRPP domains and control VLANs.
2. Map the VLANs that need to pass through the domain to the instance.
3. Configure interfaces to be added to the RRPP domain on the devices so that data can pass
through the interfaces. Disable protocols that conflict with RRPP, such as STP.
4. Configure protected VLANs and create RRPP rings in RRPP domains.
a. Add UPEA, UPEB, UPEC, and UPED to Ring 1 in Domain 1 and Ring 1 in Domain
2.
b. Add UPED, UPEE, UPEF, and UPEG to Ring 1 in Domain 3.
c. Configure UPED as the master node and configure UPEA, UPEB, and UPEC as transit
nodes on Ring 1 in Domain 1 and Ring 1 in Domain 2.
d. Configure UPEF as the master node and configure UPED, UPEE, and UPEG as transit
nodes on Ring 1 in Domain 3.
5. Enable the RRPP ring and RRPP protocol on devices to make RRPP take effect.
NOTE
VLANs that are not mentioned in this example are considered nonexistent. However, interfaces on the device
join VLAN1 by default. You need to remove corresponding interfaces from VLAN1.
Procedure
Step 1 Create instances.
# Create data VLANs 100 to 300 on UPEA.
<Quidway> system-view
[Quidway] sysname UPEA
[UPEA] vlan batch 100 to 300
# Create Instance 1, and map the control VLANs 5 and 6 and data VLANs 100 to 200 in Domain
1 to Instance 1.
[UPEA] stp region-configuration
[UPEA-mst-region] instance 1 vlan 5 6 100 to 200
# Create Instance 2, and map the control VLANs 10 and 11 and data VLANs 201 to 300 in
Domain 2 to Instance 2.
[UPEA-mst-region] instance 2 vlan 10 11 201 to 300
# The configurations on UPEB, UPEC, UPED, UPEE, UPEF, and UPEG are similar to that on
UPEA and not mentioned here. For details, see the configuration files.
Step 2 Configure the interfaces to be added into the RRPP rings.
# Disable STP on the interfaces to be added to the RRPP ring on UPEA. Configure the interfaces
to allow data from VLANs 100 to 300 to pass through.
[UPEA] interface ethernet 0/0/1
[UPEA-Ethernet0/0/1] port link-type trunk
[UPEA-Ethernet0/0/1] port trunk allow-pass vlan 100 to 300
[UPEA-Ethernet0/0/1] stp disable
[UPEA-Ethernet0/0/1] quit
[UPEA] interface ethernet 0/0/2
[UPEA-Ethernet0/0/2] port link-type trunk
[UPEA-Ethernet0/0/2] port trunk allow-pass vlan 100 to 300
[UPEA-Ethernet0/0/2] stp disable
[UPEA-Ethernet0/0/2] quit
# The configurations on UPEB, UPEC, UPED, UPEE, UPEF, and UPEG are similar to that on
UPEA and not mentioned here. For details, see the configuration files.
Step 3 Create RRPP domains and configure protected VLANs and control VLANs.
# Configure the VLANs mapped to Instance 1 as the protected VLANs in Domain 1, and VLAN
5 as the control VLAN.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEA-rrpp-domain-region1] control-vlan 5
[UPEA-rrpp-domain-region1] quit
# Configure the VLANs mapped to Instance 2 as the protected VLANs in Domain 2, and VLAN
10 as the control VLAN.
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] protected-vlan reference-instance 2
[UPEA-rrpp-domain-region2] control-vlan 10
[UPEA-rrpp-domain-region2] quit
# The configurations on UPEB, UPEC, UPED, UPEE, UPEF, and UPEG are similar to that on
UPEA and not mentioned here. For details, see the configuration files.
Step 4 Create RRPP rings.
# Configure UPEA as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces on UPEA.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
# Configure UPEA as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces on UPEA.
[UPEA] rrpp domain 2
[UPEA-rrpp-domain-region2] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEA-rrpp-domain-region2] ring 1 enable
[UPEA-rrpp-domain-region2] quit
# Configure UPEB as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces on UPEB.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEB-rrpp-domain-region1] ring 1 enable
[UPEB-rrpp-domain-region1] quit
# Configure UPEB as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces on UPEB.
[UPEB] rrpp domain 2
[UPEB-rrpp-domain-region2] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEB-rrpp-domain-region2] ring 1 enable
[UPEB-rrpp-domain-region2] quit
# Configure UPEC as a transit node on Ring 1 in Domain 1 and specify primary and secondary
interfaces on UPEC.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEC-rrpp-domain-region1] ring 1 enable
[UPEC-rrpp-domain-region1] quit
# Configure UPEC as a transit node on Ring 1 in Domain 2 and specify primary and secondary
interfaces on UPEC.
[UPEC] rrpp domain 2
[UPEC-rrpp-domain-region2] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEC-rrpp-domain-region2] ring 1 enable
[UPEC-rrpp-domain-region2] quit
# Configure UPED as the master node on Ring 1 in Domain 1 and specify Eth0/0/1 as the primary
interface and Eth0/0/2 as the secondary interface on UPED.
[UPED] rrpp domain 1
[UPED-rrpp-domain-region1] ring 1 node-mode master primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPED-rrpp-domain-region1] ring 1 enable
[UPED-rrpp-domain-region1] quit
# Configure UPED as the master node on Ring 1 in Domain 2 and specify Eth0/0/2 as the primary
interface and Eth0/0/1 as the secondary interface on UPED.
[UPED] rrpp domain 2
[UPED-rrpp-domain-region2] ring 1 node-mode master primary-port ethernet 0/0/2
secondary-port ethernet 0/0/1 level 0
[UPED-rrpp-domain-region2] ring 1 enable
[UPED-rrpp-domain-region2] quit
# Configure UPED as a transit node on Ring 1 in Domain 3 and specify primary and secondary
interfaces on UPED.
[UPED] rrpp domain 3
[UPED-rrpp-domain-region3] ring 1 node-mode transit primary-port ethernet 0/0/3
secondary-port ethernet 0/0/4 level 0
[UPED-rrpp-domain-region3] ring 1 enable
[UPED-rrpp-domain-region3] quit
# Configure UPEE as a transit node on Ring 1 in Domain 3 and specify primary and secondary
interfaces on UPEE.
[UPEE] rrpp domain 3
[UPEE-rrpp-domain-region3] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEE-rrpp-domain-region3] ring 1 enable
[UPEE-rrpp-domain-region3] quit
# Configure UPEF as the master node on Ring 1 in Domain 3 and specify Eth0/0/1 as the primary
interface and Eth0/0/2 as the secondary interface on UPEF.
# Configure UPEG as a transit node on Ring 1 in Domain 3 and specify primary and secondary
interfaces.
[UPEG] rrpp domain 3
[UPEG-rrpp-domain-region3] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEG-rrpp-domain-region3] ring 1 enable
[UPEG-rrpp-domain-region3] quit
# The configurations on UPEB, UPEC, UPED, UPEE, UPEF, and UPEG are similar to that on
UPEA and not mentioned here. For details, see the configuration files.
Step 6 Verify the configuration.
After the preceding configurations are complete and the network topology becomes stable,
perform the following operations to verify the configuration. UPED is used as an example. Run
the display rrpp brief command on UPED. The command output is as follows:
[UPED] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Domain Index : 3
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 1 to 3
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
The command output shows that the control VLAN in Domain 1 is VLAN 5, and the protected
VLANs are the VLANs mapping Instance 1.
UPED is the master node in Domain 1 and is in Complete state.
The primary interface is Ethernet0/0/1 and the secondary interface is Ethernet0/0/2.
# Check detailed information about UPED in Domain 2.
[UPED] display rrpp verbose domain 2
Domain Index : 2
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : Ethernet0/0/2 Port status: UP
Secondary port : Ethernet0/0/1 Port status: BLOCKED
The command output shows that, in Domain 2, the control VLAN is VLAN 10, and the protected
VLAN is the VLAN mapped to Instance 2.
UPED is the master node in Domain 2 and is in Complete state.
The primary interface is Ethernet0/0/2 and the secondary interface is Ethernet0/0/1.
# Check detailed information about UPED in Domain 3.
[UPED] display rrpp verbose domain 3
Domain Index : 3
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 1 to 3
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : Ethernet0/0/3 Port status: UP
Secondary port : Ethernet0/0/4 Port status: UP
The command output shows that, in Domain 3, the control VLAN is VLAN 20 and the protected
VLANs are the VLANs mapped to instances 1 to 3.
UPED is a transit node in Domain 3 and is in LinkUp state.
The primary interface is Ethernet0/0/3 and the secondary interface is Ethernet0/0/4.
----End
Configuration Files
l Configuration file of UPEA
#
sysname UPEA
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
return
l Configuration file of UPEB
#
sysname UPEB
#
vlan batch 5 to 6 10 to 11 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100 to 200
instance 2 vlan 10 to 11 201 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 10
protected-vlan reference-instance 2
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
ring 1 enable
rrpp domain 3
control-vlan 20
protected-vlan reference-instance 1 to 3
ring 1 node-mode transit primary-port Ethernet0/0/3 secondary-port Ethernet0/0/4
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 5 to 6 10 to 11 100 to 300
stp disable
#
interface Ethernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface Ethernet0/0/4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return
l Configuration file of UPEE
#
sysname UPEE
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 3
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return
l Configuration file of UPEF
#
sysname UPEF
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 3
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode master primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return
Networking Requirements
As networks develop quickly, more and more IP networks are used to carry multiple services
such as voice and video services. These services pose high requirements on network reliability
and rapid fault detection.
As shown in Figure 9-33, the network between CE1 and CE3 is newly deployed. The
requirements on the network are as follows:
l Link connectivity and quality on the network are tested before the network is started.
l Link quality is dynamically monitored after links are properly started.
l Traffic is switched to a backup link if the primary link fails.
PC CE1 Eth0/0/1
Metro
User CE3 Core
Network
Eth0/0/2 CE4
Eth0/0/1 Eth0/0/2
EFM
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic EFM functions on CE1 and CE4 to monitor link connectivity.
2. Configure remote loopback on CE1 to test the connectivity and performance of the link
between CE1 and CE4 before the link is used to transmit services.
3. Configure link monitoring on CE1 to monitor the performance and quality of the link
between CE1 and CE4.
4. Configure association between EFM and interfaces on CE4. When the link between CE1
and CE4 becomes faulty, traffic sent from CE4 will not be sent along the link.
Procedure
Step 1 Configure basic EFM functions.
# Enable EFM on CE1 globally.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] efm enable
If EFM is correctly configured on CE1 and CE4, Eth0/0/2 and Eth0/0/1 will enter the handshake
phase. Run the display efm session { all | interface interface-type interface-num } command
on CE1 or CE4. The command output shows that the EFM status is detect on Eth0/0/2 or Eth
0/0/1.
[CE1] display efm session all
Interface EFM State Loopback Timeout
----------------------------------------------------------------------
Ethernet0/0/2 detect --
After configuring remote loopback, run the display efm session { all | interface interface-
type interface-num } command on CE1. The command output shows that the EFM status is
loopback (control) on Eth0/0/2.
[CE1] display efm session interface ethernet 0/0/2
Interface EFM State Loopback Timeout
----------------------------------------------------------------------
Ethernet0/0/2 loopback (control) 20
After configuring remote loopback, run the display efm session { all | interface interface-
type interface-num } command on CE4. The command output shows that the EFM status is
loopback (be controlled) on Eth0/0/1.
[CE4] display efm session interface ethernet 0/0/1
Interface EFM State Loopback Timeout
----------------------------------------------------------------------
Ethernet0/0/1 loopback (be controlled) --
Please waiting..............
Info: The test is complete.
Link quality can be evaluated based on data in the preceding command output.
Step 5 Disable remote loopback.
[CE1] interface ethernet 0/0/2
[CE1-Ethernet0/0/2] efm loopback stop
[CE1-Ethernet0/0/2] quit
NOTE
By default, the timeout interval for remote loopback is 20 minutes. The remote loopback test stops after
20 minutes. To disable remote loopback, perform the preceding procedures.
If the link is working properly, perform the following operations to monitor the link in real time.
Step 7 Configure errored code detection, errored frame detection, and errored frame second detection
on Eth0/0/2 of CE1.
# Configure errored code detection on Eth0/0/2 of CE1.
[CE1] interface ethernet 0/0/2
[CE1-Ethernet0/0/2] efm error-frame period 5
[CE1-Ethernet0/0/2] efm error-frame threshold 5
[CE1-Ethernet0/0/2] efm error-frame notification enable
After the preceding configurations are complete, run the display efm { all | interface interface-
type interface-number } command to check EFM configurations.
[CE1] display efm interface ethernet 0/0/2
Item Value
----------------------------------------------------
Interface: Ethernet0/0/2
EFM Enable Flag: enable
Mode: active
OAMPDU MaxSize: 128
ErrCodeNotification: enable
ErrCodePeriod: 5
ErrCodeThreshold: 5
ErrFrameNotification: enable
ErrFramePeriod: 5
ErrFrameThreshold: 5
ErrFrameSecondNotification:enable
ErrFrameSecondPeriod: 120
ErrFrameSecondThreshold: 5
Hold Up Time: 0
ThresholdEvtTriggerErrDown: disable
TriggerIfDown: disable
TriggerMacRenew: disable
Remote MAC: 0010-0010-0010
Remote EFM Enable Flag: enable
Remote Mode: passive
Remote MaxSize: 128
Remote State: --
After the preceding configurations are complete, run the shutdown command on Eth0/0/2 of
CE1. The command output shows that the current state field value is TRIGGER DOWN
(3AH) on Eth0/0/2 of CE4.
[CE4] display interface ethernet 0/0/2
Ethernet0/0/2 current state : TRIGGER DOWN (3AH)
Line protocol current state : DOWN
Description:HUAWEI, Quidway Series, Ethernet0/0/2 Interface
Switch Port, PVID : 1, TPID : 8100(Hex), The Maximum Frame Length is 1600
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0200-0000-7f00
Port Mode: COMMON COPPER
Speed : 10, Loopback: NONE
Duplex: HALF, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 2376 bits/sec, 1 packets/sec
Last 300 seconds output rate 72 bits/sec, 0 packets/sec
Input peak rate 113848 bits/sec, Record time: 2008-01-17 02:14:52
Output peak rate 3856 bits/sec, Record time: 2008-01-14 20:07:01
Input: 4003633 packets, 659775051 bytes
Unicast : 4325, Multicast : 2417579
Broadcast : 1581729, Jumbo : 0
CRC : 0, Giants : 0
Jabbers : 0, Fragments : 0
Runts : 0, DropEvents : 0
Alignments : 0, Symbols : 0
Ignoreds : 0, Frames : 0
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
efm
enable
#
interface Ethernet0/0/2
efm
enable
efm error-frame period
5
efm error-frame threshold
5
efm error-frame notification
enable
efm error-frame-second period
120
efm error-frame-second threshold
5
efm error-frame-second notification
enable
efm error-code period
5
efm error-code threshold
5
efm error-code notification enable
#
return
return
Networking Requirements
As shown in Figure 9-34, EFM is configured between SwitchB and SwitchC. When
Ethernet0/0/2 on SwitchB becomes Down, EFM reports the fault to Ethernet0/0/1 on SwitchB
through association. Then Ethernet0/0/1 becomes Down.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure EFM between SwitchB and SwitchC.
2. Configure association between EFM and Ethernet0/0/1 on SwitchB.
Procedure
Step 1 Configure EFM between SwitchB and SwitchC.
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] efm enable
[SwitchB] interface ethernet 0/0/2
[SwitchB-Ethernet0/0/2] bpdu enable
[SwitchB-Ethernet0/0/2] efm mode passive
[SwitchB-Ethernet0/0/2] efm enable
[SwitchB-Ethernet0/0/2] quit
# Configure SwitchC.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] efm enable
[SwitchC] interface ethernet 0/0/2
[SwitchC-Ethernet0/0/2] bpdu enable
[SwitchC-Ethernet0/0/2] efm enable
Run the display efm session interface command on SwitchB to check the EFM OAM status.
You can see that EFM OAM is in detect state.
[SwitchB] display efm session interface ethernet 0/0/2
Interface EFM State Loopback Timeout
----------------------------------------------------------------------
Ethernet0/0/2 detect --
----End
Configuration Files
l Configuration file of SwitchB
#
sysname SwitchB
#
efm enable
#
interface Ethernet0/0/2
efm mode passive
efm enable
#
oam-mgr
oam-bind ingress interface Ethernet0/0/1 egress efm interface Ethernet0/0/2
trigger if-down
oam-bind ingress efm interface Ethernet0/0/2 trigger if-down egress interface
Ethernet0/0/1
#
return
Networking Requirements
As networks develop quickly, more and more IP networks are used to carry multiple services
such as voice and video services. These services pose high requirements on network reliability
and rapid fault detection.
Link detection protocols are usually deployed on a network to detect link connectivity and faults.
A single fault detection protocol cannot detect all faults in all links on a complex network.
Network environments and user requirements need to be analyzed, and various detection
techniques are required to implement rapid link fault detection.
As shown in Figure 9-35, CE1 is dual-homed to CE2 and CE4. The requirements are as follows:
l Connectivity of links between CE1 and CE4, between CE4 and CE3 can be detected.
l When the link between CE1 and CE4 becomes faulty, CE3 can detect the fault.
l When the link between CE1 and CE4 becomes faulty, services are switched to the link
between CE1 and CE2.
GE0/0/1 GE0/0/2
EFM EFM
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure EFM for the link between CE1 and CE4 to monitor connectivity of the link
between CE4 and CE3.
2. Configure EFM for the link between CE4 and CE3 to monitor connectivity of the link
between CE4 and CE3.
3. Configure association between EFM modules so that the fault can be transmitted.
4. Configure association between EFM and an interface on CE3. When EFM detects a link
fault between CE1 and CE4, the interface becomes Down.
Procedure
Step 1 Configure basic EFM functions.
# Enable EFM on CE1 globally.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] efm enable
0/0/2
[CE4] quit
CRC: 0, Giants: 0
Jabbers: 0, Fragments: 0
Runts: 0, DropEvents: 0
Alignments: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Pause: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Buffers Purged: 0, Pause: 0
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
efm
enable
#
interface GigabitEthernet0/0/3
efm enable
#
return
Networking Requirements
As networks develop quickly, more and more IP networks are used to carry multiple services
such as voice and video services. These services pose high requirements on network reliability
and rapid fault detection.
As shown in Figure 9-36, CE1 is dual-homed to PE1 and PE3. The requirements on the network
are as follows:
l Connectivity of links between CE1 and PE3, between PE3 and PE4, and between PE4 and
CE2 can be detected.
l When the link between CE1 and PE3 becomes faulty, CE2 can detect the fault, preventing
return traffic from being forwarded to PE4.
l When the link between CE1 and PE3 goes faulty, a active/standby link switchover can be
implemented.
l When the link between PE3 and PE4 becomes faulty, CE1 or CE2 can detect the fault.
CE1 CE2
User User
GE0/0/1 GE0/0/1
Network1 Network2
GE0/0/1 GE0/0/1
EFM EFM
BFD
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure EFM for links between CE1 and PE3 and between CE2 and PE4 to monitor link
connectivity.
2. Configure BFD for the link between PE3 and PE4 to monitor link connectivity.
3. Configure association between EFM and interfaces on CE2. When EFM detects a link fault
between CE1 and PE3, traffic can be switched to the backup link and return traffic is not
forwarded to PE4.
4. Configure association between BFD and EFM on PE3 and PE4 so that CFM and BFD can
notify each other of faults.
Procedure
Step 1 Configure basic EFM functions.
<Quidway> system-view
[Quidway] sysname PE3
[PE3] efm enable
If EFM is correctly configured on PE3, CE1, PE4, and CE2, GE0/0/1 of these devices will enter
the handshake stage. Run the display efm session { all | interface interface-type interface-
num } command on one of these devices. The command output shows that the EFM status on
GE0/0/1 is detect.
