Professional Documents
Culture Documents
03 Layer 2 - LAN Switching Configuration Guide-Book
03 Layer 2 - LAN Switching Configuration Guide-Book
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
The H3C S5830V2 & S5820V2 documentation set includes 14 configuration guides, which describe the
software features for the H3C S5830V2 & S5820V2 Switch Series and guide you through the software
configuration procedures. These configuration guides also provide configuration examples to help you
apply software features to different network scenarios.
The Layer 2—LAN Switching Configuration Guide describes LAN switching fundamentals and
configuration. It describes how to implement flow control and load sharing, isolate uses in the same
VLAN, eliminate Layer 2 loops, divide VLANs, transmit customer network packets through the public
network, and modify VLAN tags for packets.
This preface includes:
• Audience
• Added and modified features
• Conventions
• About the H3C S5830V2 & S5820V2 documentation set
• Obtaining documentation
• Technical support
• Documentation feedback
Audience
This documentation is intended for:
• Network planners
• Field technical support and servicing engineers
• Network administrators working with the S5830V2 & S5820V2 series
• Release 2208 has the following command changes over Release 2108P02:
Added features:
loopback and null interfaces • Restoring the default settings for the interface.
• Displaying the full description of an interface.
Bulk configuring interfaces N/A
Added features:
• Enabling MAC address synchronization globally.
• Assigning MAC learning priority to interfaces.
• Adding or modifying a multiport unicast MAC address entry.
MAC address table
• Configuring MAC address related functions in S-channel
interface view of EVB.
Modified features: Configuring blackhole MAC address table
entries.
Added features:
• Restoring the default settings for the interface.
Ethernet link aggregation • Displaying the full description of an interface.
• Configuring the short LACP timeout interval (3 seconds) on the
interface.
Added features:
• Setting the MTU for the VLAN interface.
VLANs • Restoring the default settings for the VLAN interface.
• Configuring port-based VLAN in S-channel interface view of
EVB.
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic Italic text represents arguments that you replace with actual values.
[] Square brackets enclose syntax choices (keywords or arguments) that are optional.
Braces enclose a set of required syntax choices separated by vertical bars, from which
{ x | y | ... }
you select one.
Square brackets enclose a set of optional syntax choices separated by vertical bars, from
[ x | y | ... ]
which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by vertical
{ x | y | ... } *
bars, from which you select at least one.
Asterisk marked square brackets enclose optional syntax choices separated by vertical
[ x | y | ... ] *
bars, from which you select one choice, multiple choices, or none.
The argument or keyword and argument combination before the ampersand (&) sign can
&<1-n>
be entered 1 to n times.
GUI conventions
Convention Description
Window names, button names, field names, and menu items are in bold text. For
Boldface
example, the New User window appears; click OK.
> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.
Symbols
Convention Description
An alert that calls attention to important information that if not understood or followed can
WARNING result in personal injury.
An alert that calls attention to important information that if not understood or followed can
CAUTION result in data loss, data corruption, or damage to hardware or software.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports
Layer 2 forwarding and other Layer 2 features.
Obtaining documentation
You can access the most up-to-date H3C product documentation on the World Wide Web
at http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents]—Provides hardware installation, software
upgrading, and software feature configuration and maintenance documentation.
[Products & Solutions]—Provides information about products and technologies.
[Technical Support & Documents > Software Download]—Provides the documentation released with the
software version.
Technical support
service@h3c.com
http://www.h3c.com
Documentation feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
Contents
i
Configuring the MAC Information mode ····················································································································· 30
Configuring the MAC change sending interval ·········································································································· 30
Configuring the MAC Information queue length ········································································································ 30
MAC Information configuration example ···················································································································· 31
Network requirements ··········································································································································· 31
Configuration procedure ······································································································································ 31
ii
Calculation process of the STP algorithm ··········································································································· 60
RSTP ················································································································································································· 64
MSTP················································································································································································ 65
MSTP features ························································································································································ 65
MSTP basic concepts ············································································································································ 65
How MSTP works ·················································································································································· 69
MSTP implementation on devices ························································································································ 70
Protocols and standards ················································································································································ 70
Spanning tree configuration task lists ·························································································································· 70
STP configuration task list ····································································································································· 71
RSTP configuration task list ··································································································································· 71
MSTP configuration task list ································································································································· 72
Setting the spanning tree mode ···································································································································· 73
Configuring an MST region ·········································································································································· 74
Configuring the root bridge or a secondary root bridge ·························································································· 74
Configuring the current device as the root bridge of a specific spanning tree ·············································· 75
Configuring the current device as a secondary root bridge of a specific spanning tree ······························ 75
Configuring the device priority ····································································································································· 75
Configuring the maximum hops of an MST region ···································································································· 76
Configuring the network diameter of a switched network························································································· 76
Configuring spanning tree timers ································································································································· 77
Configuration restrictions and guidelines ··········································································································· 77
Configuration procedure ······································································································································ 78
Configuring the timeout factor ······································································································································ 78
Configuring the BPDU transmission rate ······················································································································ 78
Configuring edge ports ················································································································································· 79
Configuration restrictions and guidelines ··········································································································· 79
Configuration procedure ······································································································································ 79
Configuring path costs of ports ···································································································································· 80
Specifying a standard for the device to use when it calculates the default path cost ··································· 80
Configuring path costs of ports ···························································································································· 82
Configuration example ········································································································································· 83
Configuring the port priority ········································································································································· 83
Configuring the port link type ······································································································································· 83
Configuration restrictions and guidelines ··········································································································· 84
Configuration procedure ······································································································································ 84
Configuring the mode a port uses to recognize and send MSTP packets ······························································· 84
Enabling outputting port state transition information·································································································· 85
Enabling the spanning tree feature ······························································································································ 85
Performing mCheck ························································································································································ 86
Configuration restrictions and guidelines ··········································································································· 86
Configuration procedure ······································································································································ 86
Configuring Digest Snooping ······································································································································· 86
Configuration restrictions and guidelines ··········································································································· 87
Configuration procedure ······································································································································ 87
Digest Snooping configuration example············································································································· 88
Configuring No Agreement Check ······························································································································ 88
Configuration prerequisites ·································································································································· 89
Configuration procedure ······································································································································ 90
No Agreement Check configuration example···································································································· 90
Configuring protection functions ·································································································································· 90
Enabling BPDU guard ··········································································································································· 91
Enabling root guard ·············································································································································· 91
Enabling loop guard ············································································································································· 92
iii
Configuring port role restriction ··························································································································· 92
Configuring TC-BPDU transmission restriction ···································································································· 93
Enabling TC-BPDU guard······································································································································ 93
Enabling BPDU drop ············································································································································· 94
Displaying and maintaining the spanning tree ··········································································································· 94
Spanning tree configuration example·························································································································· 95
Network requirements ··········································································································································· 95
Configuration procedure ······································································································································ 96
iv
Configuring the TPID for VLAN tags ·························································································································· 120
Configuring the CVLAN TPID ····························································································································· 121
Configuring the SVLAN TPID······························································································································ 121
Setting the 802.1p priority in SVLAN tags ··············································································································· 121
Displaying and maintaining QinQ ···························································································································· 122
QinQ configuration example······································································································································ 123
Network requirements ········································································································································· 123
Configuration procedure ···································································································································· 123
VLAN transparent transmission configuration example ··························································································· 125
Network requirements ········································································································································· 125
Configuration procedure ···································································································································· 126
v
Configuring PFC parameters ······························································································································ 162
Configuring the DCBX version ··························································································································· 163
Configuring LLDP trapping and LLDP-MED trapping ································································································ 164
Displaying and maintaining LLDP ······························································································································· 164
Basic LLDP configuration example ······························································································································ 165
DCBX configuration example······································································································································ 167
vi
Configuring Ethernet interfaces
The switch series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and
USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the
installation guide.
