03 Layer 2 - LAN Switching Configuration Guide-Book

H3C S5830V2 & S5820V2 Switch Series
Layer 2—LAN Switching Configuration Guide
Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com
Software version: Release 22xx

Document version: 6W100-20131105
Copyright © 2013, Hangzhou H3C Technologies Co., Ltd. and its licensors
All rights reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
H3C, , Aolynk, , H3Care, , TOP G, , IRF, NetPilot, Neocean, NeoVTL,

SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V2G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
The H3C S5830V2 & S5820V2 documentation set includes 14 configuration guides, which describe the
software features for the H3C S5830V2 & S5820V2 Switch Series and guide you through the software
configuration procedures. These configuration guides also provide configuration examples to help you
apply software features to different network scenarios.
The Layer 2—LAN Switching Configuration Guide describes LAN switching fundamentals and
configuration. It describes how to implement flow control and load sharing, isolate uses in the same
VLAN, eliminate Layer 2 loops, divide VLANs, transmit customer network packets through the public
network, and modify VLAN tags for packets.
This preface includes:
• Audience
• Added and modified features
• Conventions
• About the H3C S5830V2 & S5820V2 documentation set
• Obtaining documentation
• Technical support
• Documentation feedback
Audience
This documentation is intended for:
• Network planners
• Field technical support and servicing engineers
• Network administrators working with the S5830V2 & S5820V2 series
Added and modified features

This documentation set is for Release 22xx. The following describes the command changes between
releases:
• Release 2210 has the following command changes over Release 2208P01:
Configuration guide Added and modified features

Added features: Displaying the MAC address entries of an egress
MAC address table
RB specified by its nickname.
Added features: Specifying ignored VLANs on a Layer 2

Ethernet link aggregation
aggregate interface.
Added features: Specifying the IRF member device for forwarding

VLANs
the traffic on a VLAN interface.
LLDP Added features: Configuring the DCBX version.

• Release 2208P01 has the following command changes over Release 2208:

Added features:
• Enabling energy saving functions on an Ethernet interface.
Ethernet interfaces
• Setting the MDIX mode of an Ethernet interface.
• Testing the cable connection of an Ethernet interface.
• Release 2208 has the following command changes over Release 2108P02:

Added features:
• Restoring the default settings for the interface.
• Displaying the full description of an interface.
• Displaying traffic statistics for the specified interfaces.
• Displaying traffic rate statistics of interfaces in up state over the
last sampling interval.
• Displaying information about dropped packets on the
Ethernet interfaces specified interface or all interfaces.
• Configuring generic flow control on an Ethernet interface.
• Clearing the statistics of dropped packets on the specified
interfaces.
• Configuring the interface to log storm control threshold events.
• Configuring the interface to send storm control threshold event
traps.
Modified features: Duplex and rate configuration for 40GE ports.
Added features:
loopback and null interfaces • Restoring the default settings for the interface.
• Displaying the full description of an interface.
Bulk configuring interfaces N/A
Added features:
• Enabling MAC address synchronization globally.
• Assigning MAC learning priority to interfaces.
• Adding or modifying a multiport unicast MAC address entry.
MAC address table
• Configuring MAC address related functions in S-channel
interface view of EVB.
Modified features: Configuring blackhole MAC address table
entries.
MAC Information MAC Information is a newly added feature.
Added features:
• Restoring the default settings for the interface.
Ethernet link aggregation • Displaying the full description of an interface.
• Configuring the short LACP timeout interval (3 seconds) on the
interface.
Port isolation Modified features: Configuring port isolation.
Spanning tree protocols Added features: Enabling BPDU drop.

Loop detection loop detection is a newly added feature.
Added features:
• Setting the MTU for the VLAN interface.
VLANs • Restoring the default settings for the VLAN interface.
• Configuring port-based VLAN in S-channel interface view of
EVB.
QinQ QinQ is a newly added feature.
VLAN mapping VLAN mapping is a newly added feature.
LLDP LLDP is a newly added feature.
Service loopback groups Service loopback groups is a newly added feature.
Cut-through forwarding N/A
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic Italic text represents arguments that you replace with actual values.
[] Square brackets enclose syntax choices (keywords or arguments) that are optional.
Braces enclose a set of required syntax choices separated by vertical bars, from which
{ x | y | ... }
you select one.
Square brackets enclose a set of optional syntax choices separated by vertical bars, from
[ x | y | ... ]
which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by vertical
{ x | y | ... } *
bars, from which you select at least one.
Asterisk marked square brackets enclose optional syntax choices separated by vertical
[ x | y | ... ] *
bars, from which you select one choice, multiple choices, or none.
The argument or keyword and argument combination before the ampersand (&) sign can
&<1-n>
be entered 1 to n times.
# A line that starts with a pound (#) sign is comments.
GUI conventions
Window names, button names, field names, and menu items are in bold text. For
Boldface
example, the New User window appears; click OK.
> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.
Symbols
An alert that calls attention to important information that if not understood or followed can
WARNING result in personal injury.
An alert that calls attention to important information that if not understood or followed can
CAUTION result in data loss, data corruption, or damage to hardware or software.
IMPORTANT An alert that calls attention to essential information.
NOTE An alert that contains additional or supplementary information.
TIP An alert that provides helpful information.
Network topology icons
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports
Layer 2 forwarding and other Layer 2 features.
Port numbering in examples

The port numbers in this document are for illustration only and might be unavailable on your switch.
About the H3C S5830V2 & S5820V2

documentation set
The H3C S5830V2&S5820V2 documentation set includes:
Category Documents Purposes

Compliance and safety Provides regulatory information and the safety
manual instructions that must be followed during installation.
Installation quick start Provides basic installation instructions.
Provides a complete guide to hardware installation

Installation guide
and hardware specifications.
Hardware specifications
and installation Describes the appearance, specifications, and
Fan assemblies
installation and removal of hot-swappable fan
installation manual
assemblies.
Describes the appearance, specifications, and

Power modules user
installation and removal of hot-swappable power
manual
modules.
Describe software features and configuration

Software configuration Configuration guides
procedures.
Category Documents Purposes
Provide a quick reference to all available
Command references
commands.
Obtaining documentation
You can access the most up-to-date H3C product documentation on the World Wide Web
at http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents]—Provides hardware installation, software
upgrading, and software feature configuration and maintenance documentation.
[Products & Solutions]—Provides information about products and technologies.
[Technical Support & Documents > Software Download]—Provides the documentation released with the
software version.
Technical support
service@h3c.com
http://www.h3c.com
Documentation feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
Contents
Configuring Ethernet interfaces ··································································································································· 1

Configuring the management Ethernet interface ··········································································································· 1
Configuring Ethernet interfaces ······································································································································· 1
Ethernet interface naming conventions ·················································································································· 1
Configuring basic settings of an Ethernet interface ······························································································ 1
Splitting a 40-GE interface and combining 10-GE interfaces ············································································· 2
Configuring jumbo frame support ·························································································································· 3
Configuring physical state change suppression on an Ethernet interface·························································· 4
Performing a loopback test on an Ethernet interface····························································································5
Configuring generic flow control on an Ethernet interface ·················································································· 6
Configuring PFC on an Ethernet interface ············································································································· 7
Configuring storm suppression ······························································································································· 8
Configuring storm control on an Ethernet interface ······························································································ 9
Setting the statistics polling interval ····················································································································· 11
Enabling energy saving functions on an Ethernet interface ·············································································· 11
Setting the MDIX mode of an Ethernet interface ································································································ 12
Testing the cable connection of an Ethernet interface ······················································································· 13
Displaying and maintaining an Ethernet interface ···························································································· 13
Configuring loopback and null interfaces ················································································································ 14

Configuring a loopback interface ································································································································ 14
Configuring a null interface ·········································································································································· 14
Displaying and maintaining loopback and null interfaces ························································································ 15
Bulk configuring interfaces ········································································································································ 16

Configuration guidelines ··············································································································································· 16
Configuration procedure ··············································································································································· 16
Configuring the MAC address table ························································································································ 18

Overview········································································································································································· 18
How a MAC address entry is created ················································································································ 18
Types of MAC address entries ····························································································································· 18
Configuring the MAC address table ···························································································································· 19
Configuring MAC address entries ······················································································································· 19
Adding or modifying a blackhole MAC address entry ····················································································· 20
Adding or modifying a multiport unicast MAC address entry ········································································· 20
Disabling MAC address learning ························································································································ 22
Configuring the aging timer for dynamic MAC address entries ······································································ 23
Configuring the MAC learning limit on an interface ························································································· 23
Assigning MAC learning priority to an interface ······························································································· 24
Enabling MAC address synchronization ············································································································ 25
Displaying and maintaining the MAC address table ································································································· 26
MAC address table configuration example ················································································································ 27
Network requirements ··········································································································································· 27
Configuration procedure ······································································································································ 27
Verifying the configurations ································································································································· 27
Configuring MAC Information ·································································································································· 29

Configuration guidelines ··············································································································································· 29
Enabling MAC Information globally ···························································································································· 29
Enabling MAC Information on an interface ················································································································ 29
i
Configuring the MAC Information mode ····················································································································· 30
Configuring the MAC change sending interval ·········································································································· 30
Configuring the MAC Information queue length ········································································································ 30
MAC Information configuration example ···················································································································· 31
Configuring Ethernet link aggregation ····················································································································· 32

Basic concepts ································································································································································ 32
Aggregation group, member port, and aggregate interface ··········································································· 32
Aggregation states of member ports in an aggregation group ······································································· 32
Operational key ···················································································································································· 33
Configuration types ··············································································································································· 33
Link aggregation modes ······································································································································· 33
Aggregating links in static mode ·································································································································· 34
Choosing a reference port ··································································································································· 34
Setting the aggregation state of each member port ·························································································· 34
Aggregating links in dynamic mode ···························································································································· 35
LACP ······································································································································································· 35
How dynamic link aggregation works ················································································································ 36
Load sharing criteria for link aggregation groups······································································································ 39
Ethernet link aggregation configuration task list ········································································································· 39
Configuring an aggregation group ····························································································································· 39
Configuration guidelines ······································································································································ 39
Configuring a static aggregation group ············································································································· 40
Configuring a dynamic aggregation group ······································································································· 40
Configuring an aggregate interface ···························································································································· 41
Configuring the description of an aggregate interface ····················································································· 41
Specifying ignored VLANs on a Layer 2 aggregate interface ········································································· 42
Setting the minimum and maximum numbers of Selected ports for an aggregation group ·························· 42
Shutting down an aggregate interface ··············································································································· 43
Restoring the default settings for an aggregate interface ················································································· 44
Configuring load sharing for link aggregation groups ······························································································ 44
Configuring load sharing criteria for link aggregation groups ········································································ 44
Enabling local-first load sharing for link aggregation ······················································································· 45
Enabling link-aggregation traffic redirection ··············································································································· 46
Configuration restrictions and guidelines ··········································································································· 46
Displaying and maintaining Ethernet link aggregation ····························································································· 47
Ethernet link aggregation configuration examples ····································································································· 48
Static aggregation configuration example ········································································································· 48
Dynamic aggregation configuration example ··································································································· 49
Aggregation load sharing configuration example ···························································································· 51
Configuring port isolation·········································································································································· 55

Assigning ports to an isolation group ·························································································································· 55
Displaying and maintaining port isolation ·················································································································· 55
Port isolation configuration example···························································································································· 56
Verifying the configuration ··································································································································· 56
Configuring spanning tree protocols ························································································································ 58

STP ··················································································································································································· 58
STP protocol packets ············································································································································· 58
Basic concepts in STP············································································································································ 59
ii
Calculation process of the STP algorithm ··········································································································· 60
RSTP ················································································································································································· 64
MSTP················································································································································································ 65
MSTP features ························································································································································ 65
MSTP basic concepts ············································································································································ 65
How MSTP works ·················································································································································· 69
MSTP implementation on devices ························································································································ 70
Protocols and standards ················································································································································ 70
Spanning tree configuration task lists ·························································································································· 70
STP configuration task list ····································································································································· 71
RSTP configuration task list ··································································································································· 71
MSTP configuration task list ································································································································· 72
Setting the spanning tree mode ···································································································································· 73
Configuring an MST region ·········································································································································· 74
Configuring the root bridge or a secondary root bridge ·························································································· 74
Configuring the current device as the root bridge of a specific spanning tree ·············································· 75
Configuring the current device as a secondary root bridge of a specific spanning tree ······························ 75
Configuring the device priority ····································································································································· 75
Configuring the maximum hops of an MST region ···································································································· 76
Configuring the network diameter of a switched network························································································· 76
Configuring spanning tree timers ································································································································· 77
Configuring the timeout factor ······································································································································ 78
Configuring the BPDU transmission rate ······················································································································ 78
Configuring edge ports ················································································································································· 79
Configuring path costs of ports ···································································································································· 80
Specifying a standard for the device to use when it calculates the default path cost ··································· 80
Configuring path costs of ports ···························································································································· 82
Configuration example ········································································································································· 83
Configuring the port priority ········································································································································· 83
Configuring the port link type ······································································································································· 83
Configuring the mode a port uses to recognize and send MSTP packets ······························································· 84
Enabling outputting port state transition information·································································································· 85
Enabling the spanning tree feature ······························································································································ 85
Performing mCheck ························································································································································ 86
Configuring Digest Snooping ······································································································································· 86
Digest Snooping configuration example············································································································· 88
Configuring No Agreement Check ······························································································································ 88
Configuration prerequisites ·································································································································· 89
No Agreement Check configuration example···································································································· 90
Configuring protection functions ·································································································································· 90
Enabling BPDU guard ··········································································································································· 91
Enabling root guard ·············································································································································· 91
Enabling loop guard ············································································································································· 92
iii
Configuring port role restriction ··························································································································· 92
Configuring TC-BPDU transmission restriction ···································································································· 93
Enabling TC-BPDU guard······································································································································ 93
Enabling BPDU drop ············································································································································· 94
Displaying and maintaining the spanning tree ··········································································································· 94
Spanning tree configuration example·························································································································· 95
Configuring loop detection····································································································································· 100

Overview······································································································································································· 100
Loop detection mechanism ································································································································· 100
Loop detection interval ········································································································································ 101
Loop protection actions ······································································································································· 101
Port status auto recovery ····································································································································· 102
Loop detection configuration task list ························································································································· 102
Enabling loop detection ·············································································································································· 102
Enabling loop detection globally ······················································································································· 102
Enabling loop detection on a port ····················································································································· 102
Configuring the loop protection action ······················································································································ 103
Configuring the global loop protection action ································································································· 103
Configuring the loop protection action on an Ethernet interface ··································································· 103
Configuring the loop protection action on an aggregate interface ······························································· 103
Setting the loop detection interval ······························································································································ 104
Displaying and maintaining loop detection ·············································································································· 104
Loop detection configuration example······················································································································· 104
Network requirements ········································································································································· 104
Configuration procedure ···································································································································· 105
Verifying the configuration ································································································································· 106
Configuring VLANs ················································································································································· 107

Overview······································································································································································· 107
VLAN frame encapsulation ································································································································ 107
Protocols and standards ····································································································································· 108
Configuring basic VLAN settings································································································································ 108
Configuring basic settings of a VLAN interface ······································································································· 109
Configuring port-based VLANs ··································································································································· 110
Introduction to port-based VLAN ······················································································································· 110
Assigning an access port to a VLAN ················································································································ 111
Assigning a trunk port to a VLAN······················································································································ 112
Assigning a hybrid port to a VLAN ··················································································································· 113
Displaying and maintaining VLANs ··························································································································· 114
Port-based VLAN configuration example··················································································································· 115
Verifying the configuration ································································································································· 116
Configuring QinQ ··················································································································································· 117

Overview······································································································································································· 117
How QinQ works ················································································································································ 117
Implementations of QinQ ··································································································································· 119
Restrictions and guidelines ·········································································································································· 119
Configuring QinQ features ········································································································································· 119
Enabling QinQ ···················································································································································· 119
Configuring transparent transmission for VLANs ····························································································· 120
iv
Configuring the TPID for VLAN tags ·························································································································· 120
Configuring the CVLAN TPID ····························································································································· 121
Configuring the SVLAN TPID······························································································································ 121
Setting the 802.1p priority in SVLAN tags ··············································································································· 121
Displaying and maintaining QinQ ···························································································································· 122
QinQ configuration example······································································································································ 123
VLAN transparent transmission configuration example ··························································································· 125
Configuring VLAN mapping ·································································································································· 128

Overview······································································································································································· 128
Application scenario of one-to-one and many-to-one VLAN mapping ·························································· 128
Application scenario of one-to-two and two-to-two VLAN mapping ······························································ 130
VLAN mapping implementations ······················································································································· 130
VLAN mapping configuration task list ······················································································································· 133
Configuring one-to-one VLAN mapping ···················································································································· 133
Configuring many-to-one VLAN mapping ················································································································· 134
Configuration task list ········································································································································· 134
Enabling DHCP snooping ··································································································································· 134
Enabling ARP detection ······································································································································ 135
Configuring the customer-side port ···················································································································· 135
Configuring the network-side port ····················································································································· 136
Configuring one-to-two VLAN mapping ···················································································································· 136
Configuring two-to-two VLAN mapping····················································································································· 137
Displaying and maintaining VLAN mapping ············································································································ 138
VLAN mapping configuration examples ··················································································································· 138
One-to-one and many-to-one VLAN mapping configuration example ··························································· 138
One-to-two and two-to-two VLAN mapping configuration example ······························································ 142
Configuring LLDP ····················································································································································· 146

Overview······································································································································································· 146
Basic concepts ····················································································································································· 146
Work mechanism ················································································································································ 151
LLDP configuration task list ·········································································································································· 152
Performing basic LLDP configuration ·························································································································· 152
Enabling LLDP ······················································································································································ 152
Setting the LLDP operating mode ······················································································································· 153
Setting the LLDP re-initialization delay ·············································································································· 153
Enabling LLDP polling·········································································································································· 153
Configuring the advertisable TLVs ····················································································································· 154
Configuring the management address and its encoding format ···································································· 154
Setting other LLDP parameters ···························································································································· 155
Setting an encapsulation format for LLDPDUs ·································································································· 156
Configuring CDP compatibility ··································································································································· 156
Configuration prerequisites ································································································································ 157
Configuring DCBX························································································································································ 157
DCBX configuration task list ······························································································································· 158
Enabling LLDP and DCBX TLV advertising ········································································································ 158
Configuring APP parameters ······························································································································ 159
Configuring ETS parameters ······························································································································ 161
v
Configuring PFC parameters ······························································································································ 162
Configuring the DCBX version ··························································································································· 163
Configuring LLDP trapping and LLDP-MED trapping ································································································ 164
Displaying and maintaining LLDP ······························································································································· 164
Basic LLDP configuration example ······························································································································ 165
DCBX configuration example······································································································································ 167
Configuring service loopback groups ··················································································································· 173

Configuration procedure ············································································································································· 173
Displaying and maintaining service loopback groups····························································································· 173
Service loopback group configuration example······································································································· 174
Configuring cut-through forwarding ······················································································································ 175

Index ········································································································································································ 176
vi
Configuring Ethernet interfaces
The switch series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and
USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the
installation guide.
This chapter describes how to configure management Ethernet interfaces and Ethernet interfaces.
Configuring the management Ethernet interface

The switch provides one management Ethernet interface. This interface uses an RJ-45 connector. You can
connect it to a PC for software loading and system debugging or connect it to a remote NMS for remote
system management.
To configure the management Ethernet interface:
Step Command Remarks

1. Enter system view. system-view N/A
2. Enter management interface M-GigabitEthernet
N/A
Ethernet interface view. interface-number
3. (Optional) Change the
The default setting is
description of the description text
M-GigabitEthernet0/0/0 Interface.
interface.
4. (Optional) Shut down the By default, the management Ethernet
shutdown
interface. interface is up.
Configuring Ethernet interfaces

Ethernet interface naming conventions
The Ethernet interfaces are named in the format of interface type A/B/C. The letters that follow the
interface type represent the following elements:
• A—IRF member ID. If the switch is not in an IRF fabric, A is 1 by default.
• B—Card slot number. B is always 0, which indicates the interface is a fixed interface of the switch.
• C—Port index.
A 10-GE interface split from a 40-GE interface are named in the format of interface type A/B/C:D,
where A/B/C is the interface number of the 40-GE interface and D is the number of the 10-GE interface,
which is in the range of 1 to 4. For how a 40-GE interface is split, see "Splitting a 40-GE interface and
combining 10-GE interfaces."
Configuring basic settings of an Ethernet interface

To configure an Ethernet interface:
1
2. Enter Ethernet interface interface interface-type
N/A
view. interface-number
The default setting is in the format of

3. Set the interface
description text interface-name Interface. For example,
description.
Ten-GigabitEthernet1/0/1 Interface.
The default setting is auto.

4. Set the duplex mode of
duplex { auto | full | half } The half keyword is not available for fiber
the interface.
ports and 1/10 Gbps copper ports.
speed { 10 | 100 | 1000 |

5. Set the port speed. The default setting is auto.
10000 | 40000 | auto }
6. Restore the default
settings for the Ethernet default N/A
interface.
7. Bring up the Ethernet
undo shutdown By default, an Ethernet interface is up.
interface.
Splitting a 40-GE interface and combining 10-GE interfaces

Splitting a 40-GE interface into four 10-GE interfaces
You can use a 40-GE interface as a single interface. To improve port density, reduce costs, and improve
network flexibility, you can also split a 40-GE interface into four 10-GE interfaces. For example, you can
split a 40-GE interface FortyGigE 1/0/49 into four 10-GE interfaces Ten-GigabitEthernet 1/0/49:1
through Ten-GigabitEthernet 1/0/49:4.
To split a 40-GE interface into four 10-GE interfaces:

2. Enter 40-GE interface
interface interface-type interface-number N/A
view.
By default, a 40-GE interface is

used as a single interface and not
split.
The 10-GE interfaces split from a
40-GE interface support the same
configuration and attributes as
3. Split the 40-GE
common 10-GE interfaces,
interface into four using tengige
except that they are numbered
10-GE interfaces.
differently.
A 40-GE interface split into four
10-GE interfaces must use a
dedicated 1-to-4 cable. For more
information about such cables,
see the related documents.
2
After creating the four 10-GE
4. Reboot the device. N/A interfaces, the system removes the
40-GE interface.
Combining four 10-GE interfaces into a 40-GE interface

If you need higher bandwidth, you can combine the four split 10-GE interfaces into a 40-GE interface.
To combine four 10-GE interfaces into a 40-GE interface:

2. Enter the view of any
10-GE interface split interface interface-type interface-number N/A
from a 40-GE interface.
By default, 10-GE interfaces split

from a 40-GE interface are used
single interfaces and not
combined.
3. Combine the four
10-GE interfaces into a using fortygige After you combine the four 10-GE
40-GE interface. interfaces, you must replace the
dedicated 1-to-4 cable with a
dedicated 1-to-1 cable. For more
information about such cables,
see the related documents.
After creating the 40-GE

4. Reboot the device. N/A interface, the system removes the
four 10-GE interfaces.
Configuring jumbo frame support

An Ethernet interface might receive some frames larger than the standard Ethernet frame size (called
"jumbo frames") during high-throughput data exchanges such as file transfers. Usually, an Ethernet
interface discards jumbo frames. With jumbo frame support enabled, the interface can process jumbo
frames within the specified range.
To configure jumbo frame support in interface view:

N/A
3
By default, the device allows jumbo

frames within 10000 bytes to pass
3. Configure jumbo frame through all Ethernet interfaces.
jumboframe enable [ value ]
support. If you set the value argument multiple
times, the latest configuration takes
effect.
Configuring physical state change suppression on an Ethernet

interface
The physical link state of an Ethernet interface is either up or down. Each time the physical link of a port
goes up or comes down, the interface immediately reports the change to the CPU, which notifies the
upper-layer protocol modules (such as routing and forwarding modules) of the change for guiding
packet forwarding, and automatically generates traps and logs, informing the user to take
corresponding actions.
To prevent frequent physical link flapping from affecting system performance, configure physical state
change suppression to suppress the reporting of physical link state changes. The system reports physical
layer changes only when the suppression interval expires.
When you configure physical state suppression on an Ethernet interface, follow these guidelines:
• On a port, if you execute the link-delay command and the link-delay mode command multiple
times, the latest configuration takes effect.
• Do not configure the physical state change suppression interval on a port with MSTP enabled.
To configure physical state change suppression on an Ethernet interface:

2. Enter Ethernet interface interface-type
N/A
interface view. interface-number
By default, each time the physical link of a port

comes down, the interface immediately reports the
change to the CPU.
3. Set the link-down When this command is configured:
event suppression link-delay delay-time • The link-down event is not reported to the CPU
interval. until the interface is still down when the
suppression interval (delay-time) expires.
• The link-up event is immediately reported when
the interface goes up.
4
goes up, the interface immediately reports the
change to the CPU.
4. Set the link-up event link-delay delay-time mode When this command is configured:
suppression interval. up • The link-up event is not reported to the CPU until
the interface is still up when the suppression
interval (delay-time) expires.
• The link-down event is immediately reported.
goes up or comes down, the interface immediately
5. Set the link-updown reports the change to the CPU.
link-delay delay-time mode
event suppression When this command is configured, the link-up or
updown
interval. link-down event is not reported to the CPU until the
interface is still up or down when the suppression
interval (delay-time) expires.
Performing a loopback test on an Ethernet interface

If an Ethernet interface does not work correctly, you can perform a loopback test on it to identify the
problem. An Ethernet interface in a loopback test does not forward data traffic.
Loopback tests include the following types:
• Internal loopback test—Tests all on-chip functions related to Ethernet interfaces.
• External loopback test—Tests hardware of Ethernet interfaces. To perform an external loopback test
on an Ethernet interface, connect a loopback plug to the Ethernet interface. The device sends test
packets out the interface, which are expected to loop over the plug and back to the interface. If the
interface fails to receive any test packets, the hardware of the interface is faulty.
When you perform a loopback test on an Ethernet interface, follow these guidelines:
• On an interface that is physically down (displayed as DOWN in the interface status output), you can
only perform an internal loopback test. On an Ethernet interface administratively shut down
(displayed as ADM or Administratively DOWN in the interface status output), you cannot perform
an internal or external loopback test.
• The speed, duplex, and shutdown commands are not available during a loopback test.
• During a loopback test, the Ethernet interface operates in full duplex mode. When a loopback test
is complete, the port returns to its duplex setting.
To perform a loopback test on an Ethernet interface:

interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
By default, no loopback test is

3. Perform a loopback test. loopback { external | internal }
performed.
5
Configuring generic flow control on an Ethernet interface
To avoid packet drops on a link, you can enable generic flow control at both ends of the link. When
traffic congestion occurs at the receiving end, the receiving end sends a flow control (Pause) frame to ask
the sending end to suspend sending packets.
• With TxRx mode generic flow control enabled, an interface can both send and receive flow control
frames. When congestion occurs, the interface sends a flow control frame to its peer. When the
interface receives a flow control frame from the peer, it suspends sending packets.
• With Rx flow mode generic control enabled, an interface can receive, but cannot send flow control
frames. When the interface receives a flow control frame from its peer, it suspends sending packets
to the peer. When congestion occurs, the interface cannot send flow control frames to the peer.
In Figure 1, when both Port A and Port B forward packets at 1000 Mbps, Port C is congested. To avoid
packet loss, enable flow control on Port A and Port B.
Figure 1 Flow control application scenario
Port A Port B Port C Port D
1000Mbps 1000Mbps 100Mbps 100Mbps
Switch A Switch B Switch C
Configure Port B to operate in TxRx mode and Port A to operate in Rx mode:

• When congestion occurs on Port C, Switch B buffers frames. When the amount of buffered frames
exceeds a certain value, Switch B sends a common pause frame out of Port B to ask Port A to
suspend sending packets. This pause frame also tells Port A for how long it is expected to pause.
• Upon receiving the common pause frame from Port B, Port A suspends sending packets to Port B for
a period.
• If congestion persists, Port B keeps sending common pause frames to Port A until the congestion
condition is removed.
To handle unidirectional traffic congestion on a link, configure the flow-control receive enable command
at one end and the flow-control command at the other end. To enable both ends of a link to handle traffic
congestion, configure the flow-control command at both ends.
To enable generic flow control on an Ethernet interface:

N/A
• Enable TxRx mode generic
flow control:
Use one of the commands.
flow-control
3. Enable generic flow control. By default, generic flow control is
• Enable Rx mode generic flow
disabled on an Ethernet interface.
control:
flow-control receive enable
6
Configuring PFC on an Ethernet interface
PFC performs flow control based on 802.1p priorities. With PFC enabled, an interface requires its peer
to suspend sending packets with certain 802.1p priorities when congestion occurs. By decreasing the
transmission rate, PFC helps avoid packet loss.
You can enable PFC for certain 802.1p priorities at the two ends of a link. When network congestion
occurs, the local device checks the PFC status for the 802.1p priority carried in each arriving packet.
• If PFC is enabled for the 802.1p priority, the local device accepts the packet and sends a PFC pause
frame to the peer. The peer stops sending packets carrying this 802.1p priority for an interval as
specified in the PFC pause frame. This process repeats until the congestion is removed.
• If PFC is disabled for the 802.1p priority, the local port drops the packet.
Each local precedence value corresponds to a queue. The 802.1p-to-local priority mapping is as shown
in Table 1. You can modify the 802.1p-to-local priority mapping table with the qos map-table dot1p-lp
and import import-value-list export export-value commands. For more information about the two
commands, see ACL and QoS Command Reference.
Table 1 The default 802.1p-to-local priority mapping table
802.1p priority Local precedence value

0 2
1 0
2 1
3 3
4 4
5 5
6 6
7 7
When you configure PFC on an Ethernet interface, follow these guidelines:

• Perform the same PFC configuration on all ports that traffic travels through.
• In order that PFC can perform traffic control based on the 802.1p priorities carried in packets, in
addition to configuring the priority-flow-control and priority-flow-control no-drop dot1p
commands on ports, you must use the qos trust dot1p command to configure these ports to trust the
802.1p priorities carried in packets. For more information about the qos trust dot1p command, see
ACL and QoS Command Reference. For more information about the 802.1p priority, priority trust
mode, and port priority, see ACL and QoS Configuration Guide.
• A port can receive PFC pause frames regardless of whether PFC is enabled on the port. However,
only a port with PFC enabled can process PFC pause frames. Therefore, to make PFC take effect,
make sure that PFC is enabled on both the local end and the peer end.
• The relationship between the PFC function and the generic flow control function is shown in Table
2.
7
Table 2 The relationship between the PFC function and the generic flow control function
flow-contro priority-flow-c priority-flow-contro

Remarks
l ontrol enable l no-drop dot1p
You cannot enable flow control by using the
Unconfigura flow-control command on a port where PFC is
Configured Configured
ble enabled and PFC is enabled for the specified
802.1p priority values.
• On a port configured with the flow-control
command, you can enable PFC, but cannot
enable PFC for specific 802.1p priorities.
• Enabling both generic flow control and PFC
Configured Configurable Unconfigurable
disables a port from sending common or PFC
pause frames to inform its peer of congestion
conditions. However, the port can still handle
common and PFC pause frames from its peer.
To configure PFC on an Ethernet interface:

interface-number
3. Enable PFC on the interface
priority-flow-control { auto |
through automatic negotiation By default, PFC is disabled.
enable }
or forcibly.
4. Enable PFC for specific priority-flow-control no-drop By default, PFC is disabled for all
802.1p priorities. dot1p dot1p-list 802.1p priorities.
By default, Ethernet interfaces do

not trust the priorities carried in
5. Configure the interface to use
incoming packets, and the switch
the 802.1p priorities carried in qos trust dot1p
uses the port priority of packet
packets for priority mapping.
receiving ports as the 802.1p
priorities of incoming packets.
Configuring storm suppression

You can use the storm suppression function to limit the size of a particular type of traffic (broadcast,
multicast, or unknown unicast traffic) on an interface. When the broadcast, multicast, or unknown unicast
traffic on the interface exceeds this threshold, the system discards packets until the traffic drops below this
threshold.
Either of the storm-constrain, broadcast-suppression, multicast-suppression, and unicast-suppression
can suppress storm on a port. The storm-constrain command uses software to suppress traffic, and affects
the device performance to a certain extent. The broadcast-suppression, multicast-suppression, and
unicast-suppression commands use the chip to physical suppress traffic, and have less influence on the
device performance compared with the storm-constrain command. On the same type of traffic, do not
configure the storm constrain command and either of the broadcast-suppression, multicast-suppression,
and unicast-suppression commands. Otherwise, the traffic suppression result is not determined. For more
8
information about the storm-constrain command, see "Configuring storm control on an Ethernet
interface."
When you configure storm suppression, follow these guidelines:
• When you configure the suppression threshold in kbps, the device might convert the configured
value into a multiple of a certain step supported by the chip. As a result, the actual suppression
threshold might be different from the configured one. To determine the suppression threshold that
takes effect, see the prompts on the device. To see the configured suppression threshold, use the
display interface command.
• If you configure two or more types of storm suppression thresholds on the same port, for example,
broadcast suppression threshold and multicast storm suppression threshold, do not use pps together
with kbps or ratio.
• If you configure multiple suppression thresholds in Ethernet interface view, the latest configuration
takes effect.
To set storm suppression thresholds on one or multiple Ethernet interfaces:

interface-number
3. Enable broadcast suppression By default, broadcast traffic is
broadcast-suppression { ratio |
and set the broadcast allowed to pass through an
pps max-pps | kbps max-kbps }
suppression threshold. interface.
4. Enable multicast suppression By default, multicast traffic is
multicast-suppression { ratio | pps
and set the multicast allowed to pass through an
max-pps | kbps max-kbps }
suppression threshold. interface.
5. Enable unknown unicast
By default, unknown unicast traffic
suppression and set the unicast-suppression { ratio | pps
is allowed to pass through an
unknown unicast suppression max-pps | kbps max-kbps }
interface.
threshold.
Configuring storm control on an Ethernet interface

About storm control
Storm control compares broadcast, multicast, and unknown unicast traffic regularly with their respective
traffic thresholds on an Ethernet interface. For each type of traffic, storm control provides a lower
threshold and a higher threshold.
For management purposes, you can configure the interface to output threshold event traps and log
messages when monitored traffic exceeds the upper threshold or falls below the lower threshold from the
upper threshold.
Depending on your configuration, when a particular type of traffic exceeds its upper threshold, the
interface does either of the following:
• Blocks this type of traffic, while forwarding other types of traffic—Even though the interface does
not forward the blocked traffic, it still counts the traffic. When the blocked traffic drops below the
lower threshold, the port begins to forward the traffic.
9
• Shuts down automatically—The interface shuts down automatically and stops forwarding any
traffic. When the blocked traffic is detected dropping below the lower threshold, the port does not
forward the traffic. To bring up the interface, use the undo shutdown command or disable the storm
control function.
Any of the storm-constrain, broadcast-suppression, multicast-suppression, and unicast-suppression
commands can suppress storm on a port. The broadcast-suppression, multicast-suppression, and
unicast-suppression commands suppress traffic in hardware, and have less impact on device
performance than the storm-constrain command, which performs suppression in software.
Storm control uses a complete polling cycle to collect traffic data, and analyzes the data in the next cycle.
An interface takes one to two polling intervals to take a storm control action.
Configuration guidelines
For the same type of traffic, do not configure the storm constrain command together with any of the
broadcast-suppression, multicast-suppression, and unicast-suppression commands. Otherwise, the
traffic suppression result is not determined. For more information about the broadcast-suppression,
multicast-suppression, and unicast-suppression commands, see "Configuring storm suppression."
Configuration procedure
To configure storm control on an Ethernet interface:

The default setting is 10 seconds.