[CE1] display efm session all
[PE3-bfd-session-pedetect] commit
[PE3-bfd-session-pedetect] quit
CRC: 0, Giants: 0
Jabbers: 0, Fragments: 0
Runts: 0, DropEvents: 0
Alignments: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Pause: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Buffers Purged: 0, Pause: 0
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
efm enable
#
interface GigabitEthernet0/0/1
efm enable
#
return
GigabitEthernet1/0/1
efm
enable
#
interface GigabitEthernet0/0/2
port link-type
trunk
port trunk allow-pass vlan 100
#
bfd pedetect bind peer-ip 1.1.1.2 interface Vlanif100
discriminator local
1
discriminator remote
2
commit
#
oam-
mgr
oam-bind ingress efm interface GigabitEthernet1/0/1 egress bfd-session
1
oam-bind ingress bfd-session 1 egress efm interface GigabitEthernet1/0/1
#
return
l Configuration file of PE4
#
sysname PE4
#
efm
enable
#
vlan
100
#
bfd
#
interface Vlanif 100
ip address 1.1.1.2 255.255.255.0
#
interface
GigabitEthernet1/0/1
efm
enable
#
interface GigabitEthernet0/0/2
port link-type
trunk
port trunk allow-pass vlan 100
#
interface
NULL0
#
bfd pedetect bind peer-ip 1.1.1.1 interface Vlanif100
discriminator local
2
discriminator remote
1
commit
#
oam-
mgr
oam-bind ingress efm interface GigabitEthernet1/0/1 egress bfd-session
1
oam-bind ingress bfd-session 1 egress efm interface GigabitEthernet1/0/1
#
return
l Configuration file of CE2
#
sysname CE2
#
efm enable
#
interface GigabitEthernet0/0/1
efm enable
efm trigger if-down
#
return
Networking Requirements
As shown in Figure 9-37, VLANs are configured between devices. UPE2 and UPE3 back up
each other. It is required that connectivity of links between UPE1 and UPE2 and between UPE2
and PE-AGG be detected in real time.
Figure 9-37 Networking for configuring VLAN-based Ethernet CFM on a Layer 2 network
UPE2
Eth0/0/1 Eth0/0/2
PC UPE1 PE-AGG NPE
Eth0/0/2
Eth0/0/2
User IP/MPLS
Network Eth0/0/1 Eth0/0/1 Core
Eth0/0/1 Eth0/0/2
UPE3
CFM
Configuration Roadmap
The configuration roadmap is as follows:
l Configure VLANs for UPE1, UPE2, UPE3, and PE-AGG to implement Layer 2
connectivity.
l Configure basic CFM functions on UPE1 and PE-AGG to detect connectivity of the link
between UPE1 and PE-AGG.
Procedure
Step 1 Configure VLANs.
# Configure UPE1.
<Quidway> system-view
[Quidway] sysname UPE1
[UPE1] vlan 2
[UPE1-vlan2] quit
[UPE1] interface ethernet 0/0/1
[UPE1-Ethernet0/0/1] port link-type trunk
[UPE1-Ethernet0/0/1] port trunk allow-pass vlan 2
[UPE1-Ethernet0/0/1] quit
[UPE1] interface ethernet 0/0/2
[UPE1-Ethernet0/0/2] port link-type trunk
[UPE1-Ethernet0/0/2] port trunk allow-pass vlan 2
[UPE1-Ethernet0/0/2] quit
# Configure UPE2.
<Quidway> system-view
[Quidway] sysname UPE2
[UPE2] vlan 2
[UPE2-vlan2] quit
[UPE2] interface ethernet 0/0/1
[UPE2-Ethernet0/0/1] port link-type trunk
[UPE2-Ethernet0/0/1] port trunk allow-pass vlan 2
[UPE2-Ethernet0/0/1] quit
[UPE2] interface ethernet 0/0/2
[UPE2-Ethernet0/0/2] port link-type trunk
[UPE2-Ethernet0/0/2] port trunk allow-pass vlan 2
[UPE2-Ethernet0/0/2] quit
# Configure UPE3.
<Quidway> system-view
[Quidway] sysname UPE3
[UPE3] vlan 2
[UPE3-vlan2] quit
[UPE3] interface ethernet 0/0/1
[UPE3-Ethernet0/0/1] port link-type trunk
[UPE3-Ethernet0/0/1] port trunk allow-pass vlan 2
[UPE3-Ethernet0/0/1] quit
[UPE3] interface ethernet 0/0/2
[UPE3-Ethernet0/0/2] port link-type trunk
[UPE3-Ethernet0/0/2] port trunk allow-pass vlan 2
[UPE3-Ethernet0/0/2] quit
After the configuration is complete, run the display vlan vlan-id command on each device. You
can view VSI and PW information.
<UPE1>display vlan 2
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
After the configuration is complete, run the display cfm remote-mep command on UPE1 and
PE-AGG. You can view MEP information.
<UPE1>display cfm remote-mep
The total number of RMEPs is : 1
The status of RMEPS : 1 up, 0 down, 0 disable
--------------------------------------------------
MD Name : md
Level : 0
MA Name : ma
RMEP ID : 2
Vlan ID : 2
VSI Name : --
MAC : 00e0-0003-0003
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
Alarm Status : None
----End
Configuration Files
l Configuration file of UPE1
#
sysname UPE1
#
vlan batch
2
#
cfm version standard
cfm
enable
#
interface Ethernet0/0/1
port link-type
trunk
port trunk allow-pass vlan
2
#
interface Ethernet0/0/2
port link-type
trunk
port trunk allow-pass vlan
2
#
cfm md
md
ma
ma
map vlan
2
mep mep-id 1 interface Ethernet0/0/2 outward
mep ccm-send mep-id 1
enable
remote-mep mep-id
2
remote-mep ccm-receive mep-id 2
enable
#
return
l Configuration file of UPE2
#
sysname
UPE2
#
vlan batch
2
#
cfm
enable
#
interface Ethernet0/0/1
port link-type
trunk
port trunk allow-pass vlan
2
#
interface Ethernet0/0/2
port link-type
trunk
port trunk allow-pass vlan
2
#
return
l Configuration file of UPE3
#
sysname
UPE3
#
vlan batch
2
#
cfm
enable
#
interface Ethernet0/0/1
port link-type
trunk
port trunk allow-pass vlan
2
#
interface Ethernet0/0/2
port link-type
trunk
port trunk allow-pass vlan
2
#
return
Networking Requirements
As shown in Figure 9-38, a user network is connected to an ISP network through SwitchA and
SwitchB. SwitchA functions as the CE, and SwitchB functions as the UPE. The requirements
are as follows:
l The bandwidth for the user network to access the ISP network is 2000 Mbit/s and an inactive
link that serves as a backup is provided.
l When the active link between the user network and the ISP network fails, the LACP module
can detect the fault within 50 ms and stop forwarding data on the active link.
ISP network
SwitchB
Eth0/0/1 Eth0/0/3
Eth0/0/2
Eth0/0/2
Eth0/0/1 Eth0/0/3
SwitchA
User
network1
Active Link
Inactive Link
Link aggreation group
in static LACP mode
Configuration Roadmap
The configuration roadmap is as follows:
l Configure a link aggregation group (LAG) in LACP mode with three member interfaces
on SwitchA and SwitchB respectively to increase the bandwidth, implement redundancy,
and improve reliability.
l Configure Ethernet CFM on SwitchA and SwitchB, and set the interval for sending and
detecting CCMs to 100s in each MA so that the LACP module can detect link faults within
50 ms.
l Associate Ethernet CFM with member interfaces of the LAGs in LACP mode on SwitchA
and SwitchB so that member interfaces can fast detect link faults.
Procedure
Step 1 Configure an LAG in static LACP mode.
For details, see 3.1 Link Aggregation Configuration in the S2300&S3300 Series Ethernet
Switches Configuration Guide - LAN Configuration.
Vlan ID : --
VSI Name : --
Interface Name : Ethernet0/0/1
CCM Send : enabled
Direction : outward
MAC Address : 80fb-0636-792d
MD Name : md1
MD Name Format : md-name
Level : 0
MA Name : ma2
MEP ID : 3
Vlan ID : --
VSI Name : --
Interface Name : Ethernet0/0/2
CCM Send : enabled
Direction : outward
MAC Address : 80fb-0636-792d
MD Name : md1
MD Name Format : md-name
Level : 0
MA Name : ma3
MEP ID : 5
Vlan ID : --
VSI Name : --
Interface Name : Ethernet0/0/3
CCM Send : enabled
Direction : outward
MAC Address : 80fb-0636-792d
[SwitchB] display cfm remote-mep md md1
The total number of RMEPs is : 3
The status of RMEPS : 3 up, 0 down, 0 disable
--------------------------------------------------
MD Name : md1
Level : 0
MA Name : ma1
RMEP ID : 2
Vlan ID : --
VSI Name : --
MAC : 80fb-065f-03d3
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
Alarm Status : None
MD Name : md1
Level : 0
MA Name : ma2
RMEP ID : 4
Vlan ID : --
VSI Name : --
MAC : 80fb-065f-03d3
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
Alarm Status : None
MD Name : md1
Level : 0
MA Name : ma3
RMEP ID : 6
Vlan ID : --
VSI Name : --
MAC : 80fb-065f-03d3
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
Alarm Status : None
Step 3 Associate Ethernet CFM with member interfaces of the LAG in static LACP mode.
Run the display cfm remote-mep command on SwitchA or SwitchB. If the Trigger-If-down
field is displayed as enabled, the configuration is successful.
[SwitchB] display cfm remote-mep md md1
The total number of RMEPs is : 3
The status of RMEPS : 3 up, 0 down, 0 disable
--------------------------------------------------
MD Name : md1
Level : 0
MA Name : ma1
RMEP ID : 2
Vlan ID : --
VSI Name : --
MAC : 80fb-065f-03d3
CCM Receive : enabled
Trigger-If-Down : enabled
CFM Status : up
Alarm Status : None
MD Name : md1
Level : 0
MA Name : ma2
RMEP ID : 4
Vlan ID : --
VSI Name : --
MAC : 80fb-065f-03d3
CCM Receive : enabled
Trigger-If-Down : enabled
CFM Status : up
Alarm Status : None
MD Name : md1
Level : 0
MA Name : ma3
RMEP ID : 6
Vlan ID : --
VSI Name : --
MAC : 80fb-065f-03d3
CCM Receive : enabled
Trigger-If-Down : enabled
CFM Status : up
Alarm Status : None
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
cfm enable
#
interface Eth-Trunk2
mode lacp-static
#
interface Ethernet0/0/1
eth-trunk 2
cfm md md1 ma ma1 remote-mep mep-id 1 trigger if-down
#
interface Ethernet0/0/2
eth-trunk 2
cfm md md1 ma ma2 remote-mep mep-id 3 trigger if-down
#
interface Ethernet0/0/3
eth-trunk 2
cfm md md1 ma ma3 remote-mep mep-id 5 trigger if-down
#
cfm md md1
ma ma1
ccm-interval 100
mep mep-id 2 interface Ethernet0/0/1 outward
mep ccm-send mep-id 2 enable
remote-mep mep-id 1
remote-mep ccm-receive mep-id 1 enable
ma ma2
ccm-interval 100
mep mep-id 4 interface Ethernet0/0/2 outward
mep ccm-send mep-id 4 enable
remote-mep mep-id 3
remote-mep ccm-receive mep-id 3 enable
ma ma3
ccm-interval 100
mep mep-id 6 interface Ethernet0/0/3 outward
mep ccm-send mep-id 6 enable
remote-mep mep-id 5
remote-mep ccm-receive mep-id 5 enable
#
return
eth-trunk 2
lacp priority 2000
cfm md md1 ma ma2 remote-mep mep-id 4 trigger if-down
#
interface Ethernet0/0/3
eth-trunk 2
cfm md md1 ma ma3 remote-mep mep-id 6 trigger if-down
#
cfm md md1
ma ma1
ccm-interval 100
mep mep-id 1 interface Ethernet0/0/1 outward
mep ccm-send mep-id 1 enable
remote-mep mep-id 2
remote-mep ccm-receive mep-id 2 enable
ma ma2
ccm-interval 100
mep mep-id 3 interface Ethernet0/0/2 outward
mep ccm-send mep-id 3 enable
remote-mep mep-id 4
remote-mep ccm-receive mep-id 4 enable
ma ma3
ccm-interval 100
mep mep-id 5 interface Ethernet0/0/3 outward
mep ccm-send mep-id 5 enable
remote-mep mep-id 6
remote-mep ccm-receive mep-id 6 enable
#
return
Networking Requirements
As networks develop quickly, more and more IP networks are used to carry multiple services
such as voice and video services. These services pose high requirements on network reliability
and rapid fault detection.
Link detection protocols are usually deployed on a network to detect link connectivity and faults.
A single fault detection protocol cannot detect all faults in all links on a complex network.
Network environments and user requirements need to be analyzed, and various detection
techniques are required to implement rapid link fault detection.
As shown in Figure 9-39, SwitchA, SwitchB, and SwitchC are connected at Layer 2. The
requirements are as follows:
l Connectivity of the links between SwitchA and SwitchB and between SwitchB and
SwitchC can be monitored.
l When the link between SwitchA and SwitchB becomes faulty, SwitchC can detect the fault.
Figure 9-39 Networking diagram for configuring association between Ethernet CFM and
Ethernet CFM
SwitchA SwitchB SwitchC
Eth0/0/1 Eth0/0/2
Eth0/0/1 Eth0/0/2
CFM CFM
MEP in MA1
MEP in MA2
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and add interfaces to the VLANs.
2. Configure Ethernet CFM between SwitchA and SwitchB and between SwitchB and
SwitchC to monitor link connectivity.
3. Configure association between CFM modules on SwitchB and SwitchC.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs. The configuration details are not mentioned
here.
Step 2 Configure Ethernet CFM between SwitchA and SwitchB.
# Configure SwitchA.
[SwitchA] cfm enable
[SwitchA] cfm md md1
[SwitchA-md-md1] ma ma1
[SwitchA-md-md1-ma-ma1] map vlan 10
[SwitchA-md-md1-ma-ma1] mep mep-id 1 interface ethernet 0/0/1 outward
[SwitchA-md-md1-ma-ma1] remote-mep mep-id 2
[SwitchA-md-md1-ma-ma1] mep ccm-send enable
[SwitchA-md-md1-ma-ma1] remote-mep ccm-receive enable
[SwitchA-md-md1-ma-ma1] quit
[SwitchA-md-md1] quit
# Configure SwitchB.
[SwitchB] cfm enable
[SwitchB] cfm md md1
[SwitchB-md-md1] ma ma1
[SwitchB-md-md1-ma-ma1] map vlan 10
[SwitchB-md-md1-ma-ma1] mep mep-id 2 interface ethernet 0/0/1 outward
[SwitchB-md-md1-ma-ma1] remote-mep mep-id 1
[SwitchB-md-md1-ma-ma1] mep ccm-send enable
[SwitchB-md-md1-ma-ma1] remote-mep ccm-receive enable
[SwitchB-md-md1-ma-ma1] quit
[SwitchB-md-md1] quit
# Configure SwitchC.
[SwitchC] cfm enable
[SwitchC] cfm md md1
[SwitchC-md-md1] ma ma2
[SwitchC-md-md1-ma-ma2] map vlan 20
[SwitchC-md-md1-ma-ma2] mep mep-id 2 interface ethernet 0/0/2 outward
[SwitchB-md-md1-ma-ma2] remote-mep mep-id 1
Run the display cfm remote-mep command on SwitchB to check the CFM status. You can see
that the CFM status is Up.
[SwitchB] display cfm remote-mep
The total number of RMEPs is : 2
The status of RMEPS : 2 up, 0 down, 0 disable
--------------------------------------------------
MD Name : md1
Level : 0
MA Name : ma1
RMEP ID : 1
Vlan ID : 10
VSI Name : --
MAC : 0025-9efb-494a
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
Alarm Status : None
MD Name : md1
Level : 0
MA Name : ma2
RMEP ID : 2
Vlan ID : 20
VSI Name : --
MAC : 0002-0003-0161
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
Alarm Status : None
# Associate Ethernet CFM between SwitchA and SwitchB with Ethernet CFM between SwitchB
and SwitchC in both directions.
[SwitchB] oam-mgr
[SwitchB-oam-mgr] oam-bind cfm md md1 ma ma1 cfm md md1 ma ma2
Shut down Eth0/0/2 on SwitchB. Run the display cfm remote-mep command on SwitchA to
check the CFM status between SwitchA and SwitchB. You can see that the CFM status is Down.
[SwitchA]display cfm remote-mep
The total number of RMEPs is : 1
The status of RMEPS : 0 up, 1 down, 0 disable
--------------------------------------------------
MD Name : md1
Level : 0
MA Name : ma1
RMEP ID : 2
Vlan ID : 10
VSI Name : --
MAC : 0044-0141-5410
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : down
Alarm Status : RemoteAlarm
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
cfm enable
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
cfm md md1
ma ma1
map vlan 10
mep mep-id 1 interface Ethernet0/0/1 outward
mep ccm-send mep-id 1 enable
remote-mep mep-id 2
remote-mep ccm-receive mep-id 2 enable
#
return
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
cfm md md1
ma ma2
map vlan 20
mep mep-id 2 interface Ethernet0/0/2 outward
mep ccm-send mep-id 2 enable
remote-mep mep-id 1
remote-mep ccm-receive mep-id 1 enable
#
return
Networking Requirements
As networks develop quickly, more and more IP networks are used to carry multiple services
such as voice and video services. These services pose high requirements on network reliability
and rapid fault detection.
Link detection protocols are usually deployed on a network to detect link connectivity and faults.
A single fault detection protocol cannot detect all faults in all links on a complex network.
Network environments and user requirements need to be analyzed, and various detection
techniques are required to implement rapid link fault detection.
As shown in Figure 9-40, CE1 is dual-homed to PE1 and PE3. The requirements are as follows:
l Connectivity of links between CE1 and PE3, between PE3 and PE4, and between PE4 and
CE2 can be detected.
l If the link between CE1 and PE3 becomes faulty, CE2 can detect the fault, preventing return
traffic from being forwarded to PE4.
l When the link between PE3 and PE4 becomes faulty, CE1 or CE2 can detect the fault.
l When the link between CE1 and PE3 goes faulty, a active/standby link switchover can be
implemented.
PE1 PE2
Eth0/0/2 Eth0/0/2
Eth0/0/1 Eth0/0/1
CE1 CE2
Eth0/0/2 Eth0/0/2
User User
Network Eth0/0/1 Eth0/0/1 Network
PE3 PE4
Eth0/0/1 Eth0/0/1
Eth0/0/2 Eth0/0/2
EFM
CFM EFM
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure EFM for links between CE1 and PE3 and between CE2 and PE4 to monitor link
connectivity.
2. Configure CFM for the link between PE3 and PE4 to monitor link connectivity.
3. Configure association between EFM and interfaces on CE2. When EFM detects a link fault
between CE1 and PE3, traffic can be switched to the backup link and return traffic is not
forwarded to PE4.
4. Configure association between CFM and EFM on PE3 and PE4 so that CFM and EFM can
notify each other of faults.
Procedure
Step 1 Configure basic EFM functions.
# Enable EFM on CE1 globally.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] efm enable
MA Name : ma1
RMEP ID : 2
Vlan ID : 2
VSI Name : --
MAC : --
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
Alarm Status : None
CRC: 0, Giants: 0
Jabbers: 0, Fragments: 0
Runts: 0, DropEvents: 0
Alignments: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Pause: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Buffers Purged: 0, Pause: 0
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
efm enable
#
interface Ethernet0/0/1
efm enable
#
return
mgr
oam-bind ingress efm interface Ethernet0/0/1 egress cfm md md1 ma ma1
oam-bind ingress cfm md md1 ma ma1 egress efm interface Ethernet0/0/1
#
return
Networking Requirements
As networks develop quickly, more and more IP networks are used to carry multiple services
such as voice and video services. These services pose high requirements on network reliability
and rapid fault detection.
Link detection protocols are usually deployed on a network to detect link connectivity and faults.
A single fault detection protocol cannot detect all faults in all links on a complex network.
Network environments and user requirements need to be analyzed, and various detection
techniques are required to implement rapid link fault detection.
As shown in Figure 9-41, UPEA is dual-homed to UPEB and UPEC. The requirements are as
follows:
l Connectivity of links between UPEA and UPEC, between UPEC and the PE-AGG, between
UPEA and UPEB, and between UPEB and the PE-AGG can be monitored.
l When the link between UPEA and UPEC or between UPEC and the PE-AGG goes faulty,
an active/standby switchover can be implemented.