This chapter describes how to configure management Ethernet interfaces and Ethernet interfaces.
1
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter Ethernet interface interface interface-type
N/A
view. interface-number
2
Step Command Remarks
After creating the four 10-GE
4. Reboot the device. N/A interfaces, the system removes the
40-GE interface.
3
Step Command Remarks
4
Step Command Remarks
By default, each time the physical link of a port
goes up, the interface immediately reports the
change to the CPU.
4. Set the link-up event link-delay delay-time mode When this command is configured:
suppression interval. up • The link-up event is not reported to the CPU until
the interface is still up when the suppression
interval (delay-time) expires.
• The link-down event is immediately reported.
By default, each time the physical link of a port
goes up or comes down, the interface immediately
5. Set the link-updown reports the change to the CPU.
link-delay delay-time mode
event suppression When this command is configured, the link-up or
updown
interval. link-down event is not reported to the CPU until the
interface is still up or down when the suppression
interval (delay-time) expires.
interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
5
Configuring generic flow control on an Ethernet interface
To avoid packet drops on a link, you can enable generic flow control at both ends of the link. When
traffic congestion occurs at the receiving end, the receiving end sends a flow control (Pause) frame to ask
the sending end to suspend sending packets.
• With TxRx mode generic flow control enabled, an interface can both send and receive flow control
frames. When congestion occurs, the interface sends a flow control frame to its peer. When the
interface receives a flow control frame from the peer, it suspends sending packets.
• With Rx flow mode generic control enabled, an interface can receive, but cannot send flow control
frames. When the interface receives a flow control frame from its peer, it suspends sending packets
to the peer. When congestion occurs, the interface cannot send flow control frames to the peer.
In Figure 1, when both Port A and Port B forward packets at 1000 Mbps, Port C is congested. To avoid
packet loss, enable flow control on Port A and Port B.
Figure 1 Flow control application scenario
Port A Port B Port C Port D
1000Mbps 1000Mbps 100Mbps 100Mbps
6
Configuring PFC on an Ethernet interface
PFC performs flow control based on 802.1p priorities. With PFC enabled, an interface requires its peer
to suspend sending packets with certain 802.1p priorities when congestion occurs. By decreasing the
transmission rate, PFC helps avoid packet loss.
You can enable PFC for certain 802.1p priorities at the two ends of a link. When network congestion
occurs, the local device checks the PFC status for the 802.1p priority carried in each arriving packet.
• If PFC is enabled for the 802.1p priority, the local device accepts the packet and sends a PFC pause
frame to the peer. The peer stops sending packets carrying this 802.1p priority for an interval as
specified in the PFC pause frame. This process repeats until the congestion is removed.
• If PFC is disabled for the 802.1p priority, the local port drops the packet.
Each local precedence value corresponds to a queue. The 802.1p-to-local priority mapping is as shown
in Table 1. You can modify the 802.1p-to-local priority mapping table with the qos map-table dot1p-lp
and import import-value-list export export-value commands. For more information about the two
commands, see ACL and QoS Command Reference.
Table 1 The default 802.1p-to-local priority mapping table
1 0
2 1
3 3
4 4
5 5
6 6
7 7
7
Table 2 The relationship between the PFC function and the generic flow control function
interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
3. Enable PFC on the interface
priority-flow-control { auto |
through automatic negotiation By default, PFC is disabled.
enable }
or forcibly.
4. Enable PFC for specific priority-flow-control no-drop By default, PFC is disabled for all
802.1p priorities. dot1p dot1p-list 802.1p priorities.
8
information about the storm-constrain command, see "Configuring storm control on an Ethernet
interface."
When you configure storm suppression, follow these guidelines:
• When you configure the suppression threshold in kbps, the device might convert the configured
value into a multiple of a certain step supported by the chip. As a result, the actual suppression
threshold might be different from the configured one. To determine the suppression threshold that
takes effect, see the prompts on the device. To see the configured suppression threshold, use the
display interface command.
• If you configure two or more types of storm suppression thresholds on the same port, for example,
broadcast suppression threshold and multicast storm suppression threshold, do not use pps together
with kbps or ratio.
• If you configure multiple suppression thresholds in Ethernet interface view, the latest configuration
takes effect.
To set storm suppression thresholds on one or multiple Ethernet interfaces:
interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
3. Enable broadcast suppression By default, broadcast traffic is
broadcast-suppression { ratio |
and set the broadcast allowed to pass through an
pps max-pps | kbps max-kbps }
suppression threshold. interface.
4. Enable multicast suppression By default, multicast traffic is
multicast-suppression { ratio | pps
and set the multicast allowed to pass through an
max-pps | kbps max-kbps }
suppression threshold. interface.
5. Enable unknown unicast
By default, unknown unicast traffic
suppression and set the unicast-suppression { ratio | pps
is allowed to pass through an
unknown unicast suppression max-pps | kbps max-kbps }
interface.
threshold.
9
• Shuts down automatically—The interface shuts down automatically and stops forwarding any
traffic. When the blocked traffic is detected dropping below the lower threshold, the port does not
forward the traffic. To bring up the interface, use the undo shutdown command or disable the storm
control function.
Any of the storm-constrain, broadcast-suppression, multicast-suppression, and unicast-suppression
commands can suppress storm on a port. The broadcast-suppression, multicast-suppression, and
unicast-suppression commands suppress traffic in hardware, and have less impact on device
performance than the storm-constrain command, which performs suppression in software.
Storm control uses a complete polling cycle to collect traffic data, and analyzes the data in the next cycle.
An interface takes one to two polling intervals to take a storm control action.
Configuration guidelines
For the same type of traffic, do not configure the storm constrain command together with any of the
broadcast-suppression, multicast-suppression, and unicast-suppression commands. Otherwise, the
traffic suppression result is not determined. For more information about the broadcast-suppression,
multicast-suppression, and unicast-suppression commands, see "Configuring storm suppression."
Configuration procedure
To configure storm control on an Ethernet interface:
interface interface-type
3. Enter Ethernet interface view. N/A
interface-number
4. (Optional.) Enable storm
storm-constrain { broadcast |
control, and set the lower and
multicast | unicast } { pps | kbps | By default, storm control is
upper thresholds for
ratio } max-pps-values disabled.
broadcast, multicast, or
min-pps-values
unknown unicast traffic.
5. Set the control action to take
storm-constrain control { block | By default, storm control is
when monitored traffic
shutdown } disabled.
exceeds the upper threshold.
10
Setting the statistics polling interval
To set the statistics polling interval globally or on an Ethernet interface:
To display the interface statistics collected in the last polling interval, use the display interface command.
To clear interface statistics, use the reset counters interface command.
IMPORTANT:
Fiber ports do not support this feature.
With the auto power-down function, if an interface has been down for a certain period of time, the device
automatically stops supplying power to the interface, and the interface enters the power save mode. The
time period depends on the chip specifications and is not configurable. When the interface goes up, the
device automatically restores power supply to the interface and the interface enters its normal state.
To enable auto power-down on an Ethernet interface:
interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
NOTE:
Fiber ports do not support this feature.
With the Energy Efficient Ethernet (EEE) energy saving function, a link-up port enters the low power state
if it has not received any packet for a certain period of time. The time period depends on the chip
specifications and is not configurable. When a packet arrives later, the device automatically restores
power supply to the interface and the port enters the normal state.