2. (Optional.) Set the traffic
polling interval of the storm storm-constrain interval seconds For network stability, use the
control module. default or set a higher traffic
polling interval (10 seconds).
interface-number
4. (Optional.) Enable storm
storm-constrain { broadcast |
control, and set the lower and
multicast | unicast } { pps | kbps | By default, storm control is
upper thresholds for
ratio } max-pps-values disabled.
broadcast, multicast, or
min-pps-values
unknown unicast traffic.
5. Set the control action to take
storm-constrain control { block | By default, storm control is
when monitored traffic
shutdown } disabled.
exceeds the upper threshold.
By default, the interface outputs log

6. (Optional.) Enable the messages when monitored traffic
interface to log storm control storm-constrain enable log exceeds the upper threshold or
threshold events. falls below the lower threshold
from the upper threshold.
By default, the interface sends

7. (Optional.) Enable the traps when monitored traffic
interface to send storm control storm-constrain enable trap exceeds the upper threshold or
threshold event traps. drops below the lower threshold
from the upper threshold.
10
Setting the statistics polling interval
To set the statistics polling interval globally or on an Ethernet interface:

2. Enter Ethernet interface
view.
3. Set the statistics polling The default setting is 300
flow-interval interval
interval. seconds.
To display the interface statistics collected in the last polling interval, use the display interface command.
To clear interface statistics, use the reset counters interface command.
Enabling energy saving functions on an Ethernet interface

Enabling auto power-down on an Ethernet interface
IMPORTANT:
Fiber ports do not support this feature.
With the auto power-down function, if an interface has been down for a certain period of time, the device
automatically stops supplying power to the interface, and the interface enters the power save mode. The
time period depends on the chip specifications and is not configurable. When the interface goes up, the
device automatically restores power supply to the interface and the interface enters its normal state.
To enable auto power-down on an Ethernet interface:

interface-number
By default, auto power-down is

3. Enable auto power-down. port auto-power-down
disabled.
Enabling EEE energy saving for Ethernet interfaces in up state
NOTE:
Fiber ports do not support this feature.
With the Energy Efficient Ethernet (EEE) energy saving function, a link-up port enters the low power state
if it has not received any packet for a certain period of time. The time period depends on the chip
specifications and is not configurable. When a packet arrives later, the device automatically restores
power supply to the interface and the port enters the normal state.
To enable EEE energy saving:
11
view.
By default, EEE energy saving

3. Enable EEE energy saving. eee enable
is disabled.
Setting the MDIX mode of an Ethernet interface

IMPORTANT:
Fiber ports do not support the MDIX mode setting.
A physical Ethernet interface comprises eight pins, each of which plays a dedicated role. For example,
pins 1 and 2 transmit signals, and pins 3 and 6 receive signals. You can use both crossover and
straight-through Ethernet cables to connect copper Ethernet interfaces. To accommodate these types of
cables, a copper Ethernet interface can operate in one of the following Medium Dependent
Interface-Crossover (MDIX) modes:
• MDIX mode—Pins 1 and 2 are receive pins and pins 3 and 6 are transmit pins.
• MDI mode—Pins 1 and 2 are transmit pins and pins 3 and 6 are receive pins.
• AutoMDIX mode—The interface negotiates pin roles with its peer.
To enable the interface to communicate with its peer, set the MDIX mode of the interface mode by using
the following guidelines:
• Generally, set the MDIX mode of the interface to AutoMDIX. Set the MDIX mode of the interface to
MDI or MDIX only when the device cannot determine the cable type.
• When a straight-through cable is used, set the interface to operate in the MDIX mode different than
its peer.
• When a crossover cable is used, set the interface to operate in the same MDIX mode as its peer, or
set either end to operate in AutoMDIX mode.
To set the MDIX mode of an Ethernet interface:

interface-number
By default, a copper Ethernet

3. Set the MDIX mode of the mdix-mode { automdix | mdi |
interface operates in auto mode to
Ethernet interface. mdix }
negotiate pin roles with its peer.
12
Testing the cable connection of an Ethernet interface
IMPORTANT:
• If the link of an Ethernet port is up, testing its cable connection will cause the link to come down and then
go up.
• Fiber ports do not support this feature.
This feature tests the cable connection of an Ethernet interface and displays cable test results within 5
seconds. The test results include the cable's status and some physical parameters. If any fault is detected,
the test results include the length of the faulty cable segment.
To test the cable connection of an Ethernet interface:
Step Command
1. Enter system view. system-view
2. Enter Ethernet interface view. interface interface-type interface-number
3. Test the cable connected to the Ethernet interface. virtual-cable-test
Displaying and maintaining an Ethernet interface

Perform display commands in any view and reset commands in user view.
Step Command
display counters { inbound | outbound } interface [ interface-type
Display interface traffic statistics.
[ interface-number ] ]
Display traffic rate statistics of interfaces in display counters rate { inbound | outbound } interface
up state over the last sampling interval. [ interface-type [ interface-number ] ]
Display the operational and status

information of the specified interface or all display interface [ interface-type [ interface-number ] ]
interfaces.
Display summary information about of the

display interface [ interface-type [ interface-number ] ] brief
specified interface or all interfaces.
Display information about dropped

display packet-drop { interface [ interface-type
packets on the specified interface or all
[ interface-number ] ] | summary }
interfaces.
Display information about storm control display storm-constrain [ broadcast | multicast | unicast ]
on the specified interface or all interfaces. [ interface interface-type interface-number ]
Clear the interface statistics. reset counters interface [ interface-type [ interface-number ] ]
Clear the statistics of dropped packets on

reset packet-drop interface [ interface-type [ interface-number ] ]
the specified interfaces.
13
Configuring loopback and null interfaces
This chapter describes how to configure a loopback interface and a null interface.
Configuring a loopback interface

A loopback interface is a virtual interface. The physical layer state and link layer protocols of a loopback
interface are always up unless the loopback interface is manually shut down. Because of this benefit,
loopback interfaces are widely used in the following scenarios:
• Configuring a loopback interface address as the source address of the IP packets that the device
generates—Because loopback interface addresses are stable unicast addresses, they are usually
used as device identifications. When you configure a rule on an authentication or security server to
permit or deny packets that a device generates, you can simplify the rule by configuring it to permit
or deny packets carrying the loopback interface address that identifies the device. When you use
a loopback interface address as the source address of IP packets, make sure the route from the
loopback interface to the peer is reachable by performing routing configuration. All data packets
sent to the loopback interface are considered packets sent to the device itself, so the device does not
forward these packets.
• Using a loopback interface in dynamic routing protocols—With no router ID configured for a
dynamic routing protocol, the system selects highest loopback interface IP address selected as the
router ID. In BGP, to avoid interruption of BGP sessions due to physical port failure, you can use a
loopback interface as the source interface of BGP packets.
To configure a loopback interface:

2. Create a loopback interface
interface loopback
and enter loopback interface N/A
interface-number
view.
The default setting is interface name

3. Set the interface description. description text Interface (for example, LoopBack1
Interface).
4. Restore the default settings for
default N/A
the loopback interface.
5. Bring up the loopback
undo shutdown By default, a loopback interface is up.
interface.
Configuring a null interface

A null interface is a virtual interface and is always up, but you can neither use it to forward data packets
nor can you configure it with an IP address or link layer protocol. The null interface provides a simpler
way to filter packets than ACL. You can filter undesired traffic by transmitting it to a null interface instead
14
of applying an ACL. For example, if you specify a null interface as the next hop of a static route to a
specific network segment, any packets routed to the network segment are dropped.
To configure a null interface:

Interface Null 0 is the default null

interface on the device and cannot
be manually created or removed.
2. Enter null interface view. interface null 0
Only one null interface, Null 0, is
supported on the device. The null
interface number is fixed at 0.
The default setting is NULL 0

3. Set the interface description. description text
Interface.
4. Restore the default settings for
default N/A
the null interface.
Displaying and maintaining loopback and null

interfaces
Execute display commands in any view and reset commands in user view.
Task Command
Display information about the specified or all display interface [ loopback [ interface-number ] ] [ brief
loopback interfaces. [ description ] ]
Display information about the null interface. display interface [ null [ 0 ] ] [ brief [ description ] ]
Clear the statistics on the specified or all loopback

reset counters interface loopback [ interface-number ]
interfaces.
Clear the statistics on the null interface. reset counters interface [ null [ 0 ] ]
15
Bulk configuring interfaces
You can enter interface range view to bulk configure multiple interfaces with the same feature instead of
configuring them one by one. For example, you can execute the shutdown command in interface range
view to shut down a range of interfaces.
Failure to apply a command on one member interface does not affect the application of the command
on the other member interfaces. If applying a command on one member interface fails, the system
displays an error message and continues with the next member interface.
When you bulk configure interfaces in interface range view, follow these restrictions and guidelines:
• In interface range view, only the commands supported by the first interface are available. The first
interface is specified with the interface range command.
• Do not assign an aggregate interface and any of its member interfaces to an interface range at the
same time. Some commands, after being executed on both an aggregate interface and its member
interfaces, can break up the aggregation.
• No limit is set on the maximum number of interfaces in an interface range. The more interfaces in
an interface range, the longer the command execution time.
• The maximum number of interface range names is only limited by the system resources. To
guarantee bulk interface configuration performance, H3C recommends that you configure fewer
than 1000 interface range names.
• interface range { interface-type
interface-number [ to
Use either command.
interface-type
interface-number ] } &<1-5> By using the interface range name
2. Enter interface range command, you assign a name to an
view. • interface range name name
interface range and can specify this
[ interface { interface-type
name rather than the interface range to
interface-number [ to
enter the interface range view.
interface-type
interface-number ] } &<1-5> ]
3. (Optional.) Display
commands available for Enter a question mark (?) at the
N/A
the first interface in the interface range prompt.
interface range.
4. Use available
Available commands vary by
commands to configure N/A
interface.
the interfaces.
16
5. (Optional.) Verify the

display this N/A
configuration.
17
Configuring the MAC address table
Overview
An Ethernet device uses a MAC address table to forward frames. A MAC address entry contains a
destination MAC address, an outgoing interface, and a VLAN ID. Upon receiving a frame, the device
uses the destination MAC address of the frame to look for a match in the MAC address table. If a match
is found, the device forwards the frame out of the outgoing interface in the matching entry. If no match
is found, the device floods the frame to all interfaces on the same VLAN as the incoming interface.
How a MAC address entry is created

The entries in the MAC address table originate from two sources: automatically learned by the device
and manually added by the administrator.
MAC address learning

The device can automatically populate its MAC address table by learning the source MAC addresses of
incoming frames on each interface.
When a frame arrives at an interface (for example, Port A), the device performs the following tasks:
1. Checks the source MAC address (for example, MAC-SOURCE) of the frame.
2. Looks up the source MAC address in the MAC address table.
{ If an entry is found, the device updates the entry.
{ If no entry is found, the device adds an entry for MAC-SOURCE and Port A.
3. When the device receives a frame destined for MAC-SOURCE after learning this source MAC
address, the device finds the MAC-SOURCE entry in the MAC address table and forwards the
frame out of Port A.
The device performs the learning process each time it receives a frame from an unknown source MAC
address until the MAC address table is fully populated.
Manually configuring MAC address entries

With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate
frames, which can invite security hazards. For example, when an illegal user sends frames with a forged
source MAC address to an interface different from the one where the real MAC address is connected, the
device creates an entry for the forged MAC address, and forwards frames destined for the legal user to
the illegal user instead.
To improve interface security and prevent illegal users from stealing data, you can manually add MAC
address entries to the MAC address table of the device to bind specific user devices to the interface.
Types of MAC address entries

A MAC address table can contain the following types of entries:
18
• Static entries—Static entries are manually added in order to forward frames with a specific
destination MAC address out of their associated interfaces and never age out.
• Dynamic entries—Dynamic entries can be manually configured or dynamically learned in order to
forward frames with a specific destination MAC address out of their associated interfaces and
might age out.
• Blackhole entries—Blackhole entries are manually configured and never age out. Blackhole entries
are configured for filtering out frames with a specific source or destination MAC address. For
example, to block all frames destined for a specific user for security concerns, you can configure the
MAC address of this user as a blackhole MAC address entry.
• Multiport unicast entries—Multiport unicast entries are manually added in order to send frames
with a specific destination MAC address out of multiple ports and never age out.
A static, blackhole, or multiport unicast MAC address entry can overwrite a dynamic MAC address entry,
but not vice versa.
To adapt to network changes and prevent inactive entries from occupying table space, the system uses an
aging mechanism for dynamic MAC address entries. Each time a dynamic MAC address entry is learned
or created, an aging time starts. If the entry has not updated when the aging timer expires, the device
deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.
Configuring the MAC address table

The configuration tasks discussed in the following sections are all optional and can be performed in any
order.
This document covers only the configuration of unicast MAC address entries, including static, dynamic,
blackhole, and multiport unicast MAC address entries. For information about configuring static multicast
MAC address entries, see IP Multicast Configuration Guide.
Configuring MAC address entries

• A manually configured static MAC address entry has higher priority than an automatically learned
one. If a packet with such a source MAC address enters the device on a different interface from that
in the static MAC address entry, it is dropped.
• A manually configured multiport unicast MAC address entry has higher priority than an
automatically learned one. If a packet with such a source MAC address enters the device, it is
dropped.
• A manually configured dynamic MAC address entry has the same priority as an automatically
learned one. If a packet with such a source MAC address enters the device on a different interface
from that in the static MAC address entry, the device learns a new MAC address entry and uses the
learned one to overwrite the manually configured dynamic MAC address entry.
• When you configure a dynamic MAC address entry, if an automatically learned MAC address
entry with the same MAC address but a different outgoing interface already exists in the MAC
address table, the manually configured one overwrites the automatically learned MAC address
entry.
• The manually configured static, blackhole, and multiport unicast MAC address entries cannot
survive a reboot if you do not save the configuration. The manually configured dynamic MAC
address entries, however, are lost upon reboot whether or not you save the configuration.
19
To add or modify a static or dynamic MAC address entry globally:

By default, no MAC address

2. Add or modify a mac-address { dynamic | static } mac-address entry is configured globally.
MAC address interface interface-type interface-number vlan Make sure you have created
entry. vlan-id the VLAN and assigned the
interface to the VLAN.
To adding or modifying a static or dynamic MAC address entry on an interface:

• Enter Ethernet interface view:
interface-number
• Enter aggregate interface view:
2. Enter interface view. interface bridge-aggregation N/A
interface-number
• Enter S-channel interface view:
interface s-channel
interface-number.channel-id
By default, no MAC address entry

is configured on an interface.
3. Add or modify a static or mac-address { dynamic | static }
dynamic MAC address entry. mac-address vlan vlan-id Make sure you have created the
VLAN and assigned the interface
to the VLAN.
Adding or modifying a blackhole MAC address entry

By default, no blackhole MAC

2. Add or modify a blackhole mac-address blackhole address entry is configured.
MAC address entry. mac-address vlan vlan-id Make sure you have created the
VLAN.
Adding or modifying a multiport unicast MAC address entry

You can configure a multiport unicast MAC address entry to associate a unicast destination MAC
address with multiple ports, so that the frame with a destination MAC address matching the entry is
forwarded out of multiple ports. For example, in NLB unicast mode, all servers within the cluster uses the
20
cluster's MAC address as their own address, and frames destined for the cluster are forwarded to every
server. In this case, you can configure a multiport unicast MAC address entry on the device connected to
the group of servers. In this manner, the device forwards the frame destined for the server group through
all ports connected to the servers within the cluster.
Figure 2 NBL cluster
Device
NLB cluster
Do not configure an interface as the output interface of a multiport unicast MAC address entry if the
interface receives frames destined for the multiport unicast MAC address. Otherwise, the frames are
flooded on the VLAN to which they belong.
You can configure a multiport unicast MAC address entry globally or on an interface.
Configuring a multiport unicast MAC address entry globally

By default, no multiport unicast

MAC address entry is configured
mac-address multiport globally.
2. Add or modify a multiport
mac-address interface interface-list
unicast MAC address entry. Make sure you have created the
vlan vlan-id
VLAN and assigned the interface
to the VLAN.
Configuring a multiport unicast MAC address entry on an interface

interface-number
2. Enter interface view. N/A
interface bridge-aggregation
interface-number
21
By default, no multiport unicast
MAC address entry is configured
3. Add or modify a multiport mac-address multiport on an interface.
unicast MAC address entry. mac-address vlan vlan-id
Make sure you have created the
VLAN.
Disabling MAC address learning

MAC address learning is enabled by default. To prevent the MAC address table from being saturated
when the device is experiencing attacks, disable MAC address learning. For example, you can disable
MAC address learning to prevent the device from being attacked by a large amount of frames with
different source MAC addresses.
Disabling global MAC address learning

2. Disable global MAC address undo mac-address mac-learning By default, global MAC address
learning. enable learning is enabled.
Disabling global MAC address learning disables the learning function on all interfaces.
The global MAC address learning configuration does not take effect in a TRILL network, or for an
S-channel in an EVB. For information about the TRILL network, see TRILL Configuration Guide. For
information about S-channel and EVB, see EVB Configuration Guide.
When MAC address learning is disabled, the learned MAC addresses remain valid until they age out.
Disabling MAC address learning on an interface

With global MAC address learning enabled, you can disable MAC address learning on a single
interface.
To disable MAC address learning on an interface:

interface-number
interface-number
interface s-channel
3. Disable MAC address undo mac-address mac-learning By default, MAC address learning
learning on the interface. enable on the interface is enabled.
22
Disabling MAC address learning on a VLAN
With global MAC address learning enabled, you can also disable MAC address learning on a
per-VLAN basis.
To disable MAC address learning on a VLAN:

2. Enter VLAN view. vlan vlan-id N/A
3. Disable MAC address undo mac-address mac-learning By default, MAC address learning
learning on the VLAN. enable on the VLAN is enabled.
Configuring the aging timer for dynamic MAC address entries
The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient
use of table space. If a dynamic MAC address entry has failed to update before the aging timer expires,
the device deletes the entry. This aging mechanism makes sure the MAC address table could promptly
update to accommodate latest network changes.
Set the aging timer appropriately. A stable network requires a longer aging interval and an unstable
network requires a shorter aging interval. A too long aging interval might cause the MAC address table
to retain outdated entries, exhaust the MAC address table resources, and fail to update its entries to
accommodate the latest network changes. A too short interval might result in removal of valid entries,
causing unnecessary floods, which might increase network burden.
You can reduce floods on a stable network by setting a long aging timer or disabling the aging timer to
prevent dynamic entries from unnecessarily aging out. By reducing floods, you improve not only network
performance, but also security, because the chances for a data frame to reach unintended destinations
are reduced.
To configure the aging timer for dynamic MAC address entries:

By default, the aging timer for

2. Configure the aging timer for dynamic MAC address entries is
mac-address timer { aging seconds 300 seconds.
dynamic MAC address
| no-aging }
entries. The no-aging keyword disables the
aging timer.
Configuring the MAC learning limit on an interface

To prevent the MAC address table from getting too large, you can limit the number of MAC addresses
that can be learned on an interface.
To configure the MAC learning limit on an interface:
23
interface-number
By default, no maximum number of

3. Configure the MAC learning
MAC addresses that can be
limit on the interface and
learned on an interface is
configure the interface to
mac-address max-mac-count configured. When the MAC
forward frames with unknown
{ count | enable-forwarding } learning limit is reached, frames
source MAC addresses when
with unknown source MAC
the MAC learning limit is
addresses are forwarded by
reached.
default.
Assigning MAC learning priority to an interface

All networks that perform MAC-based forwarding are facing MAC address spoofing attacks. Even in a
hierarchical network, likelihood exists that a device learns the MAC address of an upper layer device, a
gateway for example, to a downlink interface, due to a loop or attack to the downlink interface.
To avoid the situation, the idea of MAC learning priority is introduced, where each interface is assigned
either low priority or high priority. An interface with high MAC learning priority can learn MAC
addresses as usual, but an interface with low MAC learning priority is not allowed to learn MAC
addresses already learned on a high-priority interface.
The MAC learning priority mechanism can help defend your network against MAC address spoofing
attacks. What you need to do is to assign an uplink interface high MAC learning priority, and a
downlink interface low MAC learning priority, preventing the downlink interface from learning the MAC
address of an upper layer device.
To assign MAC learning priority to an interface:

interface-number
interface-number
interface s-channel
mac-address mac-learning priority By default, low MAC learning

3. Assign MAC learning priority.
{ high | low } priority is used.
24
Enabling MAC address synchronization
To avoid unnecessary floods and improve forwarding speed, make sure all member devices possess the
same MAC address table. After you enable MAC address table synchronization, each member device
advertises learned MAC address entries to other member devices.
As shown in Figure 3, Device A and Device B form an IRF fabric enabled with MAC address
synchronization. They connect to AP C and AP D, respectively. When Client A associates with AP C,
Device A learns a MAC address entry for Client A and advertises it to Device B.
Figure 3 MAC address tables of devices when Client A accesses AP C
If Client A roams to AP D, Device B learns a MAC address entry for Client A and advertises it to Device
A to ensure service continuity for Client A, as shown in Figure 4.
25
Figure 4 MAC address tables of devices when Client A roams to AP D
To enable MAC address synchronization:

2. Enable MAC address By default, MAC address

mac-address mac-roaming enable
synchronization. synchronization is disabled.
Displaying and maintaining the MAC address table

Execute display commands in any view.
Task Command
display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic |
Display MAC address table
static ] [ interface interface-type interface-number ] | blackhole |
information.
multiport ] [ vlan vlan-id ] [ count ] ]
Display the MAC address information

of the egress RB specified by its display mac-address nickname nickname
nickname (see Figure 5).
Display the aging timer for dynamic

display mac-address aging-time
MAC address entries.
Display the system or interface MAC display mac-address mac-learning [ interface interface-type
address learning state. interface-number ]
Display MAC address statistics. display mac-address statistics
26
Figure 5 An example for the display mac-address nickname command
MAC address table configuration example

Network requirements
Host A (000f-e235-dc71) is connected to interface Ten-GigabitEthernet 1/0/1 of Device and belongs to
VLAN 1. To prevent MAC address spoofing, add a static entry for Host A in the MAC address table of
Device.
Host B (000f-e235-abcd), which once behaved suspiciously on the network, also belongs to VLAN 1. For
security, add a blackhole MAC address entry for Host B, so that all frames destined for the host will be
dropped.
Set the aging timer for dynamic MAC address entries to 500 seconds.
# Add a static MAC address entry.
<Device> system-view
[Device] mac-address static 000f-e235-dc71 interface ten-gigabitethernet 1/0/1 vlan 1
# Add a blackhole MAC address entry.

[Device] mac-address blackhole 000f-e235-abcd vlan 1
# Set the aging timer for dynamic MAC address entries to 500 seconds.
[Device] mac-address timer aging 500
Verifying the configurations

# Display the MAC address entry for interface Ten-GigabitEthernet 1/0/1.
[Device] display mac-address interface ten-gigabitethernet 1/0/1
MAC Address VLAN ID State Port/NickName Aging
000f-e235-dc71 1 Static XGE1/0/1 N
# Display information about the blackhole MAC address entries.
27
[Device] display mac-address blackhole
MAC Address VLAN ID State Port/NickName Aging
000f-e235-abcd 1 Blackhole N/A N
# View the aging time of dynamic MAC address entries.

[Device] display mac-address aging-time
MAC address aging time: 500s.
28
Configuring MAC Information
The MAC Information feature can generate syslog messages or SNMP notifications when MAC address
entries are learned or deleted. You can use these messages to monitor users leaving or joining the
network and analyze network traffic.
The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a
queue. When the timer set for sending syslog messages or SNMP notifications does not expire, the
device overwrites the last piece of information written into the queue with the new MAC address change
if the queue has been exhausted. To send a syslog message or SNMP notification immediately after it is
created, set the queue length to zero.
The device writes information and sends messages only for the following MAC addresses: dynamic MAC
addresses, MAC addresses that pass MAC authentication, MAC addresses that pass 802.1X
authentication, and secure MAC addresses. The device does not write information or send messages for
blackhole MAC addresses, static MAC addresses, multiport unicast MAC addresses, multicast MAC
addresses, and local MAC addresses.
For more information about MAC authentication, 802.1X, and secure MAC addresses, see Security
Configuration Guide.
Enable MAC Information globally before you enable it on an interface.
Enabling MAC Information globally

2. Enable MAC Information By default, MAC Information is
mac-address information enable
globally. disabled globally.
Enabling MAC Information on an interface

interface-number
2. Enter interface view. N/A
interface s-channel
29
3. Enable MAC Information on mac-address information enable By default, MAC Information is
the interface. { added | deleted } disabled on an interface.
Configuring the MAC Information mode

The following MAC Information modes are available for sending MAC address changes:
• Syslog—The device sends syslog messages to notify MAC address changes. In this mode, the
device sends syslog messages to the information center, which then outputs them to the monitoring
terminal. For more information about information center, see Network Management and
Monitoring Configuration Guide.
• Trap—The device sends SNMP notifications to notify MAC address changes. In this mode, the
device sends SNMP notifications to the NMS. For more information about NMS, see Network
Management and Monitoring Configuration Guide.
To configure the MAC Information mode:

2. Configure the MAC mac-address information mode
The default setting is trap.
Information mode. { syslog | trap }
Configuring the MAC change sending interval

To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC
change sending interval.
To set the MAC change sending interval:

2. Set the MAC change sending mac-address information interval
The default setting is 1 second.
interval. interval-time
Configuring the MAC Information queue length

2. Configure the MAC mac-address information
The default setting is 50.
Information queue length. queue-length value
30
MAC Information configuration example
Enable MAC Information on interface Ten-GigabitEthernet 1/0/1 on Device in Figure 6 to send MAC
address changes in syslog messages to Host B through interface Ten-GigabitEthernet 1/0/3.
Figure 6 Network diagram
Device
XGE1/0/1 XGE1/0/2
XGE1/0/3
Host A Server
192.168.1.1/24
192.168.1.3/24
Host B
192.168.1.2/24
1. Configure Device to send syslog messages to Host B (see Network Management and Monitoring
Configuration Guide).
2. Enable MAC Information:
# Enable MAC Information globally.
[Device] mac-address information enable
# Configure the MAC Information mode as syslog.
[Device] mac-address information mode syslog
# Enable MAC Information on interface Ten-GigabitEthernet 1/0/1.
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] mac-address information enable added
[Device-Ten-GigabitEthernet1/0/1] mac-address information enable deleted
[Device-Ten-GigabitEthernet1/0/1] quit
# Set the MAC Information queue length to 100.
[Device] mac-address information queue-length 100
# Set the MAC change sending interval to 20 seconds.
[Device] mac-address information interval 20
31
Configuring Ethernet link aggregation
This chapter gives an overview of Ethernet link aggregation and explains how to configure it.
Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an
aggregate link. Link aggregation delivers the following benefits:
• Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed
across the member ports.
• Improves link reliability. The member ports dynamically back up one another. When a member port
fails, its traffic is automatically switched to other member ports.
As shown in Figure 7, Device A and Device B are connected by three physical Ethernet links. These
physical Ethernet links are combined into an aggregate link, link aggregation 1. The bandwidth of this
aggregate link can be as high as the total bandwidth of these three physical Ethernet links. At the same
time, the three Ethernet links back up one another. When a physical Ethernet link fails, the traffic
previously carried on the failed link switches to the other two links.
Figure 7 Ethernet link aggregation diagram
XGE1/0/1 XGE1/0/1
XGE1/0/2 XGE1/0/2
Link aggregation 1
XGE1/0/3 XGE1/0/3
Device A Device B
Basic concepts
Aggregation group, member port, and aggregate interface
Link bundling is implemented through interface bundling. An aggregation group is a group of Ethernet
interfaces bundled together, which are called member ports of the aggregation group. For each
aggregation group, a logical interface (called an aggregate interface), is created. To an upper layer
entity that uses the link aggregation service, a link aggregation group appears the same as a single
logical link and data traffic is transmitted through the aggregate interface.
When you create an aggregate interface, the switch automatically creates an aggregation group of the
same type and number as the aggregate interface. For example, when you create aggregate interface
1, aggregation group 1 is created.
The rate of an aggregate interface equals the total rate of its member ports in Selected state, and its
duplex mode is the same as the selected member ports. For more information about the states of member
ports in an aggregation group, see Aggregation states of member ports in an aggregation group.
Aggregation states of member ports in an aggregation group

A member port in an aggregation group can be in either of the following aggregation states:
• Selected—A Selected port can forward traffic.
• Unselected—An Unselected port cannot forward traffic.
32
Operational key
When aggregating ports, the system automatically assigns each port an operational key based on port
information, such as port rate and duplex mode. Any change to this information triggers a recalculation
of the operational key.
In an aggregation group, all selected member ports are assigned the same operational key.
Configuration types
Every configuration setting on a port might affect its aggregation state. Port configurations include the
following types:
• Attribute configurations, as described in Table 3. To become a Selected port, a member port must
have the same attribute configurations as the aggregate interface.
Attribute configurations made on an aggregate interface are automatically synchronized to all its
member ports. These configurations are retained on the member ports even after the aggregate
interface is removed.
Any attribute configuration change might affect the aggregation state of link aggregation member
ports and running services. To make sure that you are aware of the risk, the system displays a
warning message every time you attempt to change an attribute configuration setting on a member
port.
Table 3 Attribute configurations
Feature Considerations
Indicates whether the port has joined an isolation group, and the isolation group
Port isolation
to which the port belongs.
QinQ enable state (enabled/disabled), TPID for VLAN tags, and VLAN
QinQ
transparent transmission. For information about QinQ, see "Configuring QinQ."
Different types of VLAN mapping configured on the port. For more information
VLAN mapping
about VLAN mapping, see "Configuring VLAN mapping."
Permitted VLAN IDs, PVID, link type (trunk, hybrid, or access), and VLAN tagging
VLAN
mode. For information about VLAN, see "Configuring VLANs."
• Protocol configurations, as opposed to attribute configurations, do not affect the aggregation state
of the member ports even if they are different from those on the aggregate interface. The spanning
tree setting is an example of protocol configurations.
NOTE:
The protocol configuration for a member port is effective only when the member port leaves the
aggregation group.
Link aggregation modes

Link aggregation has dynamic and static modes. Their respective advantages are as follows:
• Static aggregation mode—Aggregation is stable. The aggregation state of the member ports are
not affected by the peer ports.
33
• Dynamic aggregation mode—The peering system automatically maintains the aggregation state of
the member ports, thus reducing the workload of administrators.
An aggregation group in static mode is called a "static aggregation group" and that in dynamic mode
is called a "dynamic aggregation group."
Aggregating links in static mode

The static link aggregation process comprises:
• Choosing a reference port
• Setting the aggregation state of each member port
Choosing a reference port

When setting the aggregation state of the ports in an aggregation group, the system automatically picks
a member port as the reference port. A Selected port must have the same operational key and attribute
configurations as the reference port.
The candidate ports are sorted in the following order:
1. Highest port priority
2. Full duplex/high speed
3. Full duplex/low speed
4. Half duplex/high speed
5. Half duplex/low speed
The candidate port at the top is chosen as the reference port. If two ports have the same port priority,
duplex mode, and speed, the original Selected port is chosen. If more than one such original Selected
port exists, the one with the lower port number is chosen.
Setting the aggregation state of each member port

After a static aggregation group has reached the limit on Selected ports, any port that joins the group is
placed in Unselected state to avoid traffic interruption on the current Selected ports. Avoid this situation,
however, because it might cause the aggregation state of a port to change after a reboot.
34
Figure 8 Setting the aggregation state of a member port in a static aggregation group
NOTE:
• The maximum number of Selected ports in a static aggregation group is 16.
• To ensure stable aggregation state and service continuity, do not change the operational key or attribute
configurations on any member port.
Aggregating links in dynamic mode

Dynamic aggregation mode is implemented through IEEE 802.3ad Link Aggregation Control Protocol
(LACP).
LACP
LACP uses LACPDUs for exchanging aggregation information between LACP-enabled devices.
Each member port in an LACP-enabled aggregation group exchanges information with its peer. When a
member port receives an LACPDU, it compares the received information with the information received on
the other member ports. In this way, the two systems reach an agreement on which ports should be
placed in Selected state.
35
1. LACP functions
LACP offers basic LACP functions and extended LACP functions, as described in Table 4.
Table 4 Basic and extended LACP functions
Category Description
Implemented through the basic LACPDU fields, including the system LACP priority,
Basic LACP functions
system MAC address, port priority, port number, and operational key.
Implemented by extending the LACPDU with new TLV fields. This is how the LACP
MAD mechanism of the IRF feature is implemented. The Switch Series can
Extended LACP participate in LACP MAD as either an IRF member device or an intermediate device.
functions
For more information about IRF and the LACP MAD mechanism, see IRF
2. LACP priorities
LACP priorities include system LACP priority and port priority, as described in Table 5. The smaller
the priority value, the higher the priority.
Table 5 LACP priorities
Type Description
Used by two peer devices (or systems) to determine which one is superior in link
aggregation.
System LACP priority In dynamic link aggregation, the system that has higher system LACP priority sets the
Selected state of member ports on its side first and then the system that has lower
priority sets port state accordingly.
Determines the likelihood of a member port to be selected on a system. The higher port
Port priority
priority, the higher likelihood.
3. LACP timeout interval

The LACP timeout interval specifies how long a member port waits to receive LACPDUs from the
peer port. If a local member port fails to receive LACPDUs from the peer within the LACP timeout
interval, the member port assumes that the peer port has failed.
The LACP timeout interval also determines the LACPDU sending rate of the peer. You can configure
the LACP timeout interval as the short timeout interval (3 seconds) or the long timeout interval (90
seconds). If you configure the short timeout interval, the peer sends LACPDUs fast (one LACPDU per
second); if you configure the long timeout interval, the peer sends LACPDUs slowly (one LACPDU
every 30 seconds).
How dynamic link aggregation works

The dynamic link aggregation process comprises:
• Choose a reference port
• Set the aggregation state of each member port
1. Choose a reference port
The system chooses a reference port from the member ports that are in up state and have the same
attribute configurations as the aggregate interface. A Selected port must have the same
operational key and attribute configurations as the reference port.
36
The local system (the actor) and the remote system (the partner) negotiate a reference port by using
the following workflow:
a. Compare the system IDs. (A system ID comprises the system LACP priority and the system MAC
address). The system with the lower LACP priority value is chosen. If LACP priority values are
the same, the two systems compare their MAC addresses. The system with the lower MAC
address is chosen.
b. The system with the smaller system ID chooses the port with the smallest port ID as the reference
port. (A port ID comprises a port priority and a port number.) The port with the lower
aggregation priority value is chosen. If two ports have the same aggregation priority, the
system compares their port numbers. The port with the smaller port number and the same
attribute configurations as the aggregate interface becomes the reference port.
2. Set the aggregation state of each member port
After the reference port is chosen, the system with the lower system ID sets the state of each member
port in the dynamic aggregation group on its side as shown in Figure 9.
37
Figure 9 Setting the state of a member port in a dynamic aggregation group
Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the
remote system, sets the aggregation state of local member ports the same as their peer ports.
When you aggregate interfaces in dynamic mode, follow these guidelines:
• The maximum number of Selected ports in a dynamic aggregation group is 16.
• A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports, and will
set one, and only one, half-duplex port as a Selected port when none of the full-duplex ports can be
selected or only half-duplex ports exist in the group.
• To ensure stable aggregation and service continuity, do not change the operational key or attribute
configurations on any member port.
• In a dynamic aggregation group, when the aggregation state of a local port changes, the
aggregation state of the peer port also changes.
38
• A port that joins a dynamic aggregation group after the Selected port limit has been reached is
placed in Selected state if it is more eligible to be selected than a current member port.
Load sharing criteria for link aggregation groups

In a link aggregation group, traffic can be load-shared across the selected member ports based on a set
of criteria, depending on your configuration.
You can choose one of the following criteria or any combination of the criteria for load sharing:
• Per-flow load sharing—Classifies traffic flows by source or destination MAC address,
source/destination port number, ingress port, source or destination IP address, or any combination
of them, and forwards packets of the same flow on the same link.
• Packet type-based load sharing—Automatically chooses link-aggregation load sharing criteria
based on packet types (Layer 2, IPv4, or IPv6 for example).
Ethernet link aggregation configuration task list

Tasks at a glance
(Required.) Configuring an aggregation group:
• Configuring a static aggregation group
• Configuring a dynamic aggregation group
(Optional.) Configuring an aggregate interface:
• Configuring the description of an aggregate interface
• Specifying ignored VLANs on a Layer 2 aggregate interface
• Setting the minimum and maximum numbers of Selected ports for an aggregation group
• Shutting down an aggregate interface
• Restoring the default settings for an aggregate interface
(Optional.) Configuring load balancing for link aggregation group:

• Configuring load sharing criteria for link aggregation groups
• Enabling local-first load sharing for link aggregation
Enabling link-aggregation traffic redirection
Configuring an aggregation group

This section explains how to configure an aggregation group.
When you configure an aggregation group, follow these guidelines:
• You cannot assign a port to an aggregation group if any of the following features is configured on
the port:
{ MAC authentication (see Security Configuration Guide)
{ Port security (see Security Configuration Guide)
39
{ 802.1X (see Security Configuration Guide)
• If a port is used as a reflector port for port mirroring, do not assign it to an aggregation group. For
more information about reflector ports, see Network Management and Monitoring Configuration
Guide.
• Removing an aggregate interface also removes its aggregation group and causes all member ports
to leave the aggregation group.
• You must configure the same aggregation mode on the two ends of an aggregate link.
Configuring a static aggregation group

CAUTION:
To guarantee a successful static aggregation, make sure that the ports at both ends of each link are in the
same aggregation state.
To configure a static aggregation group:

When you create an aggregate

2. Create an aggregate
interface bridge-aggregation interface, the system automatically
interface and enter aggregate
interface-number creates a static aggregation group
interface view.
numbered the same.
3. Exit to system view. quit N/A
a. Enter Ethernet interface
view:
interface-number Repeat these two substeps to
4. Assign an interface to the
b. Assign the interface to the assign more Ethernet interfaces to
specified aggregation group.
specified aggregation the aggregation group.
group:
port link-aggregation
group number
Configuring a dynamic aggregation group

To guarantee a successful dynamic aggregation, make sure that the peer ports of the ports aggregated
at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each
member port.
To configure a dynamic aggregation group:

40
By default, the system LACP priority
is 32768.
2. Set the system LACP priority. lacp system-priority system-priority Changing the system LACP priority
might affect the aggregation state
of the ports in a dynamic
aggregation group.
When you create an aggregate

3. Create an aggregate
interface bridge-aggregation interface, the system automatically
interface and enter aggregate
interface-number creates a static aggregation group
interface view.
numbered the same.
4. Configure the aggregation By default, an aggregation group
group to operate in dynamic link-aggregation mode dynamic operates in static aggregation
aggregation mode. mode.
5. Exit to system view. quit N/A
a. Enter Ethernet interface
view:
interface-number Repeat these two substeps to
6. Assign an interface to the
b. Assign the interface to the assign more Ethernet interfaces to
specified aggregation group.
specified aggregation the aggregation group.
group:
port link-aggregation
group number
7. Configure the port priority for link-aggregation port-priority
the interface. port-priority
By default, the long LACP timeout

interval (90 seconds) is adopted by
an interface. That is, the peer sends
LACPDUs slowly.
8. Configure the short LACP Do not configure the short LACP

timeout interval (3 seconds) lacp period short timeout interval before performing
on the interface. an ISSU. Otherwise, traffic
interruption will occur during the
ISSU. For more information about
performing an ISSU, see
Fundamentals Configuration
Guide.
Configuring an aggregate interface

In addition to the configurations in this section, most of the configurations that can be performed on
Ethernet interfaces can also be performed on aggregate interfaces.
Configuring the description of an aggregate interface

You can configure the description of an aggregate interface for administration purposes such as
describing the purpose of the interface.
41
To configure the description of an aggregate interface:

2. Enter aggregate interface bridge-aggregation

N/A
3. Configure the By default, the description of an

description of the description text interface is in the format of
aggregate interface. interface-name Interface.
Specifying ignored VLANs on a Layer 2 aggregate interface

By default, the member ports cannot become Selected ports when the permit state and tagging mode of
each VLAN are not same for the member ports and the Layer 2 aggregate interface.
You can set a VLAN as an ignored VLAN if you want to allow member ports to be set in Selected state
even if the permit state and tagging mode of the VLAN are different between the member ports and the
Layer 2 aggregate interface.
To configure ignored VLANs on a Layer 2 aggregate interface:

2. Enter Layer 2 aggregate interface bridge-aggregation
N/A
By default, a Layer 2 aggregate

link-aggregation ignore vlan
3. Configure ignored VLANs. interface does not ignore any
vlan-id-list
VLANs.
Setting the minimum and maximum numbers of Selected ports

for an aggregation group
CAUTION:
The minimum and maximum numbers of Selected ports for the local and peer aggregation groups must be
consistent.
The bandwidth of an aggregate link increases along with the number of selected member ports. To avoid
congestion caused by insufficient Selected ports on an aggregate link, you can set the minimum number
of Selected ports required for bringing up the specific aggregate interface.
This minimum threshold setting affects the aggregation state of both aggregation member ports and the
aggregate interface:
42
• When the number of member ports eligible to be selected is smaller than the minimum threshold,
all member ports change to the Unselected state and the link of the aggregate interface goes down.
• When the minimum threshold is reached, the eligible member ports change to the Selected state,
and the link of the aggregate interface goes up.
After you manually configure the maximum number of Selected ports in an aggregation group, the
maximum number of Selected ports allowed in the aggregation group is limited by both the configured
number and hardware capabilities, that is, the lower value of the two upper limits.
You can configure redundancy between two ports by assigning the two ports to an aggregation group
and configuring the maximum number of Selected ports allowed in the aggregation group as 1. In this
way, only one Selected port is allowed in the aggregation group at any point in time, while the
Unselected port serves as a backup port.
To set the minimum and maximum numbers of Selected ports for an aggregation group:

2. Enter aggregate interface interface bridge-aggregation

N/A
3. Set the minimum number of By default, the minimum number of

link-aggregation selected-port
Selected ports for the Selected ports for the aggregation
minimum number
aggregation group. group is not specified.
By default, the maximum number of

4. Set the maximum number of
link-aggregation selected-port Selected ports for an aggregation
Selected ports for the
maximum number group depends on the hardware
aggregation group.
capabilities of the member ports.
Shutting down an aggregate interface

Make sure no member port in an aggregation group is configured with the loopback command when
you shut down the aggregate interface. Similarly, a port configured with the loopback command cannot
be assigned to an aggregate interface already shut down. For more information about the loopback
command, see Layer 2—LAN Switching Command Reference.
Shutting down or bringing up an aggregate interface affects the aggregation state and link state of ports
in the corresponding aggregation group in the following ways:
• When an aggregate interface is shut down, all Selected ports in the corresponding aggregation
group become unselected and their link state becomes down.
• When an aggregate interface is brought up, the aggregation state of ports in the corresponding
aggregation group is recalculated.
To shut down an aggregate interface:

43

N/A
3. Shut down the aggregate By default, aggregate interfaces

shutdown
interface. are up.
Restoring the default settings for an aggregate interface

You can return all configurations on an aggregate interface to default settings.
To restore the default settings for an aggregate interface:
Step Command
2. Enter aggregate interface view. interface bridge-aggregation interface-number
3. Restore the default settings for the

default
aggregate interface.
Configuring load sharing for link aggregation

groups
This section explains how to configure load sharing criteria for link aggregation groups and how to
enable local-first load sharing for link aggregation.
Configuring load sharing criteria for link aggregation groups

You can configure global or group-specific load sharing criteria. A link aggregation group preferentially
uses the group-specific load sharing criteria. If no group-specific load sharing criteria is available, the
group uses the global load sharing criteria.
The load sharing criteria configuration applies to only known unicast packets, and can change the load
sharing criteria for known unicast packets. Broadcast packets, multicast packets, and unknown unicast
packets always use the default load sharing criteria.
Configuring the global link-aggregation load sharing criteria

44
link-aggregation global load-sharing By default, the system
2. Configure the global
mode { destination-ip | destination-mac automatically selects global load
link-aggregation load
| destination-port | ingress-port | sharing criteria according to the
sharing criteria.
source-ip | source-mac | source-port } * packet type.
In system view, the switch supports the following load sharing criteria and combinations:
• Load sharing criteria automatically determined based on the packet type
• Source IP address
• Destination IP address
• Source MAC address
• Destination MAC address
• Source IP address and destination IP address
• Source IP address and source port
• Destination IP address and destination port
• Source IP address, source port, destination IP address, and destination port
• Any combination of incoming port, source MAC address, and destination MAC address
Configuring group-specific load sharing criteria


N/A
3. Configure the load sharing link-aggregation load-sharing mode The default load sharing criteria
criteria for the aggregation { destination-ip | destination-mac | are the same as the global load
group. source-ip | source-mac } * sharing criteria.
In aggregate interface view, the switch supports the following load sharing criteria and combinations:
• Load sharing criteria automatically determined based on the packet type
• Source IP address
• Destination IP address
• Source MAC address
• Destination MAC address
• Destination IP address and source IP address
• Destination MAC address and source MAC address
Enabling local-first load sharing for link aggregation

IMPORTANT:
Local-first load sharing for link aggregation takes effect on only known unicast packets.
45
Use the local-first load sharing mechanism in a multi-switch link aggregation scenario to distribute traffic
preferentially across member ports on the ingress switch rather than all member ports.
When you aggregate ports on different member switches in an IRF fabric, you can use local-first load
sharing to reduce traffic on IRF links, as shown in Figure 10. For more information about IRF, see IRF
Figure 10 Load sharing for multi-switch link aggregation in an IRF fabric
The egress port for a traffic flow is an

aggregate interface that has Selected
ports on different IRF member switches
Yes Local-first load sharing No

mechanism enabled?
Any Selected ports on the No

ingress switch?
Yes
Packets are load shared only

Packets are load shared across
across the Selected ports on the
all Selected ports
ingress switch
To enable local-first load sharing for link aggregation:

2. Enable local-first load sharing link-aggregation load-sharing By default, local-first load sharing
for link aggregation. mode local-first for link aggregation is enabled.
Enabling link-aggregation traffic redirection

Link-aggregation traffic redirection prevents traffic interruption.
With this feature, when you shut down a Selected port in an aggregation group, traffic can be redirected
to other Selected ports.
With this feature, when you restart an IRF member device that contains Selected ports, traffic can be
redirected to other IRF member devices.
Configuration restrictions and guidelines

When you enable link-aggregation traffic redirection, follow these restrictions and guidelines:
46
• Link-aggregation traffic redirection applies only to dynamic link aggregation groups and known
unicast packets.
• To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of
the aggregate link and make sure that there are no new Selected ports.
• To prevent packet loss that might occur at a reboot, do not enable spanning tree together with
link-aggregation traffic redirection.
• After enabling link-aggregation traffic redirection, do not add Ethernet interfaces configured with
physical state change suppression to the aggregation group. Otherwise, Selected ports in the
aggregation group might become abnormal. For more information about physical state change
suppression, see the link-delay command in Layer 2—LAN Switching Command Reference.
To enable link-aggregation traffic redirection:

2. Enable link-aggregation traffic link-aggregation lacp By default, link-aggregation traffic
redirection. traffic-redirect-notification enable redirection is disabled.
Displaying and maintaining Ethernet link

aggregation
Execute display commands in any view and reset commands in user view.
Task Command
display interface [ bridge-aggregation ] [ brief
Display information for an aggregate interface [ description ] ]
or multiple aggregate interfaces. display interface bridge-aggregation interface-number
[ brief [ description ] ]
Display the local system ID. display lacp system-id
Display the global or group-specific display link-aggregation load-sharing mode [ interface

link-aggregation load sharing criteria. [ bridge-aggregation interface-number ] ]
Display detailed link aggregation information

display link-aggregation member-port [ interface-list ]
for link aggregation member ports.
Display summary information about all

display link-aggregation summary
aggregation groups.
Display detailed information about specific or display link-aggregation verbose [ bridge-aggregation

all aggregation groups. [ interface-number ] ]
Clear LACP statistics for specific or all link

reset lacp statistics [ interface interface-list ]
aggregation member ports.
Clear statistics for specific or all aggregate reset counters interface [ bridge-aggregation
interfaces. [ interface-number ] ]
47
Ethernet link aggregation configuration examples
Static aggregation configuration example
As shown in Figure 11, configure a static aggregation group on both Device A and Device B, and enable
VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN
20 at one end to communicate with VLAN 20 at the other end.
1. Configure Device A:
# Create VLAN 10, and assign port Ten-GigabitEthernet 1/0/4 to VLAN 10.
<DeviceA> system-view
[DeviceA] vlan 10
[DeviceA-vlan10] port ten-gigabitethernet 1/0/4
[DeviceA-vlan10] quit
[DeviceA] vlan 20
# Create aggregate interface Bridge-Aggregation 1.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] quit
# Assign ports Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to link
aggregation group 1.
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/1] quit
48
# Configure aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10
and 20.
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20
2. Configure Device B in the same way Device A is configured. (Details not shown.)
Verifying the configuration

# Display detailed information about all aggregation groups on Device A.
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1

Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
XGE1/0/1 S 32768 1
XGE1/0/2 S 32768 1
XGE1/0/3 S 32768 1
The output shows that link aggregation group 1 is a static aggregation group and it contains three
Selected ports.
Dynamic aggregation configuration example

As shown in Figure 12, configure a dynamic aggregation group on both Device A and Device B, enable
VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN
20 at one end to communicate with VLAN 20 at the other end.
49
# Create VLAN 10, and assign the port Ten-GigabitEthernet 1/0/4 to VLAN 10.
[DeviceA] vlan 10
[DeviceA] vlan 20
# Create aggregate interface Bridge-Aggregation 1, and configure the link aggregation mode as
dynamic.
[DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic
# Assign ports Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to link
aggregation group 1.
# Configure aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10
and 20.
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20
50


Aggregation Mode: Dynamic
System ID: 0x8000, 000f-e267-6c6a
Local:
Port Status Priority Oper-Key Flag
--------------------------------------------------------------------------------
XGE1/0/1 S 32768 1 {ACDEF}
XGE1/0/2 S 32768 1 {ACDEF}
XGE1/0/3 S 32768 1 {ACDEF}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
--------------------------------------------------------------------------------
XGE1/0/1 1 32768 1 0x8000, 000f-e267-57ad {ACDEF}
XGE1/0/2 2 32768 1 0x8000, 000f-e267-57ad {ACDEF}
XGE1/0/3 3 32768 1 0x8000, 000f-e267-57ad {ACDEF}
The output shows that link aggregation group 1 is a dynamic aggregation group and it contains three
Selected ports.
Aggregation load sharing configuration example

As shown in Figure 13:
• Configure two static aggregation groups (1 and 2) on Device A and Device B respectively, and
enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end,
and VLAN 20 at one end to communicate with VLAN 20 at the other end.
• Configure the load sharing criterion for link aggregation group 1 as the source MAC addresses of
packets and the load sharing criterion for link aggregation group 2 as the destination MAC
addresses of packets to enable traffic to be load-shared across aggregation group member ports.
51
[DeviceA] vlan 10
[DeviceA] vlan 20
# Create aggregate interface Bridge-Aggregation 1, and configure the load sharing criterion for
the link aggregation group as the source MAC addresses of packets.
[DeviceA-Bridge-Aggregation1] link-aggregation load-sharing mode source-mac
# Assign ports Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 to link aggregation
group 1.
# Configure aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLAN 10.
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10
# Create aggregate interface Bridge-Aggregation 2, and configure the load sharing criterion for
the link aggregation group as the destination MAC addresses of packets.
52
[DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac
# Assign ports Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 to link aggregation
group 2.
# Configure aggregate interface Bridge-Aggregation 2 as a trunk port and assign it to VLAN 20.
[DeviceA-Bridge-Aggregation2] port trunk permit vlan 20


--------------------------------------------------------------------------------
XGE1/0/1 S 32768 1
XGE1/0/2 S 32768 1

--------------------------------------------------------------------------------
XGE1/0/3 S 32768 2
XGE1/0/4 S 32768 2
The output shows that link aggregation groups 1 and 2 are both load-shared static aggregation groups
and each contains two Selected ports.
# Display all the group-specific load sharing criteria on Device A.
[DeviceA] display link-aggregation load-sharing mode interface
Bridge-Aggregation1 Load-Sharing Mode:
53
source-mac address
Bridge-Aggregation2 Load-Sharing Mode:

destination-mac address
The output shows that the load sharing criterion for link aggregation group 1 is the source MAC
addresses of packets and that for link aggregation group 2 is the destination MAC addresses of packets.
54
Configuring port isolation
The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. You
can also use this feature to isolate the hosts in a VLAN from one another.
The device supports multiple isolation groups, which can be configured manually. The number of ports
assigned to an isolation group is not limited.
Layer 2 traffic cannot be forwarded between ports in different VLANs. Within the same VLAN, ports in
an isolation group can communicate with those outside the isolation group at Layer 2.
Assigning ports to an isolation group

2. Create an isolation
port-isolate group group-number N/A
group.

• The configuration in Ethernet interface
view applies only to the interface.
• The configuration in aggregate
• Enter Ethernet interface view: interface view applies to the aggregate
interface and its aggregation member
interface-number
ports. If the device fails to apply the
3. Enter interface view. • Enter aggregate interface configuration to the aggregate
view: interface, it does not assign any
interface bridge-aggregation aggregation member port to the
interface-number isolation group. If the failure occurs on
an aggregation member port, the
device skips the port and continues to
assign other aggregation member ports
to the isolation group.
No ports are assigned to an isolation

4. Assign ports to the
port-isolate enable group group by default.
specified isolation
group-number You can assign a port to only one isolation
group.
group.
Displaying and maintaining port isolation

Task Command
Display isolation group information. display port-isolate group [ group-number ]
55
Port isolation configuration example
• LAN users Host A, Host B, and Host C are connected to Ten-GigabitEthernet 1/0/1,
Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 on the device, respectively.
• The device connects to the Internet through Ten-GigabitEthernet 1/0/4.
Configure the device to provide Internet access for the hosts, and isolate them from one another at Layer
2.
# Create isolation group 2.
[Device] port-isolate group 2
# Assign Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 to

isolation group 2.
[Device-Ten-GigabitEthernet1/0/1] port-isolate enable group 2

# Display information about isolation group 2.
56
[Device-Ten-GigabitEthernet1/0/3] display port-isolate group 2
Port isolation group information:
Group ID: 2
Group members:
Ten-GigabitEthernet1/0/1
57
Configuring spanning tree protocols
Spanning tree protocols eliminate loops in physical link-redundant networks by selectively blocking
redundant links and putting them in a standby state.
The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning
Tree Protocol (MSTP).
STP
STP was developed based on the 802.1d standard of IEEE to eliminate loops at the data link layer in a
LAN. Networks often have redundant links as backups in case of failures, but loops are a very serious
problem. Devices running STP detect loops in the network by exchanging information with one another,
and eliminate loops by selectively blocking certain ports to prune the loop structure into a loop-free tree
structure. This avoids proliferation and infinite cycling of packets that would occur in a loop network.
In the narrow sense, STP refers to IEEE 802.1d STP. In the broad sense, STP refers to the IEEE 802.1d STP
and various enhanced spanning tree protocols derived from that protocol.
STP protocol packets

STP uses bridge protocol data units (BPDUs), also known as configuration messages, as its protocol
packets. This chapter uses BPDUs to represent all types of spanning tree protocol packets.
STP-enabled network devices exchange BPDUs to establish a spanning tree. BPDUs contain sufficient
information for the network devices to complete spanning tree calculation.
STP uses the following types of BPDUs:
• Configuration BPDUs—Used by the network devices to calculate a spanning tree and maintain the
spanning tree topology.
• Topology change notification (TCN) BPDUs—Notify network devices of network topology changes.
Configuration BPDUs contain sufficient information for the network devices to complete spanning tree
calculation. Important fields in a configuration BPDU include the following:
• Root bridge ID—Consisting of the priority and MAC address of the root bridge.
• Root path cost—Cost of the path to the root bridge denoted by the root identifier from the
transmitting bridge.
• Designated bridge ID—Consisting of the priority and MAC address of the designated bridge.
• Designated port ID—Consisting of the priority and global port number of the designated port.
• Message age—Age of the configuration BPDU while it propagates in the network.
• Max age—Maximum age of the configuration BPDU stored on the switch.
• Hello time—Configuration BPDU transmission interval.
• Forward delay—Delay that STP bridges use to transit port state.
58
Basic concepts in STP
Root bridge
A tree network must have a root bridge. The entire network contains only one root bridge, and all the
other bridges in the network are called "leaf nodes". The root bridge is not permanent, but can change
with changes of the network topology.
Upon initialization of a network, each device generates and periodically sends configuration BPDUs,
with itself as the root bridge. After network convergence, only the root bridge generates and periodically
sends configuration BPDUs. The other devices only forward the BPDUs.
Root port
On a non-root bridge, the port nearest to the root bridge is the root port. The root port communicates with
the root bridge. Each non-root bridge has only one root port. The root bridge has no root port.
Designated bridge and designated port
Classification Designated bridge Designated port

Device directly connected with the local
Port through which the designated
For a device device and responsible for forwarding BPDUs
bridge forwards BPDUs to this device
to the local device
Port through which the designated

Device responsible for forwarding BPDUs to
For a LAN bridge forwards BPDUs to this LAN
this LAN segment
segment
As shown in Figure 15, Device B and Device C are directly connected to a LAN. If Device A forwards
BPDUs to Device B through port A1, the designated bridge for Device B is Device A, and the designated
port of Device B is port A1 on Device A. If Device B forwards BPDUs to the LAN, the designated bridge
for the LAN is Device B, and the designated port for the LAN is port B2 on Device B.
Figure 15 Designated bridges and designated ports
Device A
Port A1 Port A2
Device B Device C
Port B1 Port C1
Port B2 Port C2
LAN
Path cost
Path cost is a reference value used for link selection in STP. STP calculates path costs to select the most
robust links and block redundant links that are less robust, to prune the network into a loop-free tree.
59
Calculation process of the STP algorithm
The spanning tree calculation process described in the following sections is a simplified process for
example only.
Calculation process
The STP algorithm uses the following calculation process:
1. Network initialization.
Upon initialization of a device, each port generates a BPDU with the device as the designated port,
the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge
ID.
2. Root bridge selection.
Initially, each STP-enabled device on the network assumes itself to be the root bridge, with its own
device ID as the root bridge ID. By exchanging configuration BPDUs, the devices compare their
root bridge IDs to elect the device with the smallest root bridge ID as the root bridge.
3. Root port and designated ports selection on the non-root bridges.
Step Description
A non-root–bridge device regards the port on which it received the optimum configuration BPDU
1
as the root port. Table 6 describes how the optimum configuration BPDU is selected.
Based on the configuration BPDU and the path cost of the root port, the device calculates a
designated port configuration BPDU for each of the other ports.
• The root bridge ID is replaced with that of the configuration BPDU of the root port.
2 • The root path cost is replaced with that of the configuration BPDU of the root port plus the path
cost of the root port.
• The designated bridge ID is replaced with the ID of this device.
• The designated port ID is replaced with the ID of this port.
The device compares the calculated configuration BPDU with the configuration BPDU on the port
whose port role will be determined, and acts depending on the result of the comparison:
• If the calculated configuration BPDU is superior, the device considers this port as the
designated port, replaces the configuration BPDU on the port with the calculated configuration
3
BPDU, and periodically sends the calculated configuration BPDU.
• If the configuration BPDU on the port is superior, the device blocks this port without updating its
configuration BPDU. The blocked port can receive BPDUs, but cannot send BPDUs or forward
data traffic.
When the network topology is stable, only the root port and designated ports forward user traffic.
Other ports are all in the blocked state to receive BPDUs but not to forward BPDUs or user traffic.
Table 6 Selecting the optimum configuration BPDU
Step Actions
Upon receiving a configuration BPDU on a port, the device compares the priority of the received
configuration BPDU with that of the configuration BPDU generated by the port, and:
• If the former priority is lower, the device discards the received configuration BPDU and keeps
1
the configuration BPDU the port generated.
• If the former priority is higher, the device replaces the content of the configuration BPDU
generated by the port with the content of the received configuration BPDU.
60
Step Actions
The device compares the configuration BPDUs of all the ports and chooses the optimum
2
configuration BPDU.
The following are the principles of configuration BPDU comparison:

{ The configuration BPDU with the lowest root bridge ID has the highest priority.
{ If configuration BPDUs have the same root bridge ID, their root path costs are compared. For
example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S.
The configuration BPDU with the smallest S value has the highest priority.
{ If all configuration BPDUs have the same ports value, their designated bridge IDs, designated
port IDs, and the IDs of the receiving ports are compared in sequence. The configuration BPDU
that contains a smaller ID is selected.
A tree-shape topology forms when the root bridge, root ports, and designated ports are selected.
Example of STP calculation

Figure 16 provides an example of how the STP algorithm works.
Figure 16 The STP algorithm
Device A
Priority = 0
Port A1 Port A2
Port B1 Port C1
Port B2 Port C2
Path cost = 4
Device B Device C
Priority = 1 Priority = 2
As shown in Figure 16, the priority values of Device A, Device B, and Device C are 0, 1, and 2, and the
path costs of links among the three devices are 5, 10, and 4, respectively.
1. Device state initialization.
In Table 7, each configuration BPDU contains the following fields: root bridge ID, root path cost,
designated bridge ID, and designated port ID.
Table 7 Initial state of each device
Device Port name Configuration BPDU on the port

Port A1 {0, 0, 0, Port A1}
Device A
Port A2 {0, 0, 0, Port A2}
Port B1 {1, 0, 1, Port B1}

Device B
Port B2 {1, 0, 1, Port B2}
Device C Port C1 {2, 0, 2, Port C1}
61
Device Port name Configuration BPDU on the port
Port C2 {2, 0, 2, Port C2}
2. Configuration BPDUs comparison on each device.

In Table 8, each configuration BPDU contains the following fields: root bridge ID, root path cost,
designated bridge ID, and designated port ID.
Table 8 Comparison process and result on each device
Configuration BPDU on
Device Comparison process
ports after comparison
• Port A1 receives the configuration BPDU of Port B1 {1, 0, 1, Port
B1}, finds that its existing configuration BPDU {0, 0, 0, Port A1}
is superior to the received configuration BPDU, and discards the
received one.
• Port A2 receives the configuration BPDU of Port C1 {2, 0, 2, Port • Port A1: {0, 0, 0, Port
C1}, finds that its existing configuration BPDU {0, 0, 0, Port A2}
A1}
Device A is superior to the received configuration BPDU, and discards the
received one.
• Port A2: {0, 0, 0, Port
A2}
• Device A finds that it is both the root bridge and designated
bridge in the configuration BPDUs of all its ports, and considers
itself as the root bridge. It does not change the configuration
BPDU of any port and starts to periodically send configuration
BPDUs.
• Port B1 receives the configuration BPDU of Port A1 {0, 0, 0, Port
A1}, finds that the received configuration BPDU is superior to its
existing configuration BPDU {1, 0, 1, Port B1}, and updates its • Port B1: {0, 0, 0, Port
configuration BPDU. A1}
• Port B2 receives the configuration BPDU of Port C2 {2, 0, 2, Port • Port B2: {1, 0, 1, Port
C2}, finds that its existing configuration BPDU {1, 0, 1, Port B2} B2}
is superior to the received configuration BPDU, and discards the
received one.
• Device B compares the configuration BPDUs of all its ports,
Device B decides that the configuration BPDU of Port B1 is the optimum,
and selects Port B1 as the root port with the configuration BPDU
unchanged.
• Based on the configuration BPDU and path cost of the root port, • Root port (Port B1): {0,
Device B calculates a designated port configuration BPDU for 0, 0, Port A1}
Port B2 {0, 5, 1, Port B2}, and compares it with the existing • Designated port (Port
configuration BPDU of Port B2 {1, 0, 1, Port B2}. Device B finds B2): {0, 5, 1, Port B2}
that the calculated one is superior, decides that Port B2 is the
designated port, replaces the configuration BPDU on Port B2
with the calculated one, and periodically sends the calculated
configuration BPDU.
• Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port
A2}, finds that the received configuration BPDU is superior to its
existing configuration BPDU {2, 0, 2, Port C1}, and updates its • Port C1: {0, 0, 0, Port
configuration BPDU. A2}
Device C
• Port C2 receives the original configuration BPDU of Port B2 {1, • Port C2: {1, 0, 1, Port
0, 1, Port B2}, finds that the received configuration BPDU is B2}
superior to the existing configuration BPDU {2, 0, 2, Port C2},
and updates its configuration BPDU.
62
Configuration BPDU on
Device Comparison process
ports after comparison
• Device C compares the configuration BPDUs of all its ports,
decides that the configuration BPDU of Port C1 is the optimum,
and selects Port C1 as the root port with the configuration BPDU
unchanged.
• Root port (Port C1): {0,
• Based on the configuration BPDU and path cost of the root port, 0, 0, Port A2}
Device C calculates the configuration BPDU of Port C2 {0, 10, 2,
• Designated port (Port
Port C2}, and compares it with the existing configuration BPDU
C2): {0, 10, 2, Port C2}
of Port C2 {1, 0, 1, Port B2}. Device C finds that the calculated
configuration BPDU is superior to the existing one, selects Port
C2 as the designated port, and replaces the configuration
BPDU of Port C2 with the calculated one.
• Port C2 receives the updated configuration BPDU of Port B2 {0,
5, 1, Port B2}, finds that the received configuration BPDU is
• Port C1: {0, 0, 0, Port
superior to its existing configuration BPDU {0, 10, 2, Port C2},
A2}
and updates its configuration BPDU.
• Port C2: {0, 5, 1, Port
• Port C1 receives a periodic configuration BPDU {0, 0, 0, Port
B2}
A2} from Port A2, finds that it is the same as the existing
configuration BPDU, and discards the received one.
• Device C finds that the root path cost of Port C1 (10) (root path
cost of the received configuration BPDU (0) plus path cost of Port
C1 (10)) is larger than that of Port C2 (9) (root path cost of the
received configuration BPDU (5) plus path cost of Port C2 (4)),
decides that the configuration BPDU of Port C2 is the optimum,
and selects Port C2 as the root port with the configuration BPDU
unchanged. • Blocked port (Port C1):
• Based on the configuration BPDU and path cost of the root port, {0, 0, 0, Port A2}
Device C calculates a designated port configuration BPDU for • Root port (Port C2): {0,
Port C1 {0, 9, 2, Port C1} and compares it with the existing 5, 1, Port B2}
configuration BPDU of Port C1 {0, 0, 0, Port A2}. Device C finds
that the existing configuration BPDU is superior to the calculated
one and blocks Port C1 with the configuration BPDU
unchanged. Then Port C1 does not forward data until a new
event triggers a spanning tree calculation process, for example,
the link between Device B and Device C is down.
After the comparison processes described in Table 8, a spanning tree with Device A as the root bridge
is established, and the topology is shown in Figure 17.
Figure 17 The final calculated spanning tree
63
The configuration BPDU forwarding mechanism of STP
The configuration BPDUs of STP are forwarded according to these guidelines:
• Upon network initiation, every device regards itself as the root bridge, generates configuration
BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.
• If the root port received a configuration BPDU and the received configuration BPDU is superior to
the configuration BPDU of the port, the device increases the message age carried in the
configuration BPDU following a certain rule and starts a timer to time the configuration BPDU while
sending this configuration BPDU through the designated port.
• If the configuration BPDU received on a designated port has a lower priority than the configuration
BPDU of the local port, the port immediately sends its own configuration BPDU in response.
• If a path becomes faulty, the root port on this path no longer receives new configuration BPDUs and
the old configuration BPDUs will be discarded due to timeout. The device generates a configuration
BPDU with itself as the root and sends the BPDUs and TCN BPDUs. This triggers a new spanning
tree calculation process to establish a new path to restore the network connectivity.
However, the newly calculated configuration BPDU cannot be propagated throughout the network
immediately, so the old root ports and designated ports that have not detected the topology change
continue forwarding data along the old path. If the new root ports and designated ports begin to
forward data as soon as they are elected, a temporary loop might occur.
STP timers
The most important timing parameters in STP calculation are forward delay, hello time, and max age.
• Forward delay
Forward delay is the delay time for port state transition.
A path failure can cause spanning tree re-calculation to adapt the spanning tree structure to the
change. However, the resulting new configuration BPDU cannot propagate throughout the
network immediately. If the newly elected root ports and designated ports start to forward data
immediately, a temporary loop will likely occur.
For this reason, as a mechanism for state transition in STP, the newly elected root ports or
designated ports require twice the forward delay time before they transit to the forwarding state to
make sure the new configuration BPDU has propagated throughout the network.
• Hello time
The device sends hello packets at the hello time interval to the neighboring devices to make sure
the paths are fault-free.
• Max age
The device uses the max age to determine whether a stored configuration BPDU has expired and
discards it if the max age is exceeded.
RSTP
RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to
enter the forwarding state much faster than STP.
If the old root port on the device has stopped forwarding data and the upstream designated port has
started forwarding data, a newly elected RSTP root port rapidly enters the forwarding state.
A newly elected RSTP designated port rapidly enters the forwarding state if it is an edge port (a port that
directly connects to a user terminal rather than to another network device or a shared LAN segment) or
64
it connects to a point-to-point link. Edge ports directly enter the forwarding state. Connecting to a
point-to-point link, a designated port enters the forwarding state immediately after the device receives a
handshake response from the directly connected device.
MSTP
MSTP overcomes the following STP and RSTP limitations:
• STP limitations—STP does not support rapid state transition of ports. A newly elected port must wait
twice the forward delay time before it transits to the forwarding state, even if it connects to a
point-to-point link or is an edge port.
• RSTP limitations—Although RSTP enables faster network convergence than STP, RSTP fail to provide
load balancing among VLANs. As with STP, all RSTP bridges in a LAN share one spanning tree and
forward packets from all VLANs along this spanning tree.
MSTP features
Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP and RSTP. In addition to
supporting rapid network convergence, it provides a better load sharing mechanism for redundant links
by allowing data flows of different VLANs to be forwarded along separate paths.
MSTP provides the following features:
• MSTP divides a switched network into multiple regions, each of which contains multiple spanning
trees that are independent of one another.
• MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance
mapping table. MSTP can reduce communication overheads and resource usage by mapping
multiple VLANs to one instance.
• MSTP prunes a loop network into a loop-free tree, which avoids proliferation and endless cycling of
packets in a loop network. In addition, it supports load balancing of VLAN data by providing
multiple redundant paths for data forwarding.
• MSTP is compatible with STP and RSTP.
MSTP basic concepts

Figure 18 shows a switched network that comprises four MST regions, each MST region comprising four
MSTP devices. Figure 19 shows the networking topology of MST region 3.
65
Figure 18 Basic concepts in MSTP
VLAN 1 MSTI 1 VLAN 1 MSTI 1

Other VLANs MSTI 0 Other VLANs MSTI 0
MST region 1 MST region 4
MST region 2 MST region 3

VLAN 2 MSTI 2 CST VLAN 2&3 MSTI 2
Other VLANs MSTI 0 Other VLANs MSTI 0
Figure 19 Network diagram and topology of MST region 3

To MST region 2
MST region
A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the
network segments among them. All these devices have the following characteristics:
• A spanning tree protocol enabled
• Same region name
66
• Same VLAN-to-instance mapping configuration
• Same MSTP revision level
• Physically linked together
Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST
region. In Figure 18, the switched network comprises four MST regions, MST region 1 through MST
region 4, and all devices in each MST region have the same MST region configuration.
MSTI
MSTP can generate multiple independent spanning trees in an MST region, and each spanning tree is
mapped to the specific VLANs. Each spanning tree is referred to as a "multiple spanning tree instance
(MSTI)".
In Figure 19, MST region 3 comprises three MSTIs, MSTI 1, MSTI 2, and MSTI 0.
VLAN-to-instance mapping table

As an attribute of an MST region, the VLAN-to-instance mapping table describes the mapping
relationships between VLANs and MSTIs.
In Figure 19, the VLAN-to-instance mapping table of MST region 3 is: VLAN 1 to MSTI 1, VLAN 2 and
VLAN 3 to MSTI 2, and other VLANs to MSTI 0. MSTP achieves load balancing by means of the
VLAN-to-instance mapping table.
CST
The common spanning tree (CST) is a single spanning tree that connects all MST regions in a switched
network. If you regard each MST region as a device, the CST is a spanning tree calculated by these
devices through STP or RSTP.
The blue lines in Figure 18 represent the CST.
IST
An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a
special MSTI to which all VLANs are mapped by default.
In Figure 18, MSTI 0 is the IST in MST region 3.
CIST
The common and internal spanning tree (CIST) is a single spanning tree that connects all devices in a
switched network. It consists of the ISTs in all MST regions and the CST.
In Figure 18, the ISTs (MSTI 0) in all MST regions plus the inter-region CST constitute the CIST of the entire
network.
Regional root
The root bridge of the IST or an MSTI within an MST region is the regional root of the IST or MSTI. Based
on the topology, different spanning trees in an MST region might have different regional roots.
In MST region 3 in Figure 19, the regional root of MSTI 1 is Device B, the regional root of MSTI 2 is Device
C, and the regional root of MSTI 0 (also known as the IST) is Device A.
Common root bridge

The common root bridge is the root bridge of the CIST.
In Figure 18, the common root bridge is a device in MST region 1.
67
Port roles
A port can play different roles in different MSTIs. As shown in Figure 20, an MST region comprises
Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common
root bridge. Port B2 and Port B3 of Device B form a loop. Port C3 and Port C4 of Device C connect to
other MST regions. Port D3 of Device D directly connects to a host.
Figure 20 Port roles
MSTP calculation involves the following port roles:

• Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have
any root port.
• Designated port—Forwards data to the downstream network segment or device.
• Alternate port—Serves as the backup port for a root port or master port. When the root port or
master port is blocked, the alternate port takes over.
• Backup port—Serves as the backup port of a designated port. When the designated port is invalid,
the backup port becomes the new designated port. A loop occurs when two ports of the same
spanning tree device are connected, so the device blocks one of the ports. The blocked port acts as
the backup.
• Edge port—Does not connect to any network device or network segment, but directly connects to a
user host.
• Master port—Serves as a port on the shortest path from the local MST region to the common root
bridge. The master port is not always located on the regional root. It is a root port on the IST or CIST
and still a master port on the other MSTIs.
• Boundary port—Connects an MST region to another MST region or to an STP/RSTP-running device.
In MSTP calculation, a boundary port's role on an MSTI is consistent with its role on the CIST. But
that is not true with master ports. A master port on MSTIs is a root port on the CIST.
Port states
In MSTP, a port can be in one of the following states:
68
• Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user
traffic.
• Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user
traffic. Learning is an intermediate port state.
• Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward
user traffic.
NOTE:
When in different MSTIs, a port can be in different states.
A port state is not exclusively associated with a port role. Table 9 lists the port states that each port role
supports. (A check mark [√] indicates that the port supports this state, while a dash [—] indicates that the
port does not support this state.)
Table 9 Port states that different port roles support
Port role (right) Root port/master

Designated port Alternate port Backup port
Port state (below) port
Forwarding √ √ — —
Learning √ √ — —
Discarding √ √ √ √
How MSTP works

MSTP divides an entire Layer 2 network into multiple MST regions, which are connected by a calculated
CST. Inside an MST region, multiple spanning trees, called MSTIs, are calculated. Among these MSTIs,
MSTI 0 is the IST.
Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an
MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent.
CIST calculation
The calculation of a CIST tree is also the process of configuration BPDU comparison. During this process,
the device with the highest priority is elected as the root bridge of the CIST. MSTP generates an IST within
each MST region through calculation. At the same time, MSTP regards each MST region as a single
device and generates a CST among these MST regions through calculation. The CST and ISTs constitute
the CIST of the entire network.
MSTI calculation
Within an MST region, MSTP generates different MSTIs for different VLANs based on the
VLAN-to-instance mappings. For each spanning tree, MSTP performs a separate calculation process
similar to spanning tree calculation in STP. For more information, see "Calculation process of the STP
algorithm."
In MSTP, a VLAN packet is forwarded along the following paths:
• Within an MST region, the packet is forwarded along the corresponding MSTI.
• Between two MST regions, the packet is forwarded along the CST.
69
MSTP implementation on devices
MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning
tree calculation can identify STP and RSTP protocol packets.
In addition to basic MSTP functions, the following functions are provided for ease of management:
• Root bridge hold
• Root bridge backup
• Root guard
• BPDU guard
• Loop guard
• TC-BPDU guard
• Port role restriction
• TC-BPDU transmission restriction.
Protocols and standards

MSTP is documented in the following protocols and standards:
• IEEE 802.1d, Media Access Control (MAC) Bridges
• IEEE 802.1w, Part 3: Media Access Control (MAC) Bridges—Amendment 2: Rapid Reconfiguration
• IEEE 802.1s, Virtual Bridged Local Area Networks—Amendment 3: Multiple Spanning Trees
• IEEE 802.1Q-REV/D1.3, Media Access Control (MAC) Bridges and Virtual Bridged Local Area
Networks —Clause 13: Spanning tree Protocols
Spanning tree configuration task lists

Before configuring a spanning tree, you must determine the spanning tree protocol to be used (STP, RSTP,
or MSTP) and plan the device roles (the root bridge or leaf node).
• When both TRILL and a spanning tree protocol are enabled on a port, TRILL processes the BPDUs
received on the port. To make sure the STP network can correctly interoperate with the TRILL network,
disable the spanning tree protocol on TRILL ports. For more information about TRILL, see TRILL
• The spanning tree configurations are mutually exclusive with service loopback.
• Configurations made in system view take effect globally. Configurations made in Ethernet interface
view take effect on the interface only. Configurations made in aggregate interface view take effect
only on the aggregate interface. Configurations made on an aggregation member port can take
effect only after the port is removed from the aggregation group.
• After you enable a spanning tree protocol on an aggregate interface, the system performs
spanning tree calculation on the aggregate interface, but not on the aggregation member ports.
The spanning tree protocol enable state and forwarding state of each selected member port is
consistent with those of the corresponding aggregate interface.
• Though the member ports of an aggregation group do not participate in spanning tree calculation,
the ports still reserve their spanning tree configurations for participating in spanning tree
calculation after leaving the aggregation group.
70
STP configuration task list
Tasks at a glance
Configuring the root bridge:
• (Required.) Setting the spanning tree mode
• (Optional.) Configuring the root bridge or a secondary root bridge
• (Optional.) Configuring the device priority
• (Optional.) Configuring the network diameter of a switched network
• (Optional.) Configuring spanning tree timers
• (Optional.) Configuring the timeout factor
• (Optional.) Configuring the BPDU transmission rate
• (Optional.) Enabling outputting port state transition information
• (Required.) Enabling the spanning tree feature
Configuring the leaf nodes:

• (Optional.) Configuring path costs of ports
• (Optional.) Configuring the port priority
(Optional.) Configuring protection functions
RSTP configuration task list

Tasks at a glance
• (Optional.) Configuring edge ports
• (Optional.) Configuring the port link type
71
Tasks at a glance
(Optional.) Performing mCheck
MSTP configuration task list

Tasks at a glance
• (Required.) Configuring an MST region
• (Optional.) Configuring the maximum hops of an MST region
• (Optional.) Configuring the mode a port uses to recognize and send MSTP packets
72
Tasks at a glance
• (Required.) Configuring an MST region
• (Optional.) Configuring the mode a port uses to recognize and send MSTP packets
(Optional.) Performing mCheck
(Optional.) Configuring Digest Snooping
(Optional.) Configuring No Agreement Check
Setting the spanning tree mode

The spanning tree modes include:
• STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port
supports only STP.
• RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transits to
the STP mode when it receives STP BPDUs from the peer device, and a port in this mode does not
transit to the MSTP mode when it receives MSTP BPDUs from the peer device.
• MSTP mode—All ports of the device send MSTP BPDUs. A port in this mode automatically transits
to the STP mode when it receives STP BPDUs from the peer device, and a port in this mode does not
transit to the RSTP mode when it receives RSTP BPDUs from the peer device.
MSTP mode is compatible with RSTP mode, and RSTP mode is compatible with STP mode.
When you make configurations in different spanning tree modes, follow these guidelines:
• In STP or RSTP mode, do not specify an MSTI. Otherwise, the spanning tree configuration does not
take effect.
• In MSTP mode, if you specify an MSTI, the spanning tree configuration takes effect on the specified
MSTI. If you do not specify an MSTI, the spanning tree configuration takes effect on the CIST.
To set the spanning tree mode:

The default setting is the

2. Set the spanning tree mode. stp mode { mstp | rstp | stp }
MSTP mode.
73
Configuring an MST region
Two or more spanning tree devices belong to the same MST region only if they are configured to have the
same format selector (0 by default, not configurable), MST region name, MST region revision level, and
the same VLAN-to-instance mapping entries in the MST region, and they are connected through a
physical link.
The configuration of MST region-related parameters (especially the VLAN-to-instance mapping table)
might cause MSTP to begin a new spanning tree calculation. To reduce the possibility of topology
instability, the MST region configuration takes effect only after you activate it by using the active
region-configuration command, or enable a spanning tree protocol by using the stp global enable
command if the spanning tree protocol is disabled.
To configure an MST region:

2. Enter MST region view. stp region-configuration N/A
3. Configure the MST region The default setting is the MAC
region-name name
name. address.