Eth0/0/1 Eth0/0/2
EF
CE1 PE-AGG
VLAN 100-300 Eth0/0/2 Eth0/0/1
Ring 1 Backbone
UPEA Master 1 network
Eth0/0/1 Eth0/0/2
EF
Eth0/0/2 Eth0/0/1
M
EF
M
Domain 1 ring 1
UPEC
Table 9-11 describes the mapping between protected VLANs in domain 1 and the instance.
Table 9-12 lists the master node, and primary and secondary ports on the master node of the
ring.
Table 9-12 Master node, and primary and secondary ports on the master node
Ring ID Master Node Primary Port Secondary Port
Configuration Roadmap
The configuration roadmap is as follows:
1. Map instance 1 to VLANs 100 to 300.
2. Add UPEA, UPEB, UPEC, and PE-AGG to ring 1 in domain 1.
3. Configure the protected VLAN and control VLAN for domain 1.
4. Configure the PE-AGG as the master node and configure UPEA, UPEB, and UPEC as
transit nodes on ring 1 in domain 1 to remove loops.
5. Configure Ethernet CFM on the PE-AGG and UPEA to detect faults on the two links
between PE-AGG and UPEA.
6. Configure association between Ethernet CFM and primary and secondary ports on the
RRPP ring on the PE-AGG so that faults can be transmitted.
Procedure
Step 1 Create instances.
l Configure UPEA.
# Create data VLANs 100 to 300 on UPEA.
<Quidway> system-view
[Quidway] sysname UPEA
[UPEA] vlan batch 100 to 300
# Create instance 1, and map control VLANs 5 and 6 and data VLANs 100 to 300 in domain
1 to instance 1.
[UPEA] stp region-configuration
[UPEA-mst-region] instance 1 vlan 5 6 100 to 300
l Configure UPEB.
# Create data VLANs 100 to 300 on UPEB.
<Quidway> system-view
[Quidway] sysname UPEB
[UPEB] vlan batch 100 to 300
# Create instance 1, and map control VLANs 5 and 6 and data VLANs 100 to 300 in domain
1 to instance 1.
[UPEB] stp region-configuration
[UPEB-mst-region] instance 1 vlan 5 6 100 to 300
l Configure UPEC.
# Create data VLANs 100 to 300 on UPEC.
<Quidway> system-view
[Quidway] sysname UPEC
[UPEC] vlan batch 100 to 300
# Create instance 1, and map control VLANs 5 and 6 and data VLANs 100 to 300 in domain
1 to instance 1.
[UPEC] stp region-configuration
[UPEC-mst-region] instance 1 vlan 5 6 100 to 300
# Create instance 1, and map control VLANs 5 and 6 and data VLANs 100 to 300 in domain
1 to instance 1.
[PE-AGG] stp region-configuration
[PE-AGG-mst-region] instance 1 vlan 5 6 100 to 300
l Configure UPEB.
# On UPEB, disable STP on the ports to be added to the RRPP ring, and configure the ports
to allow the packets from VLANs 100 to 300 to pass through.
[UPEB] interface ethernet 0/0/1
[UPEB-Ethernet0/0/1] port link-type trunk
[UPEB-Ethernet0/0/1] port trunk allow-pass vlan 100 to 300
[UPEB-Ethernet0/0/1] stp disable
[UPEB-Ethernet0/0/1] quit
[UPEB] interface ethernet 0/0/2
[UPEB-Ethernet0/0/2] port link-type trunk
[UPEB-Ethernet0/0/2] port trunk allow-pass vlan 100 to 300
[UPEB-Ethernet0/0/2] stp disable
[UPEB-Ethernet0/0/2] quit
l Configure UPEC.
# On UPEC, disable STP on the ports to be added to the RRPP ring, and configure the ports
to allow the packets from VLANs 100 to 300 to pass through.
[UPEC] interface ethernet 0/0/1
[UPEC-Ethernet0/0/1] port link-type trunk
[UPEC-Ethernet0/0/1] port trunk allow-pass vlan 100 to 300
[UPEC-Ethernet0/0/1] stp disable
[UPEC-Ethernet0/0/1] quit
[UPEC] interface eigabitethernet 0/0/2
[UPEC-Ethernet0/0/2] port link-type trunk
[UPEC-Ethernet0/0/2] port trunk allow-pass vlan 100 to 300
[UPEC-Ethernet0/0/2] stp disable
[UPEC-Ethernet0/0/2] quit
l Configure the PE-AGG.
# On the PE-AGG, disable STP on the ports to be added to the RRPP ring, and configure the
ports to allow the packets from VLANs 100 to 300 to pass through.
[PE-AGG] interface ethernet 0/0/1
[PE-AGG-Ethernet0/0/1] port link-type trunk
[PE-AGG-Ethernet0/0/1] port trunk allow-pass vlan 100 to 300
[PE-AGG-Ethernet0/0/1] stp disable
[PE-AGG-Ethernet0/0/1] quit
[PE-AGG] interface ethernet 0/0/2
[PE-AGG-Ethernet0/0/2] port link-type trunk
[PE-AGG-Ethernet0/0/2] port trunk allow-pass vlan 100 to 300
[PE-AGG-Ethernet0/0/2] stp disable
[PE-AGG-Ethernet0/0/2] quit
Step 3 Create RRPP domains and configure protected VLANs and control VLANs.
l Configure UPEA.
# Configure VLANs mapping instance 1 as protected VLANs in domain 1, and configure
VLAN 5 as the control VLAN.
[UPEA] rrpp domain 1
[UPEA-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEA-rrpp-domain-region1] control-vlan 5
[UPEA-rrpp-domain-region1] quit
l Configure UPEB.
# Configure VLANs mapping instance 1 as protected VLANs in domain 1, and configure
VLAN 5 as the control VLAN.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEB-rrpp-domain-region1] control-vlan 5
[UPEB-rrpp-domain-region1] quit
l Configure UPEC.
# Configure VLANs mapping instance 1 as protected VLANs in domain 1, and configure
VLAN 5 as the control VLAN.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] protected-vlan reference-instance 1
[UPEC-rrpp-domain-region1] control-vlan 5
[UPEC-rrpp-domain-region1] quit
l Configure the PE-AGG.
# Configure VLANs mapping instance 1 as protected VLANs in domain 1, and configure
VLAN 5 as the control VLAN.
l Configure UPEB.
# Configure UPEB as a transit node of ring 1 in domain 1 and specify primary and secondary
ports.
[UPEB] rrpp domain 1
[UPEB-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port ethernet 0/0/2 level 0
[UPEB-rrpp-domain-region1] ring 1 enable
[UPEB-rrpp-domain-region1] quit
l Configure UPEC.
# Configure UPEC as a transit node of ring 1 in domain 1 and specify primary and secondary
ports.
[UPEC] rrpp domain 1
[UPEC-rrpp-domain-region1] ring 1 node-mode transit primary-port ethernet 0/0/1
secondary-port Ethernet 0/0/2 level 0
[UPEC-rrpp-domain-region1] ring 1 enable
[UPEC-rrpp-domain-region1] quit
After configuring an RRPP ring, you need to enable RRPP on each node on the ring to activate
the RRPP ring. The configuration procedure is as follows:
l Configure UPEA.
# Enable RRPP.
[UPEA] rrpp enable
l Configure UPEB.
# Enable RRPP.
[UPEB] rrpp enable
l Configure UPEC.
# Enable RRPP.
[UPEC] rrpp enable
# Enable RRPP.
[PE-AGG] rrpp enable
After the configuration is complete and the network topology becomes stable, perform the
following operations to verify the configuration. The display on UPEA and the PE-AGG is
used as an example.
l On UPEA, run the display rrpp brief or display rrpp verbose domain command. The
following information is displayed:
# Check brief information about RRPP on UPEA.
[UPEA] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T Ethernet0/0/1 Ethernet0/0/2 Yes
RRPP is enabled on UPEA, VLAN 5 is the control VLAN and VLANs mapping instance 1
are the protected VLANs in domain 1, and UPE A is a transit node on ring 1; the primary
port is Eth0/0/1, and the secondary port is Eth0/0/2.
# View detailed information about UPEA in domain 1.
[UPEA] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN: Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/2 Port status: UP
The preceding command output shows that VLAN 5 is the control VLAN in domain 1, and
VLANs mapping instance 1 are the protected VLANs. UPEA is a transit node in domain 1
and is in LinkUp state; RRPP is enabled on UPEA.
# View brief information about RRPP on the PE-AGG.
[PE-AGG] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
The preceding command output shows that RRPP is enabled on the PE-AGG. In domain 1,
VLAN 5 is the control VLAN; VLANs mapping instance 1 are the protected VLANs; PE-
AGG is the master node on ring 1. The primary port is Eth0/0/1, and the secondary port is
Eth0/0/2.
# View detailed information about PE-AGG in domain 1.
[PE-AGG] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN: Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/2 Port status: BLOCKED
The preceding command output shows that VLAN 5 is the control VLAN in domain 1, and
VLANs mapping instance 1 are the protected VLANs. The PE-AGG is the master node, and
the status is Complete. The primary port is Ethernet0/0/1, and the secondary port is
Ethernet0/0/2.
# Configure UPEA.
[UPEA] cfm enable
[UPEA] cfm md md1
[UPEA-md-md1] ma ma1
[UPEA-md-md1-ma-ma1] map vlan 100
[UPEA-md-md1-ma-ma1] mep mep-id 1 interface ethernet 0/0/2 outward
[UPEA-md-md1-ma-ma1] remote-mep mep-id 2
[UPEA-md-md1-ma-ma1] remote-mep ccm-receive mep-id 2 enable
[UPEA-md-md1-ma-ma1] mep ccm-send enable
[UPEA-md-md1-ma-ma1] quit
[UPEA-md-md1] ma ma2
[UPEA-md-md1-ma-ma2] map vlan 100
[UPEA-md-md1-ma-ma2] mep mep-id 3 interface ethernet 0/0/1 outward
[UPEA-md-md1-ma-ma2] remote-mep mep-id 4
[UPEA-md-md1-ma-ma2] remote-mep ccm-receive mep-id 4 enable
[UPEA-md-md1-ma-ma2] mep ccm-send enable
[UPEA-md-md1-ma-ma2] quit
[UPEA-md-md1] quit
On UPEA or the PE-AGG, run the display cfm remote-mep command to check the Ethernet
CFM status. You can see that Ethernet CFM is in Up state. The display on the PE-AGG is used
as an example.
[PE-AGG] display cfm remote-mep
The total number of RMEPs is : 2
The status of RMEPS : 2 up, 0 down, 0 disable
--------------------------------------------------
MD Name : md1
Level : 0
MA Name : ma1
RMEP ID : 1
Vlan ID : 100
VSI Name : --
MAC : --
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
Alarm Status : None
MD Name : md1
Level : 0
MA Name : ma2
RMEP ID : 3
Vlan ID : 100
VSI Name : --
MAC : --
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
Alarm Status : None
MAC : --
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : down
Alarm Status : None
MD Name : md1
Level : 0
MA Name : ma2
RMEP ID : 3
Vlan ID : 100
VSI Name : --
MAC : --
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
Alarm Status : None
Run the display this interface command on the PE-AGG to check the status of Eth 0/0/1. You
can see that Eth1/0/0 is in TRIGGER DOWN (1AG) state.
[PE-AGG] interface ethernet 0/0/1
[PE-AGG-Ethernet0/0/1] display this interface
Ethernet0/0/1 current state : TRIGGER DOWN
(1AG)
Line protocol current state : DOWN
Description:HUAWEI, Quidway Series, Ethernet0/0/1 Interface
Switch Port, PVID : 1, TPID : 8100(Hex), The Maximum Frame Length is 9216
IP Sending Frames" Format is PKTFMT_ETHNT_2, Hardware address is 781d-bacc-8be0
Current system time: 2012-03-01 15:19:04+08:00
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 1064 bits/sec, 1 packets/sec
Last 300 seconds output rate 2088 bits/sec, 2 packets/sec
Input peak rate 999996912 bits/sec, Record time: 2012-04-19 07:10:46
Output peak rate 999996912 bits/sec, Record time: 2012-04-19 07:10:46
CRC: 0, Giants: 0
Jabbers: 0, Fragments: 0
Runts: 0, DropEvents: 0
Alignments: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Pause: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Buffers Purged: 0, Pause: 0
Run the display rrpp verbose domain 1 command on the PE-AGG to check the status of the
RRPP ring and interface. The following information is displayed:
[PE-AGG-Ethernet0/0/1] quit
[PE-AGG] quit
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Failed
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/2 Port status: UP
The status of the RRPP ring becomes Failed and the secondary port changes from BLOCKED
to UP.
Re-enable Eth0/0/1 on UPEB. You can see that the CFM status on the PE-AGG becomes Up.
Run the display rrpp verbose domain 1 command on the PE-AGG to check the status of the
RRPP ring and interface. You can see that the RRPP ring becomes Complete.
<PE-AGG> display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN: Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : Ethernet0/0/1 Port status: UP
Secondary port: Ethernet0/0/2 Port status: BLOCKED
----End
Configuration Files
l Configuration file of UPEA
#
sysname UPEA
#
vlan batch 5 to 6 100 to 300
#
rrpp enable
#
cfm enable
#
stp region-configuration
instance 1 vlan 5 6 100 to 300
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 5 to 6 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 5 to 6 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100 to 300
stp disable
#
Return
l Configuration file of the PE-AGG
#
sysname PE-AGG
#
vlan batch 5 to 6 100 to 300
#
rrpp enable
#
cfm enable
#
stp region-configuration
instance 1 vlan 5 6 100 to 200
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode master primary-port Ethernet0/0/1 secondary-port Ethernet0/0/2
level 0
ring 1 enable
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 5 to 6 100 to 300
stp disable
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100 to 300
stp disable
#
cfm md md1
ma ma1
map vlan 100
mep mep-id 2 interface Ethernet0/0/1 outward
mep ccm-send mep-id 2 enable
remote-mep mep-id 1
remote-mep ccm-receive mep-id 1 enable
ma ma2
map vlan 100
mep mep-id 4 interface Ethernet0/0/2 outward
mep ccm-send mep-id 4 enable
remote-mep mep-id 3
remote-mep ccm-receive mep-id 3 enable
#
oam-mgr
oam-bind ingress interface Ethernet0/0/1 egress cfm md md1 ma ma1 trigger if-down
oam-bind ingress interface Ethernet0/0/2 egress cfm md md1 ma ma2 trigger if-down
oam-bind ingress cfm md md1 ma ma1 trigger if-down egress interface Ethernet0/0/1
oam-bind ingress cfm md md1 ma ma2 trigger if-down egress interface Ethernet0/0/2
#
return
Networking Requirements
As shown in Figure 9-42, CE1 is dual-homed to PEs through sub-interfaces and a VPLS network
is deployed between PEs. CFM is enabled between GE1/0/1 on CE1 and GE1/0/1 on PE2, and
between GE1/0/2 on CE1 and GE1/0/2 on PE1 to detect faults on links. MSTP is run on directly
connected interfaces between CE1 and PE1 and between CE1 and PE2; PE1 is configured as
the root switch; PE2 is configured as the secondary root switch; MSTP blocks ports of the
secondary root switch to prevent loops.
When Ethernet CFM detects a fault on the link between CE1 and PE1, OAM Manager notifies
the MSTP module of the fault. Then, the interface notifies the MSTP module through association
between OAM Manager and the interface. The secondary root switch becomes the root switch
of a specified MSTI, protecting links connected to the VPLS network.
GE0/0/2
C E1 VPLS network
GE0/0/1 PE3
GE0/0/1.1
GE0/0/2
PE2
Configuration Roadmap
NOTE
In this example, only the configuration of MSTP, CFM, and association is mentioned. The VPLS
configuration, however, is not mentioned.
1. Create VLANs.
2. Create sub-interfaces on PE1 and PE2 and add them to VLANs to connect to the VPLS
network.
3. Configure PE1 as the CIST root.
4. Configure PE1, PE2, and CE1 to be in the same region named RG1 and create MSTI 1.
5. In RG1, PE1 functions as the CIST root and the root switch of MSTI 1, and PE2 functions
as the secondary root switch of MSTI 1.
6. Configure root protection on PE2.
7. Configure Ethernet CFM between PE1 and CE1 and between PE2 and CE1 to monitor
links.
8. Configure association between Ethernet CFM and interfaces. After the root switch fails,
the secondary root switch immediately switches to the root switch of the specified MSTI.
Procedure
Step 1 Configure MSTP on PE1.
# Create VLANs 1 to 20.
<PE1> system-view
[PE1] vlan batch 1 to 20
# Configure CE1 to use Huawei proprietary algorithm to calculate the path cost.
[PE1] stp pathcost-standard legacy
# Configure PE2 to use Huawei proprietary algorithm to calculate the path cost.
[PE2] stp pathcost-standard legacy
# Configure CE1 to use Huawei proprietary algorithm to calculate the path cost.
[CE1] stp pathcost-standard legacy
After the configuration is complete, run the display stp brief command on PEs and CE1 to check
the status and protection type of the interface. The following information is displayed:
[PE1] display stp brief
MSTID Port Role STP State Protection
# Configure PE1.
[PE1] cfm md md1
[PE1-md-md1] ma ma1
[PE1-md-md1-ma-ma1] map vlan 10
[PE1-md-md1-ma-ma1] mep mep-id 2 interface gigabitethernet 0/0/2 outward
[PE1-md-md1-ma-ma1] remote-mep mep-id 1
[PE1-md-md1-ma-ma1] remote-mep ccm-receive mep-id 1 enable
[PE1-md-md1-ma-ma1] mep ccm-send enable
[PE1-md-md1-ma-ma1] quit
# Configure PE2.
[PE2] cfm md md1
[PE2-md-md1] ma ma2
[PE2-md-md1-ma-ma2] map vlan 10
[PE2-md-md1-ma-ma2] mep mep-id 4 interface gigabitethernet 0/0/1 outward
[PE2-md-md1-ma-ma2] remote-mep mep-id 3
[PE2-md-md1-ma-ma2] remote-mep ccm-receive mep-id 3 enable
[PE2G-md-md1-ma-ma2] mep ccm-send enable
[PE2-md-md1-ma-ma2] quit
On CE1 or PEs, run the display cfm remote-mep command to check the Ethernet CFM status.
You can see that ma1 is in up state and ma2 is in down state. The display on CE1 is used as an
example.
[CE1] display cfm remote-mep
The total number of RMEPs is : 2
The status of RMEPS : 1 up, 1 down, 0 disable
--------------------------------------------------
MD Name : md1
Level : 0
MA Name : ma1
RMEP ID : 2
Vlan ID : 10
VSI Name : --
MAC : --
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : up
MD Name : md1
Level : 0
MA Name : ma2
RMEP ID : 4
Vlan ID : 10
VSI Name : --
MAC : --
CCM Receive : enabled
Trigger-If-Down : disabled
CFM Status : down
# Configure PE1.
[PE1] oam-mgr
[PE1-oam-mgr] oam-bind cfm md md1 ma ma1 trigger if-down interface gigabitethernet
0/0/2
# Configure PE2.
[PE2-oam-mgr] oam-bind cfm md md1 ma ma2 trigger if-down interface gigabitethernet
0/0/2
Run the display interface command on PE1 to view the status of GE0/0/2. GE0/0/2 is in
TRIGGER DOWN (1AG) state.