To enable EEE energy saving:
11
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter Ethernet interface
interface interface-type interface-number N/A
view.
A physical Ethernet interface comprises eight pins, each of which plays a dedicated role. For example,
pins 1 and 2 transmit signals, and pins 3 and 6 receive signals. You can use both crossover and
straight-through Ethernet cables to connect copper Ethernet interfaces. To accommodate these types of
cables, a copper Ethernet interface can operate in one of the following Medium Dependent
Interface-Crossover (MDIX) modes:
• MDIX mode—Pins 1 and 2 are receive pins and pins 3 and 6 are transmit pins.
• MDI mode—Pins 1 and 2 are transmit pins and pins 3 and 6 are receive pins.
• AutoMDIX mode—The interface negotiates pin roles with its peer.
To enable the interface to communicate with its peer, set the MDIX mode of the interface mode by using
the following guidelines:
• Generally, set the MDIX mode of the interface to AutoMDIX. Set the MDIX mode of the interface to
MDI or MDIX only when the device cannot determine the cable type.
• When a straight-through cable is used, set the interface to operate in the MDIX mode different than
its peer.
• When a crossover cable is used, set the interface to operate in the same MDIX mode as its peer, or
set either end to operate in AutoMDIX mode.
To set the MDIX mode of an Ethernet interface:
interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
12
Testing the cable connection of an Ethernet interface
IMPORTANT:
• If the link of an Ethernet port is up, testing its cable connection will cause the link to come down and then
go up.
• Fiber ports do not support this feature.
This feature tests the cable connection of an Ethernet interface and displays cable test results within 5
seconds. The test results include the cable's status and some physical parameters. If any fault is detected,
the test results include the length of the faulty cable segment.
To test the cable connection of an Ethernet interface:
Step Command
1. Enter system view. system-view
2. Enter Ethernet interface view. interface interface-type interface-number
3. Test the cable connected to the Ethernet interface. virtual-cable-test
Step Command
display counters { inbound | outbound } interface [ interface-type
Display interface traffic statistics.
[ interface-number ] ]
Display traffic rate statistics of interfaces in display counters rate { inbound | outbound } interface
up state over the last sampling interval. [ interface-type [ interface-number ] ]
Display information about storm control display storm-constrain [ broadcast | multicast | unicast ]
on the specified interface or all interfaces. [ interface interface-type interface-number ]
13
Configuring loopback and null interfaces
This chapter describes how to configure a loopback interface and a null interface.
14
of applying an ACL. For example, if you specify a null interface as the next hop of a static route to a
specific network segment, any packets routed to the network segment are dropped.
To configure a null interface:
Task Command
Display information about the specified or all display interface [ loopback [ interface-number ] ] [ brief
loopback interfaces. [ description ] ]
Display information about the null interface. display interface [ null [ 0 ] ] [ brief [ description ] ]
Clear the statistics on the null interface. reset counters interface [ null [ 0 ] ]
15
Bulk configuring interfaces
You can enter interface range view to bulk configure multiple interfaces with the same feature instead of
configuring them one by one. For example, you can execute the shutdown command in interface range
view to shut down a range of interfaces.
Failure to apply a command on one member interface does not affect the application of the command
on the other member interfaces. If applying a command on one member interface fails, the system
displays an error message and continues with the next member interface.
Configuration guidelines
When you bulk configure interfaces in interface range view, follow these restrictions and guidelines:
• In interface range view, only the commands supported by the first interface are available. The first
interface is specified with the interface range command.
• Do not assign an aggregate interface and any of its member interfaces to an interface range at the
same time. Some commands, after being executed on both an aggregate interface and its member
interfaces, can break up the aggregation.
• No limit is set on the maximum number of interfaces in an interface range. The more interfaces in
an interface range, the longer the command execution time.
• The maximum number of interface range names is only limited by the system resources. To
guarantee bulk interface configuration performance, H3C recommends that you configure fewer
than 1000 interface range names.
Configuration procedure
Step Command Remarks
1. Enter system view. system-view N/A
• interface range { interface-type
interface-number [ to
Use either command.
interface-type
interface-number ] } &<1-5> By using the interface range name
2. Enter interface range command, you assign a name to an
view. • interface range name name
interface range and can specify this
[ interface { interface-type
name rather than the interface range to
interface-number [ to
enter the interface range view.
interface-type
interface-number ] } &<1-5> ]
3. (Optional.) Display
commands available for Enter a question mark (?) at the
N/A
the first interface in the interface range prompt.
interface range.
4. Use available
Available commands vary by
commands to configure N/A
interface.
the interfaces.
16
Step Command Remarks
17
Configuring the MAC address table
Overview
An Ethernet device uses a MAC address table to forward frames. A MAC address entry contains a
destination MAC address, an outgoing interface, and a VLAN ID. Upon receiving a frame, the device
uses the destination MAC address of the frame to look for a match in the MAC address table. If a match
is found, the device forwards the frame out of the outgoing interface in the matching entry. If no match
is found, the device floods the frame to all interfaces on the same VLAN as the incoming interface.
18
• Static entries—Static entries are manually added in order to forward frames with a specific
destination MAC address out of their associated interfaces and never age out.
• Dynamic entries—Dynamic entries can be manually configured or dynamically learned in order to
forward frames with a specific destination MAC address out of their associated interfaces and
might age out.
• Blackhole entries—Blackhole entries are manually configured and never age out. Blackhole entries
are configured for filtering out frames with a specific source or destination MAC address. For
example, to block all frames destined for a specific user for security concerns, you can configure the
MAC address of this user as a blackhole MAC address entry.
• Multiport unicast entries—Multiport unicast entries are manually added in order to send frames
with a specific destination MAC address out of multiple ports and never age out.
A static, blackhole, or multiport unicast MAC address entry can overwrite a dynamic MAC address entry,
but not vice versa.
To adapt to network changes and prevent inactive entries from occupying table space, the system uses an
aging mechanism for dynamic MAC address entries. Each time a dynamic MAC address entry is learned
or created, an aging time starts. If the entry has not updated when the aging timer expires, the device
deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.
19
Configuration procedure
To add or modify a static or dynamic MAC address entry globally:
20
cluster's MAC address as their own address, and frames destined for the cluster are forwarded to every
server. In this case, you can configure a multiport unicast MAC address entry on the device connected to
the group of servers. In this manner, the device forwards the frame destined for the server group through
all ports connected to the servers within the cluster.
Figure 2 NBL cluster
Device
NLB cluster
Do not configure an interface as the output interface of a multiport unicast MAC address entry if the
interface receives frames destined for the multiport unicast MAC address. Otherwise, the frames are
flooded on the VLAN to which they belong.
You can configure a multiport unicast MAC address entry globally or on an interface.
21
Step Command Remarks
By default, no multiport unicast
MAC address entry is configured
3. Add or modify a multiport mac-address multiport on an interface.
unicast MAC address entry. mac-address vlan vlan-id
Make sure you have created the
VLAN.
Disabling global MAC address learning disables the learning function on all interfaces.
The global MAC address learning configuration does not take effect in a TRILL network, or for an
S-channel in an EVB. For information about the TRILL network, see TRILL Configuration Guide. For
information about S-channel and EVB, see EVB Configuration Guide.
When MAC address learning is disabled, the learned MAC addresses remain valid until they age out.
22
Disabling MAC address learning on a VLAN
With global MAC address learning enabled, you can also disable MAC address learning on a
per-VLAN basis.