4. Configure the • instance instance-id vlan
VLAN-to-instance mapping vlan-list By default, all VLANs in an MST
table. region are mapped to the CIST (or
• vlan-mapping modulo modulo
MSTI 0).
5. Configure the MSTP revision
revision-level level The default setting is 0.
level of the MST region.
6. (Optional.) Display the MST
region configurations that are check region-configuration N/A
not activated yet.
7. Manually activate MST region
active region-configuration N/A
configuration.
8. (Optional.) Display the
activated configuration
display stp region-configuration Available in any view.
information of the MST
region.
Configuring the root bridge or a secondary root

bridge
You can have the spanning tree protocol determine the root bridge of a spanning tree through MSTP
calculation, or you can specify the current device as the root bridge or as a secondary root bridge.
A device has independent roles in different spanning trees. It can act as the root bridge in one spanning
tree and as a secondary root bridge in another. However, one device cannot be the root bridge and a
secondary root bridge in the same spanning tree.
A spanning tree can have only one root bridge. If two or more devices are selected as the root bridge in
a spanning tree at the same time, the device with the lowest MAC address is chosen.
74
When the root bridge of an instance fails or is shut down, the secondary root bridge (if you have
specified one) becomes the root bridge if you have not specified a new root bridge. If you specify
multiple secondary root bridges for an instance, the secondary root bridge with the lowest MAC address
is given priority.
You can specify one root bridge for each spanning tree, regardless of the device priority settings. Once
you specify a device as the root bridge or a secondary root bridge, you cannot change its priority.
You can configure the current device as the root bridge by setting the device priority to 0. For the device
priority configuration, see "Configuring the device priority."
Configuring the current device as the root bridge of a specific

spanning tree
• In STP/RSTP mode:
2. Configure the current
stp root primary By default, a device does not
device as the root
bridge. • In MSTP mode: function as the root bridge.
stp [ instance instance-list ] root primary
Configuring the current device as a secondary root bridge of a

specific spanning tree
2. Configure the current stp root secondary By default, a device does not
device as a secondary root • In MSTP mode: function as a secondary root
bridge. stp [ instance instance-list ] root bridge.
secondary
Configuring the device priority

Device priority is a factor in calculating the spanning tree. The priority of a device determines whether the
device can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority.
You can set the priority of a device to a low value to specify the device as the root bridge of the spanning
tree. A spanning tree device can have different priorities in different MSTIs.
During root bridge selection, if all devices in a spanning tree have the same priority, the one with the
lowest MAC address is selected as the root bridge of the spanning tree. You cannot change the priority
of a device after it is configured as the root bridge or as a secondary root bridge.
To configure the priority of a device in a specified MSTI:
75
stp priority priority
2. Configure the priority of
the current device. • In MSTP mode: The default setting is 32768.
stp [ instance instance-list ] priority
priority
Configuring the maximum hops of an MST region

Restrict the region size by setting the maximum hops of an MST region. The hop limit configured on the
regional root bridge is used as the hop limit for the MST region.
Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value.
When a device receives this configuration BPDU, it decrements the hop count by one, and uses the new
hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches zero, it is discarded
by the device that received it. Devices beyond the reach of the maximum hops can no longer participate
in spanning tree calculations, so the size of the MST region is limited.
Make this configuration only on the root bridge. All other devices in the MST region use the maximum
hop value set for the root bridge.
You can configure the maximum hops of an MST region based on the STP network size. H3C
recommends that you set the maximum hops to a value that is greater than the maximum hops of each
edge device to the root bridge.
To configure the maximum number of hops of an MST region:

2. Configure the maximum hops
stp max-hops hops The default setting is 20.
of the MST region.
Configuring the network diameter of a switched

network
Any two terminal devices in a switched network can reach each other through a specific path, and there
are a series of devices on the path. The network diameter of the switched network refers to the maximum
number of devices on the path for an edge device to reach another edge device in the switched network
through the root bridge. The network diameter indicates the network size. The bigger the diameter, the
larger the network size.
Based on the network diameter you configured, the system automatically sets an optimal hello time,
forward delay, and max age for the device. Each MST region is considered a device and the configured
network diameter takes effect only on the CIST (or the common root bridge) but not on other MSTIs.
To configure the network diameter of a switched network:
76
2. Configure the network
diameter of the switched stp bridge-diameter diameter The default setting is 7.
network.
Configuring spanning tree timers

The following timers are used for spanning tree calculation:
• Forward delay—Delay time for port state transition. To prevent temporary loops on a network, the
spanning tree feature sets an intermediate port state (the learning state) before it transits from the
discarding state to the forwarding state. The feature also requires that the port transit its state after
a forward delay timer to make sure the state transition of the local port stays synchronized with the
peer.
• Hello time—Interval at which the device sends configuration BPDUs to detect link failures. If the
device receives no configuration BPDUs within the hello time interval, it recalculates the spanning
tree.
• Max age—In the CIST of an MSTP network, the device uses the max age timer to determine if a
configuration BPDU received by a port has expired. If it has, a new spanning tree calculation
process starts. The max age timer takes effect only on the CIST.
To ensure a fast topology convergence and avoid frequent network changes, make sure the timer settings
meet the following formulas:
• 2 × (forward delay – 1 second) ≥ max age
• Max age ≥ 2 × (hello time + 1 second)
H3C recommends not manually setting the spanning tree timers. H3C recommends specifying the
network diameter and letting spanning tree protocols automatically calculate the timers based on the
network diameter. When the network topology changes, use the stp bridge-diameter command to
modify the network diameter. The device then automatically adjusts the timers based on the network
diameter. If the network diameter uses the default value, the timers also use their default values.
Configure the timers only on the root bridge. The timer settings on the root bridge apply to all devices on
the entire switched network.

• The length of the forward delay timer is related to the network diameter of the switched network. The
larger the network diameter is, the longer the forward delay time should be. If the forward delay
timer is too short, temporary redundant paths might occur. If the forward delay timer is too long,
network convergence might take a long time. H3C recommends using the automatically calculated
value.
• An appropriate hello time setting enables the device to promptly detect link failures on the network
without using excessive network resources. If the hello time is too long, the device mistakes packet
loss for a link failure and triggers a new spanning tree calculation process. If the hello time is too
short, the device frequently sends the same configuration BPDUs, which waste device and network
resources. H3C recommends using the automatically calculated value.
77
• If the max age timer is too short, the device frequently begins spanning tree calculations and might
mistake network congestion as a link failure. If the max age timer is too long, the device might fail
to promptly detect link failures and quickly launch spanning tree calculations, reducing the
auto-sensing capability of the network. H3C recommends using the automatically calculated value.
To configure the spanning tree timers:

2. Configure the forward stp timer forward-delay
The default setting is 15 seconds.
delay timer. time
3. Configure the hello timer. stp timer hello time The default setting is 2 seconds.
4. Configure the max age

stp timer max-age time The default setting is 20 seconds.
timer.
Configuring the timeout factor

The timeout factor is a parameter used to decide the timeout time, in the following formula: Timeout time
= timeout factor × 3 × hello time.
After the network topology is stabilized, each non-root-bridge device forwards configuration BPDUs to
the downstream devices at the hello interval to detect link failures. If a device does not receive a BPDU
from the upstream device within nine times the hello time, it assumes that the upstream device has failed
and starts a new spanning tree calculation process.
Sometimes a device might fail to receive a BPDU from the upstream device because the upstream device
is busy. If a spanning tree calculation occurs, the calculation can fail and also waste network resources.
On a stable network, you can prevent undesired spanning tree calculations by setting the timeout factor
to 5, 6, or 7.
To configure the timeout factor:

2. Configure the timeout factor
stp timer-factor factor The default setting is 3.
of the device.
Configuring the BPDU transmission rate

The maximum number of BPDUs that a port can send within each hello time equals the BPDU
transmission rate plus the hello timer value. Configure an appropriate BPDU transmission rate for a port
based on the physical status of the port and the network structure.
78
The higher the BPDU transmission rate, the more BPDUs are sent within each hello time, and the more
system resources are used. By setting an appropriate BPDU transmission rate, you can limit the rate at
which the port sends BPDUs and prevent spanning tree protocols from using excessive network resources
when the network becomes unstable. H3C recommends using the default setting.
To configure the BPDU transmission rate:

2. Enter Ethernet or aggregate
interface view.
3. Configure the BPDU
stp transmit-limit limit The default setting is 10.
transmission rate of the port.
Configuring edge ports

If a port directly connects to a user terminal rather than another device or a shared LAN segment, this
port is regarded as an edge port. When network topology change occurs, an edge port will not cause
a temporary loop. Because a device does not determine whether a port is directly connected to a
terminal, you must manually configure the port as an edge port. After that, the port can rapidly transit
from the blocked state to the forwarding state.

• If BPDU guard is disabled, a port set as an edge port becomes a non-edge port again if it receives
a BPDU from another port. To restore the edge port, re-enable it.
• If a port directly connects to a user terminal, configure it as an edge port and enable BPDU guard
for it. This enables the port to quickly transit to the forwarding state when ensuring network security.
• On a port, the loop guard function, the root guard function, and the edge port setting are mutually
exclusive, and the one configured first takes effect.
To specify a port as an edge port:

interface view.
3. Configure the current ports as By default, all ports are
stp edged-port
edge ports. non-edge ports.
79
Configuring path costs of ports
Path cost is a parameter related to the rate of a port. On a spanning tree device, a port can have different
path costs in different MSTIs. Setting appropriate path costs allows VLAN traffic flows to be forwarded
along different physical links, achieving VLAN-based load balancing.
You can have the device automatically calculate the default path cost, or you can configure the path cost
for ports.
Specifying a standard for the device to use when it calculates

the default path cost
CAUTION:
If you change the standard that the device uses to calculate the default path costs, you restore the path
costs to the default.
You can specify a standard for the device to use in automatic calculation for the default path cost. The
device supports the following standards:
• dot1d-1998—The device calculates the default path cost for ports based on IEEE 802.1d-1998.
• dot1t—The device calculates the default path cost for ports based on IEEE 802.1t.
• legacy—The device calculates the default path cost for ports based on a private standard.
When you specify a standard for the device to use when it calculates the default path cost, follow these
guidelines:
• When it calculates the path cost for an aggregate interface, IEEE 802.1t takes into account the
number of Selected ports in its aggregation group, but IEEE 802.1d-1998 does not. The calculation
formula of IEEE 802.1t is: Path cost = 200,000,000/link speed (in 100 kbps), where link speed is
the sum of the link speed values of the Selected ports in the aggregation group.
• IEEE 802.1d-1998 or the private standard always assigns the smallest possible value to a single port
or an aggregate interface when the link speed of the port or interface exceeds 10 Gbps. The
forwarding path selected based on this criterion might not be the best one. To solve this problem,
use dot1t as the standard for default path cost calculation, or manually set the path cost for the port
(see "Configuring path costs of ports").
To specify a standard for the device to use when it calculates the default path cost:

2. Specify a standard for the
device to use when it stp pathcost-standard
The default setting is legacy.
calculates the default path { dot1d-1998 | dot1t | legacy }
costs of its ports.
80
Table 10 Mappings between the link speed and the path cost
Path cost
Link speed Port type IEEE
IEEE 802.1t Private standard
802.1d-1998
0 N/A 65535 200000000 200000
Single port 2000000 2000
Aggregate interface
containing two Selected 1000000 1800
ports
10 Mbps Aggregate interface 100

containing three Selected 666666 1600
ports
Aggregate interface
containing four Selected 500000 1400
ports
Aggregate interface
ports

ports
Aggregate interface
ports
Aggregate interface
ports

ports
Aggregate interface
ports
Single port 2000 2
Aggregate interface
ports
10 Gbps Aggregate interface 2

ports
Aggregate interface
ports
81
Path cost
Link speed Port type IEEE
IEEE 802.1t Private standard
802.1d-1998
Single port 1000 1
Aggregate interface
ports

ports
Aggregate interface
ports
Single port 500 1
Aggregate interface
ports

ports
Aggregate interface
ports
Single port 200 1
Aggregate interface
ports

ports
Aggregate interface
ports
Configuring path costs of ports

When the path cost of a port changes, the system recalculates the role of the port and initiates a state
transition.
To configure the path cost of a port:

interface view.
82
stp cost cost By default, the system
3. Configure the path cost of the
automatically calculates the
ports. • In MSTP mode:
path cost of each port.
stp [ instance instance-list ] cost cost
Configuration example
# In MSTP mode, specify the device to calculate the default path costs of its ports by using IEEE
802.1d-1998, and set the path cost of Ten-GigabitEthernet 1/0/3 to 200 on MSTI 2.
<Sysname> system-view
[Sysname] stp pathcost-standard dot1d-1998
Cost of every port will be reset and automatically re-calculated after you change the
current pathcost standard. Continue?[Y/N]:y
Cost of every port has been re-calculated.
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] stp instance 2 cost 200
Configuring the port priority

The priority of a port is a factor that determines whether the port can be elected as the root port of a
device. If all other conditions are the same, the port with the highest priority is elected as the root port.
On a spanning tree device, a port can have different priorities and play different roles in different
spanning trees, so that data of different VLANs can be propagated along different physical paths,
implementing per-VLAN load balancing. You can set port priority values based on the actual networking
requirements.
When the priority of a port changes, the system recalculates the port role and initiates a state transition.
To configure the priority of a port:

interface view.
stp port priority priority
The default setting is 128
3. Configure the port priority. • In MSTP mode:
for all ports.
stp [ instance instance-list ] port priority
priority
Configuring the port link type

A point-to-point link directly connects two devices. If two root ports or designated ports are connected
over a point-to-point link, they can rapidly transit to the forwarding state after a proposal-agreement
handshake process.
83
• You can configure the link type as point-to-point for an aggregate interface or a port that operates
in full duplex mode. H3C recommends using the default setting and letting the device to
automatically detect the port link type.
• The stp point-to-point force-false or stp point-to-point force-true command configured on a port in
MSTP mode takes effect on all MSTIs.
• If you configure a non-point-to-point link as a point-to-point link, the configuration might cause a
temporary loop.
To configure the link type of a port:

2. Enter Ethernet or aggregate interface interface-type
N/A
By default, the link type is auto

stp point-to-point { auto | force-false
3. Configure the port link type. where the port automatically
| force-true }
detects the link type.
Configuring the mode a port uses to recognize and

send MSTP packets
A port can receive and send MSTP packets in the following formats:
• dot1s—802.1s-compliant standard format
• legacy—Compatible format
By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the
two MSTP packet formats, and determines the format of packets that it will send based on the recognized
format.
You can configure the MSTP packet format on a port. When operating in MSTP mode after the
configuration, the port sends only MSTP packets of the format that you have configured to communicate
with devices that send packets of the same format.
A port in auto mode sends 802.1s MSTP packets by default. When the port receives an MSTP packet of
a legacy format, the port starts to send packets only of the legacy format. This prevents the port from
frequently changing the format of sent packets. To configure the port to send 802.1s MSTP packets, shut
down and then bring up the port.
When the number of existing MSTIs exceeds 48, the port can send only 802.1s MSTP packets.
To configure the MSTP packet format to be supported on a port:
84
interface view.
3. Configure the mode that the
port uses to recognize/send stp compliance { auto | dot1s | legacy } The default setting is auto.
MSTP packets.
Enabling outputting port state transition information

In a large-scale spanning tree network, you can enable devices to output the port state transition
information of all MSTIs or the specified MSTI in order to monitor the port states in real time.
To enable outputting port state transition information:

stp port-log instance 0
2. Enable outputting port state By default, this function is
transition information. • In MSTP mode:
enabled.
stp port-log instance { instance-list |
all }
Enabling the spanning tree feature

You must enable the spanning tree feature for the device before any other spanning tree related
configurations can take effect. Make sure the spanning tree feature is enabled globally and on the
desired ports.
You can disable the spanning tree feature for certain ports with the undo stp enable command to exclude
them from spanning tree calculation and save CPU resources of the device.
To enable the spanning tree feature:

2. Enable the spanning tree By default, the spanning tree
stp global enable
feature. feature is disabled globally.
N/A
4. (Optional.) Enable the
By default, the spanning tree
spanning tree feature for the stp enable
feature is enabled on all ports.
port.
85
Performing mCheck
The mCheck feature enables user intervention in the port status transition process.
If a port on a device that is running MSTP or RSTP connects to an STP device, this port automatically
transits to STP mode when the port receives STP BPDUs. However, if the peer STP device is shut down or
removed and the local device cannot detect the change, the local device cannot automatically transit
back to the original mode. To forcibly transit the port to operate in the original mode, you can perform
an mCheck operation.
Suppose a scenario where Device A, Device B, and Device C are connected in sequence. Device A runs
STP, Device B does not run any spanning tree protocol, and Device C runs RSTP or MSTP. In this case,
when Device C receives an STP BPDU transparently transmitted by Device B, the receiving port transits to
the STP mode. If you configure Device B to run RSTP or MSTP with Device C, you must perform mCheck
operations on the ports interconnecting Device B and Device C.

When you configure mCheck, follow these restrictions and guidelines:
• The mCheck operation takes effect on devices operating in MSTP or RSTP mode.
• When you enable or disable TRILL on a port, the port might send TCN BPDUs to the peer port,
which causes the peer port to transit to STP mode. When you disable TRILL and enable STP on a port,
H3C recommends that you perform mCheck on both the port and the peer port.
Performing mCheck globally
Step Command
2. Perform mCheck. stp global mcheck
Performing mCheck in interface view
Step Command
2. Enter Ethernet or aggregate interface view. interface interface-type interface-number
3. Perform mCheck. stp mcheck
Configuring Digest Snooping

As defined in IEEE 802.1s, connected devices are in the same region only when their MST region-related
configurations (region name, revision level, and VLAN-to-instance mappings) are identical. A spanning
tree device identifies devices in the same MST region by determining the configuration ID in BPDU
packets. The configuration ID includes the region name, revision level, and configuration digest, which is
86
16-byte long and is the result calculated through the HMAC-MD5 algorithm based on VLAN-to-instance
mappings.
Because spanning tree implementations vary by vendor, the configuration digests calculated through
private keys are different. The devices of different vendors in the same MST region cannot communicate
with each other.
To enable communication between an H3C device and a third-party device, enable the Digest Snooping
feature on the port that connects the H3C device to the third-party device in the same MST region.

When you configure Digest Snooping, follow these guidelines:
• Before you enable Digest Snooping, make sure associated devices of different vendors are
connected and run spanning tree protocols.
• With digest snooping enabled, in-the-same-region verification does not require comparison of
configuration digest, so the VLAN-to-instance mappings must be the same on associated ports.
• With digest snooping enabled globally, modify the VLAN-to-instance mappings or execute the
undo stp region-configuration command to restore the default MST region configuration with
caution. If the local device has different VLAN-to-instance mappings than its neighboring devices,
loops or traffic interruption occurs.
• To make Digest Snooping take effect, you must enable Digest Snooping both globally and on
associated ports. H3C recommends that you enable Digest Snooping on all associated ports first
and then enable it globally. This will make the configuration take effect on all configured ports and
reduce impact on the network.
• To prevent loops, do not enable Digest Snooping on MST region edge ports.
• H3C recommends that you enable Digest Snooping first and then the spanning tree feature. To
avoid traffic interruption, do not configure Digest Snooping when the network is already working
well.
You can enable Digest Snooping only on the H3C device that is connected to a third-party device that
uses its private key to calculate the configuration digest.
To configure Digest Snooping:

N/A
3. Enable Digest Snooping on By default, Digest Snooping is

stp config-digest-snooping
the interface. disabled on ports.
4. Return to system view. quit N/A

5. Enable Digest Snooping By default, Digest Snooping is
stp global config-digest-snooping
87
Digest Snooping configuration example
As shown in Figure 21, Device A and Device B connect to Device C, which is a third-party device. All
these devices are in the same region.
Enable Digest Snooping on the ports of Device A and Device B that connect to Device C, so that the three
devices can communicate with one another.
# Enable Digest Snooping on Ten-GigabitEthernet 1/0/1 of Device A and enable global Digest
Snooping on Device A.
[DeviceA-Ten-GigabitEthernet1/0/1] stp config-digest-snooping
[DeviceA] stp global config-digest-snooping
# Enable Digest Snooping on Ten-GigabitEthernet 1/0/1 of Device B and enable global Digest
Snooping on Device B.
<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] stp config-digest-snooping
[DeviceB-Ten-GigabitEthernet1/0/1] quit
[DeviceB] stp global config-digest-snooping
Configuring No Agreement Check

In RSTP and MSTP, the following types of messages are used for rapid state transition on designated
ports:
• Proposal—Sent by designated ports to request rapid transition.
• Agreement—Used to acknowledge rapid transition requests.
88
Both RSTP and MSTP devices can perform rapid transition on a designated port only when the port
receives an agreement packet from the downstream device. RSTP and MSTP devices have the following
differences:
• For MSTP, the root port of the downstream device sends an agreement packet only after it receives
an agreement packet from the upstream device.
• For RSTP, the downstream device sends an agreement packet regardless of whether an agreement
packet from the upstream device is received.
Figure 22 Rapid state transition of an MSTP designated port
Figure 23 Rapid state transition of an RSTP designated port
If the upstream device is a third-party device, the rapid state transition implementation might be limited.
For example, when the upstream device uses a rapid transition mechanism similar to that of RSTP, and the
downstream device adopts MSTP and does not operate in RSTP mode, the root port on the downstream
device receives no agreement packet from the upstream device and sends no agreement packets to the
upstream device. As a result, the designated port of the upstream device fails to transit rapidly, and can
only change to the forwarding state after a period twice the Forward Delay.
You can enable the No Agreement Check feature on the downstream device's port to enable the
designated port of the upstream device to transit its state rapidly.
Configuration prerequisites
Before you configure the No Agreement Check function, complete the following tasks:
89
• Connect a device to a third-party upstream device that supports spanning tree protocols through a
point-to-point link.
• Configure the same region name, revision level and VLAN-to-instance mappings on the two devices,
assigning them to the same region.
Enable the No Agreement Check feature on the root port.
To configure No Agreement Check:

interface view.
3. Enable No Agreement By default, No Agreement
stp no-agreement-check
Check. Check is disabled.
No Agreement Check configuration example

• Device A connects to a third-party device that has a different spanning tree implementation. Both
devices are in the same region.
• The third-party device (Device B) is the regional root bridge, and Device A is the downstream
device.
Root bridge
XGE1/0/1 XGE1/0/1
Device A Device B
Root port Designated port
# Enable No Agreement Check on Ten-GigabitEthernet 1/0/1 of Device A.
[DeviceA-Ten-GigabitEthernet1/0/1] stp no-agreement-check
Configuring protection functions

A spanning tree device supports the following protection functions:
• BPDU guard
90
• Root guard
• Loop guard
• Port role restriction
• TC-BPDU transmission restriction
• TC-BPDU guard
• BPDU drop
Enabling BPDU guard

For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file
servers. The access ports are configured as edge ports to allow rapid transition. When these ports
receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new
spanning tree calculation process. This causes a change of network topology. Under normal conditions,
these ports should not receive configuration BPDUs. However, if someone forges configuration BPDUs
maliciously to attack the devices, the network will become unstable.
The spanning tree protocol provides the BPDU guard function to protect the system against such attacks.
With the BPDU guard function enabled on the devices, when edge ports receive configuration BPDUs,
the system closes these ports and notifies the NMS that these ports have been closed by the spanning tree
protocol. The device reactivates the closed ports after a detection interval. For more information about
this detection interval, see Fundamentals Configuration Guide.
BPDU guard does not take effect on loopback-testing-enabled ports. For more information about
loopback testing, see "Configuring Ethernet interfaces."
Configure BPDU guard on a device with edge ports configured.
To enable BPDU guard:

2. Enable the BPDU guard By default, BPDU guard is
stp bpdu-protection
function for the device. disabled.
Enabling root guard

The root bridge and secondary root bridge of a spanning tree should be located in the same MST region.
Especially for the CIST, the root bridge and secondary root bridge are put in a high-bandwidth core
region during network design. However, due to possible configuration errors or malicious attacks in the
network, the legal root bridge might receive a configuration BPDU with a higher priority. Another device
supersedes the current legal root bridge, causing an undesired change of the network topology. The
traffic that should go over high-speed links is switched to low-speed links, resulting in network congestion.
To prevent this situation, MSTP provides the root guard function. If the root guard function is enabled on
a port of a root bridge, this port plays the role of designated port on all MSTIs. After this port receives a
configuration BPDU with a higher priority from an MSTI, it immediately sets that port to the listening state
in the MSTI, without forwarding the packet. This is equivalent to disconnecting the link connected with
this port in the MSTI. If the port receives no BPDUs with a higher priority within twice the forwarding delay,
it reverts to its original state.
91
On a port, the loop guard function, the root guard function, and the edge port setting are mutually
Configure root guard on a designated port.
To enable root guard:

interface view.
3. Enable the root guard By default, root guard is
stp root-protection
function. disabled.
Enabling loop guard

By continuing to receive BPDUs from the upstream device, a device can maintain the state of the root port
and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail
to receive BPDUs from the upstream devices. The device reselects the port roles: Those ports in forwarding
state that failed to receive upstream BPDUs become designated ports, and the blocked ports transit to the
forwarding state, resulting in loops in the switched network. The loop guard function can suppress the
occurrence of such loops.
The initial state of a loop guard-enabled port is discarding in every MSTI. When the port receives BPDUs,
it transits its state. Otherwise, it stays in the discarding state to prevent temporary loops.
Do not enable loop guard on a port that connects user terminals. Otherwise, the port stays in the
discarding state in all MSTIs because it cannot receive BPDUs.
On a port, the loop guard function, the root guard function, and the edge port setting are mutually
Configure loop guard on the root port and alternate ports of a device.
To enable loop guard:

interface view.
3. Enable the loop guard By default, loop guard is
stp loop-protection
function for the ports. disabled.
Configuring port role restriction

CAUTION:
Use this feature with caution, because enabling port role restriction on a port might affect the connectivity
of the spanning tree topology.
92
The change to the bridge ID of a device in the user access network might cause a change to the spanning
tree topology in the core network. To avoid this problem, you can enable port role restriction on a port.
With this feature enabled, when the port receives a superior BPDU, it becomes an alternate port rather
than a root port.
Make this configuration on the port that connects to the user access network.
To configure port role restriction:

N/A
By default, port role restriction is

3. Enable port role restriction. stp role-restriction
disabled.
Configuring TC-BPDU transmission restriction

CAUTION:
Enabling TC-BPDU transmission restriction on a port might cause the previous forwarding address table to
fail to be updated when the topology changes.
The topology change to the user access network might cause the forwarding address changes to the core
network. When the user access network topology is unstable, the user access network might affect the
core network. To avoid this problem, you can enable TC-BPDU transmission restriction on a port. With
this feature enabled, when the port receives a TC-BPDU, it does not forward the TC-BPDU to other ports.
Make this configuration on the port that connects to the user access network.
To configure TC-BPDU transmission restriction:

N/A
3. Enable TC-BPDU transmission By default, TC-BPDU transmission
stp tc-restriction
restriction. restriction is disabled.
Enabling TC-BPDU guard

When a device receives topology change (TC) BPDUs (the BPDUs that notify devices of topology
changes), it flushes its forwarding address entries. If someone forges TC-BPDUs to attack the device, the
device will receive a large number of TC-BPDUs within a short time and be busy with forwarding address
entry flushing. This affects network stability.
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address
entry flushes that the device can perform within a specified period of time (10 seconds) after it receives
the first TC-BPDU. For TC-BPDUs received in excess of the limit, the device performs a forwarding address
93
entry flush when the time period expires. This prevents frequent flushing of forwarding address entries.
H3C recommends that you enable TC-BPDU guard.
To enable TC-BPDU guard:

By default, TC-BPDU guard is

enabled.
2. Enable the TC-BPDU guard function. stp tc-protection
H3C recommends not
disabling this feature.
3. (Optional.) Configure the maximum
number of forwarding address entry stp tc-protection threshold
flushes that the device can perform every number
10 seconds.
Enabling BPDU drop

In a spanning tree network, every BPDU arriving at the device triggers an STP calculation process and is
then forwarded to other devices in the network. Malicious attackers might use the vulnerability to attack
the network by forging BPDUs. By continuously sending forged BPDUs, they can make all the devices in
the network keeps performing STP calculations on and on. As a result, problems such as CPU overload
and BPDU protocol status errors occur.
To avoid this problem, you can enable BPDU drop on ports. A BPDU drop-enabled port does not receive
any BPDUs and is invulnerable to forged BPDU attacks.
To enable BPDU drop on an Ethernet interface:

interface-number
3. Enable BPDU drop on the
bpdu-drop any By default, BPDU drop is disabled.
current interface.
Displaying and maintaining the spanning tree

Execute display commands in any view and reset command in user view.
Task Command
Display information about ports blocked by spanning tree
display stp abnormal-port
protection functions.
display stp bpdu-statistics [ interface

Display BPDU statistics on ports. interface-type interface-number [ instance
instance-list ] ]
94
Task Command
Display information about ports shut down by spanning
display stp down-port
tree protection functions.
Display the historical information of port role calculation display stp [ instance instance-list ] history [ slot
for the specified MSTI or all MSTIs. slot-number ]
Display the statistics of TC/TCN BPDUs sent and received display stp [ instance instance-list ] tc [ slot
by all ports in the specified MSTI or all MSTIs. slot-number ]
display stp [ instance instance-list ] [ interface

Display the spanning tree status and statistics.
interface-list | slot slot-number ] [ brief ]
Display the MST region configuration information that has

display stp region-configuration
taken effect.
Display the root bridge information of all MSTIs. display stp root
Clear the spanning tree statistics. reset stp [ interface interface-list ]
Spanning tree configuration example

As shown in Figure 25, all devices on the network are in the same MST region. Device A and Device B
work at the distribution layer. Device C and Device D work at the access layer.
Configure MSTP so that packets of different VLANs are forwarded along different spanning trees: Packets
of VLAN 10 are forwarded along MSTI 1, those of VLAN 30 are forwarded along MSTI 3, those of VLAN
40 are forwarded along MSTI 4, and those of VLAN 20 are forwarded along MSTI 0.
VLAN 10 and VLAN 30 are terminated on the distribution layer devices, and VLAN 40 is terminated on
the access layer devices. The root bridges of MSTI 1 and MSTI 3 are Device A and Device B, respectively,
and the root bridge of MSTI 4 is Device C.
1
XG
/0/
E1
E1
/0/
XG
XG
1
/0/
E1
E1
/0/
XG
95
1. Configure VLANs and VLAN member ports (details not shown):
{ Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.
{ Create VLAN 10, VLAN 20, and VLAN 40 on Device C.
{ Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
{ Configure the ports on these devices as trunk ports and assign them to related VLANs.
# Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30,
and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively, and configure the revision level of the
MST region as 0.
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name example
[DeviceA-mst-region] instance 1 vlan 10
[DeviceA-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
# Specify the current device as the root bridge of MSTI 1.
[DeviceA] stp instance 1 root primary
# Enable the spanning tree feature globally.
[DeviceA] stp global enable
3. Configure Device B:
MST region as 0.
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name example
[DeviceB-mst-region] instance 1 vlan 10
[DeviceB-mst-region] revision-level 0
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 3 root primary
[DeviceB] stp global enable
4. Configure Device C:
96
MST region as 0.
<DeviceC> system-view
[DeviceC] stp region-configuration
[DeviceC-mst-region] region-name example
[DeviceC-mst-region] instance 1 vlan 10
[DeviceC-mst-region] revision-level 0
[DeviceC-mst-region] active region-configuration
[DeviceC-mst-region] quit
[DeviceC] stp instance 4 root primary
[DeviceC] stp global enable
5. Configure Device D:
MST region as 0.
<DeviceD> system-view
[DeviceD] stp region-configuration
[DeviceD-mst-region] region-name example
[DeviceD-mst-region] instance 1 vlan 10
[DeviceD-mst-region] revision-level 0
[DeviceD-mst-region] active region-configuration
[DeviceD-mst-region] quit
[DeviceD] stp global enable
6. Verify the configuration:
In this example, suppose that Device B has the lowest root bridge ID. As a result, Device B is
elected as the root bridge in MSTI 0.
You can use the display stp brief command to display brief spanning tree information on each
device after the network is stable.
# Display brief spanning tree information on Device A.
[DeviceA] display stp brief
[DeviceA] display stp brief
MSTID Port Role STP State Protection
0 Ten-GigabitEthernet1/0/1 ALTE DISCARDING NONE
0 Ten-GigabitEthernet1/0/2 DESI FORWARDING NONE
0 Ten-GigabitEthernet1/0/3 ROOT FORWARDING NONE
97
# Display brief spanning tree information on Device B.
[DeviceB] display stp brief
# Display brief spanning tree information on Device C.
[DeviceC] display stp brief
# Display brief spanning tree information on Device D.
[DeviceD] display stp brief
Based on the output, you can draw each MSTI mapped to each VLAN, as shown in Figure 26.
98
Figure 26 MSTIs mapped to different VLANs
A B A B
C C D
MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20
A B
D C D
MSTI 3 mapped to VLAN 30 MSTI 4 mapped to VLAN 40
Root bridge Normal link Blocked link
99
Configuring loop detection
Overview
Incorrect network connections or configurations can create Layer 2 loops, which results in repeated
transmission of broadcasts, multicasts, or unknown unicasts, waste network resources, and sometimes
even paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs
so that you are promptly notified to adjust network connections and configurations. You can even
configure loop detection to shut down the looped port. Logs are maintained in the information center. For
more information, see Network Management and Monitoring Configuration Guide.
Loop detection mechanism

The device detects loops by sending detection frames and then checking whether these frames return to
any port on the device. If they do, the device considers that the port is on a looped link.
Loop detection usually works within a VLAN. If a detection frame is returned with a different VLAN tag
than it was sent out with, an inter-VLAN loop has occurred. To remove the loop, examine the QinQ
configuration for incorrect settings. For more information about QinQ, see "Configuring QinQ."
Figure 27 Ethernet frame header for loop detection
The Ethernet frame header for loop detection contains the following fields:
• DMAC—Destination MAC address of the frame, which is the multicast MAC address
010F-E200-0007. When a loop detection-enabled device receives a frame with this destination
MAC address, it sends the frame to the CPU and floods the frame in the VLAN from which the frame
was originally received.
• SMAC—Source MAC address of the frame, which is the bridge MAC address of the sending
device.
• TPID—Type of the VLAN tag, with the value of 0x8100.
• TCI—Information of the VLAN tag, including the priority and VLAN ID.
• Type—Protocol type, with the value of 0x8918.
100
Figure 28 Inner frame header for loop detection
The inner frame header for loop detection contains the following fields:
• Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol.
• Version—Protocol version, which is always 0x0000.
• Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header.
• Reserved—This field is reserved.
Frames for loop detection are encapsulated as TLV triplets.
Table 11 TLVs supported by loop detection
TLV Description Remarks
End of PDU End of a PDU. Optional.
Device ID Bridge MAC address of the sending device. Required.
Port ID ID of the PDU sending port. Optional.
Port Name Name of the PDU sending port. Optional.
System Name Device name. Optional.
Chassis ID Chassis ID of the sending port. Optional.
Slot ID Slot ID of the sending port. Optional.
Sub Slot ID Sub-slot ID of the sending port. Optional.
Loop detection uses the following important concepts.
Loop detection interval

Loop detection is a continuous process as the network changes. Loop detection frames are sent at a
specified interval (called a "loop detection interval") to check whether loops occur on ports and whether
loops are removed.
Loop protection actions

When the device detects a loop on a port, it generates a log but performs no action on the port by default.
You can configure the device to take one of the following actions:
• Block—Disables the port from learning MAC addresses and blocks inbound traffic to the port.
• No-learning—Disables the port from learning MAC addresses.
• Shutdown—Shuts down the port to disable it from receiving and sending any frames. The port is
always in the down state until manually brought up with the undo shutdown command.
101
Port status auto recovery
Port status auto recovery applies only to the block and no-learning loop protection actions. If the device
receives no loop detection frame three loop detection intervals after a loop is detected on a port, the
device automatically sets the port to the forwarding state, and notifies the user of the event.
NOTE:
Incorrect recovery can occur when loop detection frames are discarded to reduce the load. To avoid this,
use the shutdown action, or manually remove the loop.
Loop detection configuration task list

Tasks at a glance
(Required.) Enabling loop detection
(Optional.) Configuring the loop protection action
(Optional.) Setting the loop detection interval
Enabling loop detection

You can enable loop detection globally or on specific ports. The global configuration applies to all ports
in the specified VLAN. The per-port configuration applies to the individual port only when the port
belongs to the specified VLAN. Per-port configurations take precedence over global configurations.
H3C recommends not enabling loop detection on TRILL ports, because TRILL networks prevent loops from
being generated. For information more about TRILL, see TRILL Configuration Guide.
Enabling loop detection globally

2. Globally enable loop loopback-detection global enable
Disabled by default.
detection. vlan { vlan-list | all }
Enabling loop detection on a port

2. Enter Ethernet interface view or interface interface-type
N/A
aggregate interface view. interface-number
3. Enable loop detection on the loopback-detection enable vlan
Disabled by default.
port. { vlan-list | all }
102
Configuring the loop protection action
You can configure the loop protection action globally or on specific ports. The global configuration
applies to all ports. The per-port configuration applies to the individual ports. The per-port configuration
takes precedence over the global configuration.
Configuring the global loop protection action

By default, the device generates a

2. Configure the global loop loopback-detection global action
log but performs no action on the
protection action. shutdown
port on which a loop is detected.
Configuring the loop protection action on an Ethernet interface

interface-number
By default, the device generates

3. Configure the loop protection loopback-detection action { block | a log but performs no action on
action on the interface. no-learning | shutdown } the port on which a loop is
detected.
Configuring the loop protection action on an aggregate

interface
2. Enter aggregate interface view. N/A
interface-number
By default, the device generates

3. Configure the loop protection loopback-detection action a log but performs no action on
action on the interface. shutdown the port on which a loop is
detected.
103
Setting the loop detection interval
With loop detection enabled, the device sends loop detection frames at a specified interval. A shorter
interval offers more sensitive detection but consumes more resources. Consider the system performance
and loop detection speed when you set the loop detection interval.
To set the loop detection interval:

loopback-detection interval-time
2. Set the loop detection interval. The default setting is 30 seconds.
interval
Displaying and maintaining loop detection

Task Command
Display the loop detection configuration and status. display loopback-detection
Loop detection configuration example

As shown in Figure 29, configure loop detection on Device A, so that Device A generates a log as a
notification and automatically shuts down the port on which a loop is detected.