[PE1] display interface gigabitethernet 0/0/2
GigabitEthernet0/0/2 current state : TRIGGER DOWN
(1AG)
Line protocol current state : DOWN
Description:HUAWEI, Quidway Series, GigabitEthernet0/0/2 Interface
Switch Port, PVID : 10, TPID : 8100(Hex), The Maximum Frame Length is 9216
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0022-0033-0044
Last physical up time : -
Last physical down time : 2009-03-13 19:57:53
Port Mode: COMMON FIBER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : NORMAL
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 0 bits/sec, Record time: -
Output peak rate 0 bits/sec, Record time: -
CRC: 0, Giants: 0
Jabbers: 0, Fragments: 0
Runts: 0, DropEvents: 0
Alignments: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Buffers Purged: 0
Run the display stp brief command on PE2 to check the status and protection type of the
interface. The following information is displayed:
# Run the display stp brief command on PE2.
<PE2> display stp brief
MSTID Port Role STP State Protection
0 0/0/1 DESI FORWARDING ROOT
1 0/0/1 DESI FORWARDING ROOT
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 1 to 20
#
stp instance 1 root primary
#
cfm enable
#
stp region-configuration
region-name RG1
instance 1 vlan 1 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 1 to 19
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 1 to 19
stp root-protection
#
interface GigabitEthernet0/0/2.1
dot1q termination vid 20
#
cfm md md1
ma ma1
map vlan 10
mep mep-id 2 interface GigabitEthernet0/0/2 outward
mep ccm-send mep-id 2 enable
remote-mep mep-id 1
remote-mep ccm-receive mep-id 1 enable
#
oam-mgr
oam-bind ingress interface GigabitEthernet1/0/2 egress cfm md md1 ma ma1 trigger
if-down
oam-bind ingress cfm md md1 ma ma1 trigger if-down egress interface GigabitEthe
rnet1/0/2
#
return
#
vlan batch 1 to 20
#
stp instance 1 root secondary
#
cfm enable
#
stp region-configuration
region-name RG1
instance 1 vlan 1 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 1 to 19
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 1 to 19
#
cfm md md1
ma ma2
map vlan 10
mep mep-id 4 interface GigabitEthernet0/0/1 outward
mep ccm-send mep-id 4 enable
remote-mep mep-id 3
remote-mep ccm-receive mep-id 3 enable
#
oam-mgr
oam-bind ingress interface GigabitEthernet0/0/1 egress cfm md md1 ma ma2 trigger
if-down
oam-bind ingress cfm md md1 ma ma2 trigger if-down egress interface GigabitEthe
rnet0/0/1
#
return
l Configuration file of CE1
#
sysname CE1
#
vlan batch 1 to 20
#
cfm enable
#
stp region-configuration
region-name RG1
instance 1 vlan 1 to 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 1 to 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 1 to 20
#
#
cfm md md1
ma ma1
map vlan 10
mep mep-id 1 interface GigabitEthernet0/0/1 outward
mep ccm-send mep-id 1 enable
remote-mep mep-id 2
remote-mep ccm-receive mep-id 2 enable
ma ma2
map vlan 10
Networking Requirements
As networks rapidly develop and applications become diversified, various value-added services
such as IPTV, video conferencing and VOIP are widely used. Link connectivity and network
performance determine QoS on bearer networks. Therefore, performance monitoring is
important for service transmission.
As shown in Figure 9-43, CFM is configured between CEs. To provide high-quality video
services, carriers hope to monitor the one-way delay over mobile bearer links in real time, while
monitoring link connectivity. Monitoring the one-way delay over mobile bearer links allows the
carriers to respond quickly to video service quality deterioration.
PE1 PE2
Eth0/0/2 Eth0/0/2
VLAN
Eth0/0/1 Eth0/0/1
Eth0/0/1 Eth0/0/1
CE1 CE2
User User
network network
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure on-demand one-way frame delay measurement for the end-to-end link between
the CEs to periodically collect statistics about the delay in frame transmission.
Procedure
Step 1 Configure basic Ethernet CFM functions and specify the MEP type as outward.
Configure basic Ethernet CFM functions on each CE. Specify CFM version as IEEE Standard
802.1ag-2007, create an MD named md3 and an MA named ma3, and bind the MA to the VLAN.
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] vlan 2
[CE1] interface ethernet 0/0/1
[CE1-Ethernet0/0/1] port link-type trunk
[CE1-Ethernet0/0/1] port trunk allow-pass vlan 2
[CE1-Ethernet0/0/1] quit
[CE1] cfm enable
[CE1] cfm version standard
[CE1] cfm md md3
[CE1-md-md3] ma ma3
[CE1-md-md3-ma-ma3] map vlan 2
[CE1-md-md3-ma-ma3] mep mep-id 3 interface ethernet 0/0/1 outward
[CE1-md-md3-ma-ma3] mep ccm-send mep-id 3 enable
[CE1-md-md3-ma-ma3] remote-mep mep-id 4
[CE1-md-md3-ma-ma3] remote-mep ccm-receive mep-id 4 enable
# Configure CE2.
<Quidway> system-view
[Quidway] sysname CE2
[CE2] vlan 2
[CE2] interface ethernet 0/0/1
[CE2-Ethernet0/0/1]port link-type trunk
[CE2-Ethernet0/0/1]port trunk allow-pass vlan 2
[CE2-Ethernet0/0/1]quit
[CE2] cfm enable
[CE2] cfm version standard
[CE2] cfm md md3
[CE2-md-md3] ma ma3
[CE2-md-md3-ma-ma3] map vlan 2
[CE2-md-md3-ma-ma3] mep mep-id 4 interface ethernet 0/0/1 outward
[CE2-md-md3-ma-ma3] mep ccm-send mep-id 4 enable
[CE2-md-md3-ma-ma3] remote-mep mep-id 3
[CE2-md-md3-ma-ma3] remote-mep ccm-receive mep-id 3 enable
# Configure CE2.
[CE2] cfm md md3
[CE2-md-md3] ma ma3
[CE2-md-md3-ma-ma3] delay-measure one-way receive
[CE2-md-md3-ma-ma3] quit
[CE2-md-md3] quit
# Configure CE1.
[CE1] cfm md md3
[CE1-md-md3] ma ma3
[CE1-md-md3-ma-ma3] delay-measure one-way remote-mep mep-id 4 interval 10000 count
20
[CE1-md-md3-ma-ma3] quit
[CE1-md-md3] quit
# After the configuration is complete, run the display y1731 statistic-type oneway-delay md
md3 ma ma3 command on CE2. You can see statistics about the one-way frame delay.
<CE2> display y1731 statistic-type oneway-delay md md3 ma ma3
Latest one-way delay statistics:
--------------------------------------------------------------------------------
Index Delay(usec) Delay variation(usec)
--------------------------------------------------------------------------------
1 10000 -
2 10000 0
3 10000 0
4 10000 0
5 10000 0
6 10000 0
7 10000 0
8 10000 0
9 10000 0
10 10000 0
11 10000 0
12 40000 30000
13 10000 30000
14 10000 0
15 10000 0
16 10000 0
17 10000 0
--------------------------------------------------------------------------------
Average delay(usec) : 11764 Average delay variation(usec) : 3750
Maximum delay(usec) : 40000 Maximum delay variation(usec) : 30000
Minimum delay(usec) : 10000 Minimum delay variation(usec) : 0
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 2
#
cfm version standard
cfm enable
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
cfm md md3
ma ma3
map vlan 2
mep mep-id 3 interface Ethernet0/0/1 outward
mep ccm-send mep-id 3 enable
remote-mep mep-id 4
remote-mep ccm-receive mep-id 4 enable
#
return
#
sysname CE2
#
vlan batch 2
#
cfm version standard
cfm enable
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
cfm md md3
ma ma3
map vlan 2
mep mep-id 4 interface Ethernet0/0/1 outward
mep ccm-send mep-id 4 enable
remote-mep mep-id 3
remote-mep ccm-receive mep-id 3 enable
delay-measure one-way receive
#
return
Networking Requirements
As networks rapidly develop and applications become diversified, various value-added services
such as IPTV, video conferencing and VOIP are widely used. Link connectivity and network
performance determine QoS on bearer networks. Therefore, performance monitoring is
especially important for service transmission.
As shown in Figure 9-44, CFM is configured between CEs. To provide high-quality video
services, carriers hope to monitor the two-way delay over mobile bearer links in real time, while
monitoring link connectivity. Monitoring the two-way delay over mobile bearer links allows the
carriers to respond quickly to video service quality deterioration.
PE1 PE2
Eth0/0/2 Eth0/0/2
VLAN
Eth0/0/1 Eth0/0/1
Eth0/0/1 Eth0/0/1
CE1 CE2
User User
network network
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure on-demand two-way frame delay measurement for the end-to-end link between
the CEs to periodically collect statistics about the delay in frame transmission.
Procedure
Step 1 Configure basic Ethernet CFM functions and specify the MEP type as outward.
Configure basic Ethernet CFM functions on each CE. Specify CFM version as IEEE Standard
802.1ag-2007, create an MD named md3 and an MA named ma3, and bind the MA to the VLAN.
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] vlan 2
[CE1] interface ethernet 0/0/1
[CE1-Ethernet0/0/1] port link-type trunk
[CE1-Ethernet0/0/1] port trunk allow-pass vlan 2
[CE1-Ethernet0/0/1] quit
[CE1] cfm enable
[CE1] cfm version standard
[CE1] cfm md md3
[CE1-md-md3] ma ma3
[CE1-md-md3-ma-ma3] map vlan 2
[CE1-md-md3-ma-ma3] mep mep-id 3 interface ethernet 0/0/1 outward
[CE1-md-md3-ma-ma3] mep ccm-send mep-id 3 enable
[CE1-md-md3-ma-ma3] remote-mep mep-id 4
[CE1-md-md3-ma-ma3] remote-mep ccm-receive mep-id 4 enable
# Configure CE2.
<Quidway> system-view
[Quidway] sysname CE2
[CE2] vlan 2
[CE2] interface ethernet 0/0/1
[CE2-Ethernet0/0/1]port link-type trunk
[CE2-Ethernet0/0/1]port trunk allow-pass vlan 2
[CE2-Ethernet0/0/1]quit
[CE2] cfm enable
[CE2] cfm version standard
[CE2] cfm md md3
[CE2-md-md3] ma ma3
[CE2-md-md3-ma-ma3] map vlan 2
[CE2-md-md3-ma-ma3] mep mep-id 4 interface ethernet 0/0/1 outward
[CE2-md-md3-ma-ma3] mep ccm-send mep-id 4 enable
[CE2-md-md3-ma-ma3] remote-mep mep-id 3
[CE2-md-md3-ma-ma3] remote-mep ccm-receive mep-id 3 enable
# Configure CE2.
[CE2] cfm md md3
[CE2-md-md3] ma ma3
[CE2-md-md3-ma-ma3] delay-measure two-way receive
[CE2-md-md3-ma-ma3] quit
[CE2-md-md3] quit
# Configure CE1.
[CE1] cfm md md3
[CE1-md-md3] ma ma3
[CE1-md-md3-ma-ma3] delay-measure two-way remote-mep mep-id 4 interval 10000 count
20
[CE1-md-md3-ma-ma3] quit
[CE1-md-md3] quit
# After the configuration is complete, run the display y1731 statistics-type twoway-delay md
md3 ma ma3 command. You can see the statistics about the two-way frame delay.
<CE1> display y1731 statistic-type twoway-delay md md3 ma ma3
Latest two-way delay statistics:
--------------------------------------------------------------------------------
Index Delay(usec) Delay variation(usec)
--------------------------------------------------------------------------------
1 0 -
2 0 0
3 0 0
4 0 0
5 0 0
6 0 0
7 0 0
8 0 0
9 0 0
10 0 0
--------------------------------------------------------------------------------
Average delay(usec) : 0 Average delay variation(usec) : 0
Maximum delay(usec) : 0 Maximum delay variation(usec) : 0
Minimum delay(usec) : 0 Minimum delay variation(usec) : 0
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 2
#
cfm version standard
cfm enable
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
cfm md md3
ma ma3
map vlan 2
mep mep-id 3 interface Ethernet0/0/1 outward
mep ccm-send mep-id 3 enable
remote-mep mep-id 4
remote-mep ccm-receive mep-id 4 enable
#
return
#
sysname CE2
#
vlan batch 2
#
cfm version standard
cfm enable
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
cfm md md3
ma ma3
map vlan 2
Networking Requirements
AIS is used to prevent a MEP in an MD of a higher level from sending the same trap as that sent
by a MEP in an MD of a lower level to the NMS.
As shown in Figure 9-45, CE1 is connected to PE1 and CE2 is connected to PE2 through sub-
interfaces. A VLAN is created between PEs.
AIS is configured on PEs and alarm suppression is enabled on CEs. In MD nesting scenarios, if
a MEP in a low-level MD detects a fault, the MEP sends a trap to the NMS. After a certain
period, a MEP in the MD of a higher level also detects the fault and sends the same trap to the
NMS. In this case, the MEP in the MD of a higher level must be prevented from sending the
same trap to the NMS.
MD2 Level 3
MD1 Level 6
Configuration Roadmap
The configuration roadmap is as follows:
1. Add PEs to an MD, add each PE and its attached CE to an MD, and ensure that the level
of the MD to which the PEs belong is lower than that to which each PE and its attached CE
belong so that the MEP in the MD of a higher level is suppressed from sending the same
trap to the NMS.
2. Configure alarm suppression to suppress MEPs in MDs of different levels from sending
the same trap to the NMS.
Procedure
Step 1 Configure VLANs.
Configure a VLAN between PE1 and PE2. The configuration details are not mentioned here.
For details, see 3.2 VLAN Configuration in the S2300&S3300 Series Ethernet Switches
Configuration Guide - LAN Configuration or configuration files in this configuration example.
Configure basic Ethernet CFM functions on each PE. Specify CFM version as IEEE Standard
802.1ag-2007, create an MD named md1 and an MA named ma1, and bind the MA to the VLAN.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] cfm version standard
[PE1] cfm enable
[PE1] cfm md md1 level 3
[PE1-md-md1] ma ma1
[PE1-md-md1-ma-ma1] map vlan 2
[PE1-md-md1-ma-ma1] quit
[PE1-md-md1] quit
# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] cfm version standard
[PE2] cfm enable
[PE2] cfm md md1 level 3
[PE2-md-md1] ma ma1
[PE2-md-md1-ma-ma1] map vlan 2
[PE2-md-md1-ma-ma1] quit
[PE2-md-md1] quit
Configure basic Ethernet CFM functions on each CE. Specify CFM version as IEEE Standard
802.1ag-2007, and create an MD named md2 and an MA named ma2.
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] cfm version standard
[CE1] cfm enable
[CE1] cfm md md2 level 6
[CE1-md-md2] ma ma2
[CE1-md-md2-ma-ma2] map vlan 10
[CE1-md-md2-ma-ma2] quit
[CE1-md-md2] quit
# Configure CE2.
<Quidway> system-view
[Quidway] sysname CE2
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet0/0/1] quit
[CE2] cfm version standard
[CE2] cfm enable
[CE2] cfm md md2 level 6
[CE2-md-md2] ma ma2
[CE2-md-md2-ma-ma2] map vlan 10
[CE2-md-md2-ma-ma2] quit
[CE2-md-md2] quit
# Configure PE2.
[PE2] cfm md md1
[PE2-md-md1] ma ma1
[PE2-md-md1-ma-ma1] mep mep-id 31 interface gigabitethernet 0/0/1 outward
[PE2-md-md1-ma-ma1] mep ccm-send enable
[PE2-md-md1-ma-ma1] remote-mep mep-id 31
[PE2-md-md1-ma-ma1] remote-mep ccm-receive enable
[PE2-md-md1-ma-ma1] quit
[PE2-md-md1] quit
# Configure CE2.
[CE2] cfm md md2
[CE2-md-md2] ma ma2
[CE2-md-md2-ma-ma2] mep mep-id 62 interface gigabitethernet 0/0/1 outward
[CE2-md-md2-ma-ma2] ccm-interval 10000
[CE2-md-md2-ma-ma2] mep ccm-send enable
[CE2-md-md2-ma-ma2] remote-mep mep-id 61
[CE2-md-md2-ma-ma2] remote-mep ccm-receive enable
[CE2-md-md2-ma-ma2] quit
[CE2-md-md2] quit
# Configure PE2.
[PE2] cfm md md1
[PE2-md-md1] ma ma1
[PE2-md-md1-ma-ma1] ais enable
[PE2-md-md1-ma-ma1] ais link-status interface gigabitethernet 0/0/2
[PE2-md-md1-ma-ma1] ais level 6
# Configure CE2.
[CE2] cfm md md2
[CE2-md-md2] ma ma2
[CE2-md-md2-ma-ma2] ais enable
[CE2-md-md2-ma-ma2] ais suppress-alarm
[CE2-md-md2-ma-ma2] quit
[CE2-md-md2] quit
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 2
#
cfm version standard
cfm enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
cfm md md1 level 3
ma ma1
map vlan 2
mep mep-id 31 interface GigabitEthernet0/0/1 outward
mep ccm-send enable
remote-mep mep-id 32
remote-mep ccm-receive enable
ais enable
ais link-status interface GigabitEthernet0/0/2
ais level 6
ais interval 1
ais vlan vid 10 mep 31
#
return
#
cfm version standard
cfm enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
cfm md md2 level 6
ma ma2
map vlan 10
mep mep-id 61 interface GigabitEthernet0/0/1 outward
ccm-interval 10000
mep ccm-send enable
remote-mep mep-id 62
remote-mep ccm-receive enable
ais enable
ais suppress-alarm
#
return
#
cfm md md2 level 6
ma ma2
map vlan 10
mep mep-id 62 interface GigabitEthernet0/0/1 outward
ccm-interval 10000
mep ccm-send enable
remote-mep mep-id 61
remote-mep ccm-receive enable
ais enable
ais suppress-alarm
#
return
This document describes procedures and provides examples for configuring the Device
Management features of the device.
10.1 Energy-saving Management
You can configure the energy-saving management function to reduce device power consumption
and save energy.
10.2 Information Center Configuration
The information center works as the information hub. It records system running information in
real time, which helps the network administrator and developers to monitor network operation
and analyze network faults.
10.3 USB-based Deployment Configuration
USB-based deployment simplifies the deployment process, reduces the deployment costs, and
relieves users from software commissioning.
10.4 NAP Configuration
Neighbor Access Protocol (NAP) is designed for implementing remote deployment of
unconfigured devices.
10.5 Mirroring Configuration
Packet mirroring copies packets to a specified destination so that you can ayalyze packets to
monitor the network and rectify faults.
10.6 PoE Configuration
PDs, such as wireless telephones and APs, are provided with power when the devices are
configured with PoE.
10.7 iStack Configuration
Multiple switches set up a stack to improve data forwarding capabilities and network reliability.
Networking Requirements
As shown in Figure 10-1, GigabitEthernet0/0/1 on SwitchA connects to GigabitEthernet0/0/1
on SwitchB through optical fibers.
When a link fails, the laser on the optical module is required to automatically stop sending pulses
and recover pulse sending after the link is recovered.
SwitchA SwitchB
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable ALS on the interface so that the laser automatically stops sending pulses when a
link fails.
2. Set the restart mode of the laser to automatic restart mode so that the laser sends pulses
again after the link is recovered.
Procedure
Step 1 Configure ALS on the interface and the restart mode of the laser.
# Enable ALS on interfaces GigabitEthernet0/0/1 of SwitchA and set the restart mode of the
laser to automatic restart.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] als enable
[SwitchA-GigabitEthernet0/0/1] undo als restart mode manual
# Enable ALS on interfaces GigabitEthernet0/0/1 of SwitchB and set the restart mode of the
laser to automatic restart.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] als enable
[SwitchB-GigabitEthernet0/0/1] undo als restart mode manual
----End
Configuration file
l Configuration file of SwitchA
#
sysname SwitchA
#
interface GigabitEthernet0/0/1
als enable
#
return
#
sysname SwitchB
#
interface GigabitEthernet0/0/1
als enable
#
return
VLANIF100
172.16.0.1/24
Ethernet0/0/1
SwitchA
Server 4 Server 2
10.2.1.2/24 10.2.1.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the information center.
2. Configure SwitchA to send logs of notification generated by the ARP module to Server1,
and specify Server3 as the backup of Server1. Configure SwitchA to send logs of warning
generated by the AAA module to Server2, and specify Server4 as the backup of Server2.
3. Configure the log host on the server so that the network administrator can receive logs
generated by SwitchA on the log host.
Procedure
Step 1 Enable the information center.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] info-center enable
Step 2 Configure a channel and a rule for outputting logs to a log host.
# Name a channel.
[SwitchA] info-center channel 6 name loghost1
[SwitchA] info-center channel 7 name loghost2
Step 3 Configure an IP address for the interface that sends log information.