To disable MAC address learning on a VLAN:
The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient
use of table space. If a dynamic MAC address entry has failed to update before the aging timer expires,
the device deletes the entry. This aging mechanism makes sure the MAC address table could promptly
update to accommodate latest network changes.
Set the aging timer appropriately. A stable network requires a longer aging interval and an unstable
network requires a shorter aging interval. A too long aging interval might cause the MAC address table
to retain outdated entries, exhaust the MAC address table resources, and fail to update its entries to
accommodate the latest network changes. A too short interval might result in removal of valid entries,
causing unnecessary floods, which might increase network burden.
You can reduce floods on a stable network by setting a long aging timer or disabling the aging timer to
prevent dynamic entries from unnecessarily aging out. By reducing floods, you improve not only network
performance, but also security, because the chances for a data frame to reach unintended destinations
are reduced.
To configure the aging timer for dynamic MAC address entries:
23
Step Command Remarks
1. Enter system view. system-view N/A
interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
24
Enabling MAC address synchronization
To avoid unnecessary floods and improve forwarding speed, make sure all member devices possess the
same MAC address table. After you enable MAC address table synchronization, each member device
advertises learned MAC address entries to other member devices.
As shown in Figure 3, Device A and Device B form an IRF fabric enabled with MAC address
synchronization. They connect to AP C and AP D, respectively. When Client A associates with AP C,
Device A learns a MAC address entry for Client A and advertises it to Device B.
Figure 3 MAC address tables of devices when Client A accesses AP C
If Client A roams to AP D, Device B learns a MAC address entry for Client A and advertises it to Device
A to ensure service continuity for Client A, as shown in Figure 4.
25
Figure 4 MAC address tables of devices when Client A roams to AP D
Task Command
display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic |
Display MAC address table
static ] [ interface interface-type interface-number ] | blackhole |
information.
multiport ] [ vlan vlan-id ] [ count ] ]
Display the system or interface MAC display mac-address mac-learning [ interface interface-type
address learning state. interface-number ]
26
Figure 5 An example for the display mac-address nickname command
Configuration procedure
# Add a static MAC address entry.
<Device> system-view
[Device] mac-address static 000f-e235-dc71 interface ten-gigabitethernet 1/0/1 vlan 1
# Set the aging timer for dynamic MAC address entries to 500 seconds.
[Device] mac-address timer aging 500
27
[Device] display mac-address blackhole
MAC Address VLAN ID State Port/NickName Aging
000f-e235-abcd 1 Blackhole N/A N
28
Configuring MAC Information
The MAC Information feature can generate syslog messages or SNMP notifications when MAC address
entries are learned or deleted. You can use these messages to monitor users leaving or joining the
network and analyze network traffic.
The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a
queue. When the timer set for sending syslog messages or SNMP notifications does not expire, the
device overwrites the last piece of information written into the queue with the new MAC address change
if the queue has been exhausted. To send a syslog message or SNMP notification immediately after it is
created, set the queue length to zero.
The device writes information and sends messages only for the following MAC addresses: dynamic MAC
addresses, MAC addresses that pass MAC authentication, MAC addresses that pass 802.1X
authentication, and secure MAC addresses. The device does not write information or send messages for
blackhole MAC addresses, static MAC addresses, multiport unicast MAC addresses, multicast MAC
addresses, and local MAC addresses.
For more information about MAC authentication, 802.1X, and secure MAC addresses, see Security
Configuration Guide.
Configuration guidelines
Enable MAC Information globally before you enable it on an interface.
29
Step Command Remarks
3. Enable MAC Information on mac-address information enable By default, MAC Information is
the interface. { added | deleted } disabled on an interface.
30
MAC Information configuration example
Network requirements
Enable MAC Information on interface Ten-GigabitEthernet 1/0/1 on Device in Figure 6 to send MAC
address changes in syslog messages to Host B through interface Ten-GigabitEthernet 1/0/3.
Figure 6 Network diagram
Device
XGE1/0/1 XGE1/0/2
XGE1/0/3
Host A Server
192.168.1.1/24
192.168.1.3/24
Host B
192.168.1.2/24
Configuration procedure
1. Configure Device to send syslog messages to Host B (see Network Management and Monitoring
Configuration Guide).
2. Enable MAC Information:
# Enable MAC Information globally.
<Device> system-view
[Device] mac-address information enable
# Configure the MAC Information mode as syslog.
[Device] mac-address information mode syslog
# Enable MAC Information on interface Ten-GigabitEthernet 1/0/1.
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] mac-address information enable added
[Device-Ten-GigabitEthernet1/0/1] mac-address information enable deleted
[Device-Ten-GigabitEthernet1/0/1] quit
# Set the MAC Information queue length to 100.
[Device] mac-address information queue-length 100
# Set the MAC change sending interval to 20 seconds.
[Device] mac-address information interval 20
31
Configuring Ethernet link aggregation
This chapter gives an overview of Ethernet link aggregation and explains how to configure it.
Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an
aggregate link. Link aggregation delivers the following benefits:
• Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed
across the member ports.
• Improves link reliability. The member ports dynamically back up one another. When a member port
fails, its traffic is automatically switched to other member ports.
As shown in Figure 7, Device A and Device B are connected by three physical Ethernet links. These
physical Ethernet links are combined into an aggregate link, link aggregation 1. The bandwidth of this
aggregate link can be as high as the total bandwidth of these three physical Ethernet links. At the same
time, the three Ethernet links back up one another. When a physical Ethernet link fails, the traffic
previously carried on the failed link switches to the other two links.
Figure 7 Ethernet link aggregation diagram
XGE1/0/1 XGE1/0/1
XGE1/0/2 XGE1/0/2
Link aggregation 1
XGE1/0/3 XGE1/0/3
Device A Device B
Basic concepts
Aggregation group, member port, and aggregate interface
Link bundling is implemented through interface bundling. An aggregation group is a group of Ethernet
interfaces bundled together, which are called member ports of the aggregation group. For each
aggregation group, a logical interface (called an aggregate interface), is created. To an upper layer
entity that uses the link aggregation service, a link aggregation group appears the same as a single
logical link and data traffic is transmitted through the aggregate interface.
When you create an aggregate interface, the switch automatically creates an aggregation group of the
same type and number as the aggregate interface. For example, when you create aggregate interface
1, aggregation group 1 is created.
The rate of an aggregate interface equals the total rate of its member ports in Selected state, and its
duplex mode is the same as the selected member ports. For more information about the states of member
ports in an aggregation group, see Aggregation states of member ports in an aggregation group.
32
Operational key
When aggregating ports, the system automatically assigns each port an operational key based on port
information, such as port rate and duplex mode. Any change to this information triggers a recalculation
of the operational key.
In an aggregation group, all selected member ports are assigned the same operational key.
Configuration types
Every configuration setting on a port might affect its aggregation state. Port configurations include the
following types:
• Attribute configurations, as described in Table 3. To become a Selected port, a member port must
have the same attribute configurations as the aggregate interface.
Attribute configurations made on an aggregate interface are automatically synchronized to all its
member ports. These configurations are retained on the member ports even after the aggregate
interface is removed.
Any attribute configuration change might affect the aggregation state of link aggregation member
ports and running services. To make sure that you are aware of the risk, the system displays a
warning message every time you attempt to change an attribute configuration setting on a member
port.
Table 3 Attribute configurations
Feature Considerations
Indicates whether the port has joined an isolation group, and the isolation group
Port isolation
to which the port belongs.
QinQ enable state (enabled/disabled), TPID for VLAN tags, and VLAN
QinQ
transparent transmission. For information about QinQ, see "Configuring QinQ."