Device A
XGE1/0/1 XGE1/0/2
Device B Device C
VLAN 100
104
# Create VLAN 100, and globally enable loop detection for the VLAN.
[DeviceA] vlan 100
[DeviceA] loopback-detection global enable vlan 100
# Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and
assign them to VLAN 100.
[DeviceA-Ten-GigabitEthernet1/0/1] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
[DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
# Configure the global loop protection action as shutdown.
[DeviceA] loopback-detection global action shutdown
# Set the loop detection interval to 35 seconds.
[DeviceA] loopback-detection interval-time 35
2. Configure Device B:
# Create VLAN 100.
[DeviceB] vlan 100
[DeviceB–vlan100] quit
[DeviceB-Ten-GigabitEthernet1/0/1] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
[DeviceB-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
3. Configure Device C:
# Create VLAN 100.
<DeviceC> system-view
[DeviceC] vlan 100
[DeviceC–vlan100] quit
[DeviceC] interface ten-gigabitethernet 1/0/1
[DeviceC-Ten-GigabitEthernet1/0/1] port link-type trunk
105
[DeviceC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
[DeviceC-Ten-GigabitEthernet1/0/1] quit
[DeviceC] interface ten-gigabitethernet 1/0/2
[DeviceC-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[DeviceC-Ten-GigabitEthernet1/0/2] quit

After the configurations are complete, Device A detects loops on ports Ten-GigabitEthernet 1/0/1
and Ten-GigabitEthernet 1/0/2 within a loop detection interval. Consequently, Device A
automatically shuts down the ports and generates the following log messages:
[DeviceA]
%Feb 24 15:04:29:663 2011 DeviceA LPDT/4/LOOPED:Slot=1;
Loopback exists on Ten-GigabitEthernet1/0/1.
%Feb 24 15:04:29:667 2011 DeviceA LPDT/4/LOOPED:Slot=1;
Loopback exists on Ten-GigabitEthernet1/0/2.
%Feb 24 15:04:44:243 2011 DeviceA LPDT/4/RECOVERED:Slot=1;
Loopback on Ten-GigabitEthernet1/0/1 recovered.
%Feb 24 15:04:44:248 2011 DeviceA LPDT/4/RECOVERED:Slot=1;
Loopback on Ten-GigabitEthernet1/0/2 recovered.
Use the display loopback-detection command to display the loop detection configuration and
status on Device A.
# Display the loop detection configuration and status on Device A.
[DeviceA] display loopback-detection
Loop detection is enabled.
Loop detection interval is 35 second(s).
No loopback is detected.
The output shows that the device has removed the loops from Ten-GigabitEthernet 1/0/1 and
Ten-GigabitEthernet 1/0/2 according to the shutdown action. Use the display interface command
to display the status of Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 on Device A.
# Display the status of Ten-GigabitEthernet 1/0/1 on Device A.
[DeviceA] display interface ten-gigabitethernet 1/0/1
Ten-GigabitEthernet1/0/1 current state: DOWN (Loop detection down)
...
# Display the status of Ten-GigabitEthernet 1/0/2 on Device A.
[DeviceA] display interface ten-gigabitethernet 1/0/2
Ten-GigabitEthernet1/0/2 current state: DOWN (Loop detection down)
...
The output shows that Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 are already
shut down by the loop detection module.
106
Configuring VLANs
This chapter provides an overview of VLANs and explains how to configure them.
Overview
Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet
LAN is both a collision domain and a broadcast domain. As the medium is shared, collisions and
broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce
collisions in an Ethernet LAN, but to confine broadcasts, a Layer 2 switch must use the Virtual Local Area
Network (VLAN) technology.
VLANs enable a Layer 2 switch to break a LAN down into smaller broadcast domains, as shown
in Figure 30.
Figure 30 A VLAN diagram
VLAN 2
Switch A Switch B
Router
VLAN 5
A VLAN is logically divided on an organizational basis rather than on a physical basis. For example, you
can assign all workstations and servers used by a particular workgroup to the same VLAN, regardless of
their physical locations. Hosts in the same VLAN can directly communicate with one another. You need
a router or a Layer 3 switch for hosts in different VLANs to communicate with one another.
All these VLAN features reduce bandwidth waste, improve LAN security, and enable flexible virtual
group creation.
VLAN frame encapsulation

To identify Ethernet frames from different VLANs, IEEE 802.1Q inserts a four-byte VLAN tag between the
destination and source MAC address (DA & SA) field and the upper layer protocol type (Type) field, as
shown in Figure 31.
107
Figure 31 VLAN tag placement and format
A VLAN tag includes the following fields:

• TPID—16-bit tag protocol identifier that indicates whether a frame is VLAN-tagged. By default, the
TPID value is 0x8100, indicating that the frame is VLAN-tagged. However, device vendors can set
TPID to different values. For compatibility with neighbor devices, configure the TPID value on the
device to be the same as the neighbor device. The device determines whether a received frame
carries a VLAN tag by checking the TPID value. When the TPID value of a frame is the configured
value or 0x8100, the frame is considered as a VLAN-tagged frame. For information about
commands used to modify TPID values, see Layer 2—LAN Switching Command Reference.
• Priority—3-bit long 802.1p priority of the frame. For more information, see ACL and QoS
• CFI—1-bit long canonical format indicator that indicates whether the MAC addresses are
encapsulated in the standard format when packets are transmitted across different media. Value 0
(the default) indicates that the MAC addresses are encapsulated in the standard format. Value 1
indicates that MAC addresses are encapsulated in a non-standard format. The CFI is 0 in Ethernet.
• VLAN ID—12-bit long, identifies the VLAN that the frame belongs to. The VLAN ID range is 0 to
4095. VLAN IDs 0 and 4095 are reserved, and VLAN IDs 1 to 4094 are user configurable.
A network device handles an incoming frame depending on whether the frame is VLAN tagged and the
value of the VLAN tag, if any. For more information, see "Introduction to port-based VLAN."
Ethernet supports encapsulation formats Ethernet II, 802.3/802.2 LLC, 802.3/802.2 SNAP, and 802.3
raw. The Ethernet II encapsulation format is used here. For how the VLAN tag fields are added to frames
encapsulated in the other formats for VLAN identification, see related protocols and standards.
For a frame with multiple VLAN tags, the device handles it according to its outer-most VLAN tag and
transmits its inner VLAN tags as payload.

IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks: Virtual Bridged Local Area
Networks
Configuring basic VLAN settings

2. (Optional.) Create a
vlan { vlan-id1 [ to vlan-id2 ] | By default, only the default VLAN (VLAN 1)
VLAN and enter its view,
all } exists.
or create a list of VLANs.
To configure a specific VLAN after you

3. Enter VLAN view. vlan vlan-id create a list of VLANs, you must perform
this step.
108
By default, VLAN names are in the format
4. Configure a name for
name text VLAN vlan-id. For example, the name of
the VLAN.
VLAN 100 is VLAN 0100 by default.
The default setting is VLAN vlan-id, which is

5. Configure the the ID of the VLAN. For example, the
description text
description of the VLAN. description of VLAN 100 is VLAN 0100 by
default.
NOTE:
• As the default VLAN, VLAN 1 cannot be created or removed.
• You cannot use the undo vlan command to delete a dynamic VLAN, a VLAN with a QoS policy
applied, or a VLAN locked by an application. To delete such a VLAN, first remove the configuration
from the VLAN.
Configuring basic settings of a VLAN interface

For hosts of different VLANs to communicate at Layer 3, you can use VLAN interfaces. VLAN interfaces
are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as
physical entities on devices. For each VLAN, you can create one VLAN interface. You can assign the
VLAN interface an IP address and specify it as the gateway of the VLAN to forward packets destined for
an IP subnet different from that of the VLAN.
Before you create a VLAN interface for a VLAN, create the VLAN first.
To configure basic settings of a VLAN interface:

2. Create a VLAN interface
interface vlan-interface If the VLAN interface already exists, you
and enter VLAN interface
vlan-interface-id enter its view directly.
view.
3. Assign an IP address to the ip address ip-address { mask | By default, no IP address is assigned to
VLAN interface. mask-length } [ sub ] any VLAN interface.
The default setting is the VLAN interface

4. Configure the description
description text name. For example, Vlan-interface1
of the VLAN interface.
Interface.
5. (Optional.) Specify the IRF
By default, no IRF member device is
member device for
service slot slot-number specified for forwarding the traffic on
forwarding the traffic on
the VLAN interface.
the VLAN interface.
6. Configure the MTU for the
mtu size The default setting is 1500 bytes.
VLAN interface.
7. (Optional.) Restore the
default settings for the default N/A
VLAN interface.
109
By default, a VLAN interface is not
8. (Optional.) Cancel the manually shut down. The VLAN interface
action of manually shutting undo shutdown is up if one or more ports in the VLAN is
down the VLAN interface. up, and goes down if all ports in the
VLAN go down.
Configuring port-based VLANs

Introduction to port-based VLAN
Port-based VLANs group VLAN members by port. A port forwards packets for a VLAN only after it is
assigned to the VLAN.
Port link type

You can configure the link type of a port as access, trunk, or hybrid. The link types use the following
VLAN tag handling methods:
• An access port belongs to only one VLAN and sends packets untagged.
It is usually used to connect a terminal device unable to recognize VLAN-tagged packets or when
there is no need to separate different VLAN members.
• A trunk port can carry multiple VLANs to receive and send packets for them.
Except packets from the port VLAN ID (PVID), packets sent through a trunk port will be
VLAN-tagged. Usually, ports connecting network devices are configured as trunk ports.
• A hybrid port allows traffic of some VLANs to pass through untagged and traffic of some other
VLANs to pass through tagged. Hybrid ports can connect network devices or directly connect to
terminal devices.
PVID
By default, VLAN 1 is the PVID for all ports. You can configure the PVID for a port, as required.
Use the following guidelines when configuring the PVID on a port:
• An access port can join only one VLAN. The VLAN to which the access port belongs is the PVID of
the port.
• A trunk or hybrid port can carry multiple VLANs, and you can configure a PVID for the port.
• You can use a nonexistent VLAN as the PVID for a hybrid or trunk port, but not for an access port.
After you remove the VLAN that an access port resides in with the undo vlan command, the PVID
of the port changes to VLAN 1. However, the removal of the VLAN specified as the PVID of a trunk
or hybrid port does not affect the PVID setting on the port.
H3C recommends setting the same PVID for local and remote ports.
Make sure a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the PVID
or untagged frames, the port filters out these frames.
110
How ports of different link types handle frames
Actions Access Trunk Hybrid

In the
inbound • If the PVID is permitted on the port, tags the frame with the PVID
Tags the frame with the tag.
direction for
PVID tag.
an untagged • If not, drops the frame.
frame
• Receives the frame if
In the its VLAN ID is the
inbound same as the PVID. • Receives the frame if its VLAN is permitted on the port.
direction for
• Drops the frame if its • Drops the frame if its VLAN is not permitted on the port.
a tagged
VLAN ID is different
frame
from the PVID.
• Removes the tag and sends
the frame if the frame carries Sends the frame if its VLAN is
the PVID tag and the port permitted on the port. The frame
In the belongs to the PVID. is sent with the VLAN tag
Removes the VLAN tag
outbound removed or intact depending on
and sends the frame. • Sends the frame without
direction your configuration with the port
removing the tag if its VLAN
hybrid vlan command. This is
is carried on the port but is
true of the PVID.
different from the PVID.
Assigning an access port to a VLAN

You can assign an access port to a VLAN in VLAN view or interface view.
Make sure the VLAN has been created.
To assign one or multiple access ports to a VLAN in VLAN view:

3. Assign one or a group of By default, all ports belong to
port interface-list
access ports to the VLAN. VLAN 1.
To assign an access port in interface view to a VLAN:

111
• The configuration made in
Ethernet interface view applies
only to the port.
• Enter Ethernet interface view: aggregate interface view applies
interface interface-type to the aggregate interface and its
interface-number aggregation member ports. If the
• Enter aggregate interface system fails to apply the
view: configuration to an aggregation
interface member port, it skips the port and
2. Enter interface view. moves to the next member port. If
bridge-aggregation
interface-number the system fails to apply the
configuration to the aggregate
• Enter S-channel interface
interface, it stops applying the
view:
configuration to aggregation
interface s-channel
member ports.
S-channel interface view applies
only to the interface. For more
information about S-channel
interfaces, see EVB Configuration
Guide.
3. Configure the link type of the
port link-type access By default, all ports are access ports.
ports as access.
4. (Optional.) Assign the access By default, all access ports belong to
port access vlan vlan-id
ports to a VLAN. VLAN 1.
Assigning a trunk port to a VLAN

A trunk port can carry multiple VLANs. You can assign it to a VLAN in interface view.
When you assign a trunk port to a VLAN, follow these guidelines:
• To change the link type of a port from trunk to hybrid or vice versa, set the link type to access first.
• You must configure the trunk port to allow packets from the PVID to pass through by using the port
trunk permit vlan command.
To assign a trunk port to one or multiple VLANs:

112
only to the port.
aggregate interface view
applies to the aggregate
• Enter Ethernet interface view: interface and its aggregation
interface interface-type member ports. If the system fails
interface-number to apply the configuration to an
• Enter aggregate interface view: aggregation member port, it
2. Enter interface view. interface bridge-aggregation skips the port and moves to the
interface-number next member port. If the system
fails to apply the configuration
to the aggregate interface, it
interface s-channel
stops applying the
member ports.
S-channel interface view
applies only to the interface.
For more information about
S-channel interfaces, see EVB
3. Configure the link type of the By default, all ports are access
port link-type trunk
ports as trunk. ports.
4. Assign the trunk ports to the port trunk permit vlan { vlan-list | By default, a trunk port only permits
specified VLANs. all } VLAN 1.
5. (Optional.) Configure the
port trunk pvid vlan vlan-id The default setting is VLAN 1.
PVID of the trunk ports.
Assigning a hybrid port to a VLAN

A hybrid port can carry multiple VLANs. You can assign it to the specified VLANs in interface view. Make
sure the VLANs have been created.
When you assign a hybrid port to a VLAN, follow these guidelines:
• To change the link type of a port from trunk to hybrid or vice versa, set the link type to access first.
• You must configure the hybrid port to allow packets from the PVID to pass through by using the port
hybrid vlan command.
To assign a hybrid port to one or multiple VLANs:

113
only to the port.
aggregate interface view
applies to the aggregate
• Enter Ethernet interface view: interface and its aggregation
interface interface-type member ports. If the system fails
interface-number to apply the configuration to an
• Enter aggregate interface view: aggregation member port, it
2. Enter interface view. interface bridge-aggregation skips the port and moves to the
interface-number next member port. If the system
fails to apply the configuration
to the aggregate interface, it
interface s-channel
stops applying the
member ports.
S-channel interface view
applies only to the interface.
S-channel interfaces, see EVB
3. Configure the link type of the By default, all ports are access
port link-type hybrid
ports as hybrid. ports.
By default, a hybrid port allows

4. Assign the hybrid ports to the port hybrid vlan vlan-list { tagged |
only packets of VLAN 1 to pass
specified VLANs. untagged }
through untagged.
5. (Optional.) Configure the
port hybrid pvid vlan vlan-id The default setting is VLAN 1.
PVID of the hybrid ports.
Displaying and maintaining VLANs

Task Command
display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic |
Display VLAN information.
reserved | static ]
display interface vlan-interface [ vlan-interface-id ] [ brief

Display VLAN interface information.
[ description ] ]
Display hybrid ports or trunk ports on the

display port { hybrid | trunk }
device.
114
Port-based VLAN configuration example
As shown in Figure 32, Host A and Host C belong to Department A, and access the enterprise network
through different devices. Host B and Host D belong to Department B. They also access the enterprise
network through different devices.
To ensure communication security and avoid broadcast storms, VLANs are configured in the enterprise
network to isolate Layer 2 packets of different departments. VLAN 100 is assigned to Department A, and
VLAN 200 is assigned to Department B.
Make sure hosts within the same VLAN can communicate with each other: Host A can communicate with
Host C, and Host B can communicate with Host D.
[DeviceA] vlan 100
[DeviceA] vlan 200
# Configure port Ten-GigabitEthernet 1/0/3 as a trunk port, and assign it to VLANs 100 and 200,
enabling Ten-GigabitEthernet 1/0/3 to forward packets of VLANs 100 and 200 to Device B.
[DeviceA-Ten-GigabitEthernet1/0/3] port trunk permit vlan 100 200
Please wait... Done.
2. Configure Device B as you configure Device A.
3. Configure hosts:
{ Configure Host A and Host C to be on the same IP subnet. For example, 192.168.100.0/24.
115
{ Configure Host B and Host D to be on the same IP subnet. For example, 192.168.200.0/24.

# Verify that Host A and Host C can ping each other, but they both fail to ping Host B.
# Verify that Host B and Host D can ping each other, but they both fail to ping Host A.
# Verify that VLANs 100 and 200 are correctly configured on Device A.
[DeviceA-Ten-GigabitEthernet1/0/3] display vlan 100
VLAN ID: 100
VLAN type: Static
Route interface: Not configured
Description: VLAN 0100
Name: VLAN 0100
Tagged ports:
Untagged ports:
[DeviceA-Ten-GigabitEthernet1/0/3] display vlan 200
VLAN ID: 200
VLAN type: Static
Route interface: Not configured
Description: VLAN 0200
Name: VLAN 0200
Tagged ports:
Untagged ports:
116
Configuring QinQ
This document uses the following terms:

• CVLAN—Customer network VLANs, also called "inner VLANs," refer to VLANs that a customer
uses on the private network.
• SVLAN—Service provider network VLANs, also called "outer VLANs," refer to VLANs that a service
provider uses to transmit VLAN tagged traffic for customers.
Overview
802.1Q-in-802.1Q (QinQ) is an easy-to-implement L2 VPN technology that enables service providers to
extend Layer 2 Ethernet connections across a MAN between two customer sites.
QinQ enables service providers to separate customer traffic by adding a layer of service provider VLAN
tag (SVLAN tag) to customer traffic.
QinQ provides the following benefits:
• Enables a service provider to use a single SVLAN to convey multiple CVLANs for a customer.
• Enables customers to plan CVLANs without conflicting with SVLANs.
• Enables customers to keep their VLAN assignment schemes unchanged when the service provider
changes its VLAN assignment scheme.
• Allows customers to use overlapping CVLAN IDs, because devices in the service provider network
make forwarding decisions based on SVLAN IDs instead of CVLAN IDs.
How QinQ works

As shown in Figure 33, a QinQ frame transmitted over the service provider network carries the following
tags:
• CVLAN tag—Customer VLAN tag. The inner VLAN tag identifies the VLAN to which the QinQ
frame belongs when it is transmitted in the customer network.
• SVLAN tag—Service VLAN tag. The outer VLAN tag that the service provider allocates to the
customer. The SVLAN tag identifies the VLAN to which the QinQ frame belongs when it is
transmitted in the service provider network.
117
Figure 33 Single-tagged Ethernet frame header and double-tagged Ethernet frame header
For correct transmission of tagged frames, H3C recommends that you set the MTU of each interface on
the service provider network to at least 1504 bytes, which is the sum of the default interface MTU (1500
bytes) and the size of a VLAN tag (4 bytes).
The devices in the service provider network forward a tagged frame according to its SVLAN tag only,
and they transmit the CVLAN tag as part of the frame's payload.
Figure 34 Typical QinQ application scenario
As shown in Figure 34, customer network A has CVLANs 1 through 10, and customer network B has
CVLANs 1 through 20. The service provider assigns SVLAN 3 to customer network A, and assigns
SVLAN 4 to customer network B.
1. When a tagged Ethernet frame from customer network A arrives at PE1, the PE tags the frame with
SVLAN 3. When a tagged Ethernet frame from customer network B arrives at a PE2, the PE tags
the frame with SVLAN 4.
2. The double-tagged Ethernet frame is then transmitted over the service provider network and arrives
at the other PE. The PE removes the SVLAN tag of the frame before sending it to the target CE.
118
Implementations of QinQ
QinQ is enabled on a per-port basis. The link type of a QinQ-enabled port can be access, hybrid, or
trunk. The QinQ tagging behaviors are the same across these types of ports.
A QinQ-enabled port tags all incoming frames (tagged or untagged) with the PVID tag. If an incoming
frame already has one tag, it becomes a double-tagged frame. If the frame does not have any 802.1Q
tag, it becomes a frame tagged with the PVID.
QinQ provides the most basic VLAN manipulation method, which tags all incoming frames (tagged or
untagged) with the PVID tag. To perform advanced VLAN manipulations, use VLAN mapping (see
"Configuring VLAN mapping") or QoS policies. For example:
• To use different SVLANs for different CVLAN tags, use one-to-two VLAN mapping.
• To replace the SVLAN ID, CVLAN ID, or both IDs for an incoming double-tagged frame, configure
two-to-two VLAN mapping.
• To set the 802.1p priority in SVLAN tags, configure a QoS policy as described in "Setting the
802.1p priority in SVLAN tags."

• IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area
Networks
• IEEE 802.1ad, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area
Networks-Amendment 4: Provider Bridges
Restrictions and guidelines

• On a QinQ-enabled port, do not use VLAN mappings to perform VLAN tag replacement. The
device cannot perform VLAN tag insertion together with the VLAN tag replacement.
• If QinQ and one-to-two VLAN mapping conflicts on a port, VLAN mapping takes effect.
• EVB and QinQ are mutually exclusive. Do not enable the two features both on a port.
Configuring QinQ features

Enable QinQ on customer-side ports of PEs.
Enabling QinQ
2. Enter Ethernet interface view interface interface-type
N/A
or aggregate interface view. interface-number
3. Enable QinQ. qinq enable By default, QinQ is disabled.
119
Configuring transparent transmission for VLANs
You can exclude traffic of a VLAN (for example, the management VLAN) from the QinQ tagging action.
To avoid transmission failure for an excluded VLAN, follow these configuration guidelines:
• Set the link type of the port to trunk or hybrid, and assign the port to the VLAN.
• Make sure all ports on the traffic path permit the VLAN to pass through.
• Do not configure any other VLAN manipulation action for the VLAN on the port.
To configure transparent transmission for a list of VLANs:

N/A
By default, a port is an access

3. Configure the link type. port link-type { hybrid | trunk }
port.
• On a hybrid port: By default:

port hybrid vlan vlan-id-list { tagged • A trunk port is only in
4. Assign the port to the
| untagged } VLAN 1.
transparent VLANs and the
PVID. • On a trunk port: • A hybrid port is only an
port trunk permit vlan { vlan-id-list | untagged member in
all } VLAN 1.
5. Enable QinQ on the port. qinq enable By default, QinQ is disabled.
6. Configure transparent By default, transparent
transmission for a list of qinq transparent-vlan vlan-list transmission is not configured
VLANs on the port. for any VLANs on a port.
Configuring the TPID for VLAN tags

TPID identifies a frame as an 802.1Q tagged frame. On the device, the TPID in the 802.1Q tag added
on a QinQ-enabled port is 0x8100 by default, in compliance with IEEE 802.1Q. However, the TPID value
varies with vendors. In a multi-vendor network, you must make sure the TPID setting is the same across all
devices so 802.1Q tagged frames can be identified correctly.
TPID settings include CVLAN TPID and SVLAN TPID.
A QinQ-enabled port uses the CLAN TPID to match incoming tagged frames. An incoming frame is
handled as an untagged frame if its TPID is different from the CVLAN TPID. The device supports one
CVLAN TPID for all QinQ-enabled ports.
A service provider-side port uses the SVLAN TPID to replace the TPID in outgoing frames' SVLAN tags, in
addition to matching incoming tagged frames. SVLAN TPIDs are configurable on a per-port basis.
For example, the PE device is connected to a customer device that uses the TPID 0x8200 and to a
provider device that uses the TPID 0x9100. To be compatible with these devices, you must configure
0x8200 and 0x9100 as the CVLAN TPID and SVLAN TPID, respectively. Otherwise, the devices cannot
correctly identify tagged frames between them.
120
Configuring the CVLAN TPID
2. Configure the TPID value for qinq ethernet-type customer-tag The default setting is 0x8100 for
CVLAN tags. hex-value CVLAN tags.
Configuring the SVLAN TPID

Configure the SVLAN TPID on service provider-side ports of PEs.
On a QinQ-enabled port, you cannot configure the SVLAN TPID.
EVB and SVLAN TPID configuration are mutually exclusive. Do not configure the two features both on a
port.
To configure the SVLAN TPID on a service provider-side port:

N/A
qinq ethernet-type service-tag The default setting is 0x8100 for

3. Configure the SVLAN TPID.
hex-value SVLAN tags.
Setting the 802.1p priority in SVLAN tags

By default, the 802.1p priority in the SVLAN tag added by a QinQ-enabled port depends on the priority
trust mode on the port. If the 802.1p priority in frames is trusted, the device copies the 802.1p priority in
the CVLAN tag to the SVLAN tag. If port priority is trusted, the port priority (the default is 0) is used as
the 802.1p priority in the SVLAN tag.
To set the 802.1p priority in SVLAN tags:

2. Create a traffic class and traffic classifier classifier-name [ operator By default, no traffic class is
enter traffic class view. { and | or } ] configured.
• Match CVLAN IDs:
• if-match customer-vlan-id vlan-id-list
3. Configure CVLAN match
criteria. • Match 802.1p priority: Use either command.
• if-match customer-dot1p
dot1p-value&<1-8>
121
5. Create a traffic behavior
and enter traffic behavior traffic behavior behavior-name N/A
view.
• Replace the priority in the SVLAN tags of

matching frames with the configured
6. Configure a priority priority:
marking action for SVLAN remark dot1p dot1p-value Use either command.
tags. • Copy the 802.1p priority in the CVLAN
tag to the SVLAN tag:
remark dot1p customer-dot1p-trust

8. Create a QoS policy and
qos policy policy-name N/A
enter QoS policy view.
9. Associate the traffic class
classifier classifier-name behavior
with the traffic behavior in N/A
behavior-name
the QoS policy.
view.
By default, the device does

not trust the priority carried in
12. Configure the interface to
frames.
trust the 802.1p priority in qos trust dot1p
incoming frames. Skip this step if the remark
dot1p customer-dot1p-trust
command is configured.
13. Enable QinQ. qinq enable N/A
14. Apply the QoS policy to
the inbound direction of qos apply policy policy-name inbound N/A
the interface.
For more information about QoS policies, see ACL and QoS Configuration Guide.
Displaying and maintaining QinQ

Execute the display command in any view.
Task Command
display qinq [ interface interface-type
Display the QinQ-enabled ports.
interface-number ]
122
QinQ configuration example
As shown in Figure 35, the two branches of Company A, Site 1 and Site 2, are connected through the
service provider network and use CVLANs 10 through 70. The two branches of Company B, Site 3 and
Site 4, are connected through the service provider network and use CVLANs 30 through 90. PE 1 and
PE 2 are edge devices on the service provider network and are connected through third-party devices
with a TPID value of 0x8200.
Configure the edge and third-party devices to enable communication between the branches of Company
A through SVLAN 100 and communication between the branches of Company B through SVLAN 200.
Configuring PE 1
1. Configure Ten-GigabitEthernet 1/0/1:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port and assign it to VLAN 100 and VLANs 10
through 70.
<PE1> system-view
[PE1] interface ten-gigabitethernet 1/0/1
[PE1-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 10 to 70
# Configure VLAN 100 as the PVID for the port.
[PE1-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100
# Enable QinQ on the port.
123
[PE1-Ten-GigabitEthernet1/0/1] qinq enable
[PE1-Ten-GigabitEthernet1/0/1] quit
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port and assign it to VLAN 100 and VLAN
200.
[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200
# Set the TPID value in the SVLAN tags to 0x8200 on the port.
[PE1-Ten-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200
through 90.
Configuring PE 2
through 90.
<PE2> system-view
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port and assign it to VLAN 100 and VLAN
200.
# Set the TPID value in the SVLAN tags to 0x8200 on the port.
[PE2-Ten-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200
124
through 70.
Configuring devices between PE 1 and PE 2

On the devices between PE 1 and PE 2, configure the port that connects to PE 1 and the port that
connects to PE 2 to allow tagged frames from VLAN 100 and VLAN 200 to pass through. (Details not
shown.)
VLAN transparent transmission configuration

example
As shown in Figure 36, the two branches of a company, Site 1 and Site 2, are connected through the
service provider network and use VLANs 10 through 50 and VLAN 3000. VLAN 3000 is the dedicated
VLAN of the company. PE 1 and PE 2 are edge devices on the service provider network.
Configure QinQ and VLAN transparent transmission to enable the two branches of the company in
VLANs 10 through 50 to communicate through VLAN 100 allocated by the service provider, and enable
the hosts in VLAN 3000 to communicate without using a SVLAN.
125
Configuring PE 1
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port and assign it to VLANs 10 through 50,
100, and 3000.
<PE1> system-view
[PE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 10 to 50
# Configure VLAN 100 as the PVID of Ten-GigabitEthernet 1/0/1.
# Configure the port to transparently transmit frames from VLAN 3000.
[PE1-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 3000
2. Configure Ten-GigabitEthernet 1/0/2 as a trunk port and assign it to VLANs 100 and 3000.
Configuring PE 2
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port and assign it to VLANs 10 through 50,
100, and 3000.
<PE2> system-view
[PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 10 to 50
# Configure VLAN 100 as the PVID of Ten-GigabitEthernet 1/0/1.
# Configure the port to transparently transmit frames from VLAN 3000.
[PE2-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 3000
2. Configure Ten-GigabitEthernet 1/0/2 as a trunk port and assign it to VLANs 100 and 3000.
126
Configuring devices between PE 1 and PE 2
On the devices between PE 1 and PE 2, configure the port that connects to PE 1 and the port that
connects to PE 2 to allow tagged frames from VLAN 100 and VLAN 3000 to pass through. (Details not
shown.)
127
Configuring VLAN mapping
Overview
VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. H3C provides the following types of
VLAN mapping:
• One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN
mapping to sub-classify traffic from a particular VLAN for granular QoS control.
• Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag. You can use
many-to-one VLAN mapping to aggregate traffic from different VLANs to regulate the aggregate
traffic as a whole. Many-to-one VLAN mapping is usually used together with one-to-one VLAN
mapping.
• One-to-two VLAN mapping—Tags single-tagged packets with an outer VLAN tag. One-to-two
VLAN mapping expands the VLAN tag space, and enables a service provider and its customers to
assign VLANs independently without the risk of VLAN assignment conflicts.
• Two-to-two VLAN mapping—Replaces the outer and inner VLAN IDs of double tagged traffic with
a new pair of VLAN IDs. You can use two-to-two VLAN mapping to enable two remote sites in
different VLANs to communicate at Layer 2 across two service provider networks that use different
VLAN assignment schemes.
Application scenario of one-to-one and many-to-one VLAN

mapping
Figure 37 shows a typical application scenario of one-to-one and many-to-one VLAN mapping. The
scenario implements broadband Internet access for a community.
128
Figure 37 Application scenario of one-to-one and many-to-one VLAN mapping
...
...
...
...
...
...
...
In Figure 37, the network is planned as follows:

• Each home gateway uses different VLANs to transmit the PC, VoD, and VoIP services.
• To further sub-classify each type of traffic by customer, perform one-to-one VLAN mapping on the
wiring-closet switches, assigning a separate VLAN for each type of traffic from each customer. The
required total number of VLANs in the network can be very large.
• To prevent the maximum number of VLANs from being exceeded on the distribution layer device,
perform many-to-one VLAN mapping on the campus switch to assign the same type of traffic from
different customers to the same VLAN.
129
Application scenario of one-to-two and two-to-two VLAN
mapping
Figure 38 shows a typical application scenario in which two remote sites of VPN A, Site 1 and Site 2,
must communicate across two SP networks, SP 1 and SP 2.
Figure 38 Application scenario of one-to-two and two-to-two VLAN mapping
Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively. The VLAN assigned to VPN A is VLAN 10
in the SP 1 network and VLAN 20 in the SP 2 network. When the packet from Site 1 arrives at the edge
of network SP 1, PE 1 tags the packet with outer VLAN 10 by using one-to-two VLAN mapping. With
one-to-two VLAN mapping, a VPN user can plan the VLAN IDs in the network without conflicting with
SVLANs. One-to-two VLAN mapping adds a VLAN tag to a tagged packet and expands the number of
available VLANs to 4094 × 4094. One-to-two VLAN mapping releases the stress on the SVLAN
resources, which were 4094 VLANs in the SP network before the mapping process was initiated.
When the double-tagged packet enters the SP 2 network, PE 3 replaces the outer VLAN tag (VLAN 10)
with VLAN 20, which is the VLAN that the SP 2 network assigns to VPN A. Also, PE 3 replaces the inner
tag (VLAN 2) of the packet with VLAN 3, so that users in Site 1 can communicate with users in Site 2.
VLAN mapping implementations

Figure 39 shows a simplified network to help explain the concepts and terms that you might encounter
when working with VLAN mapping.
These basic concepts include the following:
• Uplink traffic—Traffic transmitted from the customer network to the service provider network.
• Downlink traffic—Traffic transmitted from the service provider network to the customer network.
• Network-side port—A port connected to or closer to the service provider network.
• Customer-side port—A port connected to or closer to the customer network.
130
Figure 39 Basic concepts of VLAN mapping
SP
Network-side port
Customer-side port
Uplink traffic
Downlink traffic
One-to-one VLAN mapping

Figure 40 One-to-one VLAN mapping implementation
In Figure 40, after you configure one-to-one VLAN mapping on the customer-side port, the device
replaces the CVLAN with the SVLAN for the uplink traffic and replaces the SVLAN with the CVLAN for
the downlink traffic.
Many-to-one VLAN mapping

Figure 41 Many-to-one VLAN mapping implementation
In Figure 41, many-to-one VLAN mapping is implemented as follows:
131
• For the uplink traffic, after you configure customer-side many-to-one VLAN mapping on the
customer-side port, the device replaces multiple CVLANs with the same SVLAN.
• For the downlink traffic, after you configure network-side many-to-one VLAN mapping on the
network-side port, the device looks up the DHCP snooping table, and replaces the SVLAN with the
CVLAN found in the table. For more information about DHCP snooping, see Layer 3—IP Services
One-to-two VLAN mapping

Figure 42 One-to-two VLAN mapping implementation
One-to-two VLAN
mapping
CVLAN Data SVLAN CVLAN Data

Customer
SP network
network
CVLAN Data SVLAN CVLAN Data
Strip the outer VLAN tag of packets

from SVLANs
Network-side port Customer-side port Uplink traffic Downlink traffic
In Figure 42, one-to-two VLAN mapping is implemented as follows:

• For the uplink traffic, after you configure one-to-two VLAN mapping on the customer-side port, the
device tags the packet from a CVLAN with a SVLAN.
• For the downlink traffic, you can configure the customer-side port as a hybrid port and assign the
port to the SVLAN as an untagged member, so that the device strips the SVLAN tags before sending
packets. Also, you can configure the customer-side port as a trunk port and configure the SVLAN as
the PVID, so that the device strips the SVLAN tags before sending packets.
Two-to-two VLAN mapping

Figure 43 Two-to-two VLAN mapping implementation
Two-to-two VLAN
mapping
SVLAN CVLAN Data SVLAN’ CVLAN’ Data

Customer
SP network
network
SVLAN CVLAN Data SVLAN’ CVLAN’ Data
Network-side port Customer-side port Uplink traffic Downlink traffic
In Figure 43, after you configure two-to-two VLAN mapping on the customer-side port, the device
replaces the CVLAN and the SVLAN with the CVLAN' and the SVLAN' for the uplink traffic and replaces
the SVLAN' and CVLAN' with the SVLAN and the CVLAN for the downlink traffic.
132
VLAN mapping configuration task list
When you configure VLAN mapping, follow these guidelines:
• VLAN mapping is mutually exclusive with EVB. Do not enable VLAN mapping and EVB on a port.
• When you configure both VLAN mapping and QinQ to add VLAN tags to packets, if the
configurations conflict, VLAN mapping takes effect. For more information about QinQ, see
"Configuring QinQ."
• When you configure both VLAN mapping and a QoS policy to modify VLAN tags of packets or
add VLAN tags to packets, if the configurations conflict, the QoS policy takes effect. For information
about QoS policies, see ACL and QoS Configuration Guide.
Use the VLAN mapping methods as appropriate to the roles of your devices in the network.
Task Remarks
Configure one-to-one VLAN mapping on the wiring-closet
Configuring one-to-one VLAN mapping
switch as shown in Figure 37.
Configure many-to-one VLAN mapping on the campus switch

Configuring many-to-one VLAN mapping
as shown in Figure 37.
Configure one-to-two VLAN mapping on PE1 and PE4,

Configuring one-to-two VLAN mapping through which traffic from customer networks enter the service
provider networks, as shown in Figure 38.
Configure two-to-two VLAN mapping on PE3, edge device of

Configuring two-to-two VLAN mapping
the SP 2 network, as shown in Figure 38.
Configuring one-to-one VLAN mapping

Perform one-to-one VLAN mapping on wiring-closet switches (see Figure 37) to isolate traffic by both user
and traffic type.
Before configuring one-to-one VLAN mapping, first create the original VLAN and the translated VLAN.
One-to-one VLAN mapping must be configured on the customer-side port.
To configure one-to-one VLAN mapping:

• Enter Layer 2 Ethernet interface
view:
2. Enter Layer 2 Ethernet
interface-number
interface view or Layer 2 N/A
aggregate interface view. • Enter Layer 2 aggregate interface
view:
interface-number
133
• Configure the port as a trunk port:
By default, the link type of a
3. Set the link type of the port. • Configure the port as a hybrid
port is access.
port:

4. Assign the port to the original By default, a trunk port is
• port trunk permit vlan vlan-list
VLANs and the translated assigned to only VLAN 1, and
VLANs. • port hybrid vlan vlan-list tagged
a hybrid port is only an
untagged member of VLAN 1.
5. Configuring one-to-one VLAN vlan mapping vlan-id translated-vlan By default, VLAN mapping is
mapping. vlan-id not configured on an interface.
Configuring many-to-one VLAN mapping

Perform many-to-one VLAN mapping on campus switches (see Figure 37) to transmit the same type of
traffic from different users in one VLAN.
Configuration task list

Before configuring many-to-one VLAN mapping, first create the original VLANs and the translated
VLAN.
For more information about DHCP snooping configuration commands, see Layer 3—IP Services
Command Reference. For more information about ARP detection configuration commands, see Security
Command Reference.
To modify many-to-one VLAN mapping, first use the reset dhcp snooping binding command to clear the
DHCP snooping entries.
Complete the following tasks to configure many-to-one VLAN mapping:
Tasks at a glance
• Enabling DHCP snooping
• Enabling ARP detection
• Configuring the customer-side port
• Configuring the network-side port
Enabling DHCP snooping

134
2. Enable DHCP
dhcp snooping enable By default, DHCP snooping is disabled.
snooping.
Enabling ARP detection

Enable ARP detection for all involved VLANs, including the original VLANs and the translated VLANs.
To enable ARP detection:

3. Enable ARP detection. arp detection enable By default, ARP detection is disabled.
Configuring the customer-side port

view:
interface-number
view:
interface-number
port link-type trunk By default, the link type of a
3. Set the link type of the port.
• Configure the port as a hybrid port: port is access.

vlan mapping uni { range

5. Configure many-to-one VLAN By default, VLAN mapping is
vlan-range-list | single vlan-id-list }
mapping. not configured on an interface.
translated-vlan vlan-id
By default, DHCP snooping

6. Enable DHCP snooping entry
dhcp snooping binding record entry recording is disabled on
recording.
an interface.
135
Configuring the network-side port

view:
interface-number
view:
interface-number
3. Configure the link type of the By default, a port is an access
port link-type { hybrid | trunk }
port. port.
By default:
• When the port is a trunk port: • A trunk port is assigned to
4. Assign the port to the port trunk permit vlan vlan-list only VLAN 1.
translated VLAN. • When the port is a hybrid port: • A hybrid port is assigned to
port hybrid vlan vlan-list tagged only VLAN 1 as an
untagged member.
By default, all ports that support

5. Configuring the interface as a DHCP snooping are untrusted
dhcp snooping trust
DHCP snooping trusted port. ports when DHCP snooping is
enabled.
6. Configure the port as an ARP By default, all ports are ARP
arp detection trust
trusted port. untrusted ports.
7. Configure many-to-one VLAN By default, VLAN mapping is
vlan mapping nni
mapping on the network side. not configured on an interface.
Configuring one-to-two VLAN mapping

Perform one-to-two VLAN mapping on the edge devices from which customer traffic enters SP networks,
on PE 1 and PE 4 in Figure 38 for example. One-to-two VLAN mapping enables the edge devices to
insert an outer VLAN tag to each incoming packet.
Before configuring one-to-two VLAN mapping, first create the original VLAN and the translated VLAN.
The MTU of an interface is 1500 bytes by default. After a VLAN tag is added to a packet, the packet
length is added by four bytes. When you configure one-to-two VLAN mapping, H3C recommends
increasing the MTU (to at least 1504 bytes) on interfaces in the service provider network.
One-to-two VLAN mapping must be configured on the customer-side port.
To configure one-to-two VLAN mapping:

136
view:
interface-number
view:
interface-number
3. Configure the link type of the By default, the link type of a
port as hybrid. port is access.
By default, a hybrid port is only

4. Assign the port to the original port hybrid vlan vlan-list { tagged |
an untagged member of VLAN
VLANs. untagged }
1.
5. Assign the port to the By default, a hybrid port is
translated outer VLANs as an port hybrid vlan vlan-list untagged only an untagged member of
untagged member. VLAN 1.
vlan mapping nest { range By default, VLAN mapping is

6. Configure one-to-two VLAN
vlan-range-list | single vlan-id-list } not configured on an
mapping.
nested-vlan vlan-id interface.
Configuring two-to-two VLAN mapping

Perform two-to-two VLAN mapping on an edge device that connects two SP networks, for example, on
PE 3 in Figure 38. Two-to-two VLAN mapping enables two remote sites in different VLANs to
communicate at Layer 2 across two service provider networks that use different VLAN assignment
schemes.
Before configuring two-to-two VLAN mapping, first create the original VLANs and the translated VLANs.
Two-to-two VLAN mapping must be configured on the customer-side port.
To configure two-to-two VLAN mapping:

view:
interface-number
view:
interface-number
By default, the link type of a
3. Set the link type of the port. • Configure the port as a hybrid
port is access.
port:
137
vlan mapping tunnel outer-vlan-id

5. Configure two-to-two VLAN By default, VLAN mapping is
inner-vlan-id translated-vlan
mapping. not configured on an interface.
outer-vlan-id inner-vlan-id
Displaying and maintaining VLAN mapping

Execute the display commands in user view.
Task Command
Display VLAN mapping
display vlan mapping [ interface interface-type interface-number ]
information.
VLAN mapping configuration examples

One-to-one and many-to-one VLAN mapping configuration
example
• Each home is offered PC, VoD, and VoIP services, connects to a wiring-closet switch through the
home gateway, and obtains the IP address through DHCP.
• VLAN 1 is assigned to PC traffic, VLAN 2 is assigned to VoD traffic, and VLAN 3 is assigned to VoIP
service traffic on the home gateways.
To isolate traffic of the same service type from different homes, assign one VLAN to each type of traffic
from each home on the wiring-closet switches.
To save VLAN resources, perform many-to-one VLAN mapping on the campus switch (Switch C) to
transmit the same type of traffic from different homes in one VLAN. Use VLAN 501 for PC traffic, VLAN
502 for VoD traffic, and VLAN 503 for VoIP traffic.
138
1. Configure Switch A:
# Configure customer-side port Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to
original VLANs and translated VLANs.
<SwitchA> system-view
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3 101 201 301
[SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 1 translated-vlan 101
[SwitchA-Ten-GigabitEthernet1/0/1] quit
139
# Configure customer-side port Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to
original VLANs and translated VLANs.
# Configure network-side port Ten-GigabitEthernet 1/0/3 as a trunk port, and assign the port to
the translated VLANs.
2. Configure Switch in the same way as you configure Switch A.
3. Configure Switch C:
# Enable DHCP snooping.
<SwitchC> system-view
[SwitchC] dhcp snooping enable
# Create the original VLANs and translated VLANs, and enable ARP detection for these VLANs.
[SwitchC] vlan 101
[SwitchC-vlan101] arp detection enable
[SwitchC-vlan101] vlan 201
140
[SwitchC-vlan503] quit
# Configure customer-side port Ten-GigabitEthernet 1/0/1 as a trunk port, assign the port to
original VLANs and translated VLANs, and enable DHCP snooping entry recording on the port.
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 101 102 201 202 301 302 501
to 503
[SwitchC-Ten-GigabitEthernet1/0/1] vlan mapping uni range 101 to 102 translated-vlan
501
502
503
[SwitchC-Ten-GigabitEthernet1/0/2] dhcp snooping binding record
[SwitchC-Ten-GigabitEthernet1/0/1] quit
# Configure customer-side port Ten-GigabitEthernet 1/0/2 as a trunk port, assign the port to
original VLANs and translated VLANs, and enable DHCP snooping entry recording on the port.
[SwitchC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 103 104 203 204 303 304 501
to 503
501
502
503
[SwitchC-Ten-GigabitEthernet1/0/2] dhcp snooping binding record
# Configure network-side many-to-one VLAN mapping on network-side port Ten-GigabitEthernet
1/0/3.
[SwitchC-Ten-GigabitEthernet1/0/3] vlan mapping nni
# Configure Ten-GigabitEthernet 1/0/3 as a trunk port, assign the port to the translated VLANs,
and configure the port as a DHCP snooping trusted port and an ARP trusted port.
[SwitchC-Ten-GigabitEthernet1/0/3] port trunk permit vlan 501 to 503
[SwitchC-Ten-GigabitEthernet1/0/3] dhcp snooping trust
[SwitchC-Ten-GigabitEthernet1/0/3] arp detection trust
4. Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to the translated VLANs
on Switch D.
<SwitchD> system-view
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] port link-type trunk
141
[SwitchD-Ten-GigabitEthernet1/0/1] port trunk permit vlan 501 to 503
[SwitchD-Ten-GigabitEthernet1/0/1] quit

1. Display VLAN mapping information on Switch A.
[SwitchA] display vlan mapping
Interface Ten-GigabitEthernet1/0/1:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
1 N/A 101 N/A
2 N/A 201 N/A
3 N/A 301 N/A
1 N/A 102 N/A
2 N/A 202 N/A
3 N/A 302 N/A
2. Display VLAN mapping information on Switch B.
The command output on Switch B is similar to that on Switch A.
3. Display VLAN mapping information on Switch C.
[SwitchC] display vlan mapping
101-102 N/A 501 N/A
201-202 N/A 502 N/A
301-302 N/A 503 N/A
103-104 N/A 501 N/A
203-204 N/A 502 N/A
303-304 N/A 503 N/A
The output shows that one-to-one VLAN mapping is successfully configured on Switch A and
Switch B, and many-to-one VLAN mapping is successfully configured on Switch C.
One-to-two and two-to-two VLAN mapping configuration

example
As shown in Figure 45, two VPN A branches, Site 1 and Site 2, are in VLAN 5 and VLAN 6, respectively.
The two sites use different VPN access services from different service providers, SP 1 and SP 2. SP 1
assigns VLAN 100 to Site 1 and Site 2, and SP 2 assigns VLAN 200 to Site 1 and Site 2.
Configure one-to-two and two-to-two VLAN mappings to enable the two branches to communicate
across networks SP 1 and SP 2.
142
SP 1 SP 2
PE 1 PE 2 PE 3 PE 4
XGE1/0/2 XGE1/0/1 XGE1/0/2 XGE1/0/1 XGE1/0/2 XGE1/0/1
XGE1/0/1 XGE1/0/2
VLAN 100 VLAN 5 Data VLAN 200 VLAN 6 Data
VLAN 5 Data VLAN 6 Data
VPN A VPN A CE 2
CE 1
Site 1 Site 2
1. Configure PE 1:
# Configure one-to-two VLAN mapping on customer-side port Ten-GigabitEthernet 1/0/1 to add
outer VLAN tag 100 to packets from VLAN 5.
<PE1> system-view
[PE1-Ten-GigabitEthernet1/0/1] vlan mapping nest single 5 nested-vlan 100
# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, assign the port to VLAN 5 as a tagged
member, and assign the port to VLAN 100 as an untagged member.
[PE1-Ten-GigabitEthernet1/0/1] port link-type hybrid
[PE1-Ten-GigabitEthernet1/0/1] port hybrid vlan 5 tagged
[PE1-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged
VLAN 100.
[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
2. Configure PE 2:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 100.
<PE2> system-view
143
3. Configure PE 3:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLANs 100 and
200.
<PE3> system-view
# Configure two-to-two VLAN mapping on Ten-GigabitEthernet 1/0/1 to map outer VLAN 100
and inner VLAN 5 to outer VLAN 200 and inner VLAN 6.
[PE3-Ten-GigabitEthernet1/0/1] vlan mapping tunnel 100 5 translated-vlan 200 6
4. Configure PE 4:
VLAN 200.
<PE4> system-view
# Configure customer-side port Ten-GigabitEthernet 1/0/2 as a hybrid port, assign the port to
VLAN 6 as a tagged member, and assign the port to VLAN 200 as an untagged member.
[PE4-Ten-GigabitEthernet1/0/2] port link-type hybrid
[PE4-Ten-GigabitEthernet1/0/2] port hybrid vlan 6 tagged
[PE4-Ten-GigabitEthernet1/0/2] port hybrid vlan 200 untagged
# Configure one-to-two VLAN mapping on customer-side port Ten-GigabitEthernet 1/0/2 to add
outer VLAN tag 200 to packets from VLAN 6.
[PE4-Ten-GigabitEthernet1/0/2] vlan mapping nest single 6 nested-vlan 200

1. Display VLAN mapping information on PE 1.
[PE1] display vlan mapping
5 N/A 100 5
100 5 200 6
144
6 N/A 200 6
The output shows that one-to-two VLAN mapping is successfully configured on PE 1 and PE 4, and
two-to-two VLAN mapping is successfully configured on PE 3.
145
Configuring LLDP
Overview
In a heterogeneous network, a standard configuration exchange platform ensures that different types of
network devices from different vendors can discover one another and exchange configuration for the
sake of interoperability and management.
The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data
link layer to exchange device information between directly connected devices. With LLDP, a device sends
local device information (including its major functions, management IP address, device ID, and port ID)
as TLV (type, length, and value) triplets in LLDP Data Units (LLDPDUs) to the directly connected devices. At
the same time, the device stores the device information received in LLDPDUs sent from the LLDP neighbors
in a standard MIB. For more information about MIBs, see Network Management and Monitoring
Configuration Guide. LLDP enables a network management system to quickly detect and identify Layer 2
network topology changes.
Basic concepts
LLDP agent
An LLDP agent is a mapping of an entity where LLDP runs. Multiple LLDP agents can run on an interface
at the same time. LLDP agents are divided into the following types: nearest bridge agent, nearest
customer bridge agent, and nearest non-TPMR bridge agent. A Two-port MAC Relay (TPMR) is a type of
bridge that has only two externally-accessible bridge ports, and supports a subset of the functions of a
MAC bridge. A TPMR is transparent to all frame-based media independent protocols except those
destined to it and those destined to reserved MAC addresses that the relay function of the TPMR is
defined not to forward. LLDP exchanges packets between neighbor agents and creates and maintains
neighbor information for them. Figure 46 shows the neighbor relationships for these LLDP agents. LLDP
has two bridge modes: customer bridge (CB) and service bridge (SB).
Figure 46 LLDP neighbor relationships
LLDPDU formats
LLDP sends device information in LLDPDUs. LLDPDUs are encapsulated in Ethernet II or SNAP frames.
1. LLDPDU encapsulated in Ethernet II
146
Figure 47 Ethernet II-encapsulated LLDPDU
Table 12 Fields in an Ethernet II-encapsulated LLDPDU
Field Description
MAC address to which the LLDPDU is advertised. To distinguish between LLDP
packets sent and received by different agent types on the same interface, LLDP
specifies different multicast MAC addresses as destination MAC addresses for
LLDP packets to different agent types. It is fixed to multicast MAC address
Destination MAC address
0x0180-C200-000E (only for LLDP packets destined for the nearest bridge
neighbor), 0x0180-C200-0000 (only for LLDP packets destined for the nearest
customer bridge neighbor), or 0x0180-C200-0003 (only for LLDP packets
destined for the nearest TPMR bridge neighbor).
Source MAC address MAC address of the sending port.
Type Ethernet type for the upper layer protocol. It is 0x88CC for LLDP.
Data LLDPDU.
Frame check sequence, a 32-bit CRC value used to determine the validity of
FCS
the received Ethernet frame.
2. LLDPDU encapsulated in SNAP

Figure 48 SNAP-encapsulated LLDPDU format
147
Table 13 Fields in a SNAP-encapsulated LLDPDU
Field Description
MAC address to which the LLDPDU is advertised. It is fixed at
Destination MAC address
0x0180-C200-000E, a multicast MAC address.
Source MAC address MAC address of the sending port.
SNAP type for the upper layer protocol. It is 0xAAAA-0300-0000-88CC for

Type
LLDP.
Data LLDPDU.
Frame check sequence, a 32-bit CRC value used to determine the validity of
FCS
the received Ethernet frame.
LLDPDUs
LLDP uses LLDPDUs to exchange information. An LLDPDU comprises multiple TLV sequences. Each TLV
carries a type of device information, as shown in Figure 49.
Figure 49 LLDPDU encapsulation format
An LLDPDU can carry up to 28 types of TLVs. Mandatory TLVs include Chassis ID TLV, Port ID TLV, Time
to Live TLV, and End of LLDPDU TLV. Other TLVs are optional.
TLVs
TLVs are type, length, and value sequences that carry information elements.
LLDPDU TLVs include the following categories:
• Basic management TLVs
• Organizationally (IEEE 802.1 and IEEE 802.3) specific TLVs
• LLDP-MED (media endpoint discovery) TLVs
Basic management TLVs are essential to device management. Organizationally specific TLVs and
LLDP-MED TLVs are used for enhanced device management; they are defined by standardization or other
organizations and are optional to LLDPDUs.
1. Basic management TLVs
Table 14 lists the basic management TLV types. Some of them are mandatory to LLDPDUs (they
must be included in every LLDPDU).
Table 14 Basic management TLVs
Type Description Remarks

Chassis ID Specifies the bridge MAC address of the sending device.
Specifies the ID of the sending port.
Port ID If the LLDPDU carries LLDP-MED TLVs, the port ID TLV carries the
MAC address of the sending port. Otherwise, the port ID TLV Mandatory.
carries the port name.
Specifies the life of the transmitted information on the receiving

Time to Live
device.
148
Type Description Remarks
End of LLDPDU Marks the end of the TLV sequence in the LLDPDU.
Port Description Specifies the port description of the sending port.
System Name Specifies the assigned name of the sending device.
System Description Specifies the description of the sending device.

Optional.
Identifies the primary functions of the sending device and the
System Capabilities
enabled primary functions.
Specifies the management address, and the interface number

Management Address
and object identifier (OID) associated with the address.
2. IEEE 802.1 organizationally specific TLVs

Table 15 IEEE 802.1 organizationally specific TLVs
Type Description
Specifies the port's VLAN identifier (PVID). An LLDPDU carries only one TLV of
Port VLAN ID
this type.
Indicates whether the device supports protocol VLANs and, if so, what VLAN
Port And Protocol VLAN ID IDs these protocols will be associated with. An LLDPDU can carry multiple
different TLVs of this type.
Specifies the textual name of any VLAN to which the port belongs. An LLDPDU
VLAN Name
can carry multiple different TLVs of this type.
Indicates protocols supported on the port. An LLDPDU can carry multiple

Protocol Identity
different TLVs of this type.
DCBX Data center bridging exchange protocol.
NOTE:
H3C devices support only receiving protocol identity TLVs.
3. IEEE 802.3 organizationally specific TLVs

Table 16 IEEE 802.3 organizationally specific TLVs
Type Description
Contains the bit-rate and duplex capabilities of the sending port,
MAC/PHY Configuration/Status support for autonegotiation, enabling status of autonegotiation, and
the current rate and duplex mode.
Contains the power supply capability of the port, including the PoE
type (PSE or PD), PoE mode, whether PSE power supply is supported,
Power Via MDI
whether PSE power supply is enabled, and whether the PoE mode is
controllable.
Indicates the aggregation capability of the port (whether the link is

Link Aggregation capable of being aggregated), and the aggregation status (whether
the link is in an aggregation).
Indicates the supported maximum frame size. It is now the MTU of the
Maximum Frame Size
port.
149
Type Description
Indicates the power state control configured on the sending port,
Power Stateful Control including the power type of the PSE/PD, PoE sourcing/receiving
priority, and PoE sourcing/receiving power.
NOTE:
The power stateful control TLV is defined in IEEE P802.3at D1.0 and is not supported in later versions. H3C
devices send this type of TLVs only after receiving them.
4. LLDP-MED TLVs
LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic
configuration, network policy configuration, and address and directory management. LLDP-MED
TLVs provide a cost-effective and easy-to-use solution for deploying voice devices in Ethernet.
LLDP-MED TLVs are shown in Table 17.
Table 17 LLDP-MED TLVs
Type Description
Allows a network device to advertise the LLDP-MED TLVs that it
LLDP-MED Capabilities
supports.
Allows a network device or terminal device to advertise the VLAN ID

Network Policy of the specific port, the VLAN type, and the Layer 2 and Layer 3
priorities for specific applications.
Allows a network device or terminal device to advertise power supply

Extended Power-via-MDI
capability. This TLV is an extension of the Power Via MDI TLV.
Hardware Revision Allows a terminal device to advertise its hardware version.
Firmware Revision Allows a terminal device to advertise its firmware version.
Software Revision Allows a terminal device to advertise its software version.
Serial Number Allows a terminal device to advertise its serial number.
Manufacturer Name Allows a terminal device to advertise its vendor name.
Model Name Allows a terminal device to advertise its model name.
Allows a terminal device to advertise its asset ID. The typical case is
Asset ID that the user specifies the asset ID for the endpoint to facilitate
directory management and asset tracking.
Allows a network device to advertise the appropriate location

Location Identification identifier information for a terminal device to use in the context of
location-based applications.
NOTE:
If the MAC/PHY configuration/status TLV is not advertisable, none of the LLDP-MED TLVs will be
advertised even if they are advertisable. If the LLDP-MED capabilities TLV is not advertisable, the other
LLDP-MED TLVs will not be advertised even if they are advertisable.
150
Management address
The network management system uses the management address of a device to identify and manage the
device for topology maintenance and network management. The management address is encapsulated
in the management address TLV.
Work mechanism
LLDP operating modes
LLDP can operate in one of the following modes:
• TxRx mode—A port in this mode can send and receive LLDPDUs.
• Tx mode—A port in this mode can only send LLDPDUs.
• Rx mode—A port in this mode can only receive LLDPDUs.
• Disable mode—A port in this mode cannot send or receive LLDPDUs.
Each time the LLDP operating mode of a port changes, its LLDP protocol state machine re-initializes. A
configurable re-initialization delay prevents frequent initializations because of frequent changes to the
operating mode. With this delay configured, before a port can initialize LLDP, it must wait for the
specified interval after the LLDP operating mode changes.
Transmitting LLDPDUs
An LLDP-enabled port operating in TxRx mode or Tx mode sends LLDPDUs to its directly connected
devices both periodically and when the local configuration changes. To prevent LLDPDUs from
overwhelming the network during times of frequent changes to local device information, you can set a
delay between two successive LLDPDUs.
This interval is shortened to 1 second in either of the following cases:
• A new neighbor is discovered. A new LLDPDU is received and carries device information new to the
local device.
• The LLDP operating mode of the port changes from Disable or Rx to TxRx or Tx.
This is the fast sending mechanism of LLDP. With this mechanism, a specific number of LLDPDUs are sent
successively at 1-second intervals to help LLDP neighbors discover the local device as soon as possible.
Then, the normal LLDPDU transmit interval resumes.
Receiving LLDPDUs
An LLDP-enabled port that is operating in TxRx mode or Rx mode checks the validity of TLVs carried in
every received LLDPDU. If valid, the information is saved and an aging timer is set for it based on the TTL
value in the TTL TLV carried in the LLDPDU. If the TTL value is zero, the information ages out immediately.

• IEEE 802.1AB-2005, Station and Media Access Control Connectivity Discovery
• ANSI/TIA-1057, Link Layer Discovery Protocol for Media Endpoint Devices
• DCB Capability Exchange Protocol Specification Rev 1.00
• DCB Capability Exchange Protocol Base Specification Rev 1.01
151
LLDP configuration task list
Tasks at a glance
Performing basic LLDP configuration:
• (Required.) Enabling LLDP
• (Optional.) Setting the LLDP operating mode
• (Optional.) Setting the LLDP re-initialization delay
• (Optional.) Enabling LLDP polling
• (Optional.) Configuring the advertisable TLVs
• (Optional.) Configuring the management address and its encoding format
• (Optional.) Setting other LLDP parameters
• (Optional.) Setting an encapsulation format for LLDPDUs
(Optional.) Configuring CDP compatibility
(Optional.) Configuring DCBX
(Optional.) Configuring LLDP trapping and LLDP-MED trapping
Performing basic LLDP configuration

Enabling LLDP
To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports.
To enable LLDP:

By default:
• When the switch starts
up with empty
configuration, LLDP is
disabled globally.
• When the switch starts
2. Enable LLDP globally. up with the default
lldp global enable
configuration file, LLDP
is enabled globally.
empty configuration and
the default configuration
file, see Fundamentals

view.
152
By default, LLDP is enabled
4. (Optional.) Enable LLDP. lldp enable
on a port.
Setting the LLDP operating mode

LLDP can operate in one of the following modes:
• TxRx mode—A port in this mode can send and receive LLDPDUs.
• Tx mode—A port in this mode can only send LLDPDUs.
• Rx mode—A port in this mode can only receive LLDPDUs.
• Disable mode—A port in this mode cannot send or receive LLDPDUs.
To set the LLDP operating mode:

view.
3. (Optional.) Set the LLDP
lldp admin-status { disable | rx | tx | txrx } The default setting is txrx.
operating mode.
4. Set the operating mode for
The default setting is
the LLDP nearest non-TPMR lldp agent nearest-nontpmr admin-status
disable.
bridge.
Setting the LLDP re-initialization delay

When LLDP operating mode changes on a port, the port initializes the protocol state machines after a
certain delay. By adjusting the LLDP re-initialization delay, you can avoid frequent initializations caused
by frequent changes to the LLDP operating mode on a port.
To set the LLDP re-initialization delay for ports:

2. Set the LLDP re-initialization
lldp timer reinit-delay delay The default setting is 2 seconds.
delay.
Enabling LLDP polling

With LLDP polling enabled, a device periodically searches for local configuration changes. When the
device detects a configuration change, it sends LLDPDUs to inform neighboring devices of the change.
To enable LLDP polling:
153

view.
3. Enable LLDP polling and set By default, LLDP polling is

lldp check-change-interval interval
the polling interval. disabled.
Configuring the advertisable TLVs

2. Enter Ethernet interface view. interface interface-type interface-number N/A
lldp tlv-enable { basic-tlv { all |

management-address-tlv [ ip-address ] |
port-description | system-capability |
By default, all types of
system-description | system-name } |
LLDP TLVs except the
dot1-tlv { all | dcbx | port-vlan-id |
DCBX TLV, location
protocol-vlan-id [ vlan-id ] | vlan-name
3. Configure the advertisable identification TLV, VLAN
[ vlan-id ] } | dot3-tlv { all | link-aggregation
TLVs. Name TLVs, and Protocol
| mac-physic | max-frame-size | power } |
VLAN ID TLVs are
med-tlv { all | capability | inventory |
advertisable on an
location-id { civic-address device-type
Ethernet port.
country-code { ca-type ca-value }&<1-10> |
elin-address tel-number } | network-policy |
power-over-ethernet } }
Configuring the management address and its encoding format

LLDP encodes management addresses in numeric or string format in management address TLVs.
By default, management addresses are encoded in numeric format. If a neighbor encodes its
management address in character string format, you must configure the encoding format of the
management address as string on the connecting port to guarantee normal communication with the
neighbor.
To configure a management address to be advertised and its encoding format on a port:

2. Enter Ethernet interface view. interface interface-type interface-number N/A
154
By default, the
management address is
sent through LLDPDUs.
For a Ethernet port, the
the main IP address of
the VLAN interface that
3. Allow LLDP to advertise the is in up state and whose
management address in corresponding VLAN ID
lldp tlv-enable basic-tlv
LLDPDUs and configure the is the lowest among the
management-address-tlv [ ip-address ]
advertised management VLANs permitted on the
address. port. If none of the
VLAN interfaces of the
permitted VLANs is
assigned an IP address
or all VLAN interfaces
are down, no
management address
will be advertised.
By default, the
4. Configure the encoding
format of the management lldp management-address-format string
encapsulated in the
address as character string.
numeric format.
Setting other LLDP parameters

The TTL TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can
be saved on a recipient device.
By setting the TTL multiplier, you can configure the TTL of locally sent LLDPDUs, which determines how
long information about the local device can be saved on a neighboring device. The TTL is expressed by
using the following formula:
TTL = Min (65535, (TTL multiplier × LLDPDU transmit interval))
As the expression shows, the TTL can be up to 65535 seconds. TTLs greater than 65535 will be rounded
down to 65535 seconds.
Follow these guidelines when you change LLDP parameters:
• To make sure that LLDP neighbors can receive LLDPDUs to update information about the current
device before it ages out, configure the LLDPDU transmit delay to be less than the TTL.
• Set the LLDPDU transmit interval to be no less than four times the LLDPDU transmit delay.
• If the LLDPDU transmit delay is greater than the LLDPDU transmit interval, the device uses the
LLDPDU transmit delay as the transmit interval.
To change LLDP parameters:

2. Set the TTL multiplier. lldp hold-multiplier value The default setting is 4.
155
3. Set the LLDPDU transmit The default setting is 30
lldp timer tx-interval interval
interval. seconds.
4. Set the LLDPDU transmit delay. lldp timer tx-delay delay The default setting is 2 seconds.
5. Set the number of LLDPDUs
sent each time fast LLDPDU lldp fast-count count The default setting is 3.
transmission is triggered.
Setting an encapsulation format for LLDPDUs

LLDPDUs can be encapsulated in the following formats: Ethernet II or SNAP frames.
• With Ethernet II encapsulation configured, an LLDP port sends LLDPDUs in Ethernet II frames.
• With SNAP encapsulation configured, an LLDP port sends LLDPDUs in SNAP frames.
Earlier versions of LLDP require the same encapsulation format on both ends to process LLDPDUs. For this
reason, the local device should be configured with the same encapsulation format in order to
communicate stably with a neighboring device running an earlier version of LLDP.
To set the encapsulation format for LLDPDUs to SNAP:

view.
3. Set the encapsulation By default, Ethernet II
format for LLDPDUs to lldp encapsulation snap encapsulation format
SNAP. applies.
Configuring CDP compatibility

When the switch is directly connected to a Cisco device that supports only CDP rather than LLDP, you can
enable CDP compatibility to enable the switch to exchange information with the directly-connected
device.
With CDP compatibility enabled on the switch, the switch can use LLDP to receive and recognize the CDP
packets received from the directly-connected device and send CDP packets to the directly-connected
device. The packets that the switch sends to the neighboring CDP device carry the device ID, the ID of the
port connecting to the neighboring device, the port IP address, and the TTL. The port IP address is the
main IP address of the VLAN interface that is in up state and whose corresponding VLAN ID is the lowest
among the VLANs permitted on the port. If none of the VLAN interfaces of the permitted VLANs is
assigned an IP address or all VLAN interfaces are down, no port IP address will be advertised. The CDP
neighbor-information-related fields in the output of the display lldp neighbor-information command
show the CDP neighboring device information that can be recognized by the switch. For more
information a bout the display lldp neighbor-information command, see Layer 2—LAN Switching
Command Reference.
156
Before you configure CDP compatibility, complete the following tasks:
• Globally enable LLDP.
• Enable LLDP on the port connecting to a device supporting CDP, and configure the port to operate
in TxRx mode.
CDP-compatible LLDP operates in one of the following modes:
• TxRx—CDP packets can be transmitted and received.
• Disable—CDP packets cannot be transmitted or received.
LLDP traps are sent periodically, and the interval is configurable. To make CDP-compatible LLDP take
effect on specific ports, first enable CDP-compatible LLDP globally, and then configure CDP-compatible
LLDP to operate in TxRx mode.
The maximum TTL value that CDP allows is 255 seconds. To make CDP-compatible LLDP work correctly
with Cisco IP phones, configure the LLDPDU transmit interval to be no more than 1/3 of the TTL value.
To enable LLDP to be compatible with CDP:

2. Enable CDP compatibility By default, CDP compatibility is
lldp compliance cdp
interface-number
4. Configure CDP-compatible lldp compliance admin-status cdp By default, CDP-compatible LLDP
LLDP to operate in TxRx mode. txrx operates in Disable mode.
Configuring DCBX
Data Center Ethernet (DCE), also known as Converged Enhanced Ethernet (CEE), is enhancement and
expansion of traditional Ethernet local area networks for use in data centers. DCE uses the Data Center
Bridging Exchange Protocol (DCBX) to negotiate and remotely configure the bridge capability of
network elements.
DCBX has two self-adaptable versions, DCB Capability Exchange Protocol Specification Rev 1.00 and
DCB Capability Exchange Protocol Base Specification Rev 1.01. DCBX offers the following functions:
• Discovers the peer devices' capabilities and determines whether devices at both ends support these
capabilities.
• Detects configuration errors on peer devices.
• Remotely configures the peer device if the peer device accepts the configuration.
NOTE:
H3C devices support only the remote configuration function.
157
Figure 50 DCBX application scenario
DCBX enables lossless packet transmission on DCE networks.