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface vlanif100
[SwitchA-Vlanif100] ip address 172.16.0.1 255.255.255.0
[SwitchA-Vlanif100] quit
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
info-center channel 6 name loghost1
info-center channel 7 name loghost2
info-center source ARP channel 6 log level notification
info-center source AAA channel 7 log level warning
info-center loghost 10.1.1.1 channel 6
info-center loghost 10.1.1.2 channel 6
info-center loghost 10.2.1.1 channel 7
info-center loghost 10.2.1.2 channel 7
#
vlan batch 100
#
interface Vlanif100
ip address 172.16.0.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
Figure 10-3 Networking diagram for outputting traps to the SNMP agent
NM Station SwitchA
10.1.1.1/24 10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the information center.
2. Configure a channel and a rule for outputting traps to the SNMP agent so that the SNMP
agent can receive traps generated by SwitchA.
3. Configure SwitchA to output traps to the NMS station so that the NMS station can receive
traps generated by SwitchA.
Procedure
Step 1 Configure the VLAN to which the interface connected to the NMS station belongs to. The
configuration details are not mentioned here.
Step 2 Assign an IP address to each VLANIF interface. The configuration details are not mentioned
here.
Step 3 Enable the information center.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] info-center enable
Step 4 Configure a channel and a rule for outputting traps to the SNMP agent.
# Configure a channel for outputting traps to the SNMP agent.
[SwitchA] info-center snmp channel channel7
[SwitchA] info-center source arp channel channel7 trap level informational state on
NOTE
By default, the device uses the SNMP agent to output traps of all modules.
Step 5 Configure the SNMP agent to output traps to the NMS station.
# Enable the SNMP agent and set the SNMP version to SNMPv2c.
[SwitchA] snmp-agent sys-info version v2c
# View traps output through the channel used by the SNMP agent.
<SwitchA> display channel 7
channel number:7, channel name:channel7
MODU_ID NAME ENABLE LOG_LEVEL ENABLE TRAP_LEVEL ENABLE DEBUG_LEVEL
ffff0000 default Y debugging Y debugging N debugging
416e0000 ARP Y debugging Y informational N debugging
With ext-vb : No
-----------------------------------------------------------
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2
#
interface Vlanif2
ip address 10.1.1.2 255.255.255.0
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
info-center source ARP channel 7 trap level informational
info-center snmp channel 7
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF00003B4C
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public
v2c
snmp-agent trap enable
#
return
Networking Requirements
As shown in Figure 10-4, the PC connects to SwitchA through a console interface. It is required
that debugging messages of the ARP module be displayed on the PC.
Figure 10-4 Networking diagram for outputting debugging messages to the console
Console
SwitchA PC
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Enable the information center.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] info-center enable
Step 2 Configure a channel and a rule for outputting debugging messages to the console.
# Configure a channel for outputting debugging messages to the console.
[SwitchA] info-center console channel console
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
info-center source ARP channel 0
#
return
Networking Requirements
As shown in Figure 10-5, in the network deployment for a residential community, the
aggregation device SwitchD is connected to new Switches (such as SwitchA, SwitchB, and
SwitchC) on each layer of buildings in the residential community.
Users want to load the same system software, patch file, and configuration file on all the
Switchs on layers. Besides, to save manpower costs and deployment time of many Switches, the
Switches are required to be automatically configured with the same configuration.
VLAN10
SwitchA Eth
0/0
/ 1 Eth0/0/4
Eth0/0/2 VLAN20
3
0 /0/ SwitchD
SwitchB Et h PC
DHCP Server FTP Server
SwitchC
Configuration Roadmap
The configuration roadmap is as follows:
1. Directly connect the user PC to SwitchD and configure the PC as an FTP server.
2. Place the configuration file, system software, and patch file to be loaded to the working
directory of the FTP server to ensure that SwitchA, SwitchB, and SwitchC can obtain files
to be loaded.
3. Configure SwitchD as the DHCP server to provide network configurations to SwitchA,
SwitchB, and SwitchC. Configure information about the system software, patch file, and
configuration file in Option 67 and Option 145 because the same files are to be loaded on
all the Switches.
4. Power on SwitchA, SwitchB, and SwitchC, so that the configuration file, system software,
and patch file are automatically loaded using auto-config.
NOTE
Procedure
Step 1 Configuring the FTP server
# Configure the FTP server IP address, user name, password, and working directory.
As shown in Figure 10-6, run an FTP server program on the PC, for example, wftpd32. Choose
Security > Users/rights. Click New User in the displayed dialog box to set the user name to
user and password to huawei. Enter the FTP working directory in the Home Directory: text
box to set working directory to D:\autoconfig. Click Done to finish the setting and close the
dialog box. Set the PC IP address to 192.168.1.6 and mask to 255.255.255.0.
Step 2 Upload the system software, configuration file, and patch file to the FTP server working directory
D:\autoconfig. Procedures for uploading the files are not mentioned here
Step 3 Configuring the DHCP server
<Quidway> system-view
[Quidway] sysname DHCP Server
[DHCP Server] dhcp enable
[DHCP Server] vlan batch 10 20
[DHCP Server] interface ethernet 0/0/1
[DHCP Server-Ethernet0/0/1] port hybrid pvid vlan 10
[DHCP Server-Ethernet0/0/1] port hybrid untagged vlan 10
[DHCP Server-Ethernet0/0/1] quit
[DHCP Server] interface ethernet 0/0/2
[DHCP Server-Ethernet0/0/2] port hybrid pvid vlan 10
[DHCP Server-Ethernet0/0/2] port hybrid untagged vlan 10
[DHCP Server-Ethernet0/0/2] quit
[DHCP Server] interface ethernet 0/0/3
[DHCP Server-Ethernet0/0/3] port hybrid pvid vlan 10
[DHCP Server-Ethernet0/0/3] port hybrid untagged vlan 10
[DHCP Server-Ethernet0/0/3] quit
[DHCP Server] interface ethernet 0/0/4
[DHCP Server-Ethernet0/0/4] port hybrid pvid vlan 20
[DHCP Server-Ethernet0/0/4] port hybrid untagged vlan 20
[DHCP Server-Ethernet0/0/4] quit
[DHCP Server] interface vlanif 10
[DHCP Server-Vlanif10] ip address 192.168.2.6 255.255.255.0
[DHCP Server-Vlanif10] dhcp select global
[DHCP Server-Vlanif10] quit
[DHCP Server] interface vlanif 20
[DHCP Server-Vlanif20] ip address 192.168.1.1 255.255.255.0
[DHCP Server-Vlanif20] quit
[DHCP Server] ip pool auto-config
[DHCP Server-ip-pool-auto-config] network 192.168.2.0 mask 255.255.255.0
Step 4 Power on SwitchA, SwitchB, and SwitchC, and run the Auto-config process
# After auto-config is finished, log in to the Switches to be configured and run the display
startup command to view the system software, configuration file, and patch file for the startup
of the Switch. SwitchA is used as an example.
<Quidway> display startup
MainBoard:
Configured startup system software: flash:/s_V100R006C05.cc
Startup system software: flash:/s_V100R006C05.cc
Next startup system software: flash:/s_V100R006C05.cc
Startup saved-configuration file: flash:/s_V100R006C05.cfg
Next startup saved-configuration file: flash:/s_V100R006C05.cfg
Startup paf file: NULL
Next startup paf file: NULL
Startup license file: NULL
Next startup license file: NULL
Startup patch package: flash:/s_V100R006C05.pat
Next startup patch package: flash:/s_V100R006C05.pat
----End
Configuration Files
Configuration file of the DHCP server
#
sysname DHCP Server
#
vlan batch 10 20
#
dhcp enable
#
ip pool auto-config
gateway-list 192.168.2.6
network 192.168.2.0 mask 255.255.255.0
option 67 ascii s_V100R006C05.cfg
option 141 ascii user
option 142 ascii huawei
option 143 ip-address 192.168.1.6
option 145 ascii
vrpfile=s_V100R006C05.cc;vrpver=V100R006C05;patchfile=s_V100R006C05.pat;
#
interface Vlanif10
ip address 192.168.2.6 255.255.255.0
dhcp select global
#
interface Vlanfi20
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/4
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
return
Networking Requirements
As shown in Figure 10-7, in the network deployment for branches of an enterprise, the new
SwitchA, SwitchB, and SwitchC are connected to Eth0/0/1, Eth0/0/2, and Eth0/0/3 on
SwitchD respectively. SwitchD functions as the egress gateway of the branches and is connected
to the headquarters across the Layer 3 network.
Users want to load different system software, patch files, and configuration files on SwitchA,
SwitchB, and SwitchC. Besides, to save manpower costs, users want the Switches to be
automatically configured with different configurations.
Branches
SwitchA Headquarters
Eth0/0/1-3
Eth0/0/1 Eth0/0/2
Network
Switch SwitchD
SwitchE PC
B DHCP relay
DHCP server FTP server
agent
SwitchC
Configuration Roadmap
The configuration roadmap is as follows:
1. Directly connect the user PC to SwitchE and configure the PC as an FTP server.
2. Configure an intermediate file so that SwitchA, SwitchB, and SwitchC can obtain
configuration files, system software, and patch files through the intermediate file.
3. Place the intermediate file, configuration files, system software, and patch files to be loaded
to the working directory of the FTP server to ensure that Switches to be configured can
obtain files to be loaded.
4. Configure the branch gateway SwitchD as the DHCP relay agent and configure SwitchE
in the headquarters as the DHCP server so that the DHCP server can deliver network
configurations to Switches to be configured on different network segments.
5. Power on SwitchA, SwitchB, and SwitchC so that configuration files, system software, and
patch files are automatically loaded using auto-config.
NOTE
Procedure
Step 1 Configuring the FTP server
# Configure the FTP server IP address, user name, password, and working directory.
As shown in Figure 10-8, run an FTP server program on the PC, for example, wftpd32. Choose
Security > Users/rights. Click New User in the displayed dialog box to set the user name to
user and password to huawei. Enter the FTP working directory in the Home Directory: text
box to set working directory to D:\autoconfig. Click Done to finish the setting and close the
dialog box. Set the PC IP address to 192.168.4.6 and mask to 255.255.255.0.
MAC=0025-9e1e-773c;vrpfile=auto_V100R006C03.cc;vrpver=V100R006C03;patchfile=auto_V
100R006C03.pat;cfgfile=auto_V100R006C03.cfg;
MAC=0025-9e1e-773d;vrpfile=auto_V100R006C00.cc;vrpver=V100R006C00;patchfile=auto_V
100R006C00.pat;cfgfile=auto_V100R006C00.cfg;
Step 3 Upload the intermediate file, system software, configuration file, and patch file to the FTP server
working directory D:\autoconfig. Procedures for upload the files are not mentioned here
# Configure a static route on SwitchD. The destination IP address of the static route is the PC
IP address and the next hop is the IP address of an interface on a Layer 3 device directly connected
to SwitchD.
# Configure a static route on SwitchE. The destination IP address of the static route is the IP
address pool segment and the next hop is the IP address of an interface on a Layer 3 device
directly connected to SwitchE.
Step 6 Power on SwitchA, SwitchB, and SwitchC, and run the Auto-config process
Step 7 Verify the configuration
# After auto-config is finished, log in to the Switches to be configured and run the display
startup command to view the system software, configuration file, and patch file for the startup
of the Switch. SwitchC is used as an example.
<Quidway> display startup
MainBoard:
Configured startup system software: flash:/auto_V100R006C00.cc
Startup system software: flash:/auto_V100R006C00.cc
Next startup system software: flash:/auto_V100R006C00.cc
Startup saved-configuration file: flash:/auto_V100R006C00.cfg
Next startup saved-configuration file: flash:/auto_V100R006C00.cfg
Startup paf file: NULL
Next startup paf file: NULL
Startup license file: NULL
Next startup license file: NULL
Startup patch package: flash:/auto_V100R006C00.pat
Next startup patch package: flash:/auto_V100R006C00.pat
----End
Configuration Files
l Configuration file of the DHCP relay agent
#
sysname DHCP Relay
#
vlan batch 10
#
dhcp enable
#
interface Vlanif10
ip address 192.168.1.6 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.2.6
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Ethernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
Networking Requirements
As shown in Figure 10-9, SwitchC and SwitchB are directly connected, but they are located at
equipment rooms far away from each other. SwitchC is a new device on the network and does
not load any configuration file while SwitchB is an existing device on the network.
You want to implement remote deployment for SwitchC on SwitchB to reduce network operation
and maintenance costs.
GE0/0/1
Internet
Configuration Roadmap
The configuration roadmap is as follows:
1. Set interface Ethernet0/0/1 of SwitchB to a master NAP interface to establish NAP neighbor
relationship between SwitchB and SwitchC.
2. Use Telnet to log in to SwitchC from SwitchB to configure remote deployment.
Procedure
Step 1 Set an interface to a master NAP interface.
# Run the display nap interface command on SwitchB to check whether a NAP neighbor
relationship has been established and whether IP addresses have been assigned to the master and
slave interfaces.
[SwitchB-Ethernet0/0/1] display nap interface
------------------------------------------------------
NAP master port list
Port count : 1
------------------------------------------------------
Port property : Master
Current status : IP-ASSIGNED
Local port : Ethernet0/0/1
Peer port : Ethernet0/0/1
Local IP : 10.167.253.1
Peer IP : 10.167.253.2
Hello time : 3s
Linked time : 00:00:26
------------------------------------------------------
After logging in to SwitchC, you can configure deployment on SwitchC. It is recommended that
you set the IP address, user name, and password and enable the Telnet service on SwitchC so
that you can use Telnet to directly log in to SwitchC.
Step 4 Log in to SwitchC using the configured IP address, user name, and password to disable NAP on
the slave device.
----End
Configuration File
None
NOTE
The terms mirrored port, port mirroring, traffic mirroring, and mirroing in this manual are mentioned only
to describe the product's function of communication error or failure detection, and do not involve collection
or processing of any personal information or communication data of users.
Networking Requirements
As shown in Figure 10-10, HostA is connected to GigabitEthernet0/0/1 on SwitchA, and Server
is directly connected to GigabitEthernet0/0/2 on SwitchA.
Users want to use the monitoring device (Server) to monitor packets sent from HostA.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure GigabitEthernet0/0/2 on SwitchA as the local observing port so that Server can
receive mirrored packets.
2. Configure GigabitEthernet0/0/1 on SwitchA as the mirrored port to monitor packets passing
through the mirrored port.
Procedure
Step 1 Configure an observing port.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
observe-port 1 interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/1
port-mirroring to observe-port 1 inbound
#
return
Networking Requirements
As shown in Figure 10-11, HostA is connected to GigabitEthernet0/0/2 on SwitchA, and Server
is connected to GigabitEthernet0/0/1 on SwitchC. SwitchA and SwitchC are connected over a
Layer 2 network.
Users want to use the monitoring device (Server) to remotely monitor packets sent from HostA.
HostA Server
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure ports so that devices can communicate on Layer 2.
2. Configure GigabitEthernet0/0/1 on SwitchA as the remote observing port so that mirrored
packets can be forwarded to Server over the Layer 2 network.
3. Configure GigabitEthernet0/0/2 on SwitchA as the mirrored port to monitor packets passing
through the mirrored port.
Procedure
Step 1 Configure ports so that devices can communicate on Layer 2.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 2 to 3
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 2
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type access
[SwitchA-GigabitEthernet0/0/2] port default vlan 3
[SwitchA-GigabitEthernet0/0/2] quit
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan 2
[SwitchB-vlan2] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 2
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 2
[SwitchB-GigabitEthernet0/0/2] quit
# Configure SwitchC.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] vlan 2
[SwitchC-vlan2] quit
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type access
[SwitchC-GigabitEthernet0/0/1] port default vlan 2
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type trunk
[SwitchC-GigabitEthernet0/0/2] port trunk allow-pass vlan 2
[SwitchC-GigabitEthernet0/0/2] quit
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 3
#
observe-port 1 interface GigabitEthernet0/0/1 vlan 2
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 3
port-mirroring to observe-port 1 inbound
#
return
Networking Requirements
As shown in Figure 10-12, HostA is connected to GigabitEthernet0/0/1 on SwitchA, and Server
is directly connected to GigabitEthernet0/0/2 on SwitchA.
Users want to use the monitoring device (Server) to monitor packets with the 802.1p priority of
6 sent from HostA.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure GigabitEthernet0/0/2 on SwitchA as the local observing port so that Server can
receive mirrored packets.
2. Configure a traffic classifier to match packets with the 802.1p priority of 6, and configure
a traffic behavior to mirror packets to the observing port.
3. Configure a traffic policy, bind the traffic classifier and traffic behavior to the traffic policy,
and apply the traffic policy on GigabitEthernet0/0/1.
Procedure
Step 1 Configure an observing port.
# Create a traffic classifier named c1 on SwitchA and set the traffic classification rule that only
packets with the 802.1p priority of 6 can be matched.
[SwitchA] traffic classifier c1
[SwitchA-classifier-c1] if-match 8021p 6
[SwitchA-classifier-c1] quit
Step 4 Configure a traffic policy and apply the traffic policy to the interface.
# Create a traffic policy named p1 on SwitchA, bind the traffic classifier and traffic behavior to
the traffic policy, and apply the traffic policy to the inbound direction of GigabitEthernet0/0/1
to monitor packets with the 802.1p priority of 6 sent from HostA.
[SwitchA] traffic policy p1
[SwitchA-trafficpolicy-p1] classifier c1 behavior b1
[SwitchA-trafficpolicy-p1] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] traffic-policy p1 inbound
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] quit
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
observe-port 1 interface GigabitEthernet0/0/2
#
traffic classifier c1 operator and
if-match 8021p 6
#
traffic behavior b1
mirroring to observe-port 1
#
traffic policy p1
classifier c1 behavior b1
#
interface GigabitEthernet0/0/1
traffic-policy p1 inbound
#
return
Networking Requirements
As shown in Figure 10-13, HostA and HostB are respectively connected to GigabitEthernet0/0/1
and GigabitEthernet0/0/2 on SwitchA, and HostA and HostB both belong to VLAN 10. Server
is directly connected to GigabitEthernet0/0/3 on SwitchA.
Users want to use the monitoring device (Server) to monitor packets sent from all active ports
in VLAN 10.
HostA
GE0/0/1
GE0/0/3
Server
GE0/0/2
SwitchA
HostB
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure GigabitEthernet0/0/3 on SwitchA as the observing port so that Server can receive
mirrored packets.
2. Configure VLAN 10 as the mirrored VLAN.
Procedure
Step 1 Configure VLANs for the ports.
<Switch> system-view
[Switch] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] port default vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type access
[SwitchA-GigabitEthernet0/0/2] port default vlan 10
[SwitchA-GigabitEthernet0/0/2] quit
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
observe-port 1 interface GigabitEthernet0/0/3
#
vlan 10
mirroring to observe-port 1 inbound
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
return
HostA
GE0/0/1
GE0/0/3
Server
GE0/0/2
SwitchA
HostB
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure GigabitEthernet0/0/3 on SwitchA as the observing port so that Server can receive
mirrored packets.
2. Configure MAC address mirroring in VLAN 10 view.
Procedure
Step 1 Configure VLANs for the ports.
<Switch> system-view
[Switch] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] port default vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type access
[SwitchA-GigabitEthernet0/0/2] port default vlan 10
[SwitchA-GigabitEthernet0/0/2] quit
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
observe-port 1 interface GigabitEthernet0/0/3
#
vlan 10
mac-mirroring 0001-0001-0001 to observe-port 1 inbound
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
return
Eth0/0/3 Eth0/0/4
IP Phone1 AP1
IP Phone2 AP2
Configuration Roadmap
The switch supporting PoE and installed with the PoE power supply is required.
1. Configure the power management mode as automatic mode so that PDs can be flexibly
managed.
2. Configure the power supply priority on Ethernet0/0/2 and Ethernet0/0/1 so that AP1 and
IP phone1 are provided with power preferentially.
3. Configure the maximum output power on Ethernet0/0/1, Ethernet0/0/3, and
Ethernet0/0/2 to limit the power of the corresponding interface and ensure security of the
device.
Procedure
Step 1 Configure the power management mode of the device as automatic mode.
<Quidway> system-view
[Quidway] poe power-management auto
Step 2 Configure the maximum output power on Ethernet0/0/1, Ethernet0/0/3, and Ethernet0/0/2 as 15
W, 15 W, and 20 W respectively.