Different types of VLAN mapping configured on the port. For more information
VLAN mapping
about VLAN mapping, see "Configuring VLAN mapping."
Permitted VLAN IDs, PVID, link type (trunk, hybrid, or access), and VLAN tagging
VLAN
mode. For information about VLAN, see "Configuring VLANs."
• Protocol configurations, as opposed to attribute configurations, do not affect the aggregation state
of the member ports even if they are different from those on the aggregate interface. The spanning
tree setting is an example of protocol configurations.
NOTE:
The protocol configuration for a member port is effective only when the member port leaves the
aggregation group.
33
• Dynamic aggregation mode—The peering system automatically maintains the aggregation state of
the member ports, thus reducing the workload of administrators.
An aggregation group in static mode is called a "static aggregation group" and that in dynamic mode
is called a "dynamic aggregation group."
34
Figure 8 Setting the aggregation state of a member port in a static aggregation group
NOTE:
• The maximum number of Selected ports in a static aggregation group is 16.
• To ensure stable aggregation state and service continuity, do not change the operational key or attribute
configurations on any member port.
LACP
LACP uses LACPDUs for exchanging aggregation information between LACP-enabled devices.
Each member port in an LACP-enabled aggregation group exchanges information with its peer. When a
member port receives an LACPDU, it compares the received information with the information received on
the other member ports. In this way, the two systems reach an agreement on which ports should be
placed in Selected state.
35
1. LACP functions
LACP offers basic LACP functions and extended LACP functions, as described in Table 4.
Table 4 Basic and extended LACP functions
Category Description
Implemented through the basic LACPDU fields, including the system LACP priority,
Basic LACP functions
system MAC address, port priority, port number, and operational key.
Implemented by extending the LACPDU with new TLV fields. This is how the LACP
MAD mechanism of the IRF feature is implemented. The Switch Series can
Extended LACP participate in LACP MAD as either an IRF member device or an intermediate device.
functions
For more information about IRF and the LACP MAD mechanism, see IRF
Configuration Guide.
2. LACP priorities
LACP priorities include system LACP priority and port priority, as described in Table 5. The smaller
the priority value, the higher the priority.
Table 5 LACP priorities
Type Description
Used by two peer devices (or systems) to determine which one is superior in link
aggregation.
System LACP priority In dynamic link aggregation, the system that has higher system LACP priority sets the
Selected state of member ports on its side first and then the system that has lower
priority sets port state accordingly.
Determines the likelihood of a member port to be selected on a system. The higher port
Port priority
priority, the higher likelihood.
36
The local system (the actor) and the remote system (the partner) negotiate a reference port by using
the following workflow:
a. Compare the system IDs. (A system ID comprises the system LACP priority and the system MAC
address). The system with the lower LACP priority value is chosen. If LACP priority values are
the same, the two systems compare their MAC addresses. The system with the lower MAC
address is chosen.
b. The system with the smaller system ID chooses the port with the smallest port ID as the reference
port. (A port ID comprises a port priority and a port number.) The port with the lower
aggregation priority value is chosen. If two ports have the same aggregation priority, the
system compares their port numbers. The port with the smaller port number and the same
attribute configurations as the aggregate interface becomes the reference port.
2. Set the aggregation state of each member port
After the reference port is chosen, the system with the lower system ID sets the state of each member
port in the dynamic aggregation group on its side as shown in Figure 9.
37
Figure 9 Setting the state of a member port in a dynamic aggregation group
Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the
remote system, sets the aggregation state of local member ports the same as their peer ports.
When you aggregate interfaces in dynamic mode, follow these guidelines:
• The maximum number of Selected ports in a dynamic aggregation group is 16.
• A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports, and will
set one, and only one, half-duplex port as a Selected port when none of the full-duplex ports can be
selected or only half-duplex ports exist in the group.
• To ensure stable aggregation and service continuity, do not change the operational key or attribute
configurations on any member port.
• In a dynamic aggregation group, when the aggregation state of a local port changes, the
aggregation state of the peer port also changes.
38
• A port that joins a dynamic aggregation group after the Selected port limit has been reached is
placed in Selected state if it is more eligible to be selected than a current member port.
Configuration guidelines
When you configure an aggregation group, follow these guidelines:
• You cannot assign a port to an aggregation group if any of the following features is configured on
the port:
{ MAC authentication (see Security Configuration Guide)
{ Port security (see Security Configuration Guide)
39
{ 802.1X (see Security Configuration Guide)
• If a port is used as a reflector port for port mirroring, do not assign it to an aggregation group. For
more information about reflector ports, see Network Management and Monitoring Configuration
Guide.
• Removing an aggregate interface also removes its aggregation group and causes all member ports
to leave the aggregation group.
• You must configure the same aggregation mode on the two ends of an aggregate link.
40
Step Command Remarks
By default, the system LACP priority
is 32768.
2. Set the system LACP priority. lacp system-priority system-priority Changing the system LACP priority
might affect the aggregation state
of the ports in a dynamic
aggregation group.
41
To configure the description of an aggregate interface:
The bandwidth of an aggregate link increases along with the number of selected member ports. To avoid
congestion caused by insufficient Selected ports on an aggregate link, you can set the minimum number
of Selected ports required for bringing up the specific aggregate interface.
This minimum threshold setting affects the aggregation state of both aggregation member ports and the
aggregate interface:
42
• When the number of member ports eligible to be selected is smaller than the minimum threshold,
all member ports change to the Unselected state and the link of the aggregate interface goes down.
• When the minimum threshold is reached, the eligible member ports change to the Selected state,
and the link of the aggregate interface goes up.
After you manually configure the maximum number of Selected ports in an aggregation group, the
maximum number of Selected ports allowed in the aggregation group is limited by both the configured
number and hardware capabilities, that is, the lower value of the two upper limits.
You can configure redundancy between two ports by assigning the two ports to an aggregation group
and configuring the maximum number of Selected ports allowed in the aggregation group as 1. In this
way, only one Selected port is allowed in the aggregation group at any point in time, while the
Unselected port serves as a backup port.
To set the minimum and maximum numbers of Selected ports for an aggregation group:
43
Step Command Remarks
Step Command
1. Enter system view. system-view
44
Step Command Remarks
link-aggregation global load-sharing By default, the system
2. Configure the global
mode { destination-ip | destination-mac automatically selects global load
link-aggregation load
| destination-port | ingress-port | sharing criteria according to the
sharing criteria.
source-ip | source-mac | source-port } * packet type.
In system view, the switch supports the following load sharing criteria and combinations:
• Load sharing criteria automatically determined based on the packet type
• Source IP address
• Destination IP address
• Source MAC address
• Destination MAC address
• Source IP address and destination IP address
• Source IP address and source port
• Destination IP address and destination port
• Source IP address, source port, destination IP address, and destination port
• Any combination of incoming port, source MAC address, and destination MAC address
3. Configure the load sharing link-aggregation load-sharing mode The default load sharing criteria
criteria for the aggregation { destination-ip | destination-mac | are the same as the global load
group. source-ip | source-mac } * sharing criteria.
In aggregate interface view, the switch supports the following load sharing criteria and combinations:
• Load sharing criteria automatically determined based on the packet type
• Source IP address
• Destination IP address
• Source MAC address
• Destination MAC address
• Destination IP address and source IP address
• Destination MAC address and source MAC address
45
Use the local-first load sharing mechanism in a multi-switch link aggregation scenario to distribute traffic
preferentially across member ports on the ingress switch rather than all member ports.