As shown in Figure 50, DCBX applies to an FCoE based data center network, and operates on an access
switch. DCBX enables the switch to control the server adapter, and simplifies the configuration and
guarantees configuration consistency. DCBX extends LLDP by using the IEEE 802.1 organizationally
specific TLVs (DCBX TLVs) to transmit DCBX data, including Application Protocol (APP), Enhanced
Transmission Selection (ETS), and PFC.
H3C devices can send the three types of DCBX information to a server adapter supporting FCoE, but they
cannot receive these types of DCBX information.
DCBX configuration task list
Tasks at a glance
(Required.) Enabling LLDP and DCBX TLV advertising
(Required.) Configuring APP parameters
(Optional.) Configuring ETS parameters:

• Configuring the 802.1p-to-local priority mapping
• Configuring group-based WRR queuing
(Required.) Configuring PFC parameters
(Optional.) Configuring the DCBX version
Enabling LLDP and DCBX TLV advertising

To enable the device to advertise APP, ETS, and PFC data through an interface, enable LLDP globally and
enable LLDP and DCBX TLV advertising on the interface.
To enable LLDP and DCBX TLV advertising:

158
By default:
• When the switch starts up
with empty configuration,
LLDP is disabled globally.
2. Enable LLDP globally. lldp global enable
• When the switch starts up
with the default
configuration file, LLDP is
enabled globally.
view.
By default, LLDP is enabled on

4. Enable LLDP. lldp enable
an interface.
By default, DCBX TLV

5. Enable the interface to
lldp tlv-enable dot1-tlv dcbx advertising is disabled on an
advertise DCBX TLVs.
interface.
Configuring APP parameters

The device negotiates with the server adapter by using the APP parameters to control the 802.1p priority
values of the protocol packets that the server adapter sends, and to identify traffic based on the 802.1p
priority values. For example, the device can use the APP parameters to negotiate with the server adapter
to set the 802.1p priority of all FCoE packets and FIP packets to 3. If the negotiation succeeds, all the
FCoE packets and FIP packets that the server adapter sends to the device carry the 802.1p priority 3.
When you configure APP parameters, follow these restrictions and guidelines:
• An Ethernet frame header ACL identifies application protocol packets by protocol number.
• An IPv4 advanced ACL identifies application protocol packets by IP port number.
• DCBX Rev 1.00 identifies application protocol packets only by protocol number and advertises
TLVs with protocol number 0x8906 (FCoE) only.
• DCBX Rev 1.01has the following attributes:
{ Supports identifying application protocol packets by both protocol number and IP port number.
{ Does not restrict the protocol number or IP port number for advertising TLVs.
{ Can advertise up to 77 TLVs according to the remaining length of the current packet.
To configure APP parameters:

159
An Ethernet frame header ACL
number is in the range of 4000 to
4999. An IPv4 advanced ACL
2. Create an Ethernet frame number is in the range of 3000 to
acl number acl-number [ name 3999.
header ACL or an IPv4
acl-name ] [ match-order { auto |
advanced ACL and enter ACL DCBX Rev 1.00 supports only
config } ]
view. Ethernet frame header ACLs. DCBX
Rev 1.01 supports both Ethernet
frame header ACLs and IPv4
advanced ACLs.
• For the Ethernet frame header
ACL:
rule [ rule-id ] permit type
protocol-type ffff Create rules according to the type
3. Create a rule for the ACL.
of the ACL previously created.
• For the IPv4 advanced ACL:
rule [ rule-id ] permit { tcp |
udp } destination-port eq port
5. Create a class, specify the
traffic classifier classifier-name
operator of the class as OR, N/A
operator or
and enter class view.
6. Use the specified ACL as the
if-match acl acl-number N/A
match criterion of the class.
8. Create a traffic behavior and
traffic behavior behavior-name N/A
enter traffic behavior view.
9. Configure the behavior to
mark packets with the specific remark dot1p 8021p N/A
802.1p priority.
11. Create a QoS policy and
qos policy policy-name N/A
enter QoS policy view.
In a QoS policy, you can configure

multiple class-behavior
12. Associate the class with the
associations. A packet might be
traffic behavior in the QoS classifier classifier-name behavior
configured with multiple 802.1p
policy, and apply the behavior-name mode dcbx
priority marking or mapping
association to DCBX.
actions, and the one configured
first takes effect.
160
• (Method 1) To the outgoing
traffic of all ports:
qos apply policy policy-name
global outbound
• (Method 2) To the outgoing
• Configurations made in system
traffic of an Ethernet interface:
view take effect on all ports.
14. Apply the QoS policy. a. Enter Ethernet interface
• Configurations made in
view:
Ethernet interface view take
effect on the interface.
interface-number
b. Apply the QoS policy to
the outgoing traffic:
qos apply policy
policy-name outbound
For more information about the acl, rule, traffic classifier, if-match, traffic behavior, remark dot1p, qos
policy, classifier behavior, qos apply policy global, and qos apply policy commands, see ACL and QoS
Command Reference.
Configuring ETS parameters

ETS provides committed bandwidth. The device uses ETS parameters to negotiate with the server adapter,
controls the server adapter's transmission speed of the specific type of traffic, and guarantees that the
transmission speed is within the committed bandwidth of the interface. In this way, no traffic loss occurs
due to congestion.
To configure ETS parameters, you must configure the 802.1p-to-local priority mapping and group-based
WRR queuing.
Configuring the 802.1p-to-local priority mapping

To configure the 802.1p priority mapping in the priority mapping table approach:

2. Enter 802.1p-to-local priority
qos map-table dot1p-lp N/A
mapping table view.
3. Configure the priority
mapping table to map the For information about the default
import import-value-list export
specific 802.1p priority priority mapping tables, see ACL and
export-value
values to a local precedence QoS Configuration Guide.
value.
interface-number
6. Configure the interface to
By default, the port priority of the
trust the 802.1p priority qos trust dot1p
incoming port is trusted.
carried in packets.
161
For more information about the qos map-table and import commands, see ACL and QoS Command
Reference.
Configuring group-based WRR queuing

You can configure group-based WRR queuing to allocate bandwidth.
To configure group-based WRR queuing:

view.
By default, byte-count WRR is

3. Enable WRR queuing. qos wrr byte-count
used.
• Add the specific queue to WRR
priority group 1 and configure the
scheduling weight for the queue:
qos wrr queue-id group 1 byte-count
4. Configure the queue. Use at least one command.
schedule-value
• Configure the specific queue to use
strict priority queuing:
qos wrr queue-id group sp
For more information about the qos wrr, qos wrr byte-count, and qos wrr group sp commands, see ACL
and QoS Command Reference.
Configuring PFC parameters

To avoid dropping packets with a certain 802.1p priority, enable PFC for the 802.1p priority. This feature
helps reduce the sending rate of packets carrying this priority when network congestion occurs.
The device uses PFC parameters to negotiate with the server adapter and to enable PFC for specific
802.1p priorities on the server adapter.
To configure PFC parameters:

interface-number
3. Enable the Ethernet interface to By default, PFC is disabled.

automatically negotiate with its To advertise the PFC data, you
priority-flow-control auto
peer to decide whether to must enable PFC in
enable PFC. autonegotiation mode.
162
By default, PFC is disabled for all
802.1p priorities.
H3C recommends that you enable
4. Enable PFC for specific 802.1p priority-flow-control no-drop PFC for the 802.1p priority of
priorities. dot1p dot1p-list FCoE traffic. If you enable PFC for
multiple 802.1p priorities, packet
loss might occur during periods of
congestion.
5. Configure the interface to trust
By default, the port priority of the
the 802.1p priority carried in qos trust dot1p
incoming port is trusted.
packets.
For more information about the priority-flow-control and priority-flow-control no-drop dot1p commands,
see Layer 2—LAN Switching Command Reference.
Configuring the DCBX version

DCBX has two versions: DCBX Rev 1.00 and DCBX Rev 1.01. The device supports autonegotiation of the
two versions with the peer and uses DCBX Rev 1.01 as the initial version for negotiation.
When the device is connected to a DCBX-enabled peer device, the following apply:
• If the peer device does not support autonegotiation, the device will change its DCBX version to
match that on the peer device.
• If the peer device supports autonegotiation and also uses DCBX Rev 1.01 as the initial version for
negotiation, DCBX Rev 1.01 will be the negotiated result.
• If the peer device supports autonegotiation and uses a different DCBX version as the initial version
for negotiation, DCBX Rev 1.01 or DCBX Rev 1.00 will be the negotiated result.
When the negotiated result is not the expected one, you can configure the expected DCBX version.
You can view the DCBX version in use through the Oper version field of the DCBX Control subTLV info
part in the output from the display lldp local-information command.
Before you configure the DCBX version, complete the following tasks:
• Enable LLDP globally and configure the interface to advertise DCBX TLVs.
• Configure the APP parameters, ETS parameters, or PFC parameters to be advertised on the
interface.
To configure the DCBX version:

2. Enter Layer 2 Ethernet interface interface-type
N/A
163
By default, the DCBX version is
3. Configure the DCBX autonegotiated by two interfaces, with
dcbx version { rev100 | rev101 }
version. the DCBX Rev 1.01 as the initial version
for negotiation at the local end.
Configuring LLDP trapping and LLDP-MED trapping

LLDP trapping or LLDP-MED trapping notifies the network management system of events such as newly
detected neighboring devices and link malfunctions.
To prevent excessive LLDP traps from being sent when the topology is unstable, set a trap transmit interval
for LLDP.
To configure LLDP trapping and LLDP-MED trapping:

view.
By default, LLDP trapping is

3. Enable LLDP trapping. lldp notification remote-change enable
disabled.
lldp notification med-topology-change By default, LLDP-MED

4. Enable LLDP-MED trapping.
enable trapping is disabled.
6. (Optional.) Set the LLDP The default setting is 5
lldp timer notification-interval interval
trap transmit interval. seconds.
Displaying and maintaining LLDP

Task Command
Display the global LLDP information
display lldp local-information [ global | interface interface-type
or the information contained in the
interface-number ]
LLDP TLVs to be sent through a port.
Display the information contained display lldp neighbor-information [ interface interface-type

in the LLDP TLVs sent from interface-number [ verbose ] | list [ system-name system-name ] |
neighboring devices. verbose ]
Display LLDP statistics. display lldp statistics [ global | interface interface-type interface-number ]
Display LLDP status of a port. display lldp status [ interface interface-type interface-number ]
Display types of advertisable

display lldp tlv-config [ interface interface-type interface-number ]
optional LLDP TLVs.
164
Basic LLDP configuration example
As shown in Figure 51, the NMS and Switch A are located in the same Ethernet network. An MED device
and Switch B are connected to Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 of Switch A.
Enable LLDP globally on Switch A and Switch B to monitor the link between Switch A and Switch B and
the link between Switch A and the MED device on the NMS.
1. Configure Switch A:
# Enable LLDP globally.
[SwitchA] lldp global enable
# Enable LLDP on Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2. (You can skip this
step because LLDP is enabled on ports by default.) Set the LLDP operating mode to Rx.
[SwitchA-Ten-GigabitEthernet1/0/1] lldp enable
[SwitchA-Ten-GigabitEthernet1/0/1] lldp admin-status rx
[SwitchA-Ten-GigabitEthernet1/0/2] lldp admin-status rx
2. Configure Switch B:
<SwitchB> system-view
[SwitchB] lldp global enable
# Enable LLDP on Ten-GigabitEthernet1/0/1. (You can skip this step because LLDP is enabled on
ports by default.) Set the LLDP operating mode to Tx.
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] lldp enable
[SwitchB-Ten-GigabitEthernet1/0/1] lldp admin-status tx
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# Display the global LLDP status and port LLDP status on Switch A.
165
[SwitchA] display lldp status
Global status of LLDP: Enable
The current number of LLDP neighbors: 2
The current number of CDP neighbors: 0
LLDP neighbor information last changed time: 0 days, 0 hours, 4 minutes, 40 seconds
Transmit interval : 30s
Hold multiplier : 4
Reinit delay : 2s
Transmit delay : 2s
Trap interval : 5s
Fast start times : 3
LLDP status information of Port 1 [Ten-GigabitEthernet1/0/1]:

Port status of LLDP : Enable
Admin status : RX_Only
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 1
Number of MED neighbors : 1
Number of CDP neighbors : 0
Number of sent optional TLV : 0
Number of received unknown TLV : 0

Trap flag : No
MED trap flag : No
The sample output shows that:
{ Ten-GigabitEthernet 1/0/1 of Switch A connects to an MED device.
{ Ten-GigabitEthernet 1/0/2 of Switch A connects to a non-MED device.
{ Both ports operate in Rx mode, and they can receive LLDPDUs but cannot send LLDPDUs.
# Remove the link between Switch A and Switch B, and then display the global LLDP status and
port LLDP status on Switch A.
[SwitchA] display lldp status
Global status of LLDP: Enable
The current number of LLDP neighbors: 1
The current number of CDP neighbors: 0
LLDP neighbor information last changed time: 0 days, 0 hours, 5 minutes, 20 seconds
Transmit interval : 30s
166
Hold multiplier : 4
Reinit delay : 2s
Transmit delay : 2s
Trap interval : 5s
Fast start times : 3

Trap flag : No
MED trap flag : No

Trap flag : No
MED trap flag : No
The sample output shows that Ten-GigabitEthernet 1/0/2 of Switch A does not connect to any
neighboring devices.
DCBX configuration example

As shown in Figure 52, in a data center network, interface Ten-GigabitEthernet 1/0/1 of the access
switch (Switch A) connects to the FCoE adapter of the data center server (DC server).
Configure Switch A to implement lossless FCoE and FIP packet transmission to DC server.
NOTE:
Suppose that both Switch A and DC server support DCBX Rev 1.01.
167
1. Enable LLDP and DCBX TLV advertising:
[SwitchA] lldp global enable
# Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1.
[SwitchA-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx
2. Configure APP parameters:
# Create Ethernet frame header ACL 4000, and configure the ACL to permit FCoE packets (whose
protocol number is 0x8906) and FIP packets (whose protocol number is 0x8914) to pass through.
[SwitchA] acl number 4000
[SwitchA-acl-ethernetframe-4000] rule permit type 8906 ffff
[SwitchA-acl-ethernetframe-4000] rule permit type 8914 ffff
[SwitchA-acl-ethernetframe-4000] quit
# Create a class named app_c, specify the operator of the class as OR, and use ACL 4000 as the
match criterion of the class.
[SwitchA] traffic classifier app_c operator or
[SwitchA-classifier-app_c] if-match acl 4000
[SwitchA-classifier-app_c] quit
# Create a traffic behavior named app_b, and configure the traffic behavior to mark packets with
802.1p priority value 3.
[SwitchA] traffic behavior app_b
[SwitchA-behavior-app_b] remark dot1p 3
[SwitchA-behavior-app_b] quit
# Create a QoS policy named plcy, associate class app_c with traffic behavior app_b in the QoS
policy, and apply the association to DCBX.
[SwitchA] qos policy plcy
[SwitchA-qospolicy-plcy] classifier app_c behavior app_b mode dcbx
[SwitchA-qospolicy-plcy] quit
# Apply the policy named plcy to the outgoing traffic of interface Ten-GigabitEthernet 1/0/1.
[SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy plcy outbound
3. Configure ETS parameters:
168
# Configure the 802.1p-to-local priority mapping table to map 802.1p priority value 3 to local
precedence 3. (This is the default mapping table. You can modify this configuration as needed.)
[SwitchA] qos map-table dot1p-lp
[SwitchA-maptbl-out-dot1p-lp] import 3 export 3
[SwitchA-maptbl-out-dot1p-lp] quit
# Enable byte-count WRR queuing on interface Ten-GigabitEthernet 1/0/1, and configure queue
3 on the interface to use strict priority queuing.
[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr byte-count
[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr 3 group sp
4. Enable interface Ten-GigabitEthernet 1/0/1 to automatically negotiate with its peer to decide
whether to enable PFC, and enable PFC for 802.1 priority 3.
[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control auto
[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control no-drop dot1p 3
Through the specific menu on the DC server, you can see the data exchange procedure between
the DC server and Switch A. Take a Qlogic adapter on the DC server, for example. The data
exchange procedure is as follows:
------------------------------------------------------
DCBX Parameters Details for CNA Instance 0 - QLE8142
------------------------------------------------------
Mon May 17 10:00:50 2010
DCBX TLV (Type-Length-Value) Data

=================================
DCBX Parameter Type and Length
DCBX Parameter Length: 13
DCBX Parameter Type: 2
DCBX Parameter Information

Parameter Type: Current
Pad Byte Present: Yes
DCBX Parameter Valid: Yes
Reserved: 0
DCBX Parameter Data

Priority Group ID of Priority 1: 0



169
Priority Group 0 Percentage: 2
Number of Traffic Classes Supported: 8

Parameter Type: Remote
Reserved: 0
DCBX Parameter Data






Parameter Type: Local
Reserved: 0
170
DCBX Parameter Data





The output shows that DC server uses strict priority queuing (represented by priority group ID 15)
for packets carrying 802.1p priority 3 after negotiating with Switch A.
DCBX Parameter Type and Length

DCBX Parameter Length: 2
DCBX Parameter Type: 3

Parameter Type: Current
Pad Byte Present: No
Reserved: 0
DCBX Parameter Data

PFC Enabled on Priority 0: No
PFC Enabled on Priority 3: Yes
171
Parameter Type: Remote
Reserved: 0
DCBX Parameter Data


Parameter Type: Local
Reserved: 0
DCBX Parameter Data


The output shows that DC server performs PFC for packets carrying 802.1p priority 3 after
negotiating with Switch A.
172
Configuring service loopback groups
A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the
device back to the device. This feature must work with other features, such as GRE.
A service loopback group provides one of the following services:
• Tunnel—Supports unicast tunnel traffic.
• Multicast tunnel—Supports multicast tunnel traffic.
The device supports only one service loopback group for each service type. However, you can use one
service loopback group with multiple features.
Member ports in a service loopback group are load balanced.
Follow these guidelines when you configure a service loopback group:
• Make sure the ports you are assigning to a service loopback group meet the following
requirements:
{ The ports are not used for any other purposes. The configuration on a port is removed when it
is assigned to a service loopback group.
{ The ports support the service type of the service loopback group and are not members of any
other service loopback group.
• You cannot change the service type of a service loopback group.
• For correct traffic processing, make sure a service loopback group has at least one member port
when it is being used by a feature.
To configure a service loopback group:

2. Create a service loopback
service-loopback group number
group and specify its service N/A
type { multicast-tunnel | tunnel } *
type.
interface-number
4. Assign the port to the service port service-loopback group By default, a port does not belong
loopback group. number to any service loopback group.
Displaying and maintaining service loopback

groups
Execute the display command in any view.
173
Task Command
Display information about service loopback groups. display service-loopback group [ number ]
Service loopback group configuration example

All Ethernet ports on Device A support the tunnel service. Assign Ten-GigabitEthernet 1/0/1 through
Ten-GigabitEthernet 1/0/3 to a service loopback group to loop GRE packets sent out by the device back
to the device.
# Create service loopback group 1, and specify its service type as Tunnel.
[DeviceA] service-loopback group 1 type tunnel
# Assign Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to service loopback group 1.

[DeviceA-Ten-GigabitEthernet1/0/1] port service-loopback group 1
# Create tunnel interface 1 operating in GRE mode, which will automatically reference service loopback
group 1.
[DeviceA] interface tunnel 1 mode gre
[DeviceA-Tunnel1]
174
Configuring cut-through forwarding
A cut-through forwarding-enabled device forwards a frame after it receives the first 64 bytes of the frame.
This feature reduces the transmission time of a frame within the device, and enhances forwarding
performance.
To configure cut-through forwarding:

2. Enable cut-through
cut-through enable By default, cut-through forwarding is disabled.
forwarding.
175
Index
Numerics STP max age timer, 77