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] poe power 15000
[Quidway-Ethernet0/0/1] quit
[Quidway] interface ethernet 0/0/3
[Quidway-Ethernet0/0/3] poe power 15000
[Quidway-Ethernet0/0/3] quit
[Quidway] interface ethernet 0/0/2
[Quidway-Ethernet0/0/2] poe power 20000
[Quidway-Ethernet0/0/2] quit
NOTE
On the device, the unit of the output power is mW.
# Display the PoE power supply status of the interface on the device.
[Quidway] display poe power-state
PORTNAME POWERON/OFF ENABLED PRIORITY STATUS
--------------------------------------------------------------------------------
Ethernet0/0/1 on enable high Powered
Ethernet0/0/2 on enable Critical Powered
Ethernet0/0/3 on enable Low Powered
Ethernet0/0/4 on enable Low Powered
Ethernet0/0/5 off enable Low Detecting
Ethernet0/0/6 off enable Low Detecting
Ethernet0/0/7 off enable Low Detecting
Ethernet0/0/8 off enable Low Detecting
----End
Configuration Files
#
interface Ethernet0/0/1
poe priority high
poe power 15000
#
interface Ethernet0/0/2
poe priority critical
poe power 20000
#
interface Ethernet0/0/3
poe power 15000
#
return
Networking Requirements
As shown in Figure 10-16, SwitchA, SwitchB, SwitchC, and SwitchD form a ring stack.
As the network size rapidly increases, the number of access interfaces provided by an access
switch needs to be increased, and the network must be easy to manage and maintain. However,
a single access switch cannot meet these requirements.
SwitchA SwitchB
GE0/0/28
GE0/0/27
GE0/0/27 GE0/0/28
GE0/0/28 GE0/0/27
GE0/0/27
SwitchC SwitchD
GE0/0/28
iStack link
common link
Configuration Roadmap
The configuration roadmap is as follows:
1. Use SFP+ cables to connect ports according to Figure 10-16.
2. Configure physical member ports and add them to a stack port to implement data packet
forwarding. Two physical member ports connected by a stack cable must be added to
different stack ports.
Procedure
Step 1 Configure stack ports.
# Configure service ports Ethernet0/0/27 and Ethernet0/0/28 on SwitchA as physical member
ports and add them to a stack port.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stack port interface ethernet 0/0/27 enable
Warning: Enabling stack port may cause configuration loss on the interface, cont
inue?[Y/N]:y
[SwitchA] stack port interface ethernet 0/0/28 enable
Warning: Enabling stack port may cause configuration loss on the interface, cont
inue?[Y/N]:y
[SwitchA] interface stack-port 0/1
[SwitchA-stack-port0/1] port member-group interface ethernet 0/0/27
[SwitchA-stack-port0/1] quit
[SwitchA] interface stack-port 0/2
[SwitchA-stack-port0/2] port member-group interface ethernet 0/0/28
[SwitchA-stack-port0/2] quit
----End
Configuration File
None
Configuration Requirements
As shown in , SwitchA and SwitchB form a stack. The stack IDs of SwitchA and SwitchB are
0 and 1 respectively.
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Number of the interface to be configured with in direct mode
Procedure
Step 1 Configure on interfaces.
<Quidway> system-view
[Quidway] interface ethernet 0/0/5
[Quidway-Ethernet0/0/5] detect mode direct
Warning: This command will block the port, and no other configuration running on
this port is recommended. Continue?[Y/N]:y
----End
Configuration File
l Configuration file of the stack
#
interface ethernet0/0/5
detect mode direct
#
interface ethernet1/0/5
detect mode direct
#
return
Configuration Requirements
As shown in , SwitchA and SwitchB form a stack. SwitchA and SwitchB connect to SwitchC
using Eth-Trunk1.
When the stack splits because of a stack link fault and there are two devices with the same
configuration on the network, you can use to reduce the impact of a stack split on the network.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure .
# Configure in relay mode.
<Quidway> system-view
[Quidway] interface eth-trunk 1
[Quidway-Eth-Trunk1] detect mode relay
[Quidway-Eth-Trunk1] quit
[Quidway] interface gigabitethernet 0/0/5
[Quidway-GigabitEthernet0/0/5] eth-trunk 1
[Quidway-GigabitEthernet0/0/5] quit
[Quidway] interface gigabitethernet 1/0/5
[Quidway-GigabitEthernet1/0/5] eth-trunk 1
[Quidway-GigabitEthernet1/0/5] quit
----End
Configuration File
l Configuration file of the stack
#
interface Eth-Trunk1
detect mode relay
#
interface
GigabitEthernet0/0/5
eth-trunk 1
#
interface
GigabitEthernet1/0/5
eth-trunk 1
#
return
This document describes procedures and provides examples for configuring the Device
Management features of the device.
11.1 SNMP Configuration
The Simple Network Management Protocol (SNMP) is a standard network management protocol
widely used on TCP/IP networks. It uses a central computer (a network management station)
that runs network management software to manage network elements. There are three SNMP
versions, SNMPv1, SNMPv2c, and SNMPv3. Users can choose to configure one or more
versions if needed.
11.2 RMON Configuration
Remote Network Monitoring (RMON), defined by IETF, is a widely used network management
protocol. It provides packet statistics and alarm functions for Ethernet interfaces. The
management devices use RMON to remotely monitor and manage network elements.
11.3 NTP Configuration
Network Time Protocol (NTP) synchronizes time among a set of distributed time servers and
clients.
11.4 Ping and Tracert Configuration
You can use the ping command to check network connectivity, and the tracert command to
check the path from the source to the destination and to locate faults on the network.
11.5 NQA Configuration
This chapter describes how to configure the Network Quality Analysis (NQA) to monitor the
network operating status and collect network operation indexes in real time.
11.6 LLDP Configuration
The Link Layer Discovery Protocol (LLDP) allows you to obtain details about the network
topology, changes in the topology, and detect incorrect configurations on the network.
Networking Requirements
As shown in Figure 11-1, NMS1 and MNS2 manage devices on the network. Because network
is small and secure, devices on the network use SNMPv1 to communicate with the NMSs.
A new switch is deployed on the network and needs to be managed by an NMS. Users want to
manage the switch using existing network resources and hope that faults on the switch can be
quickly identified and rectified. To meet service requirements, the NMS must manage MIB
objects except ISIS objects of the switch.
NMS1
1.1.1.1/24 Eth0/0/1
IP Network 1.1.2.1/24
Switch
NMS2
1.1.1.2/24
Configuration Roadmap
Because the network is small and secure, the new switch can use SNMPv1 to communicate with
the NMSs. To reduce loads on the NMSs, configure NMS2 to manage the switch and NMS1 not
to manage the switch.
3. Configure the trap function on the switch so that the switch can send traps to NMS2. To
help quickly identify faults according to trap messages and reduce useless traps, configure
the switch to send only the traps of the modules enabled by default.
4. Configure administrator contact information on the switch so that users can contact the
administrator quickly when a fault occurs on the switch.
5. Configure NMS2.
Procedure
Step 1 Configure an IP address for the interface of switch.
Step 2 Configure routing function to ensure reachable routes between switch and NMS2.
[Quidway] ospf
[Quidway-ospf-1] area 0
[Quidway-ospf-1-area-0.0.0.0] network 1.1.2.0 0.0.0.255
[Quidway-ospf-1-area-0.0.0.0] quit
[Quidway-ospf-1] quit
# Configure an ACL that allows NMS2 to manage the switch and prevents NMS1 from managing
the switch.
[Quidway] acl 2001
[Quidway-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[Quidway-acl-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[Quidway-acl-basic-2001] quit
# Configure the MIB view to allow NMS2 to manage objects except ISIS objects on the
switch.
[Quidway] snmp-agent mib-view excluded allextisis 1.3.6.1.3.37
# Configure a community name and reference the ACL and MIB view for the community.
[Quidway] snmp-agent community write adminnms2 mib-view allextisis acl 2001
You must set a read-write community name for an NMS running SNMPv1. For details about
the NMS configuration, see the manual of the NMS.
NOTE
The authentication parameter configuration on the NMS must be the same as that on the switch. Otherwise,
the NMS cannot manage the switch.
After completing the configuration, run the following commands to verify that the configurations
have taken effect.
----End
Configuration Files
Configuration file of the switch
#
vlan batch 100
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
snmp-agent community write cipher %$%$`^G,*3SqwTbh0j/Q,1()v!ul%$%$ mib-view
allextisis acl 2001
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v1 v3
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname cipher %
$%$n]*J3"Itf@UrL2"B%`$SdrO;%$%$
snmp-agent mib-view excluded allextisis isisMIB
#
return
NMS1
1.1.1.1/24 Eth0/0/1
IP Network 1.1.2.1/24
Switch
NMS2
1.1.1.2/24
Configuration Roadmap
The network is large and secure but the service traffic volume on the network is high. Therefore,
the new switch still uses SNMPv2c. To reduce loads on the NMSs, configure NMS2 to manage
the switch and NMS1 not to manage the switch.
Procedure
Step 1 Configure an IP address for the interface of switch.
Step 2 Configure routing function to ensure reachable routes between switch and NMS2.
[Quidway] ospf
[Quidway-ospf-1] area 0
[Quidway-ospf-1-area-0.0.0.0] network 1.1.2.0 0.0.0.255
[Quidway-ospf-1-area-0.0.0.0] quit
[Quidway-ospf-1] quit
# Configure the MIB view to allow NMS2 to manage objects except ISIS objects on the
switch.
[Quidway] snmp-agent mib-view excluded allextisis 1.3.6.1.3.37
# Configure a community name and reference the ACL and MIB view for the community.
[Quidway] snmp-agent community write adminnms2 mib-view allextisis acl 2001
NOTE
The authentication parameter configuration on the NMS must be the same as that on the switch. Otherwise,
the NMS cannot manage the switch.
----End
Configuration Files
Configuration file of the switch
#
vlan batch 100
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 800007DB03360102101100
snmp-agent community write cipher %$%$o<0)+Puf0Bl,fq);94]Nv`WN%$%$ mib-view
allextisis acl 2001
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v2c v3
Networking Requirements
As shown in Figure 11-3, NMS1 and MNS2 manage devices on the network. The network is
large and insecure. Therefore, devices on the network use SNMPv3 to communicate with the
NMSs, and authentication and encryption are configured to enhance security. A new switch is
deployed on the network and needs to be managed by an NMS.
Users want to manage the switch using existing network resources and hope that faults on the
switch can be quickly identified and rectified. To meet service requirements, the NMS must
manage MIB objects except ISIS objects of the switch.
NMS1
1.1.1.1/24 Eth0/0/1
IP Network 1.1.2.1/24
Switch
NMS2
1.1.1.2/24
Configuration Roadmap
Because the network is large and insecure, the new still uses SNMPv3. To reduce loads on the
NMSs, configure NMS2 to manage the switch and NMS1 not to manage the switch.
4. Configure administrator contact information on the switch so that users can contact the
administrator quickly when a fault occurs on the switch.
5. Configure NMS2.
Procedure
Step 1 Configure an IP address for the interface of switch.
Step 2 Configure routing function to ensure reachable routes between switch and NMS2.
[Quidway] ospf
[Quidway-ospf-1] area 0
[Quidway-ospf-1-area-0.0.0.0] network 1.1.2.0 0.0.0.255
[Quidway-ospf-1-area-0.0.0.0] quit
[Quidway-ospf-1] quit
# Configure an ACL that allows NMS2 to manage the switch and prevents NMS1 from managing
the switch.
[Quidway] acl 2001
[Quidway-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[Quidway-acl-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[Quidway-acl-basic-2001] quit
# Configure a user group and a user. Configure authentication and encryption for data of the
user.
[Quidway] snmp-agent usm-user v3 nms2-admin admin authentication-mode md5 hello123
privacy-mode des56 hello123
[Quidway] snmp-agent group v3 admin privacy write-view allextisis acl 2001
On an NMS running SNMPv3, you must set a user name and select a security level. Then set
the authentication mode, authentication password, encryption mode, and encryption key
according to the security level you select. For details about the NMS configuration, see the
manual of the NMS.
NOTE
The authentication parameter configuration on the NMS must be the same as that on the switch. Otherwise,
the NMS cannot manage the switch.
Version : v3
Level : No authentication and privacy
NMS type : NMS
With ext-vb : No
-----------------------------------------------------------
----End
Configuration Files
Configuration file of the switch
#
vlan batch 100
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface Vlanif100
ip address 1.1.2.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 800007DB0300259E0370C3
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v3
snmp-agent group v3 admin privacy write-view allextisis acl 2001
snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname nms2-
admin v3
snmp-agent mib-view excluded allextisis isisMIB
snmp-agent usm-user v3 nms2-admin admin authentication-mode md5 %$%
$0eiJ@*mM<~lo`1RYa2\*vNE<%$%$ privacy-mode des56 %$%$0eiJ@*mM<~lo`1RYa2\*vNE<%$%$
#
return
Networking Requirements
As shown in Figure 11-4, a subnet connects to the network through Eth0/0/1. The NMS monitors
the subnet, including:
l Collecting real-time and history statistics on traffic and each type of packets
l Recording logs when the traffic volume per minute exceeds the threshold
l Monitoring broadcast and multicast traffic volume on the subnet and reporting alarm to the
NMS when the traffic volume exceeds the threshold
Eth0/0/2 Eth0/0/1
IP VLANIF20 VLANIF30
Network 20.20.20.1/24 30.30.30.1/24
NMS Switch
10.10.10.1/24
Configuration Roadmap
To collect real-time and history statistics on traffic and each type of packets, configure the
RMON statistics function. You can configure the RMON alarm function to enable the device
record logs and report alarms to the NMS when the traffic volume exceeds the threshold.
Procedure
Step 1 Configure IP addresses for switch interfaces.
<Quidway> system-view
[Quidway] sysname Switch
[Switch]vlan batch 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[Switch]interface ethernet 0/0/1
[Switch-Ethernet0/0/1]port hybrid pvid vlan 30
[Switch-Ethernet0/0/1]port hybrid untagged vlan 30
[Switch-Ethernet0/0/1]quit
[Switch] interface vlanif 30
[Switch-Vlanif30] ip address 30.30.30.1 24
[Switch-Vlanif30] quit
[Switch]interface ethernet 0/0/2
[Switch-Ethernet0/0/2]port hybrid pvid vlan 20
[Switch-Ethernet0/0/2]port hybrid untagged vlan 20
[Switch-Ethernet0/0/2]quit
[Switch] interface vlanif 20
[Switch-Vlanif20] ip address 20.20.20.1 24
[Switch-Vlanif20] quit
[Switch-ospf-1-area-0.0.0.0] quit
[Switch-ospf-1] quit
Step 3 Configure basic SNMP functions and enable the switch to send traps to the NMS.
# Configure SNMPv3 on the switch. Configure an SNMP user group admin and add a user nms-
admin to the user group.
[Switch]snmp-agent group v3 admin
[Switch]snmp-agent usm-user v3 nms-admin admin
The interface enabled with the statistics function cannot be added to an Eth-Trunk.
[Switch-Ethernet0/0/1] rmon statistics 1 owner Test300
# Configure the history control table. Sample traffic on the subnet every 30 seconds and save
the latest 10 records
[Switch-Ethernet0/0/1] rmon history 1 buckets 10 interval 30 owner Test300
[Switch-Ethernet0/0/1] quit
# Configure the alarm table. Set the sampling interval and the threshold for triggering event 1
(OID is 1.3.6.1.2.1.16.1.1.1.6.1).
[Switch] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold 500 1
falling-threshold 100 1 owner Test300
# Configure the extended alarm table. Sample broadcast and multicast packets every 30 seconds.
When the number of sampled packets exceeds 1000 or decreases to 0, event 2 is triggered. That
is, the device sends a trap to the NMS.
[Switch] rmon prialarm 1 .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1
sumofbroadandmulti 30 delta rising-threshold 1000 2 falling-threshold 0 2 entrytype
forever owner Test300
Interface : Ethernet0/0/1<ifEntry.58>
Received :
octets :142915224 , packets :1749151
broadcast packets :11603 , multicast packets:756252
undersize packets :0 , oversize packets:0
fragments packets :0 , jabbers packets :0
CRC alignment errors:0 , collisions :0
Dropped packet (insufficient resources):1795
Packets received according to length (octets):
64 :150183 , 65-127 :150183 , 128-255 :1383
256-511:3698 , 512-1023:0 , 1024-1518:0
----End
Configuration Files
#
sysname Switch
#
vlan batch 20 30
#
interface Vlanif20
ip address 20.20.20.1 255.255.255.0
#
interface Vlanif30
ip address 30.30.30.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 30
port hybrid untagged vlan 30
rmon-statistics enable
rmon statistics 1 owner Test300
rmon history 1 buckets 10 interval 30 owner Test300
#
interface Ethernet0/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
rmon event 1 description null log owner Test300
rmon event 2 description forUseofPrialarm trap public owner Test300
rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold 500 1 falling-
threshold 100 1 owner Test300
rmon prialarm 1 .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1
sumofbroadandmulti 30 delta rising-threshold 1000 2 falling-threshold 0 2 entrytype
forever owner Test300
#
ospf 1
area 0.0.0.0
network 20.20.20.0 0.0.0.255
network 30.30.30.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 800007DB0300259EFBBE78
snmp-agent sys-info version v3
snmp-agent group v3 admin
snmp-agent target-host trap address udp-domain 10.10.10.1 params securityname nms-
admin v3
snmp-agent usm-user v3 nms-admin admin
snmp-agent trap enable
#
return
Figure 11-5 Networking diagram for configuring NTP unicast client/server mode
Eth0/0/1
VLANIF111
1.0.0.2/24
Eth0/0/1 Eth0/0/1 Eth0/0/2
VLANIF100 IP VLANIF110 VLANIF111 Eth0/0/1 SwitchC
Network VLANIF111
2.2.2.2/24 1.0.1.1/24 1.0.0.1/24
1.0.0.3/24
SwitchA SwitchB
SwitchD
Configuration Roadmap
You can configure the authenticated unicast server/client mode to meet the user's requirement
for clock synchronization on the LAN. The configuration roadmap is as follows:
1. Configure SwitchA as the primary time server.
2. The NTP unicast server/client mode is used to synchronize the clocks of SwitchA and
SwitchB. SwitchA functions as the server, and SwitchB functions as the client.
3. The NTP unicast server/client mode is used to synchronize the clocks of SwitchB,
SwitchC, and SwitchD. SwitchB functions as the server, while SwitchC and SwitchD
function as the clients.
4. SwitchA and SwitchB are connected through the network, which is not secure, so that the
NTP authentication function is enabled.
NOTE
When configuring NTP authentication in the unicast server/client mode, enable the NTP authentication on
the client, and specify the NTP server address and the authentication key sent to the server. Otherwise, the
NTP authentication is not performed, and the NTP client and server are directly synchronized.
Procedure
Step 1 According to Figure 11-5, configure IP addresses, and configure reachable routes between any
two of SwitchA, SwitchB, SwitchC, and SwitchD.
# Configure an IP address on SwitchA. For details about the configurations of SwitchB,
SwitchC, and SwitchD, see "Configuration Files".
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 2.2.2.2 24
[SwitchA-Vlanif100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 2.2.2.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
Step 2 Configure an NTP primary clock on SwitchA and enable the NTP authentication function.
# Specify the local clock of SwitchA as the primary clock, and set the clock stratum to 2.
[SwitchA] ntp-service refclock-master 2
# Enable the NTP authentication function, configure the authentication key, and specify the key
as reliable.
[SwitchA] ntp-service authentication enable
[SwitchA] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[SwitchA] ntp-service reliable authentication-keyid 42
Step 3 Configure an NTP primary clock on SwitchB and enable the NTP authentication function.
# Enable the NTP authentication function on SwitchB, configure the authentication key, and
specify the key as reliable.
<SwitchB> system-view
[SwitchB] ntp-service authentication enable
[SwitchB] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[SwitchB] ntp-service reliable authentication-keyid 42
# Specify SwitchA as the NTP server of SwitchB, and use the configured authentication key.
[SwitchB] ntp-service unicast-server 2.2.2.2 authentication-keyid 42
Step 4 # Specify on SwitchC that SwitchB functions as the NTP server of SwitchC.
<SwitchC> system-view
[SwitchC] ntp-service authentication enable
[SwitchC] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[SwitchC] ntp-service reliable authentication-keyid 42
[SwitchC] ntp-service unicast-server 1.0.0.1 authentication-keyid 42
Step 5 # Specify on SwitchD that SwitchB functions as the NTP server of SwitchD.