When you aggregate ports on different member switches in an IRF fabric, you can use local-first load
sharing to reduce traffic on IRF links, as shown in Figure 10. For more information about IRF, see IRF
Configuration Guide.
Figure 10 Load sharing for multi-switch link aggregation in an IRF fabric
Yes
46
• Link-aggregation traffic redirection applies only to dynamic link aggregation groups and known
unicast packets.
• To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of
the aggregate link and make sure that there are no new Selected ports.
• To prevent packet loss that might occur at a reboot, do not enable spanning tree together with
link-aggregation traffic redirection.
• After enabling link-aggregation traffic redirection, do not add Ethernet interfaces configured with
physical state change suppression to the aggregation group. Otherwise, Selected ports in the
aggregation group might become abnormal. For more information about physical state change
suppression, see the link-delay command in Layer 2—LAN Switching Command Reference.
Configuration procedure
To enable link-aggregation traffic redirection:
Task Command
display interface [ bridge-aggregation ] [ brief
Display information for an aggregate interface [ description ] ]
or multiple aggregate interfaces. display interface bridge-aggregation interface-number
[ brief [ description ] ]
Clear statistics for specific or all aggregate reset counters interface [ bridge-aggregation
interfaces. [ interface-number ] ]
47
Ethernet link aggregation configuration examples
Static aggregation configuration example
Network requirements
As shown in Figure 11, configure a static aggregation group on both Device A and Device B, and enable
VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN
20 at one end to communicate with VLAN 20 at the other end.
Figure 11 Network diagram
Configuration procedure
1. Configure Device A:
# Create VLAN 10, and assign port Ten-GigabitEthernet 1/0/4 to VLAN 10.
<DeviceA> system-view
[DeviceA] vlan 10
[DeviceA-vlan10] port ten-gigabitethernet 1/0/4
[DeviceA-vlan10] quit
# Create VLAN 20, and assign port Ten-GigabitEthernet 1/0/5 to VLAN 20.
[DeviceA] vlan 20
[DeviceA-vlan20] port ten-gigabitethernet 1/0/5
[DeviceA-vlan20] quit
# Create aggregate interface Bridge-Aggregation 1.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] quit
# Assign ports Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to link
aggregation group 1.
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/2] quit
48
[DeviceA] interface ten-gigabitethernet 1/0/3
[DeviceA-Ten-GigabitEthernet1/0/3] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/3] quit
# Configure aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10
and 20.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20
[DeviceA-Bridge-Aggregation1] quit
2. Configure Device B in the same way Device A is configured. (Details not shown.)
The output shows that link aggregation group 1 is a static aggregation group and it contains three
Selected ports.
49
Figure 12 Network diagram
Configuration procedure
1. Configure Device A:
# Create VLAN 10, and assign the port Ten-GigabitEthernet 1/0/4 to VLAN 10.
<DeviceA> system-view
[DeviceA] vlan 10
[DeviceA-vlan10] port ten-gigabitethernet 1/0/4
[DeviceA-vlan10] quit
# Create VLAN 20, and assign the port Ten-GigabitEthernet 1/0/5 to VLAN 20.
[DeviceA] vlan 20
[DeviceA-vlan20] port ten-gigabitethernet 1/0/5
[DeviceA-vlan20] quit
# Create aggregate interface Bridge-Aggregation 1, and configure the link aggregation mode as
dynamic.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation1] quit
# Assign ports Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to link
aggregation group 1.
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/2] quit
[DeviceA] interface ten-gigabitethernet 1/0/3
[DeviceA-Ten-GigabitEthernet1/0/3] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/3] quit
# Configure aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10
and 20.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20
50
[DeviceA-Bridge-Aggregation1] quit
2. Configure Device B in the same way Device A is configured. (Details not shown.)
The output shows that link aggregation group 1 is a dynamic aggregation group and it contains three
Selected ports.
51
Figure 13 Network diagram
Configuration procedure
1. Configure Device A:
# Create VLAN 10, and assign the port Ten-GigabitEthernet 1/0/5 to VLAN 10.
<DeviceA> system-view
[DeviceA] vlan 10
[DeviceA-vlan10] port ten-gigabitethernet 1/0/5
[DeviceA-vlan10] quit
# Create VLAN 20, and assign the port Ten-GigabitEthernet 1/0/6 to VLAN 20.
[DeviceA] vlan 20
[DeviceA-vlan20] port ten-gigabitethernet 1/0/6
[DeviceA-vlan20] quit
# Create aggregate interface Bridge-Aggregation 1, and configure the load sharing criterion for
the link aggregation group as the source MAC addresses of packets.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] link-aggregation load-sharing mode source-mac
[DeviceA-Bridge-Aggregation1] quit
# Assign ports Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 to link aggregation
group 1.
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/2] quit
# Configure aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLAN 10.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10
[DeviceA-Bridge-Aggregation1] quit
# Create aggregate interface Bridge-Aggregation 2, and configure the load sharing criterion for
the link aggregation group as the destination MAC addresses of packets.
[DeviceA] interface bridge-aggregation 2
52
[DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac
[DeviceA-Bridge-Aggregation2] quit
# Assign ports Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 to link aggregation
group 2.
[DeviceA] interface ten-gigabitethernet 1/0/3
[DeviceA-Ten-GigabitEthernet1/0/3] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet1/0/3] quit
[DeviceA] interface ten-gigabitethernet 1/0/4
[DeviceA-Ten-GigabitEthernet1/0/4] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet1/0/4] quit
# Configure aggregate interface Bridge-Aggregation 2 as a trunk port and assign it to VLAN 20.
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] port link-type trunk
[DeviceA-Bridge-Aggregation2] port trunk permit vlan 20
[DeviceA-Bridge-Aggregation2] quit
2. Configure Device B in the same way Device A is configured. (Details not shown.)
The output shows that link aggregation groups 1 and 2 are both load-shared static aggregation groups
and each contains two Selected ports.
# Display all the group-specific load sharing criteria on Device A.
[DeviceA] display link-aggregation load-sharing mode interface
53
source-mac address
The output shows that the load sharing criterion for link aggregation group 1 is the source MAC
addresses of packets and that for link aggregation group 2 is the destination MAC addresses of packets.
54
Configuring port isolation
The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. You
can also use this feature to isolate the hosts in a VLAN from one another.
The device supports multiple isolation groups, which can be configured manually. The number of ports
assigned to an isolation group is not limited.
Layer 2 traffic cannot be forwarded between ports in different VLANs. Within the same VLAN, ports in
an isolation group can communicate with those outside the isolation group at Layer 2.
Task Command
Display isolation group information. display port-isolate group [ group-number ]
55
Port isolation configuration example
Network requirements
As shown in Figure 14:
• LAN users Host A, Host B, and Host C are connected to Ten-GigabitEthernet 1/0/1,
Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 on the device, respectively.
• The device connects to the Internet through Ten-GigabitEthernet 1/0/4.
Configure the device to provide Internet access for the hosts, and isolate them from one another at Layer
2.
Figure 14 Network diagram
Configuration procedure
# Create isolation group 2.
<Device> system-view
[Device] port-isolate group 2
56
[Device-Ten-GigabitEthernet1/0/3] display port-isolate group 2
Port isolation group information:
Group ID: 2
Group members:
Ten-GigabitEthernet1/0/1
Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/3
57
Configuring spanning tree protocols
Spanning tree protocols eliminate loops in physical link-redundant networks by selectively blocking
redundant links and putting them in a standby state.
The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning
Tree Protocol (MSTP).