10-GE interface algorithm
combine, 2 STP calculation, 60
40-GE interface split, 2, 2, 3 alternate port (MST), 68
802.x APP parameter (LLDP), 159
802.1 LLDPDU TLV types, 148 assigning
802.X access port to a VLAN, 111
802.1Q-in-802.1Q. Use QinQ hybrid port to a VLAN, 113
QinQ SVLAN tag 802.1p priority, 121 MAC address table learning priority, 24
802.x port to isolation group (multiple), 55
802.1p-to-local priority mapping, 161 trunk port to a VLAN, 112
802.3 LLDPDU TLV types, 148 VLAN access port, 111
LAN switching LLDP PFC 802.1p priority, 162 VLAN hybrid port, 113
VLAN trunk port, 112
A
attribute
access port assignment (VLAN), 111 Ethernet link aggregation attribute
ACL configuration, 33
LAN switching LLDP APP parameter, 159 auto
action Ethernet interface auto power-down, 11
loop detection block, 101 loop detection port status auto recovery, 102
loop detection no-learning protection, 101 AutoMDIX mode (Ethernet interface), 12
loop detection shutdown protection, 101
B
adding
backup port (MST), 68
MAC address table blackhole entry, 20
bandwidth
MAC address table multiport unicast entry, 20
LAN switching LLDP ETS parameters, 161
address
basic management LLDPDU TLV types, 148
MAC address learning disable, 22
basic setting
MAC address table address synchronization, 25
configuration, 1
MAC address table learning limit on
interface, 23 configuring an Ethernet interface, 1
MAC address table learning priority, 24 blackhole entry
MAC Information queue length, 30 MAC address table, 18, 20
advertising block action (loop detection), 101
LAN switching LLDP advertisable TLV, 154 boundary port (MST), 68
LAN switching LLDP+DCBX TLV BPDU
advertisement, 158 MST region max hops, 76
aggregating STP BPDU drop, 94
link. See Ethernet link aggregation STP BPDU forwarding, 64
aging STP BPDU guard, 91
MAC address table timer, 23 STP hello time, 77
STP max age timer, 77
176
STP TC-BPDU guard, 93 CIST
STP TC-BPDU transmission restriction, 93 calculation, 69
transmission rate configuration, 78 network device connection, 67
bridge STP max age timer, 77
LAN switching LLDP agent customer bridge, 146 combining
LAN switching LLDP agent nearest bridge, 146 Ethernet 10-GE interfaces into 40-GE interface, 2
LAN switching LLDP agent non-TPMR common root bridge, 67
bridge, 146 configuration example
MST common root bridge, 67, 67 many-to-one VLAN mapping, 138
MST regional root, 67 one-to-one VLAN mapping, 138
MSTP root bridge configuration, 74 one-to-two VLAN mapping, 142
MSTP secondary root bridge configuration, 74 two-to-two VLAN mapping, 142
RSTP root bridge configuration, 74 configuring
RSTP secondary root bridge configuration, 74 basic settings for an Ethernet interface, 1
STP designated bridge, 59 Ethernet aggregate interface, 41
STP loop guard, 92 Ethernet aggregate interface (description), 41
STP root bridge, 59 Ethernet interface, 1
STP root bridge configuration, 74 Ethernet interface generic flow control, 6
STP root guard, 91 Ethernet interface jumbo frame support, 3
STP secondary root bridge configuration, 74 Ethernet interface PFC, 7
bulk Ethernet interface physical state change
interface configuration, 16 suppression, 4
C Ethernet interfaces, 1
Ethernet link aggregation, 32, 39, 48
cable
Ethernet link aggregation group, 39
Layer 2 Ethernet interface cable connection, 13
Ethernet link aggregation group load sharing
calculating
criteria, 44
MSTI calculation, 69
Ethernet link aggregation load sharing, 44
MSTP CIST calculation, 69
Ethernet link dynamic aggregation group, 40
STP algorithm, 60
Ethernet link static aggregation group, 40
STP port path cost calculation standard, 80
LAN switching LLDP, 146, 152
STP timeout factor, 78
LAN switching LLDP 802.1p-to-local priority
CDP mapping, 161
LAN switching LLDP CDP compatibility, 156 LAN switching LLDP advertisable TLVs, 154
changing LAN switching LLDP APP parameter, 159
MAC Information change send interval, 30 LAN switching LLDP basics, 152, 165
checking LAN switching LLDP CDP compatibility, 156
STP mCheck, 86 LAN switching LLDP DCBX, 157, 167
STP mCheck (global), 86 LAN switching LLDP ETS parameter, 161
STP mCheck (interface view), 86 LAN switching LLDP group-based WRR
STP No Agreement Check, 88, 90 queuing, 162
choosing LAN switching LLDP management address, 154
Ethernet link aggregation reference port, 34 LAN switching LLDP management address
Cisco encoding format, 154
LAN switching LLDP CDP compatibility, 156 LAN switching LLDP PFC parameter, 162
177
LAN switching LLDP trapping, 164 QinQ CVLAN tag TPID value, 121
LAN switching LLDP-MED trapping, 164 QinQ SVLAN tag TPID value, 121
Layer 2 cut-through forwarding, 175 QinQ VLAN tag TPID value, 120
Layer 2 Ethernet interface storm control, 9 QinQ VLAN transparent transmission, 120, 125
Layer 2 Ethernet interface storm suppression, 8 RSTP, 58, 70, 95
Layer 2 Ethernet link aggregation load RSTP device priority, 75
sharing, 51 RSTP root bridge, 74
Layer 2 Ethernet link dynamic aggregation, 49 RSTP root bridge device, 75
Layer 2 Ethernet link static aggregation, 48 RSTP secondary root bridge, 74
loop detection, 100, 102, 104 RSTP secondary root bridge device, 75
loop detection protection action, 103 service loopback group, 173, 173, 174
loop detection protection action (aggregate STP, 58, 70, 95
interface), 103 STP BPDU transmission rate, 78
loop detection protection action (Ethernet STP device priority, 75
interface), 103
STP Digest Snooping, 86, 88
loop detection protection action (global), 103
STP edge port, 79
loopback interface, 14, 14
STP No Agreement Check, 88, 90
MAC address table, 18, 19, 27
STP port link type, 83
MAC address table dynamic aging timer, 23
STP port mode, 84
MAC address table entry, 19
STP port path cost, 80, 82
MAC address table learning limit on
STP port priority, 83
interface, 23
STP port role restriction, 92
MAC Information, 29, 31
STP protection functions, 90
MAC Information change send interval, 30
STP root bridge, 74
MAC Information mode, 30
STP root bridge device, 75
MAC Information queue length, 30
STP secondary root bridge, 74
Management Ethernet interface, 1
STP secondary root bridge device, 75
many-to-one VLAN mapping, 134
STP switched network diameter, 76
many-to-one VLAN mapping customer-side
STP TC-BPDU transmission restriction, 93
port, 135
STP timeout factor, 78
many-to-one VLAN mapping network-side
port, 136 STP timer, 77
MST region, 74 two-to-two VLAN mapping, 137
MST region max hops, 76 VLAN (port-based), 110, 115
MSTP, 58, 70, 95 VLAN basic settings, 108
MSTP device priority, 75 VLAN interface basic settings, 109
MSTP root bridge, 74 VLAN mapping, 128, 138
MSTP root bridge device, 75 connecting
MSTP secondary root bridge, 74 Layer 2 Ethernet interface cable connection, 13
MSTP secondary root bridge device, 75 Converged Enhanced Ethernet. Use CEE
null interface, 14, 14 cost
one-to-one VLAN mapping, 133 STP path cost, 59
one-to-two VLAN mapping, 136 STP port path cost calculation standard, 80
port isolation, 55 STP port path cost configuration, 80, 82
port isolation (on VLAN), 56 CST
QinQ, 117, 119, 123 MST region connection, 67
178
customer Ethernet link aggregate interface default
VLAN mapping many-to-one customer-side port settings, 44
configuration, 135 designated
cut-through Layer 2 forwarding, 175 MST port, 68
CVLAN STP bridge, 59
many-to-one VLAN mapping application STP port, 59
scenario, 128 device
many-to-one VLAN mapping configuration, 134 Ethernet interface 40-GE interface split into 10-GE
many-to-one VLAN mapping customer-side port interfaces, 2, 3
configuration, 135 Ethernet interface configuration, 1
many-to-one VLAN mapping Layer 2 cut-through forwarding configuration, 175
implementation, 131 loop protection actions, 101
many-to-one VLAN mapping network-side port MSTP implementation, 70
configuration, 136
MSTP priority, 75
one-to-one VLAN mapping application
MSTP root bridge configuration, 75
scenario, 128
MSTP secondary root bridge configuration, 75
one-to-one VLAN mapping configuration, 133
RSTP priority, 75
one-to-one VLAN mapping implementation, 131
RSTP root bridge configuration, 75
one-to-two VLAN mapping application
RSTP secondary root bridge configuration, 75
scenario, 130
STP BPDU drop, 94
one-to-two VLAN mapping configuration, 136
STP BPDU guard, 91
one-to-two VLAN mapping implementation, 132
STP Digest Snooping, 86, 88
QinQ configuration, 117, 119, 123
STP loop guard, 92
QinQ VLAN transparent transmission
configuration, 125 STP No Agreement Check, 88, 90
two-to-two VLAN mapping application STP port role restriction, 92
scenario, 130 STP priority, 75
two-to-two VLAN mapping configuration, 137 STP protection functions, 90
two-to-two VLAN mapping implementation, 132 STP root bridge configuration, 75
VLAN mapping configuration, 128 STP root guard, 91
STP secondary root bridge configuration, 75
D
STP TC-BPDU guard, 93
Data Center
Bridging Exchange Protocol. Use DCBX
Digest Snooping (STP), 86, 88
Ethernet. Use DCE
disabling
DCBX
MAC address learning, 22
configuration, 157, 167
discarding
LAN switching LLDP APP parameter
MST discarding port state, 68
configuration, 159
displaying
LAN switching LLDP ETS parameter
Ethernet interface, 13
configuration, 161
Ethernet link aggregation, 47
LAN switching LLDP PFC parameter
configuration, 162 LAN switching LLDP, 164
LAN switching LLDP+DCBX TLV loop detection, 104
advertisement, 158 loopback interface, 15
default MAC address table, 26
MSTP, 94
179
null interface, 15 QinQ, 119
port isolation, 55 STP BPDU drop, 94
QinQ, 122 STP BPDU guard, 91
RSTP, 94 STP feature, 85
service loopback group, 173 STP loop guard, 92
STP, 94 STP port state transition information output, 85
VLAN, 114 STP root guard, 91
VLAN mapping, 138 STP TC-BPDU guard, 93
dot1d-1998 (STP port path cost calculation), 80 encapsulating
dot1s (STP port mode), 84 LAN switching LLDPDU encapsulated in Ethernet
dot1t (STP port path cost calculation), 80 II, 146
dynamic LAN switching LLDPDU encapsulated in SNAP
Ethernet link aggregation dynamic mode, 35 format, 146
Ethernet link aggregation mode, 33 LAN switching LLDPDU encapsulation format, 156
Ethernet link dynamic aggregation group Energy Efficient Ethernet. See see EEE
configuration, 40 energy-saving functions, 11
Layer 2 Ethernet link aggregation Ethernet
configuration, 49 interface. See Ethernet interface
link aggregation process, 36 LAN switching LLDP APP parameters, 159
MAC address table dynamic aging timer, 23 LAN switching LLDP DCBX configuration, 157, 167
MAC address table entry, 18 LAN switching LLDP ETS parameters, 161
E LAN switching LLDP group-based WRR
queuing, 162
edge port
LAN switching LLDP PFC parameters, 162
MST, 68
LAN switching LLDP trapping, 164
STP, 79
LAN switching LLDP+DCBX TLV advertisement, 158
EEE energy saving, 11
LAN switching LLDPDU encapsulated in Ethernet
enabling II, 146
Ethernet interface auto power-down, 11 LAN switching LLDP-MED trapping, 164
Ethernet interface EEE energy saving, 11 link aggregation. See Ethernet link aggregation
Ethernet interface energy-saving functions, 11 loop detection configuration, 100, 104
Ethernet link aggregation traffic redirection, 46 MAC address table configuration, 18, 19, 27
LAN switching LLDP, 152 MAC Information configuration, 29, 31
LAN switching LLDP polling, 153 port isolation configuration, 55
LAN switching LLDP+DCBX TLV port isolation configuration (on VLAN), 56
advertisement, 158
QinQ CVLAN frame header tag, 117
loop detection, 102
QinQ SVLAN frame header tag, 117
loop detection (global), 102
service loopback group
loop detection (port-specific), 102 configuration, 173, 173, 174
MAC address synchronization, 25 VLAN access port assignment, 111
MAC Information globally, 29 VLAN basic configuration, 108
MAC Information on interface, 29 VLAN hybrid port assignment, 113
many-to-one VLAN mapping ARP VLAN interface basic configuration, 109
detection, 135
VLAN port-based configuration, 110, 115
many-to-one VLAN mapping DHCP
VLAN trunk port assignment, 112
snooping, 134
180
Ethernet interface Layer 2 dynamic aggregation configuration, 49
10-GE interfaces into 40-GE interface Layer 2 static aggregation configuration, 48
combine, 2 load sharing configuration, 44
40-GE interface split, 2 load sharing criteria, 39
40-GE interface split into 10-GE interfaces, 2, 3 local-first load sharing, 45
auto power-down enable, 11 maintaining, 47
configuration, 1, 1, 1 member port, 32
configuring basic settings, 1 member port state, 32, 34
configuring the management Ethernet modes, 33
interface, 1 operational key, 33
displaying, 13 reference port choosing, 34
EEE energy saving enable, 11 static group configuration, 40
energy-saving functions, 11 static mode, 34
generic flow control, 6 traffic redirection, 46
jumbo frame support configuration, 3 traffic redirection restrictions, 46
loopback test, 5 ETS parameter (LLDP), 161
maintaining, 13 external loopback test (Ethernet interface), 5
Naming conventions, 1
F
PFC configuration, 7
physical state change suppression, 4 FCoE
statistics polling interval, 11 LAN switching LLDP APP parameters, 159
Ethernet link aggregation LAN switching LLDP DCBX configuration, 167
aggregate group min/max number Selected flow control
ports, 42 Ethernet interface generic flow control, 6
aggregate interface, 32 Ethernet interface PFC, 7
aggregate interface (description), 41 format
aggregate interface configuration, 41 LAN switching LLDP management address
aggregate interface default settings, 44 encoding format, 154
aggregate interface shutdown, 43 LAN switching LLDPDU encapsulated in Ethernet
II, 146
aggregation group, 32
LAN switching LLDPDU encapsulated in SNAP
basic concepts, 32
format, 146
configuration, 32, 39, 48
LAN switching LLDPDU encapsulation format, 156
configuration types, 33
forwarding
displaying, 47
Layer 2 cut-through forwarding configuration, 175
dynamic group configuration, 40
MST forwarding port state, 68
dynamic mode, 35
STP BPDU forwarding, 64
dynamic process, 36
STP forward delay timer, 64, 77
group configuration, 39
frame
group load sharing criteria, 44
Ethernet interface jumbo frame support, 3
ignored VLAN on Layer 2 aggregate
Layer 2 cut-through forwarding configuration, 175
interface, 42
loop detection, 100
LACP, 35
loop detection (Ethernet frame header), 100
Layer 2 aggregate interface (ignored
VLAN), 42 loop detection (inner frame header), 100
Layer 2 aggregation load sharing, 51 loop detection interval, 101
MAC address learning, 18
181
MAC address table blackhole entry, 20 Ethernet link aggregate interface shutdown, 43
MAC address table configuration, 18, 19, 27 Layer 2 Ethernet aggregate interface (ignored
MAC address table entry configuration, 19 VLAN), 42
MAC address table multiport unicast entry, 20 internal loopback test (Ethernet interface), 5
MAC Information configuration, 29, 31 interval
QinQ CVLAN Ethernet frame header tag, 117 loop detection, 101, 104
QinQ implementation, 119 MAC Information change send interval, 30
QinQ SVLAN Ethernet frame header tag, 117 isolating
frame encapsulation, VLAN, 107 ports. See port isolation
IST
G
MST region, 67
generic flow control (Ethernet interface), 6
J
group
Ethernet link aggregate group min/max number jumbo frame support (Ethernet interface), 3
Selected ports, 42 K
Ethernet link aggregation group, 32
key
Ethernet link aggregation group
Ethernet link aggregation operational key, 33
configuration, 39
Ethernet link aggregation LACP, 35 L
Ethernet link aggregation load sharing, 44 LACP
Ethernet link aggregation load sharing Ethernet link aggregation, 35
criteria, 39, 44 LAN
Ethernet link aggregation member port state, 32 VLAN basic configuration, 108
Ethernet link dynamic aggregation group VLAN interface basic configuration, 109
configuration, 40
Ethernet link static aggregation group
LAN switching
configuration, 40
Ethernet aggregate interface configuration, 41
H Ethernet link aggregation basic concepts, 32
hello Ethernet link aggregation configuration, 32, 39, 48
STP timer, 64, 77 Ethernet link aggregation dynamic mode, 35
hybrid port assignment (VLAN), 113 Ethernet link aggregation group configuration, 39
I Ethernet link aggregation LACP, 35
Ethernet link aggregation load sharing, 44
ignored VLAN
Ethernet link aggregation load sharing criteria, 39
Layer 2 aggregate interface, 42
Ethernet link aggregation static mode, 34
implementing
Ethernet link aggregation traffic redirection, 46
MSTP device implementation, 70
Ethernet link dynamic aggregation group
QinQ, 119
configuration, 40
interface
LLDP basic concepts, 146
bulk configuration, 16
LLDP basic configuration, 152, 165
configuring loopback, 14
LLDP CDP compatibility, 156
configuring null, 14
LLDP configuration, 146, 152
Ethernet aggregate interface (description), 41
LLDP DCBX configuration, 167
Ethernet aggregate interface configuration, 41
Layer 2
Ethernet link aggregate interface default
cut-through forwarding configuration, 175
settings, 44
182
Ethernet aggregate interface (description), 41 Layer 2 Ethernet interface
Ethernet aggregate interface configuration, 41 cable connection, 13
Ethernet link aggregate group min/max number configuration, 1
Selected ports, 42 mode, 12
Ethernet link aggregate interface default storm control configuration, 9
settings, 44 storm suppression configuration, 8
Ethernet link aggregate interface shutdown, 43 Layer 3
Ethernet link aggregation LAN switching LLDP basic configuration, 165
Ethernet link aggregation group
LAN switching LLDP-MED trapping, 164
configuration, 39
VLAN access port assignment, 111
Ethernet link aggregation group load sharing
VLAN basic configuration, 108
criteria, 44
VLAN hybrid port assignment, 113
Ethernet link aggregation load sharing, 44, 51
VLAN interface basic configuration, 109
Ethernet link aggregation load sharing
criteria, 39 VLAN port-based configuration, 110, 115
Ethernet link aggregation local-first load VLAN trunk port assignment, 112
sharing, 45 learning
Ethernet link aggregation traffic redirection, 46 loop detection no-learning action, 101
Ethernet link dynamic aggregation MAC address, 18
configuration, 49 MAC address learning disable, 22
Ethernet link dynamic aggregation group MAC address table learning limit on interface, 23
configuration, 40 MAC address table learning priority, 24
Ethernet link static aggregation MST learning port state, 68
configuration, 48 legacy
Ethernet link static aggregation group STP port mode, 84
configuration, 40
STP port path cost calculation, 80
LAN switching LLDP basic configuration, 165
link
LAN switching LLDP group-based WRR
aggregation. See Ethernet link aggregation
queuing, 162
link layer discovery protocol. See LLDP
MSTP configuration, 58, 70, 95
LAN switching LLDP+DCBX TLV
advertisement, 158 RSTP configuration, 58, 70, 95
LAN switching LLDP-MED trapping, 164 STP configuration, 58, 70, 95
loop detection configuration, 100, 102, 104 STP hello time, 77
port isolation configuration, 55 STP port link type configuration, 83
port isolation configuration (on VLAN), 56 LLDP
QinQ configuration, 117, 119, 123 802.1p-to-local priority mapping, 161
QinQ VLAN transparent transmission advertisable TLV configuration, 154
configuration, 125 agent, 146
VLAN access port assignment, 111 APP parameter configuration, 159
VLAN basic configuration, 108 basic concepts, 146
VLAN hybrid port assignment, 113 basic configuration, 152, 165
VLAN interface basic configuration, 109 CDP compatibility configuration, 156
VLAN mapping configuration, 128 configuration, 146, 152
VLAN port-based configuration, 110, 115 DCBX configuration, 157, 167
VLAN trunk port assignment, 112 displaying, 164
183
enable, 152 load balancing
ETS parameter configuration, 161 service loopback group
group-based WRR queuing, 162 configuration, 173, 173, 174
how it works, 151 load sharing
LAN switching LLDP+DCBX TLV Ethernet link aggregation configuration, 44
advertisement, 158 Ethernet link aggregation group criteria, 44
LAN switching LLDP-MED trapping Ethernet link aggregation group load sharing, 39
configuration, 164 Ethernet link aggregation local-first load
LLDPDU encapsulation format, 156 sharing, 45
LLDPDU format, 146 Ethernet link aggregation packet type-based load
LLDPDU management address TLV, 151 sharing, 39
LLDPDU reception, 151 Ethernet link aggregation per-flow load sharing, 39
LLDPDU TLV types, 148 Ethernet link aggregation per-packet load
LLDPDU TLVs, 148 sharing, 39
LLDPDU transmission, 151 Layer 2 Ethernet link aggregation configuration, 51
management address configuration, 154 local
management address encoding format, 154 Ethernet link aggregation local-first load
sharing, 45
operating mode (disable), 151
logging
operating mode (Rx), 151
loop detection configuration, 100, 102, 104
operating mode (Tx), 151
loop
operating mode (TxRx), 151
MSTP configuration, 58, 70, 95
operating mode set, 153
RSTP configuration, 58, 70, 95
parameter set, 155
STP configuration, 58, 70, 95
PFC parameter configuration, 162
STP loop guard, 92
polling enable, 153
loop detection
protocols and standards, 151
re-initialization delay, 153
displaying, 104
trapping configuration, 164
enable, 102
LLDPDU
enable (global), 102
encapsulated in Ethernet II format, 146
enable (port-specific), 102
encapsulated in SNAP format, 146
interval, 101
encapsulation format, 156
interval setting, 104
mechanisms, 100
LAN switching LLDP configuration, 152
port status auto recovery, 102
LLDP basic configuration, 152
protection action configuration, 103
LLDP configuration, 146
protection action configuration (aggregate
LLDP parameters, 155
interface), 103
management address configuration, 154
protection action configuration (Ethernet
management address encoding format, 154
interface), 103
management address TLV, 151
protection action configuration (global), 103
receiving, 151
protection actions, 101
TLV basic management types, 148
loopback
TLV LLDP-MED types, 148
Ethernet interface loopback test, 5
TLV organization-specific types, 148
loopback interface
transmitting, 151
configuration, 14
184
displaying, 15 network-side port configuration, 136, 136
maintaining, 15 many-to-one VLAN mapping ARP detection
M enabling, 135
many-to-one VLAN mapping DHCP snooping
MAC address table
enabling, 134
address learning, 18
mapping
address synchronization, 25
MSTP VLAN-to-instance mapping table, 67
blackhole entry, 20
master port (MST), 68
max age timer (STP), 64
displaying, 26
mCheck (STP), 86, 86, 86
dynamic aging timer, 23
MDI mode (Ethernet interface), 12
entry configuration, 19
MDIX mode (Ethernet interface), 12
entry creation, 18
MED (LLDP-MED trapping), 164
entry types, 18
MIB
learning limit configuration on interface, 23
LAN switching LLDP basic configuration, 152, 165
learning priority assignment, 24
LAN switching LLDP configuration, 146, 152
MAC address learning disable, 22
mode
manual entries, 18
Ethernet link aggregation dynamic, 33
multiport unicast entry, 20
Ethernet link aggregation dynamic mode, 35
MAC Information
Ethernet link aggregation load sharing criteria, 39
change send interval, 30
Ethernet link aggregation static, 33
Ethernet link aggregation static mode, 34
enable globally, 29
LAN switching LLDP disable, 151, 153
enable on interface, 29
LAN switching LLDP Rx, 151, 153
mode configuration, 30
LAN switching LLDP Tx, 151, 153
queue length configuration, 30
LAN switching LLDP TxRx, 151, 153
MAC relay (LLDP agent), 146
Layer 2 Ethernet interface Auto MDIX mode, 12
maintaining
Layer 2 Ethernet interface MDI mode, 12
Ethernet interface, 13
Layer 2 Ethernet interface MDIX mode, 12
Ethernet link aggregation, 47
MAC Information syslog, 30
loopback interface, 15
MAC Information trap, 30
MSTP, 94
modifying
null interface, 15
RSTP, 94
MAC address table multiport unicast entry, 20
STP, 94
MQC 802.1p-to-local priority mapping, 161
VLAN, 114
MST
management address
CIST, 67
LAN switching LLDP encoding format, 154
common root bridge, 67
Management Ethernet interface
CST, 67
configuration, 1
IST, 67
many-to-one VLAN mapping
MSTI, 67
application scenario, 128
port roles, 68
port states, 68
configuration example, 138
region, 66
customer-side port configuration, 135, 135
region configuration, 74
185
region max hops, 76 Ethernet interface physical state change
regional root, 67 suppression, 4
MSTI Ethernet interface statistics polling interval, 11
calculation, 69 Ethernet link aggregation configuration types, 33
MST instance, 67 Ethernet link aggregation dynamic mode, 35
MSTP, 58, See also STP Ethernet link aggregation LACP, 35
basic concepts, 65 Ethernet link aggregation member port state, 34
CIST calculation, 69 Ethernet link aggregation modes, 33
configuration, 58, 70, 72, 95 Ethernet link aggregation operational key, 33
device implementation, 70 Ethernet link aggregation reference port
device priority configuration, 75 choosing, 34
displaying, 94 Ethernet link aggregation static mode, 34
features, 65 LAN switching LLDP basic configuration, 152
how it works, 69 Layer 2 Ethernet interface cable connection, 13
maintaining, 94 Layer 2 Ethernet interface mode, 12
mode set, 73 Layer 2 Ethernet interface storm control
configuration, 9
MSTI calculation, 69
Layer 2 Ethernet interface storm suppression
No Agreement Check, 88, 90
configuration, 8
loop detection interval, 101, 104
relationship to RSTP and STP, 65
loop detection protection action configuration, 103
root bridge configuration, 74
loop protection actions, 101
root bridge device configuration, 75
loopback interface configuration, 14
secondary root bridge configuration, 74
MAC address table address synchronization, 25
secondary root bridge device configuration, 75
STP basic concepts, 59
MAC address table dynamic aging timer, 23
STP max age timer, 77
MAC address table entry configuration, 19
STP port mode configuration, 84
MAC address table entry types, 18
VLAN-to-instance mapping table, 67
MAC address table learning limit on interface, 23
multiport unicast entry (MAC address table), 18, 20
MAC address table learning priority, 24
N MAC address table multiport unicast entry, 20
network many-to-one VLAN mapping customer-side port
Ethernet 10-GE interfaces into 40-GE interface configuration, 135
combine, 2 many-to-one VLAN mapping network-side port
Ethernet 40-GE interface split, 2 configuration, 136
Ethernet interface 40-GE interface split into MST region configuration, 74
10-GE interfaces, 2, 3 MSTP mode set, 73
Ethernet interface auto power-down, 11 null interface configuration, 14
Ethernet interface EEE energy saving, 11 QinQ CVLAN tag TPID value, 121
Ethernet interface energy-saving functions, 11 QinQ SVLAN tag TPID value, 121
Ethernet interface generic flow control, 6 QinQ VLAN tag TPID value, 120
Ethernet interface jumbo frame support QinQ VLAN transparent transmission, 120
configuration, 3 RSTP mode set, 73
Ethernet interface loopback test, 5 RSTP network convergence, 64
Ethernet interface PFC, 7 service loopback group configuration, 173, 174
STP algorithm calculation, 60
186
STP BPDU drop, 94 Layer 2 Ethernet link static aggregation
STP BPDU guard, 91 configuration, 48
STP BPDU transmission rate, 78 loop detection, 100
STP designated bridge, 59 loop detection configuration, 102, 104
STP designated port, 59 loopback interface configuration, 14
STP Digest Snooping, 86, 88 MAC address table configuration, 18, 19, 27
STP edge port, 79 MAC Information configuration, 29, 31
STP loop guard, 92 many-to-one VLAN mapping application
STP mode set, 73 scenario, 128
STP No Agreement Check, 88, 90 many-to-one VLAN mapping configuration, 134
STP path cost, 59 many-to-one VLAN mapping implementation, 131
STP port link type, 83 MSTP configuration, 58, 70, 95
STP port mode, 84 null interface configuration, 14
STP port path cost, 80, 82 one-to-one VLAN mapping application
scenario, 128
STP port priority, 83
STP port state transition, 85
scenario, 130
STP root bridge, 59
STP root guard, 91
STP root port, 59
port isolation configuration, 55
STP switched network diameter, 76
port isolation configuration (on VLAN), 56
VLAN access port assignment, 111
configuration, 125
VLAN hybrid port assignment, 113
RSTP configuration, 58, 70, 95
VLAN interface basic configuration, 109
service loopback group configuration, 173
STP configuration, 58, 70, 95
VLAN trunk port assignment, 112
two-to-two VLAN mapping application
network management scenario, 130
Ethernet interface configuration, 1 two-to-two VLAN mapping configuration, 137
Ethernet link aggregation two-to-two VLAN mapping implementation, 132
VLAN basic configuration, 108
interface bulk configuration, 16
VLAN mapping configuration, 128, 138
LAN switching LLDP basic concepts, 146
No Agreement Check (STP), 88, 90
no-learning action (loop detection), 101
LAN switching LLDP configuration, 146, 152
null interface
LAN switching LLDP DCBX
displaying, 15
Layer 2 cut-through forwarding
maintaining, 15
configuration, 175
Layer 2 Ethernet link aggregation load O
sharing, 51 one-to-one VLAN mapping
Layer 2 Ethernet link dynamic aggregation application scenario, 128
configuration, 49
configuration, 133
187
configuration example, 138 LAN switching LLDP ETS configuration, 161
one-to-two VLAN mapping LAN switching LLDP PFC configuration, 162
application scenario, 130 STP timeout factor, 78
configuration, 136, 136 per-flow load sharing, 39
configuration example, 142 performing
operational key (Ethernet link aggregation), 33 Ethernet interface loopback test, 5
organization-specific LLDPDU TLV types, 148 STP mCheck, 86
outputting STP mCheck globally, 86
STP port state transition information, 85 STP mCheck in interface view, 86
P per-packet load sharing, 39
PFC (Ethernet interface), 7
packet
PFC priority (LLDP), 162
Ethernet link aggregation packet type-based
physical
load sharing, 39
Ethernet interface physical state change
LAN switching LLDP CDP compatibility, 156
suppression, 4
LAN switching LLDP DCBX configuration, 167
polling
LAN switching LLDP PFC parameters, 162
LAN switching LLDP enable, 153
many-to-one VLAN mapping application
polling interval, 11
scenario, 128
port
many-to-one VLAN mapping configuration, 134
customer-side configuration, 135
many-to-one VLAN mapping customer-side port
configuration, 135 Ethernet aggregate interface (description), 41
many-to-one VLAN mapping Ethernet aggregate interface configuration, 41
implementation, 131 Ethernet link aggregate group min/max number
many-to-one VLAN mapping network-side port Selected ports, 42
configuration, 136 Ethernet link aggregate interface default
one-to-one VLAN mapping application settings, 44
scenario, 128 Ethernet link aggregate interface shutdown, 43
one-to-one VLAN mapping configuration, 133 Ethernet link aggregation configuration, 32, 39, 48
one-to-one VLAN mapping implementation, 131 Ethernet link aggregation configuration types, 33
one-to-two VLAN mapping application Ethernet link aggregation dynamic mode, 35
scenario, 130 Ethernet link aggregation group configuration, 39
one-to-two VLAN mapping configuration, 136 Ethernet link aggregation LACP, 35
one-to-two VLAN mapping implementation, 132 Ethernet link aggregation load sharing, 44
service loopback group Ethernet link aggregation load sharing criteria, 39
configuration, 173, 173, 174 Ethernet link aggregation local-first load
STP BPDU protocol packets, 58 sharing, 45
STP port mode configuration, 84 Ethernet link aggregation member port, 32
STP TCN BPDU protocol packets, 58 Ethernet link aggregation member port
two-to-two VLAN mapping application state, 32, 34
scenario, 130 Ethernet link aggregation modes, 33
two-to-two VLAN mapping configuration, 137 Ethernet link aggregation operational key, 33
two-to-two VLAN mapping implementation, 132 Ethernet link aggregation reference port
VLAN mapping configuration, 128, 138 choosing, 34
parameter Ethernet link aggregation static mode, 34
LAN switching LLDP APP configuration, 159 Ethernet link aggregation traffic redirection, 46
188
Ethernet link dynamic aggregation group RSTP network convergence, 64
configuration, 40 service loopback group
Ethernet link static aggregation group configuration, 173, 173, 174
configuration, 40 STP BPDU drop, 94
group assignment (port isolation), 55 STP BPDU guard, 91
isolation. See port isolation STP BPDU transmission rate, 78
LAN switching LLDP basic STP designated port, 59
configuration, 152, 165 STP edge port configuration, 79
LAN switching LLDP configuration, 146, 152 STP forward delay timer, 77
LAN switching LLDP disable operating STP loop guard, 92
mode, 151
STP mCheck, 86
LAN switching LLDP enable, 152
STP mCheck (global), 86
LAN switching LLDP operating mode, 153
STP mCheck (interface view), 86
LAN switching LLDP polling, 153
STP path cost calculation standard, 80
LAN switching LLDP re-initialization delay, 153
STP path cost configuration, 80, 82
LAN switching LLDP Rx operating mode, 151
STP port link type configuration, 83
LAN switching LLDP Tx operating mode, 151
STP port mode configuration, 84
LAN switching LLDP TxRx operating mode, 151
STP port priority configuration, 83
LAN switching LLDPDU encapsulation
format, 156
STP port state transition output, 85
LAN switching LLDPDU reception, 151
STP root guard, 91
LAN switching LLDPDU transmission, 151
STP root port, 59
Layer 2 aggregate interface (ignored
VLAN), 42
Layer 2 Ethernet link aggregation load
sharing, 51 port isolation
Layer 2 Ethernet link dynamic aggregation configuration, 55
configuration, 49 configuration (on VLAN), 56
Layer 2 Ethernet link static aggregation displaying, 55
configuration, 48 port assignment to group (multiple), 55
loop detection configuration, 100, 102, 104 port link type, 110
loop detection interval, 101, 104 port-based VLAN
loop detection protection action access port assignment, 111
configuration, 103 configuration, 110, 115
loop detection protection actions, 101 configuration example, 115
loop detection status auto recovery, 102 configuration procedure, 115
MAC address learning, 18 how ports of different link types handle frames, 111
MAC address table blackhole entry, 20 hybrid port assignment, 113
MAC address table configuration, 18, 19, 27 introduction, 110
MAC address table entry configuration, 19 network requirements, 115
MAC address table multiport unicast entry, 20 port link type, 110
MAC Information configuration, 29, 31 PVID, 110
MST port roles, 68 trunk port assignment, 112
MST port states, 68 verifying the configuration, 116
network-side configuration, 136 power
QinQ implementation, 119 Ethernet interface auto power-down, 11
189
Ethernet interface EEE energy saving, 11 configuring Ethernet interface physical state change
Ethernet interface energy-saving functions, 11 suppression, 4
priority configuring Ethernet interfaces, 1
802.1p-to-local priority mapping, 161 configuring Ethernet link aggregation, 39, 48
Ethernet link aggregation LACP, 35 configuring Ethernet link aggregation global load
LAN switching LLDP PFC 802.1p priority, 162 sharing criteria, 44
MAC address table learning priority, 24 configuring Ethernet link aggregation group, 39
MSTP device priority, 75 configuring Ethernet link aggregation group load
sharing criteria, 44
QinQ SVLAN tag 802.1p priority, 121
configuring Ethernet link aggregation group-specific
RSTP device priority, 75
load sharing criteria, 45
STP device priority, 75
configuring Ethernet link aggregation load
STP port priority configuration, 83
sharing, 44
priority-based flow control. Use PFC
configuring Ethernet link dynamic aggregation
procedure group, 40
adding MAC address table blackhole entry, 20 configuring Ethernet link static aggregation
adding MAC address table multiport unicast group, 40
entry, 20 configuring LAN switching LLDP, 152
assigning a hybrid port to a VLAN, 113 configuring LAN switching LLDP 802.1p-to-local
assigning a trunk port to a VLAN, 112 priority mapping, 161
assigning an access port to a VLAN, 111 configuring LAN switching LLDP advertisable
assigning MAC address table learning priority TLVs, 154
to interface, 24 configuring LAN switching LLDP APP
assigning port to isolation group (multiple), 55 parameters, 159
assigning VLAN access port, 111 configuring LAN switching LLDP basics, 152, 165
assigning VLAN hybrid port, 113 configuring LAN switching LLDP CDP
assigning VLAN trunk port, 112 compatibility, 156
bulk configuring interfaces, 16 configuring LAN switching LLDP DCBX, 157, 167
combining Ethernet 10-GE interfaces into 40-GE configuring LAN switching LLDP ETS
interface, 2 parameters, 161
configuring basic settings of an Ethernet configuring LAN switching LLDP group-based WRR
interface, 1 queuing, 162
configuring Ethernet aggregate interface, 41 configuring LAN switching LLDP management
configuring Ethernet aggregate interface address, 154
(description), 41 configuring LAN switching LLDP management
configuring Ethernet interface auto address encoding format, 154
power-down, 11 configuring LAN switching LLDP PFC
configuring Ethernet interface EEE energy parameters, 162
saving, 11 configuring LAN switching LLDP trapping, 164
configuring Ethernet interface energy-saving configuring LAN switching LLDP-MED trapping, 164
functions, 11 configuring Layer 2 cut-through forwarding, 175
configuring Ethernet interface generic flow configuring Layer 2 Ethernet interface storm
control, 6 control, 9
configuring Ethernet interface jumbo frame configuring Layer 2 Ethernet interface storm
support, 3 suppression, 8
configuring Ethernet interface PFC, 7 configuring Layer 2 Ethernet link aggregation load
sharing, 51
190
configuring Layer 2 Ethernet link dynamic configuring QinQ transparent transmission for
aggregation, 49 VLAN, 120
configuring Layer 2 Ethernet link static configuring QinQ VLAN tag TPID value, 120
aggregation, 48 configuring QinQ VLAN transparent
configuring loop detection, 102, 104 transmission, 125
configuring loop detection protection configuring RSTP, 70, 71, 95
action, 103 configuring RSTP device priority, 75
configuring loop detection protection action configuring RSTP root bridge, 74
(aggregate interface), 103 configuring RSTP root bridge device, 75
configuring loop detection protection action configuring RSTP secondary root bridge, 74
(Ethernet interface), 103
configuring RSTP secondary root bridge device, 75
configuring loop detection protection action
configuring service loopback group, 173, 174
(global), 103
configuring STP, 70, 71, 95
configuring loopback interface, 14
configuring STP BPDU transmission rate, 78
configuring MAC address table, 27
configuring STP device priority, 75
configuring MAC address table dynamic aging
configuring STP Digest Snooping, 86, 88
timer, 23
configuring STP edge port, 79
configuring MAC address table entry, 19
configuring STP No Agreement Check, 88, 90
configuring MAC address table learning limit
on interface, 23 configuring STP port link type, 83
configuring MAC Information, 31 configuring STP port mode for MSTP packets, 84
configuring MAC Information change send configuring STP port path cost, 80, 82
interval, 30 configuring STP port priority, 83
configuring MAC Information mode, 30 configuring STP port role restriction, 92
configuring MAC Information queue length, 30 configuring STP protection functions, 90
configuring many-to-one VLAN mapping, 134 configuring STP root bridge, 74
configuring many-to-one VLAN mapping configuring STP root bridge device, 75
customer-side port, 135 configuring STP secondary root bridge, 74
configuring many-to-one VLAN mapping configuring STP secondary root bridge device, 75
network-side port, 136 configuring STP switched network diameter, 76
configuring MST region, 74 configuring STP TC-BPDU transmission
configuring MST region max hops, 76 restriction, 93
configuring MSTP, 70, 72, 95 configuring STP timeout factor, 78
configuring MSTP device priority, 75 configuring STP timer, 77
configuring MSTP root bridge, 74 configuring the management Ethernet interface, 1
configuring MSTP root bridge device, 75 configuring two-to-two VLAN mapping, 137
configuring MSTP secondary root bridge, 74 configuring VLAN (port-based), 110, 115
configuring MSTP secondary root bridge configuring VLAN basic settings, 108
device, 75 configuring VLAN interface basic settings, 109
configuring null interface, 14 configuring VLAN mapping, 138
configuring one-to-one VLAN mapping, 133 configuring VLANs, 107
configuring one-to-two VLAN mapping, 136 disabling global MAC address learning, 22
configuring port isolation (on VLAN), 56 disabling MAC address learning, 22
configuring QinQ, 119, 123 disabling MAC address learning on interface, 22
configuring QinQ CVLAN tag TPID value, 121 disabling MAC address learning on VLAN, 23
configuring QinQ SVLAN tag TPID value, 121 displaying Ethernet interface, 13
191
displaying Ethernet link aggregation, 47 maintaining null interface, 15
displaying LAN switching LLDP, 164 maintaining RSTP, 94
displaying loop detection, 104 maintaining STP, 94
displaying loopback interface, 15 maintaining VLAN, 114
displaying MAC address table, 26 modifying MAC address table blackhole entry, 20
displaying MSTP, 94 modifying MAC address table multiport unicast
displaying null interface, 15 entry, 20
displaying port isolation, 55 performing Ethernet interface loopback test, 5
displaying QinQ, 122 performing STP mCheck, 86
displaying RSTP, 94 performing STP mCheck globally, 86
displaying service loopback group, 173 performing STP mCheck in interface view, 86
displaying STP, 94 restoring Ethernet link aggregate interface default
displaying VLAN, 114 settings, 44
displaying VLAN mapping, 138 setting 802.1p priority in QinQ SVLAN tags, 121
enabling Ethernet link aggregation local-first setting Ethernet interface statistics polling
load sharing, 45 interval, 11
enabling Ethernet link aggregation traffic setting Ethernet link aggregate group min/max
redirection, 46 number Selected ports, 42
enabling LAN switching LLDP, 152 setting LAN switching LLDP operating mode, 153
enabling LAN switching LLDP polling, 153 setting LAN switching LLDP parameters, 155
enabling LAN switching LLDP+DCBX TLV setting LAN switching LLDP re-initialization
advertisement, 158 delay, 153
enabling loop detection, 102 setting LAN switching LLDPDU encapsulation
format, 156
enabling loop detection (global), 102
setting Layer 2 Ethernet interface mode, 12
enabling loop detection (port-specific), 102
setting loop detection interval, 104
enabling MAC address synchronization
globally, 25 setting MSTP mode, 73
enabling MAC Information globally, 29 setting RSTP mode, 73
enabling MAC Information on interface, 29 setting STP mode, 73
enabling many-to-one VLAN mapping ARP shutting down Ethernet link aggregate interface, 43
detection, 135 specifying ignored VLAN on Layer 2 aggregate
enabling many-to-one VLAN mapping DHCP interface, 42
snooping, 134 specifying STP port path cost calculation
enabling QinQ, 119 standard, 80
enabling STP BPDU drop, 94 splitting Ethernet 40-GE interface, 2
enabling STP BPDU guard, 91 splitting Ethernet interface 40-GE interface into
10-GE interfaces, 2, 3
enabling STP feature, 85
testing Layer 2 Ethernet interface cable
enabling STP loop guard, 92
connection, 13
enabling STP port state transition information
protecting
output, 85
enabling STP root guard, 91
protocols and standards
enabling STP TC-BPDU guard, 93
Ethernet link aggregation protocol
maintaining Ethernet interface, 13
configuration, 33
maintaining Ethernet link aggregation, 47
LAN switching LLDP, 151
maintaining loopback interface, 15
MSTP, 70
maintaining MSTP, 94
192
QinQ, 119 MST region configuration, 74
STP protocol packets, 58 MST region max hops, 76
protocols and standards, VLAN, 108 MST regional root, 67
PVID, 110 re-initialization delay (LLDP), 153
Q restoring
Ethernet link aggregate interface default
QinQ
settings, 44
restrictions
configuration restrictions, 119
Ethernet link aggregation traffic redirection, 46
CVLAN tag, 117
QinQ configuration, 119
CVLAN tag TPID value, 121
STP Digest Snooping configuration, 87
displaying, 122
STP edge port configuration, 79
enable, 119
STP mCheck configuration, 86
how it works, 117
STP port link type configuration, 84
implementation, 119
STP timer configuration, 77
SVLAN tag, 117
root
SVLAN tag 802.1p priority, 121
MST common root bridge, 67
SVLAN tag TPID value, 121
MST regional root, 67
VLAN tag TPID value, 120
MST root port role, 68
VLAN transparent transmission, 120
MSTP root bridge configuration, 74
VLAN transparent transmission
MSTP secondary root bridge configuration, 74
configuration, 125
RSTP root bridge configuration, 74
QoS
RSTP secondary root bridge configuration, 74
LAN switching LLDP 802.1p-to-local priority
STP algorithm calculation, 60
mapping, 161
STP root bridge, 59
LAN switching LLDP APP parameters, 159
STP root bridge configuration, 74
LAN switching LLDP ETS parameters, 161
STP root guard, 91
queuing, 162 STP root port, 59
LAN switching LLDP PFC parameters, 162 STP secondary root bridge configuration, 74
QinQ SVLAN tag 802.1p priority, 121 RSTP, 58, See also STP
queuing configuration, 58, 70, 71, 95
MAC Information queue length, 30 device priority configuration, 75
displaying, 94
R
maintaining, 94
rate mode set, 73
STP BPDU transmission rate, 78 network convergence, 64
receiving No Agreement Check, 88, 90
LAN switching LLDPDUs, 151 root bridge configuration, 74
recovering root bridge device configuration, 75
loop detection port status auto recovery, 102 secondary root bridge configuration, 74
reference port (Ethernet link aggregation), 34 secondary root bridge device configuration, 75
region STP basic concepts, 59
MST, 66
S
193
selecting state
Ethernet link aggregation Selected ports, 42 Ethernet interface state change suppression, 4
Ethernet link aggregation selected state, 32 Ethernet link aggregation member port
Ethernet link aggregation unselected state, 32 state, 32, 34
sending static
MAC Information change send interval, 30 Ethernet link aggregation mode, 33
service loopback group Ethernet link aggregation static mode, 34
configuration, 173, 173, 174 Ethernet link static aggregation group
displaying, 173 configuration, 40
setting Layer 2 Ethernet link aggregation configuration, 48
Ethernet interface statistics polling interval, 11 MAC address table entry, 18
Ethernet link aggregate group min/max number statistics
Selected ports, 42 polling interval, 11
Ethernet link aggregation member port state, 34 storm
LAN switching LLDP operating mode, 153 Layer 2 Ethernet interface storm control, 9
LAN switching LLDP parameters, 155 Layer 2 Ethernet interface storm suppression, 8
LAN switching LLDP re-initialization delay, 153 STP
LAN switching LLDPDU encapsulation algorithm calculation, 60
format, 156 basic concepts, 59
Layer 2 Ethernet interface mode, 12 BPDU drop, 94
loop detection interval, 104 BPDU forwarding, 64
MSTP mode, 73 BPDU guard enable, 91
QinQ SVLAN tag 802.1p priority, 121 BPDU transmission rate configuration, 78
RSTP mode, 73 CIST, 67
STP mode, 73 configuration, 58, 70, 71, 95
shutting down CST, 67
Ethernet link aggregate interface, 43 designated bridge, 59
loop detection shutdown action, 101 designated port, 59
SNAP device priority configuration, 75
LAN switching LLDPDU encapsulated in SNAP Digest Snooping, 86, 88
format, 146 Digest Snooping configuration restrictions, 87
LAN switching LLDPDU encapsulation displaying, 94
format, 156 edge port configuration, 79
SNMP edge port configuration restrictions, 79
MAC Information configuration, 29, 31 feature enable, 85
snooping IST, 67
STP Digest Snooping, 86, 88 loop detection, 58
spanning tree. Use STP, RSTP, MSTP loop guard enable, 92
specifying maintaining, 94
ignored VLAN on Layer 2 aggregate mCheck, 86
interface, 42
mCheck (global), 86
STP port path cost calculation standard, 80
mCheck (interface view), 86
splitting
mCheck configuration restrictions, 86
Ethernet 40-GE interface, 2
mode set, 73
Ethernet interface 40-GE interface into 10-GE
MST common root bridge, 67
interfaces, 2, 3
194
MST port roles, 68 SVLAN
MST port states, 68 many-to-one VLAN mapping application
MST region, 66 scenario, 128
MST region configuration, 74 many-to-one VLAN mapping configuration, 134
MST regional root, 67 many-to-one VLAN mapping customer-side port
MSTI, 67 configuration, 135
MSTI calculation, 69 many-to-one VLAN mapping implementation, 131
MSTP, 65, See also MSTP many-to-one VLAN mapping network-side port
configuration, 136
MSTP CIST calculation, 69
one-to-one VLAN mapping application
MSTP device implementation, 70
scenario, 128
No Agreement Check, 88, 90
path cost, 59
port link type configuration, 83
port link type configuration restrictions, 84
scenario, 130
port mode configuration, 84
port path cost calculation standard, 80
port path cost configuration, 80, 82
port priority configuration, 83
port role restriction, 92
port state transition output, 85 configuration, 125
protection functions, 90 two-to-two VLAN mapping application
protocol packets, 58 scenario, 130
root bridge, 59 two-to-two VLAN mapping configuration, 137
root bridge configuration, 74 two-to-two VLAN mapping implementation, 132
root bridge device configuration, 75 VLAN mapping configuration, 128
root guard enable, 91 switching
root port, 59 Ethernet interface configuration, 1
RSTP, 64, See also RSTP loopback interface configuration, 14, 14
secondary root bridge configuration, 74 MAC address table configuration, 18, 19, 27
secondary root bridge device configuration, 75 null interface configuration, 14, 14
switched network diameter, 76 port isolation configuration, 55
TC-BPDU guard, 93 port isolation configuration (on VLAN), 56
TC-BPDU transmission restriction, 93 VLAN access port assignment, 111
timeout factor configuration, 78 VLAN basic configuration, 108
timer configuration, 77 VLAN hybrid port assignment, 113
timer configuration restrictions, 77 VLAN interface basic configuration, 109
timers, 64 VLAN port-based configuration, 110, 115
VLAN-to-instance mapping table, 67 VLAN trunk port assignment, 112
suppressing synchronizing
Ethernet interface physical state change MAC addresses, 25
suppression, 4 system
Layer 2 Ethernet interface storm control interface bulk configuration, 16
configuration, 9
T
Layer 2 Ethernet interface storm suppression
configuration, 8 table
195
LAN switching LLDP priority mapping table, 161 timer
MAC address, 18, 19, 27 LAN switching LLDP re-initialization delay, 153
MAC address table learning limit on MAC address table dynamic aging timer, 23
interface, 23 STP forward delay, 64, 77
MSTP VLAN-to-instance mapping table, 67 STP hello, 64, 77
tag STP max age, 64, 77
CVLAN tag TPID value, 121 TLV
many-to-one VLAN mapping application LAN switching LLDP advertisable TLV
scenario, 128 configuration, 154
many-to-one VLAN mapping configuration, 134 LAN switching LLDP management address
many-to-one VLAN mapping customer-side port configuration, 154
configuration, 135 LAN switching LLDP management address
many-to-one VLAN mapping encoding format, 154
implementation, 131 LAN switching LLDP parameters, 155
many-to-one VLAN mapping network-side port LAN switching LLDP+DCBX TLV advertisement, 158
configuration, 136 LAN switching LLDPDU basic management
one-to-one VLAN mapping application types, 148
scenario, 128 LAN switching LLDPDU LLDP-MED types, 148
one-to-one VLAN mapping configuration, 133 LAN switching LLDPDU management address
one-to-one VLAN mapping implementation, 131 TLV, 151
one-to-two VLAN mapping application LAN switching LLDPDU organization-specific
scenario, 130 types, 148
one-to-two VLAN mapping configuration, 136 topology
one-to-two VLAN mapping implementation, 132 STP TCN BPDU protocol packets, 58
QinQ CVLAN tag, 117 traffic
QinQ CVLAN tag TPID value, 121 Ethernet link aggregation traffic redirection, 46
QinQ SVLAN tag, 117 transmitting
QinQ SVLAN tag 802.1p priority, 121 LAN switching LLDPDUs, 151
QinQ SVLAN tag TPID value, 121 QinQ VLAN transparent transmission, 120, 125
QinQ VLAN tag TPID value, 120 STP TC-BPDU transmission restriction, 93
SVLAN tag TPID value, 121 transparent transmission (QinQ for VLAN), 120, 125
two-to-two VLAN mapping application trapping
scenario, 130 LAN switching LLDP configuration, 164
two-to-two VLAN mapping configuration, 137 LAN switching LLDP-MED configuration, 164
two-to-two VLAN mapping implementation, 132 MAC Information configuration, 29, 31
VLAN mapping configuration, 128, 138 MAC Information mode configuration, 30
TC-BPDU trunk port assignment (VLAN), 112
STP TC-BPDU guard, 93 two-to-two VLAN mapping
STP TC-BPDU transmission restriction, 93 application scenario, 130
testing configuration, 137, 137
Layer 2 Ethernet interface cable connection, 13 configuration example, 142
time
U
Ethernet link aggregation LACP timeout
interval, 35 unicast
timeout MAC address table configuration, 18, 19, 27
STP timeout factor, 78 MAC address table multiport unicast entry, 18
196
V enabling many-to-one VLAN mapping ARP
detection, 135
VLAN
enabling many-to-one VLAN mapping DHCP
access port assignment, 111
snooping, 134
assigning a hybrid port to a VLAN, 113
many-to-one application scenario, 128
assigning a trunk port to a VLAN, 112
many-to-one configuration, 134
assigning an access port to a VLAN, 111
many-to-one customer-side port configuration, 135
basic configuration, 108
many-to-one network-side port configuration, 136
configuration, 107
many-to-one VLAN mapping configuration
configuring, 107
example, 138
displaying, 114
many-to-one VLAN mapping implementation, 131
frame encapsulation, 107
one-to-one application scenario, 128
how ports of different link types handle
one-to-one configuration, 133
frames, 111
one-to-one VLAN mapping configuration
hybrid port assignment, 113
example, 138
interface basic configuration, 109
LAN switching LLDP CDP compatibility, 156
one-to-two application scenario, 130
Layer 2 Ethernet aggregate interface (ignored
one-to-two configuration, 136
VLAN), 42
one-to-two VLAN mapping configuration
example, 142
maintaining, 114
MSTP VLAN-to-instance mapping table, 67
two-to-two application scenario, 130
port isolation configuration, 55, 56
two-to-two configuration, 137
port link type, 110
two-to-two VLAN mapping configuration
port-based configuration, 110, 115 example, 142
port-based VLAN configuration example, 115 two-to-two VLAN mapping implementation, 132
port-based VLAN introduction, 110 voice traffic
protocols and standards, 108 LAN switching LLDP CDP compatibility, 156
PVID, 110 VPN
QinQ configuration, 117, 119, 123 QinQ configuration, 117, 119, 123
QinQ CVLAN tag, 117 QinQ VLAN transparent transmission
QinQ CVLAN tag TPID value, 121 configuration, 125
QinQ implementation, 119
W
QinQ SVLAN tag, 117
WRR queuing
QinQ SVLAN tag TPID value, 121
queuing, 162
QinQ transparent transmission, 120
QinQ VLAN tag TPID value, 120
configuration, 125
trunk port assignment, 112
VLAN mapping configuration, 128
VLAN frame encapsulation, 107
VLAN mapping
displaying, 138
197

03 Layer 2 - LAN Switching Configuration Guide-Book

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

03 Layer 2 - LAN Switching Configuration Guide-Book

Uploaded by

Copyright:

Available Formats

H3C S5830V2 & S5820V2 Switch Series

Layer 2—LAN Switching Configuration Guide

Hangzhou H3C Technologies Co., Ltd.

Software version: Release 22xx

All rights reserved

H3C, , Aolynk, , H3Care, , TOP G, , IRF, NetPilot, Neocean, NeoVTL,

Added and modified features

Configuration guide Added and modified features

Added features: Specifying ignored VLANs on a Layer 2

Added features: Specifying the IRF member device for forwarding

LLDP Added features: Configuring the DCBX version.

Configuration guide Added and modified features

Configuration guide Added and modified features

MAC Information MAC Information is a newly added feature.

Port isolation Modified features: Configuring port isolation.

Spanning tree protocols Added features: Enabling BPDU drop.

QinQ QinQ is a newly added feature.

VLAN mapping VLAN mapping is a newly added feature.

LLDP LLDP is a newly added feature.

Service loopback groups Service loopback groups is a newly added feature.

Cut-through forwarding N/A

# A line that starts with a pound (#) sign is comments.

IMPORTANT An alert that calls attention to essential information.

NOTE An alert that contains additional or supplementary information.

TIP An alert that provides helpful information.

Network topology icons

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Port numbering in examples

About the H3C S5830V2 & S5820V2

Category Documents Purposes

Installation quick start Provides basic installation instructions.

Provides a complete guide to hardware installation

Describes the appearance, specifications, and

Describe software features and configuration

Configuring Ethernet interfaces ··································································································································· 1

Configuring loopback and null interfaces ················································································································ 14

Configuring the MAC address table ························································································································ 18

Configuring MAC Information ·································································································································· 29

Configuring Ethernet link aggregation ····················································································································· 32

Configuring spanning tree protocols ························································································································ 58

Configuring loop detection····································································································································· 100

Configuring VLAN mapping ·································································································································· 128

Configuring service loopback groups ··················································································································· 173

Configuring cut-through forwarding ······················································································································ 175

Configuring the management Ethernet interface

Step Command Remarks

Configuring Ethernet interfaces

Configuring basic settings of an Ethernet interface

The default setting is in the format of

The default setting is auto.

speed { 10 | 100 | 1000 |

Splitting a 40-GE interface and combining 10-GE interfaces

Step Command Remarks

By default, a 40-GE interface is

Combining four 10-GE interfaces into a 40-GE interface

Step Command Remarks

By default, 10-GE interfaces split

After creating the 40-GE

Configuring jumbo frame support

Step Command Remarks

By default, the device allows jumbo

Configuring physical state change suppression on an Ethernet