<SwitchD> system-view
[SwitchD] ntp-service authentication enable
[SwitchD] ntp-service authentication-keyid 42 authentication-mode md5 Hello
[SwitchD] ntp-service reliable authentication-keyid 42
[SwitchD] ntp-service unicast-server 1.0.0.1 authentication-keyid 42
After the preceding configuration is complete, SwitchB can synchronize its clock with the clock
of SwitchA.
# Check the NTP status of SwitchB, and you can find that the clock status is "synchronized",
indicating that the synchronization is complete. The stratum of the clock is 3, which is one
stratum lower than that of the clock of the server SwitchA.
# Check the NTP status of SwitchC, and you can find that the clock status is "synchronized",
indicating that the synchronization is complete. The stratum of the clock is 4, which is one
stratum lower than that of the clock of the server SwitchB.
[SwitchC] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 1.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2012(C7B15BCC.D5604189)
# Check the NTP status of SwitchD, and you can find that the clock status is "synchronized",
indicating that the synchronization is complete. The stratum of the clock is 4, which is one
stratum lower than that of the clock of the server SwitchB.
[SwitchD] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 1.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Mar 2 2012(C7B15BCC.D5604189)
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%
$iU;C@~zqb+};!@!vGIp5q}tk%$%$
ntp-service reliable authentication-keyid
42
ntp-service refclock-master 2
#
vlan batch 100
#
interface Vlanif100
ip address 2.2.2.2 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
#
return
l Configuration file of SwitchB
#
sysname SwitchB
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%
$iU;C@~zqb+};!@!vGIp5q}tk%$%$
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 2.2.2.2 authentication-keyid 42
#
vlan batch 110 to 111
#
interface Vlanif110
ip address 1.0.1.1 255.255.255.0
#
interface Vlanif111
ip address 1.0.0.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 110
port hybrid untagged vlan 110
#
interface Ethernet0/0/2
port hybrid pvid vlan 111
port hybrid untagged vlan 111
#
ospf 1
area 0.0.0.0
network 1.0.0.0 0.0.0.255
network 1.0.1.0 0.0.0.255
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%
$iU;C@~zqb+};!@!vGIp5q}tk%$%$
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 1.0.0.1 authentication-keyid 42
#
vlan batch 111
#
interface Vlanif111
ip address 1.0.0.2 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 111
port hybrid untagged vlan 111
#
ospf 1
area 0.0.0.0
network 1.0.0.0 0.0.0.255
#
return
Figure 11-6 Networking diagram for configuring the symmetric peer mode
SwitchA
Eth0/0/1
VLANIF100
10.0.0.1/24
Eth0/0/1 Eth0/0/1
VLANIF100 VLANIF100
10.0.0.3/24 10.0.0.2/24
S
SwitchB SwitchC
Configuration Roadmap
You can configure the NTP protocol to synchronize time, and use the NTP symmetric peer mode
to meet the user's requirement for time synchronization. The configuration roadmap is as follows:
1. Configure the local clock of SwitchA as the NTP primary clock.
2. The NTP unicast server/client mode is used to synchronize the clocks of SwitchB and
SwitchA. SwitchA functions as the server, and SwitchB functions as the client.
3. The symmetric peer mode is used to synchronize the clocks of SwitchB and SwitchC.
SwitchC functions as the symmetric active peer and sends a clock synchronization request
to SwitchB.
Procedure
Step 1 Configure IP addresses for SwitchA, SwitchB and SwitchC.
Configure an IP address for each interface according to Figure 11-6. After the configurations
are complete, the three switches can ping each other.
# Configure an IP address on SwitchA. For details about the configurations of SwitchB and
SwitchC, see "Configuration Files".
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 10.0.0.1 24
[SwitchA-Vlanif100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] quit
After the preceding configuration is complete, SwitchB can synchronize its clock with the clock
of SwitchA.
# Check the NTP status of SwitchB, and you can find that the clock status is "synchronized",
indicating that the synchronization is complete. The stratum of the clock is 3, which is one
stratum lower than that of the clock of SwitchA.
[SwitchB] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 10.0.0.1
nominal frequency: 64.0029 Hz
actual frequency: 64.0029 Hz
clock precision: 2^7
clock offset: 0.0000 ms
root delay: 62.50 ms
root dispersion: 0.20 ms
peer dispersion: 7.81 ms
reference time: 06:52:33.465 UTC Mar 7 2006(C7B7AC31.773E89A8)
Because SwitchC is not configured with a primary clock and its clock stratum is lower than that
of SwitchB, SwitchC synchronizes its clock with the clock of SwitchB.
Step 4 Verify the configuration.
Monitor the status of SwitchC after the synchronization. The clock of SwitchC is in
"synchronized" status, indicating that the synchronization is complete. The clock stratum of
SwitchC is 4, which is one stratum lower than that of the symmetric passive peer SwitchB.
# Display the clock status of SwitchC.
[SwitchC] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.2
nominal frequency: 64.0029 Hz
actual frequency: 64.0029 Hz
clock precision: 2^7
clock offset: 0.0000 ms
root delay: 124.98 ms
root dispersion: 0.15 ms
peer dispersion: 10.96 ms
reference time: 06:55:50.784 UTC Mar 7 2006(C7B7ACF6.C8D002E2)
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ntp-service refclock-master 2
#
vlan batch 100
#
interface Vlanif100
ip address 10.0.0.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return
Figure 11-7 Networking diagram for configuring authenticated NTP broadcast mode
Eth0/0/1
VLANIF10
3.0.1.31/24
Eth0/0/1 Eth0/0/1 Eth0/0/2
VLANIF20 VLANIF20 VLANIF10
1.0.1.11/24 1.0.1.2/24 3.0.1.2/24 SwitchC
SwitchD
Configuration Roadmap
You can configure the NTP protocol to synchronize time, and use the authenticated NTP
broadcast mode to meet the user's requirement. The configuration roadmap is as follows:
1. Configure SwitchC as the primary time server, use the local clock as the NTP primary
clock, and set the clock stratum to 3.
2. Configure SwitchC as the NTP broadcast server that sends broadcast packets from interface
VLANIF10 (the corresponding physical interface is Eth0/0/1).
3. Configure SwitchA, SwitchD and SwitchF as NTP broadcast clients. SwitchA uses
VLANIF20 (the corresponding physical interface is Eth0/0/1) to listen to the broadcast
packets. SwitchD uses VLANIF10 (the physical interface is Eth0/0/1) to listen to the
broadcast packets. SwitchF uses VLANIF10 (the corresponding physical interface is
Eth0/0/2) to listen to the broadcast packets.
4. To strengthen the network security, the NTP authentication function is enabled.
Procedure
Step 1 Configure an IP address for each interface according to Figure 11-7, and configure reachable
routes between the switches.
# Configure an IP address for the interface and configure a routing protocol on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 20
[SwitchA-vlan20] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 20
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 20
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 1.0.1.11 24
[SwitchA-Vlanif20] quit
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.0.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
For details about the configurations of SwitchC, SwitchD, and SwitchF, see "Configuration
Files".
Step 2 Configure the NTP broadcast server, and enable the authentication.
# Configure the local clock of SwitchC as the NTP primary clock, and set the clock stratum to
3.
<SwitchC> system-view
[SwitchC] ntp-service refclock-master 3
# Configure SwitchC as the NTP broadcast server that sends NTP broadcast packets from
VLANIF10, and specify the key with the ID 16 for encryption.
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] ntp-service broadcast-server authentication-keyid 16
[SwitchC-Vlanif10] quit
Step 3 Configure the NTP broadcast client SwitchD on a network segment the same as that of the NTP
server.
# Configure SwitchD as the NTP broadcast client that listens to the NTP broadcast packets from
interface VLANIF10.
[SwitchD] interface vlanif 10
[SwitchD-Vlanif10] ntp-service broadcast-client
[SwitchD-Vlanif10] quit
After the configuration is complete, SwitchD synchronizes its clock to that of SwitchC. For
details about the configuration of SwitchF, which is similar to that of SwitchD, see the
corresponding configuration file.
Step 4 Configure the NTP broadcast client SwitchA on a network segment different from that of the
server.
# Configure SwitchA as the NTP broadcast client that listens to the NTP broadcast packets from
interface VLANIF20.
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ntp-service broadcast-client
[SwitchA-Vlanif20] quit
After the preceding configuration is complete, SwitchD can synchronize its clock to that of
SwitchC, but SwitchA cannot synchronize its clock to that of SwitchC.
This is because SwitchA is on a network segment different from that of SwitchC, but SwitchD
is on a network segment the same as that of SwitchC.
# Check the NTP status of SwitchD, and you can find that the clock status is "synchronized",
indicating that the synchronization is complete. The stratum of the clock is 4, which is one
stratum lower than that of the clock of SwitchC.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode md5 cipher %$%
$Q1Ub0~;Ga!9IasE'@Db-,5,#%$%$
ntp-service reliable authentication-keyid 16
#
vlan batch 20
#
interface Vlanif20
ip address 1.0.1.11 255.255.255.0
ntp-service broadcast-client
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf
1
area
0.0.0.0
network 1.0.1.0 0.0.0.255
#
return
#
return
SwitchD
Configuration Roadmap
You can configure the NTP protocol to synchronize time, and use the NTP multicast mode to
meet the user's requirement. The configuration roadmap is as follows:
1. Configure SwitchC as the primary time server, use the local clock as the NTP primary
clock, and set the clock stratum to 3.
2. Configure SwitchC as the NTP multicast server that sends multicast packets from interface
VLANIF10 (the corresponding physical interface is Eth0/0/1).
3. Configure SwitchA, SwitchD, and SwitchF as NTP multicast clients. SwitchA uses
VLANIF20 (the corresponding physical interface is Eth0/0/1) to listen to the multicast
packets. SwitchD uses VLANIF10 (the corresponding physical interface is Eth0/0/1) to
listen to the multicast packets. SwitchF uses VLANIF10 (the physical interface is
Eth0/0/2) to listen to the multicast packets.
4. Configure a multicast route, so that SwitchA can receive the multicast packets.
Procedure
Step 1 Configure an IP address for each interface according to Figure 11-8, and configure reachable
routes between the switches.
# Configure an IP address for the interface and configure a routing protocol on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 20
[SwitchA-vlan20] quit
[SwitchA] interface ethernet 0/0/1
For details about the configurations of SwitchC, SwitchD, and SwitchF, see "Configuration
Files".
Step 2 Configure the NTP multicast server.
# Configure the local clock of SwitchC as the NTP primary clock, and set the clock stratum to
2.
<SwitchC> system-view
[SwitchC] ntp-service refclock-master 2
# Configure SwitchC as the NTP multicast server that sends NTP multicast packets from
interface VLANIF10.
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] ntp-service multicast-server
[SwitchC-Vlanif10] quit
Step 3 Configure the NTP multicast client SwitchD on a network segment the same as that of the NTP
server.
# Configure SwitchD as the NTP multicast client that listens to the NTP multicast packets from
interface VLANIF10.
<SwitchD> system-view
[SwitchD] interface vlanif 10
[SwitchD-Vlanif10] ntp-service multicast-client
[SwitchD-Vlanif10] quit
Step 4 Configure the NTP multicast client SwitchA on a network segment different from that of the
server.
# Configure SwitchA as the NTP multicast client that listens to the NTP multicast packets from
interface VLANIF20.
<SwitchA> system-view
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ntp-service multicast-client
[SwitchA-Vlanif20] quit
Step 5 Configure a multicast route, so that SwitchA on a network segment different from that of
SwitchC can receive NTP multicast packets.
# Configure the multicast routing function on SwitchC.
[SwitchC] multicast routing-enable
[SwitchC] interface vlanif 10
[SwitchC-Vlanif10] pim sm
[SwitchC-Vlanif10] quit
# Configure the multicast routing function on SwitchF.
[SwitchF] multicast routing-enable
[SwitchF] interface vlanif 20
[SwitchF-Vlanif20] pim sm
[SwitchF-Vlanif20] igmp enable
[SwitchF-Vlanif20] igmp static-group 224.0.1.1
[SwitchF-Vlanif20] quit
[SwitchF] pim
[SwitchF-pim] c-bsr vlanif 20
[SwitchF-pim] c-rp vlanif 20
[SwitchF-pim] quit
[SwitchF] interface ethernet 0/0/1
[SwitchF-Ethernet0/0/1] l2-multicast static-group group-address 224.0.1.1 vlan 20
[SwitchF-Ethernet0/0/1] quit
# Check the NTP status of SwitchA, and you can find that the clock status is "synchronized",
indicating that the synchronization is complete. The stratum of the clock is 3, which is one
stratum lower than that of the clock of the server SwitchC.
[SwitchA] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 3.0.1.31
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 40.00 ms
root dispersion: 4.38 ms
peer dispersion: 34.30 ms
reference time: 12:17:21.773 UTC Mar 7 2012(C7B7F851.C5EAF25B)
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 20
#
interface Vlanif20
ip address 1.0.1.11 255.255.255.0
ntp-service multicast-client
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf
1
area
0.0.0.0
network 1.0.1.0 0.0.0.255
#
return
l Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 10
#
multicast routing-enable
#
ntp-service refclock-master 2
#
interface Vlanif10
ip address 3.0.1.31 255.255.255.0
pim sm
ntp-service multicast-server
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf
1
area
0.0.0.0
network 3.0.1.0 0.0.0.255
#
return
l Configuration file of SwitchD
#
sysname SwitchD
#
vlan batch 10
#
interface Vlanif10
ip address 3.0.1.32 255.255.255.0
ntp-service multicast-client
#
interface Ethernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
ospf
1
area
0.0.0.0
network 3.0.1.0 0.0.0.255
#
return
l Configuration file of SwitchF
#
sysname SwitchF
#
vlan batch 10 20
#
multicast routing-enable
#
interface Vlanif10
ip address 3.0.1.2 255.255.255.0
#
interface Vlanif20
ip address 1.0.1.2 255.255.255.0
pim sm
igmp enable
igmp static-group 224.0.1.1
#
interface Ethernet0/0/1
Configuration Requirements
As shown in Figure 11-9, after configuring SwitchA, check the link between SwitchA and the
log host. If the link is disconnected, you need to locate the fault.
Configuration Roadmap
The configuration roadmap is as follows:
1. Run the ping command on SwitchA to check connectivity between SwitchA and the log
host.
2. Run the tracert command to locate the faulty link segment if the link is disconnected.
Procedure
Step 1 Run the ping command.
# Run the ping command on SwitchA to check connectivity between SwitchA and the log host.
<Quidway> ping 1.1.3.2
The output on SwitchA shows that the log host is unreachable, which indicates that a fault occurs
on the link between SwitchA and the log host.
Step 2 Run the tracert command.
# Run the tracert command on SwitchA to locate the faulty link segment.
<Quidway> tracert 1.1.3.2
traceroute to 1.1.3.2(1.1.3.2), max hops: 30 ,packet length: 40
1 1.1.1.2 4 ms 5 ms 5 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
...
The preceding output shows that the ICMP Echo Request packet passes SwitchB but does not
reach SwitchC. This indicates that the link between SwitchB and SwitchC fails. After the link
between SwitchB and SwitchC is recovered, repeat Step 1 and Step 2 to ensure that SwitchA
and the log host can communicate properly.
----End
Networking Requirements
As shown in Figure 11-10, SwitchA functions as a DNS client to access the host 10.2.1.1/24,
using a domain name server.com.
SwitchA
Eth0/0/1 IP Network
VLANIF100
10.1.1.1/24
DNS Server
10.3.1.1/24
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure IP addresses for the interfaces on the SwitchA and ensure reachable routes between
SwitchA and server.com, SwitchA and the DNS server.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface Vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
dns resolve
dns server 10.3.1.1
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
#
nqa test-instance admin dns
test-type dns
destination-address url server.com
dns-server ipv4 10.3.1.1
#
return
Networking Requirements
As shown in Figure 11-11, the performance of the FTP download function needs to be checked.
Figure 11-11 Networking diagram for configuring an FTP download test instance
SwitchA SwitchB
Eth0/0/1 Eth0/0/1
VLANIF100 VLANIF100
10.1.1.1/24 10.1.1.2/24
FTP Client FTP Server
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure SwitchB.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin
ftp
test-type
ftp
destination-address ipv4 10.1.1.2
source-address ipv4 10.1.1.1
ftp-username user1
ftp-password cipher %$%$1nVEX3:p~"cVPtV0[=[W^D;2%$%$
ftp-filename test.txt
ftp-operation get
#
return
Networking Requirements
As shown in Figure 11-12, the speed of uploading a file from SwitchA to an FTP server needs
to be tested.
Figure 11-12 Networking diagram for configuring an FTP upload test instance
SwitchA SwitchB
Eth0/0/1 Eth0/0/1
VLANIF100 VLANIF100
10.1.1.1/24 10.1.1.2/24
FTP Client FTP Server
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure Switch A as an NQA client as well as an FTP client. Create and start an FTP test
instance on SwitchA to check whether SwitchA can set up a connection with the FTP server
and to obtain the time taken by SwitchA to upload a file to the FTP server.
2. A user named user1 logs in to the FTP server by entering the password hello123 to upload
a file with the size being 10 KB.
Procedure
Step 1 Configure SwitchB.
# Configure an IP address for SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan 100
[SwitchB-vlan100] quit
[SwitchB] interface ethernet 0/0/1
[SwitchB-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchB-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchB-Ethernet0/0/1] quit
[SwitchB] interface Vlanif 100
[SwitchB-Vlanif100] ip address 10.1.1.2 24
[SwitchB-Vlanif100] quit
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface Vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
# Create an NQA FTP test on SwitchA and create a file of 10 KB for uploading.
[SwitchA] nqa test-instance admin ftp
[SwitchA-nqa-admin-ftp] test-type ftp
[SwitchA-nqa-admin-ftp] destination-address ipv4 10.1.1.2
[SwitchA-nqa-admin-ftp] source-address ipv4 10.1.1.1
[SwitchA-nqa-admin-ftp] ftp-operation put
[SwitchA-nqa-admin-ftp] ftp-username user1
[SwitchA-nqa-admin-ftp] ftp-password hello123
[SwitchA-nqa-admin-ftp] ftp-filesize 10
# On SwitchB, you can view that a file named nqa-ftp-test.txt is added. Part of the file on the
SwitchB is displayed.
<SwitchB> dir
Directory of flash:/
0 -rw- 331 Jul 06 2007 18:34:34 private-data.txt
1 -rw- 10,240 Jul 06 2007 18:37:06 nqa-ftp-test.txt
2,540 KB total (1,536 KB free)
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin
ftp
test-type
ftp
destination-address ipv4 10.1.1.2
source-address ipv4 10.1.1.1
ftp-filesize 10
ftp-username user1
ftp-password cipher %$%$1nVEX3:p~"cVPtV0[=[W^D;2%$%$
ftp-operation put
#
return
Networking Requirements
As shown in Figure 11-13, SwitchA is connected to the HTTP server over a WAN to test the
speed of SwitchA accessing the HTTP server.
HTTP Server
10.2.1.1/24
Switch A
Eth0/0/1 IP Network
VLANIF100
10.1.1.1/24
Configuration Roadmap
The configuration roadmap is as follows:
2. Create and start an HTTP test instance on the SwitchA to check whether SwitchA can set
up a connection with the HTTP server and to check the duration for transferring files
between SwitchA and the HTTP server.
Procedure
Step 1 Configure IP addresses for the interfaces on the SwitchA and ensure reachable routes between
SwitchA and the HTTP server.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface Vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
[SwitchA] ospf
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
Step 2 Enable the NQA client and create an NQA HTTP test instance.
[SwitchA] nqa test-instance admin http
[SwitchA-nqa-admin-http] test-type http
[SwitchA-nqa-admin-http] destination-address ipv4 10.2.1.1
[SwitchA-nqa-admin-http] http-operation get
[SwitchA-nqa-admin-http] http-url www.huawei.com
----End
Configuration Files
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
#
nqa test-instance admin http
test-type http
destination-address ipv4 10.2.1.1
http-url www.huawei.com
http-operation get
#
return
Networking Requirements
As shown in Figure 11-14, SwitchA functions as an NQA client to test whether SwitchB is
reachable.