STP
STP was developed based on the 802.1d standard of IEEE to eliminate loops at the data link layer in a
LAN. Networks often have redundant links as backups in case of failures, but loops are a very serious
problem. Devices running STP detect loops in the network by exchanging information with one another,
and eliminate loops by selectively blocking certain ports to prune the loop structure into a loop-free tree
structure. This avoids proliferation and infinite cycling of packets that would occur in a loop network.
In the narrow sense, STP refers to IEEE 802.1d STP. In the broad sense, STP refers to the IEEE 802.1d STP
and various enhanced spanning tree protocols derived from that protocol.
58
Basic concepts in STP
Root bridge
A tree network must have a root bridge. The entire network contains only one root bridge, and all the
other bridges in the network are called "leaf nodes". The root bridge is not permanent, but can change
with changes of the network topology.
Upon initialization of a network, each device generates and periodically sends configuration BPDUs,
with itself as the root bridge. After network convergence, only the root bridge generates and periodically
sends configuration BPDUs. The other devices only forward the BPDUs.
Root port
On a non-root bridge, the port nearest to the root bridge is the root port. The root port communicates with
the root bridge. Each non-root bridge has only one root port. The root bridge has no root port.
As shown in Figure 15, Device B and Device C are directly connected to a LAN. If Device A forwards
BPDUs to Device B through port A1, the designated bridge for Device B is Device A, and the designated
port of Device B is port A1 on Device A. If Device B forwards BPDUs to the LAN, the designated bridge
for the LAN is Device B, and the designated port for the LAN is port B2 on Device B.
Figure 15 Designated bridges and designated ports
Device A
Port A1 Port A2
Device B Device C
Port B1 Port C1
Port B2 Port C2
LAN
Path cost
Path cost is a reference value used for link selection in STP. STP calculates path costs to select the most
robust links and block redundant links that are less robust, to prune the network into a loop-free tree.
59
Calculation process of the STP algorithm
The spanning tree calculation process described in the following sections is a simplified process for
example only.
Calculation process
The STP algorithm uses the following calculation process:
1. Network initialization.
Upon initialization of a device, each port generates a BPDU with the device as the designated port,
the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge
ID.
2. Root bridge selection.
Initially, each STP-enabled device on the network assumes itself to be the root bridge, with its own
device ID as the root bridge ID. By exchanging configuration BPDUs, the devices compare their
root bridge IDs to elect the device with the smallest root bridge ID as the root bridge.
3. Root port and designated ports selection on the non-root bridges.
Step Description
A non-root–bridge device regards the port on which it received the optimum configuration BPDU
1
as the root port. Table 6 describes how the optimum configuration BPDU is selected.
Based on the configuration BPDU and the path cost of the root port, the device calculates a
designated port configuration BPDU for each of the other ports.
• The root bridge ID is replaced with that of the configuration BPDU of the root port.
2 • The root path cost is replaced with that of the configuration BPDU of the root port plus the path
cost of the root port.
• The designated bridge ID is replaced with the ID of this device.
• The designated port ID is replaced with the ID of this port.
The device compares the calculated configuration BPDU with the configuration BPDU on the port
whose port role will be determined, and acts depending on the result of the comparison:
• If the calculated configuration BPDU is superior, the device considers this port as the
designated port, replaces the configuration BPDU on the port with the calculated configuration
3
BPDU, and periodically sends the calculated configuration BPDU.
• If the configuration BPDU on the port is superior, the device blocks this port without updating its
configuration BPDU. The blocked port can receive BPDUs, but cannot send BPDUs or forward
data traffic.
When the network topology is stable, only the root port and designated ports forward user traffic.
Other ports are all in the blocked state to receive BPDUs but not to forward BPDUs or user traffic.
Table 6 Selecting the optimum configuration BPDU
Step Actions
Upon receiving a configuration BPDU on a port, the device compares the priority of the received
configuration BPDU with that of the configuration BPDU generated by the port, and:
• If the former priority is lower, the device discards the received configuration BPDU and keeps
1
the configuration BPDU the port generated.
• If the former priority is higher, the device replaces the content of the configuration BPDU
generated by the port with the content of the received configuration BPDU.
60
Step Actions
The device compares the configuration BPDUs of all the ports and chooses the optimum
2
configuration BPDU.
Port A1 Port A2
Port B1 Port C1
Port B2 Port C2
Path cost = 4
Device B Device C
Priority = 1 Priority = 2
As shown in Figure 16, the priority values of Device A, Device B, and Device C are 0, 1, and 2, and the
path costs of links among the three devices are 5, 10, and 4, respectively.
1. Device state initialization.
In Table 7, each configuration BPDU contains the following fields: root bridge ID, root path cost,
designated bridge ID, and designated port ID.
Table 7 Initial state of each device
61
Device Port name Configuration BPDU on the port
Port C2 {2, 0, 2, Port C2}
Configuration BPDU on
Device Comparison process
ports after comparison
• Port A1 receives the configuration BPDU of Port B1 {1, 0, 1, Port
B1}, finds that its existing configuration BPDU {0, 0, 0, Port A1}
is superior to the received configuration BPDU, and discards the
received one.
• Port A2 receives the configuration BPDU of Port C1 {2, 0, 2, Port • Port A1: {0, 0, 0, Port
C1}, finds that its existing configuration BPDU {0, 0, 0, Port A2}
A1}
Device A is superior to the received configuration BPDU, and discards the
received one.
• Port A2: {0, 0, 0, Port
A2}
• Device A finds that it is both the root bridge and designated
bridge in the configuration BPDUs of all its ports, and considers
itself as the root bridge. It does not change the configuration
BPDU of any port and starts to periodically send configuration
BPDUs.
• Port B1 receives the configuration BPDU of Port A1 {0, 0, 0, Port
A1}, finds that the received configuration BPDU is superior to its
existing configuration BPDU {1, 0, 1, Port B1}, and updates its • Port B1: {0, 0, 0, Port
configuration BPDU. A1}
• Port B2 receives the configuration BPDU of Port C2 {2, 0, 2, Port • Port B2: {1, 0, 1, Port
C2}, finds that its existing configuration BPDU {1, 0, 1, Port B2} B2}
is superior to the received configuration BPDU, and discards the
received one.
• Device B compares the configuration BPDUs of all its ports,
Device B decides that the configuration BPDU of Port B1 is the optimum,
and selects Port B1 as the root port with the configuration BPDU
unchanged.
• Based on the configuration BPDU and path cost of the root port, • Root port (Port B1): {0,
Device B calculates a designated port configuration BPDU for 0, 0, Port A1}
Port B2 {0, 5, 1, Port B2}, and compares it with the existing • Designated port (Port
configuration BPDU of Port B2 {1, 0, 1, Port B2}. Device B finds B2): {0, 5, 1, Port B2}
that the calculated one is superior, decides that Port B2 is the
designated port, replaces the configuration BPDU on Port B2
with the calculated one, and periodically sends the calculated
configuration BPDU.
• Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port
A2}, finds that the received configuration BPDU is superior to its
existing configuration BPDU {2, 0, 2, Port C1}, and updates its • Port C1: {0, 0, 0, Port
configuration BPDU. A2}
Device C
• Port C2 receives the original configuration BPDU of Port B2 {1, • Port C2: {1, 0, 1, Port
0, 1, Port B2}, finds that the received configuration BPDU is B2}
superior to the existing configuration BPDU {2, 0, 2, Port C2},
and updates its configuration BPDU.
62
Configuration BPDU on
Device Comparison process
ports after comparison
• Device C compares the configuration BPDUs of all its ports,
decides that the configuration BPDU of Port C1 is the optimum,
and selects Port C1 as the root port with the configuration BPDU
unchanged.