SwitchA SwitchB
Eth0/0/1 Eth0/0/1
VLANIF100 VLANIF100
NQA Client 10.1.1.1/24 10.1.1.2/24
Configuration Roadmap
1. Perform the NQA ICMP test function to test whether the packet sent by SwitchA can reach
SwitchB.
2. Perform the NQA ICMP test to obtain the RTT of the packet.
Procedure
Step 1 # Configure an IP address for SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface Vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
[SwitchB-Ethernet0/0/1] quit
[SwitchB] interface Vlanif 100
[SwitchB-Vlanif100] ip address 10.1.1.2 24
[SwitchB-Vlanif100] quit
Step 3 Enable the NQA client and create an NQA ICMP test instance.
[SwitchA] nqa test-instance admin icmp
[SwitchA-nqa-admin-icmp] test-type icmp
[SwitchA-nqa-admin-icmp] destination-address ipv4 10.1.1.2
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin icmp
test-type icmp
destination-address ipv4 10.1.1.2
#
return
Networking Requirements
As shown in Figure 11-15, SwitchA and SwitchB communicate at Layer 3 using VLANIF
interfaces.
SwitchA functions as the NQA client to test the jitter of the network between SwtichA and
SwtichB.
Figure 11-15 Networking diagram for configuring an ICMP jitter test instance
GE0/0/1 GE0/0/1
VLANIF10 VLANIF10
10.1.1.1/24 10.1.1.2/24
SwitchA SwitchB
Configuration Roadmap
1. Configure SwtichA as an NQA client and create an ICMP jitter test instance on SwtichA.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitEthernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] interface gigabitEthernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchB-GigabitEthernet0/0/1] quit
Step 2 Create VLANIF interfaces and assign IP addresses to the VLANIF interfaces.
# Configure SwitchA.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.1 24
[SwitchA-Vlanif10] qiut
# Configure SwitchB.
Step 3 # Enable the NQA client and create an ICMP jitter NQA test instance.
[SwitchA] nqa test-instance admin icmpjitter
[SwitchA-nqa-admin-icmpjitter] test-type icmpjitter
[SwitchA-nqa-admin-icmpjitter] destination-address ipv4 10.1.1.2
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
nqa test-instance admin icmpjitter
test-type icmpjitter
destination-address ipv4 10.1.1.2
#
return
Networking Requirements
As shown in Figure 11-16, SNMP agent is enabled on SwitchA and SwitchC. An NQA SNMP
query test needs to be performed to obtain the time from when SwitchA sends an SNMP query
packet to when SwitchA receives an Echo packet.
Figure 11-16 Networking diagram for configuring an SNMP query test instance
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure an IP address for each interface and ensure reachable routes between switches, as
shown in Figure 11-16.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface Vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
[SwitchA] ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
NOTE
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
snmp-agent
snmp-agent local-engineid 800007DB03020000510162
snmp-agent sys-info version v3
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
nqa test-instance admin
snmp
test-type
snmp
destination-address ipv4 10.2.1.2
#
return
Networking Requirements
As shown in Figure 11-17, an NQA TCP test needs to be performed to obtain the duration for
setting up a TCP connection with SwitchC.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure SwitchA as an NQA client and configure SwitchC as an NQA server.
2. Configure the monitoring port number on the NQA server and create an NQA TCP test
instance on the NQA client.
Procedure
Step 1 Configure an IP address for each interface and ensure reachable routes between switches, as
shown in Figure 11-17.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface Vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
[SwitchA] ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
NOTE
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
nqa test-instance admin
tcp
test-type
tcp
destination-address ipv4 10.2.1.2
destination-port 9000
#
return
Networking Requirements
As shown in Figure 11-18, a trace test needs to be performed to trace the IP address of
VLANIF110 of SwitchC on SwitchA.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure SwitchA as an NQA client.
2. Create and start a trace test instance on SwitchA to obtain statistics about each hop from
SwitchA to SwitchC.
Procedure
Step 1 Configure an IP address for each interface and ensure reachable routes between switches, as
shown in Figure 11-18.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface Vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
[SwitchA] ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
NOTE
Step 2 Create an NQA trace test instance on SwitchA and set the destination IP address to 10.2.1.2.
[SwitchA] nqa test-instance admin trace
[SwitchA-nqa-admin-trace] test-type trace
[SwitchA-nqa-admin-trace] destination-address ipv4 10.2.1.2
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin trace
test-type trace
destination-address ipv4 10.2.1.2
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
Networking Requirements
As shown in Figure 11-19, an NQA UDP test needs to be performed to obtain the RTT of a
UDP packet transmitted between SwitchA and SwitchC.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure SwitchA as an NQA client and configure SwitchC as an NQA server.
2. Configure the port number monitored by the NQA server and create an NQA UDP test
instance on the NQA client.
Procedure
Step 1 Configure an IP address for each interface and ensure reachable routes between switches, as
shown in Figure 11-19.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
NOTE
# Configure the monitoring IP address and UDP port number on the NQA server.
<SwitchC> system-view
[SwitchC] nqa-server udpecho 10.2.1.2 6000
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin udp
test-type udp
destination-address ipv4 10.2.1.2
destination-port 6000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
Networking Requirements
As shown in Figure 11-20, a UDP Jitter test needs to be performed to obtain the jitter time of
transmitting a packet from SwitchA to SwitchC.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure an IP address for each interface and ensure reachable routes between switches, as
shown in Figure 11-20.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 10.1.1.1 24
[SwitchA-Vlanif100] quit
[SwitchA] ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
NOTE
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
nqa test-instance admin jitter
test-type jitter
destination-address ipv4 10.2.1.2
destination-port 9000
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return
11.5.12 Example for Sending Trap Massages to the NMS When the
Threshold Is Exceeded
Networking Requirements
A Jitter test needs to be performed to configure a transmission delay threshold and enable the
trap function as shown in Figure 11-21. After the jitter test is complete, SwitchA sends a trap
message to the NMS when the RTT of the test packet exceeds the configured two-way
transmission threshold. According to the traps received by the NMS, network administrators can
easily locate the fault.
Figure 11-21 Networking diagram for sending traps to NMS when the threshold is exceeded
NM Station
20.1.1.2/24
Eth0/0/2
VLANIF10
20.1.1.1/24 SwitchB SwitchC
Eth0/0/1 Eth0/0/1 Eth0/0/2 Eth0/0/1
VLANIF20 VLANIF20 VLANIF30 VLANIF30
10.1.1.1/24 10.1.1.2/24 30.1.1.1/24 30.1.1.2/24
SwitchA NQA Server
NQA Client
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure SwitchC as the NQA server and configure the host IP address and port number.
2. Configure SwitchA as the NQA client, configure a threshold for the NQA alarm, and enable
the trap function.
3. Create a jitter test instance on SwitchA.
Procedure
Step 1 Configure an IP address for each interface and ensure reachable routes between switches, as
shown in Figure 11-21.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10 20
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 20
NOTE
Step 2 Configure the IP address and port number for monitoring UDP services on SwitchC.
<SwitchC> system-view
[SwitchC] nqa-server udpecho 30.1.1.2 9000
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20
#
interface Vlanif10
ip address 20.1.1.1 255.255.255.0
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet0/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Ethernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
snmp-
agent
snmp-agent local-engineid
800007DB0300E009877890
snmp-agent community write cipher %$%$*8GO(h4ev5m'kqN2o(sN&=[`%$%
$
snmp-agent sys-info version v2c
v3
snmp-agent target-host trap address udp-domain 20.1.1.2 params securityname
switchA
snmp-agent trap enable
#
ip route-static 30.1.1.0 255.255.255.0 10.1.1.2
#
nqa test-instance admin
jitter
test-type
jitter
destination-address ipv4 30.1.1.2
destination-port 9000
threshold rtd 20
send-trap rtd
#
return
Networking Requirements
As shown in Figure 11-22, SwitchA and SwitchB are directly connected; SwitchA and ME are
directly connected; routes between the NMS and SwitchA, and the NMS and SwitchB are
reachable; SNMP is configured.
A network administrator wants to obtain communication information between SwitchA and ME,
and between SwitchA and SwitchB, and alarms of device function changes to know the detailed
network topology and configuration conflicts.
Internet
NMS
10.10.10.1 Switch A
Eth0/0/1 Eth0/0/2
Eth0/0/1
10.10.10.2
Switch B ME
Configuration Roadmap
The LLDP function can meet the network administrator's requirement. The configuration
roadmap is as follows:
1. Enable global LLDP on SwitchA and SwitchB.
2. Configure management IP addresses for SwitchA and SwitchB.
3. Enable the LLDP trap function on SwitchA and SwitchB so that trap messages can be sent
to the NMS in a timely manner.
Procedure
Step 1 Enable global LLDP on SwitchA and SwitchB.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] lldp enable
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] lldp enable
# Configure SwitchB.
[SwitchB] lldp management-address 10.10.10.2
# Configure SwitchA.
[SwitchA] snmp-agent trap enable feature-name lldptrap
# Configure SwitchB.
[SwitchB] snmp-agent trap enable feature-name lldptrap
System configuration
LLDP Status :enabled (default is disabled)
LLDP Message Tx Interval :30 (default is 30s)
LLDP Message Tx Hold Multiplier :4 (default is 4)
LLDP Refresh Delay :2 (default is 2s)
LLDP Tx Delay :2 (default is 2s)
LLDP Notification Interval :5 (default is 5s)
LLDP Notification Enable :enabled (default is disabled)
Management Address :IP: 10.10.10.1
Total Neighbors :2
Port
information:
Interface Ethernet0/0/1:
LLDP Enable Status :enabled (default is
disabled)
Total Neighbors :
1
Port ID
subtype :interfaceName
Port ID :Ethernet0/0/1
Port description :Ethernet0/0/1
Auto-negotiation
supported :Yes
Auto-negotiation
enabled :Yes
OperMau :speed(100)/duplex(Full)
Power port
class :PD
PSE power
supported :No
PSE power
enabled :No
PSE pairs control
ability:No
Power
pairs :Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID :
0
Maximum frame Size :
1600
MED port
information
Media policy
type :Voice
Unknown
Policy :Defined
VLAN
tagged :Yes
Media policy VlanID :
0
Power
Type :Unknown
PoE PSE power
source :Unknown
Port PSE
Priority :Unknown
Port Available power value:0.0
(w)
---- More
----
# Check neighbor information of SwitchA.
[SwitchA] display lldp neighbor interface Ethernet0/0/1
Ethernet0/0/1 has 1 neighbors:
Neighbor index :
1
Chassis
type :macAddress
Chassis ID :
00e0-11fc-1710
Port ID
type :interfaceName
Port ID :Ethernet0/0/1
Port description :NA
System
name :SwitchB
System description :S3328TP-EI
Huawei Versatile Routing Platform Software
VRP (R) software,Version 5.70 (S3328 V100R006C05 )
Copyright (C) 2003-2012 Huawei Technologies Co., Ltd.
System capabilities supported :bridge
System capabilities
enabled :bridge
Management address
type :ipV4
Management address :
10.10.10.2
Expired time :
104s
Auto-negotiation
supported :Yes
Auto-negotiation
enabled :Yes
OperMau :speed(100)/duplex(Full)
Power port
class :PD
PSE power
supported :No
PSE power
enabled :No
PSE pairs control
ability:No
Power
pairs :Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID :
0
Maximum frame Size :9216
MED Device
information
Device class :Network
Connectivity
HardwareRev :VER.B
FirmwareRev :NA
Power
Type :Unknown
PoE PSE power
source :Unknown
Port PSE
Priority :Unknown
Port Available power value:0.2
(w)
l Check SwitchB.
Refer to the steps for checking SwitchA.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
lldp enable
#
interface
LoopBack1
ip address 10.10.10.1 255.255.255.255
#
Networking Requirements
As shown in Figure 11-23, SwitchA, SwitchB, SwitchC are interconnected through an unknown
network. The NMS has reachable routes to SwitchA, SwitchB, SwitchC, and SNMP
configuration has been complete.
A network administrator wants to obtain Layer 2 information about SwitchA, SwitchB, and
SwitchC to know the detailed network topology and configuration conflicts.
SwitchD SwitchF
LL LLDPDU
D
PD
U
LL
D
U
PD
PD
U
D
LLDPDU
SwitchE
LL
10.10.10.1
10.10.10.2
SwitchA 10.10.10.3
SwitchB SwitchC
LLDP interface SNMP packet
NMS: Network Management System LLDPDU packet
Configuration Roadmap
The LLDP function can be used to meet the network administrator's requirement. The
configuration roadmap is as follows:
1. Enable global LLDP on SwitchA, SwitchB, and SwitchC.
2. Configure management IP addresses for SwitchA, SwitchB, and SwitchC.
Procedure
Step 1 Enable global LLDP on SwitchA, SwitchB, and SwitchC.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] lldp enable
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] lldp enable
# Configure SwitchC.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] lldp enable
# Configure SwitchB.
[SwitchB] lldp management-address 10.10.10.2
# Configure SwitchC.
[SwitchC] lldp management-address 10.10.10.3
System configuration
LLDP Status :enabled (default is disabled)
LLDP Message Tx Interval :30 (default is 30s)
LLDP Message Tx Hold Multiplier :4 (default is 4)
LLDP Refresh Delay :2 (default is 2s)
LLDP Tx Delay :2 (default is 2s)
LLDP Notification Interval :5 (default is 5s)
LLDP Notification Enable :enabled (default is disabled)
Management Address :IP: 10.10.10.1
Total Neighbors :2
Port
information:
Interface Ethernet0/0/1:
LLDP Enable Status :enabled (default is
disabled)
Total Neighbors :
1
Port ID
subtype :interfaceName
Port ID :Ethernet0/0/1
Port description :Ethernet0/0/1
Auto-negotiation
supported :Yes
Auto-negotiation
enabled :Yes
OperMau :speed(100)/duplex(Full)
Power port
class :PD
PSE power
supported :No
PSE power
enabled :No
PSE pairs control
ability:No
Power
pairs :Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID :
0
Maximum frame Size :
1526
MED port
information
Power
Type :Unknown
PoE PSE power
source :Unknown
Port PSE
Priority :Unknown
Port Available power value:0.0
(w)
---- More
----
# Check neighbor information of SwitchA.
<SwitchA> display lldp neighbor interface Ethernet0/0/1
Ethernet0/0/1 has 2 neighbors:
Neighbor index :
1
Chassis
type :macAddress
Chassis ID :00e0-
fc33-0012
Port ID
type :interfaceName
Port ID :Ethernet0/0/1
Port description :NA
System
name :SwitchB
System description :S3328TP-EI
Huawei Versatile Routing Platform Software
VRP (R) software,Version 5.70 (S3328 V100R006C05 )
Copyright (C) 2003-2012 Huawei Technologies Co., Ltd.
System capabilities
supported :bridge
System capabilities
enabled :bridge
Management address
type :ipV4
Auto-negotiation
supported :Yes
Auto-negotiation
enabled :Yes
OperMau :speed(100)/duplex(Full)
Power port
class :PD
PSE power
supported :No
PSE power
enabled :No
PSE pairs control
ability:No
Power
pairs :Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID :
0
Maximum frame Size :9216
MED Device
information
Device class :Network
Connectivity
HardwareRev :VER.B
FirmwareRev :NA
Power
Type :Unknown
Neighbor index :
2
Chassis
type :macAddress
Chassis ID :00e0-fc33-0013
Port ID
type :interfaceName
Port ID :Ethernet0/0/1
Port description :NA
System
name :SwitchC
System description :S3328TP-EI
Huawei Versatile Routing Platform Software
VRP (R) software,Version 5.70 (S3328 V100R006C05 )
Copyright (C) 2003-2012 Huawei Technologies Co., Ltd.
System capabilities
supported :bridge
System capabilities
enabled :bridge
Management address
type :ipV4
Management address :
10.10.10.3
Expired time :
104s
Auto-negotiation
supported :Yes
Auto-negotiation
enabled :Yes
OperMau :speed(100)/duplex(Full)
Power port
class :PD
PSE power
supported :No
PSE power
enabled :No
PSE pairs control
ability:No
Power
pairs :Unknown
Port power
classification:Unknown
Link aggregation
supported:Yes
Link aggregation
enabled :No
Aggregation port ID :
0
Maximum frame Size :9216
MED Device
information
HardwareRev :VER.B
FirmwareRev :NA
Power
Type :Unknown
PoE PSE power
source :Unknown
Port PSE
Priority :Unknown
Port Available power value:0.2
(w)
l Check SwitchB.
Refer to the steps for checking SwitchA.
l Check SwitchC.
Refer to the steps for checking SwitchA.
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
lldp enable
#
interface
LoopBack1
ip address 10.10.10.1 255.255.255.255
#
lldp management-address 10.10.10.1
#
return
LoopBack1
ip address 10.10.10.2 255.255.255.255
#
lldp management-address 10.10.10.2
#
return
Networking Requirements
As shown in Figure 11-24, SwitchA and SwitchB are connected through an Eth-Trunk. Routes
between the NMS and Switches are reachable, and SNMP is configured.
A network administrator wants to obtain Layer 2 information about SwitchA and SwitchB to
know the detailed network topology and configuration conflicts.
Network
VLAN 100 VLAN 200
Eth-Trunk 1
Configuration Roadmap
The LLDP function can meet the network administrator's requirement. The configuration
roadmap is as follows:
1. Add physical interfaces on SwitchA and SwitchB to the Eth-Trunk.
2. Enable global LLDP on SwitchA and SwitchB.
3. Configure management IP addresses for SwitchA and SwitchB.
Procedure
Step 1 Add physical interfaces on SwitchA and SwitchB to the Eth-Trunk.
# Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 100
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] trunkport ethernet 0/0/1
[SwitchA-Eth-Trunk1] trunkport ethernet 0/0/2
[SwitchA-Eth-Trunk1] trunkport ethernet 0/0/3
[SwitchA-Eth-Trunk1] port link-type trunk
[SwitchA-Eth-Trunk1] port trunk allow-pass vlan 100
[SwitchA-Eth-Trunk1] quit
# Configure SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 100
[SwitchB] interface eth-trunk 1
[SwitchB-Eth-Trunk1] trunkport ethernet 0/0/1
[SwitchB-Eth-Trunk1] trunkport ethernet 0/0/2
[SwitchB-Eth-Trunk1] trunkport ethernet 0/0/3
[SwitchB-Eth-Trunk1] port link-type trunk
[SwitchB-Eth-Trunk1] port trunk allow-pass vlan 100
[SwitchB-Eth-Trunk1] quit
# Configure SwitchB.
[SwitchB] lldp enable
# Configure SwitchB.
[SwitchB] lldp management-address 10.10.10.2
Chassis
type :macAddress
Chassis ID :00e0-
fc33-0011
System name :SwitchA
System description :S3328TP-EI
Huawei Versatile Routing Platform Software
VRP (R) software,Version 5.70 (S3328 V100R006C05 )
Copyright (C) 2003-2012 Huawei Technologies Co.,
Ltd.
System configuration
LLDP Status :enabled (default is disabled)
LLDP Message Tx Interval :30 (default is 30s)
LLDP Message Tx Hold Multiplier :4 (default is 4)
LLDP Refresh Delay :2 (default is 2s)
LLDP Tx Delay :2 (default is 2s)
LLDP Notification Interval :5 (default is 5s)
LLDP Notification Enable :enabled (default is disabled)
Management Address :IP: 10.10.10.1
Port information:
Interface Ethernet0/0/1:
LLDP Enable Status :enabled (default is disabled)
Total Neighbors :1
Interface Ethernet0/0/2:
LLDP Enable Status :enabled (default is disabled)
Total Neighbors :1
Interface Ethernet0/0/3:
LLDP Enable Status :enabled (default is disabled)
Total Neighbors :1
Port ID :Ethernet0/0/3
Port description :Ethernet0/0/3
----End
Configuration Files
l Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100
#
lldp enable
#
lldp management-address 10.10.10.1
#
interface Eth-Trunk1
port link-type
trunk
port trunk allow-pass vlan 100
#
interface Ethernet0/0/1
eth-trunk 1
#
interface Ethernet0/0/2
eth-trunk 1
#
interface Ethernet0/0/3
eth-trunk 1
#
interface
LoopBack1
ip address 10.10.10.1 255.255.255.255
#
return