• Root port (Port C1): {0,
• Based on the configuration BPDU and path cost of the root port, 0, 0, Port A2}
Device C calculates the configuration BPDU of Port C2 {0, 10, 2,
• Designated port (Port
Port C2}, and compares it with the existing configuration BPDU
C2): {0, 10, 2, Port C2}
of Port C2 {1, 0, 1, Port B2}. Device C finds that the calculated
configuration BPDU is superior to the existing one, selects Port
C2 as the designated port, and replaces the configuration
BPDU of Port C2 with the calculated one.
• Port C2 receives the updated configuration BPDU of Port B2 {0,
5, 1, Port B2}, finds that the received configuration BPDU is
• Port C1: {0, 0, 0, Port
superior to its existing configuration BPDU {0, 10, 2, Port C2},
A2}
and updates its configuration BPDU.
• Port C2: {0, 5, 1, Port
• Port C1 receives a periodic configuration BPDU {0, 0, 0, Port
B2}
A2} from Port A2, finds that it is the same as the existing
configuration BPDU, and discards the received one.
• Device C finds that the root path cost of Port C1 (10) (root path
cost of the received configuration BPDU (0) plus path cost of Port
C1 (10)) is larger than that of Port C2 (9) (root path cost of the
received configuration BPDU (5) plus path cost of Port C2 (4)),
decides that the configuration BPDU of Port C2 is the optimum,
and selects Port C2 as the root port with the configuration BPDU
unchanged. • Blocked port (Port C1):
• Based on the configuration BPDU and path cost of the root port, {0, 0, 0, Port A2}
Device C calculates a designated port configuration BPDU for • Root port (Port C2): {0,
Port C1 {0, 9, 2, Port C1} and compares it with the existing 5, 1, Port B2}
configuration BPDU of Port C1 {0, 0, 0, Port A2}. Device C finds
that the existing configuration BPDU is superior to the calculated
one and blocks Port C1 with the configuration BPDU
unchanged. Then Port C1 does not forward data until a new
event triggers a spanning tree calculation process, for example,
the link between Device B and Device C is down.
After the comparison processes described in Table 8, a spanning tree with Device A as the root bridge
is established, and the topology is shown in Figure 17.
Figure 17 The final calculated spanning tree
63
The configuration BPDU forwarding mechanism of STP
The configuration BPDUs of STP are forwarded according to these guidelines:
• Upon network initiation, every device regards itself as the root bridge, generates configuration
BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.
• If the root port received a configuration BPDU and the received configuration BPDU is superior to
the configuration BPDU of the port, the device increases the message age carried in the
configuration BPDU following a certain rule and starts a timer to time the configuration BPDU while
sending this configuration BPDU through the designated port.
• If the configuration BPDU received on a designated port has a lower priority than the configuration
BPDU of the local port, the port immediately sends its own configuration BPDU in response.
• If a path becomes faulty, the root port on this path no longer receives new configuration BPDUs and
the old configuration BPDUs will be discarded due to timeout. The device generates a configuration
BPDU with itself as the root and sends the BPDUs and TCN BPDUs. This triggers a new spanning
tree calculation process to establish a new path to restore the network connectivity.
However, the newly calculated configuration BPDU cannot be propagated throughout the network
immediately, so the old root ports and designated ports that have not detected the topology change
continue forwarding data along the old path. If the new root ports and designated ports begin to
forward data as soon as they are elected, a temporary loop might occur.
STP timers
The most important timing parameters in STP calculation are forward delay, hello time, and max age.
• Forward delay
Forward delay is the delay time for port state transition.
A path failure can cause spanning tree re-calculation to adapt the spanning tree structure to the
change. However, the resulting new configuration BPDU cannot propagate throughout the
network immediately. If the newly elected root ports and designated ports start to forward data
immediately, a temporary loop will likely occur.
For this reason, as a mechanism for state transition in STP, the newly elected root ports or
designated ports require twice the forward delay time before they transit to the forwarding state to
make sure the new configuration BPDU has propagated throughout the network.
• Hello time
The device sends hello packets at the hello time interval to the neighboring devices to make sure
the paths are fault-free.
• Max age
The device uses the max age to determine whether a stored configuration BPDU has expired and
discards it if the max age is exceeded.
RSTP
RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to
enter the forwarding state much faster than STP.
If the old root port on the device has stopped forwarding data and the upstream designated port has
started forwarding data, a newly elected RSTP root port rapidly enters the forwarding state.
A newly elected RSTP designated port rapidly enters the forwarding state if it is an edge port (a port that
directly connects to a user terminal rather than to another network device or a shared LAN segment) or
64
it connects to a point-to-point link. Edge ports directly enter the forwarding state. Connecting to a
point-to-point link, a designated port enters the forwarding state immediately after the device receives a
handshake response from the directly connected device.
MSTP
MSTP overcomes the following STP and RSTP limitations:
• STP limitations—STP does not support rapid state transition of ports. A newly elected port must wait
twice the forward delay time before it transits to the forwarding state, even if it connects to a
point-to-point link or is an edge port.
• RSTP limitations—Although RSTP enables faster network convergence than STP, RSTP fail to provide
load balancing among VLANs. As with STP, all RSTP bridges in a LAN share one spanning tree and
forward packets from all VLANs along this spanning tree.
MSTP features
Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP and RSTP. In addition to
supporting rapid network convergence, it provides a better load sharing mechanism for redundant links
by allowing data flows of different VLANs to be forwarded along separate paths.
MSTP provides the following features:
• MSTP divides a switched network into multiple regions, each of which contains multiple spanning
trees that are independent of one another.
• MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance
mapping table. MSTP can reduce communication overheads and resource usage by mapping
multiple VLANs to one instance.
• MSTP prunes a loop network into a loop-free tree, which avoids proliferation and endless cycling of
packets in a loop network. In addition, it supports load balancing of VLAN data by providing
multiple redundant paths for data forwarding.
• MSTP is compatible with STP and RSTP.
65
Figure 18 Basic concepts in MSTP
MST region
A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the
network segments among them. All these devices have the following characteristics:
• A spanning tree protocol enabled
• Same region name
66
• Same VLAN-to-instance mapping configuration
• Same MSTP revision level
• Physically linked together
Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST
region. In Figure 18, the switched network comprises four MST regions, MST region 1 through MST
region 4, and all devices in each MST region have the same MST region configuration.
MSTI
MSTP can generate multiple independent spanning trees in an MST region, and each spanning tree is
mapped to the specific VLANs. Each spanning tree is referred to as a "multiple spanning tree instance
(MSTI)".
In Figure 19, MST region 3 comprises three MSTIs, MSTI 1, MSTI 2, and MSTI 0.
CST
The common spanning tree (CST) is a single spanning tree that connects all MST regions in a switched
network. If you regard each MST region as a device, the CST is a spanning tree calculated by these
devices through STP or RSTP.
The blue lines in Figure 18 represent the CST.
IST
An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a
special MSTI to which all VLANs are mapped by default.
In Figure 18, MSTI 0 is the IST in MST region 3.
CIST
The common and internal spanning tree (CIST) is a single spanning tree that connects all devices in a
switched network. It consists of the ISTs in all MST regions and the CST.
In Figure 18, the ISTs (MSTI 0) in all MST regions plus the inter-region CST constitute the CIST of the entire
network.
Regional root
The root bridge of the IST or an MSTI within an MST region is the regional root of the IST or MSTI. Based
on the topology, different spanning trees in an MST region might have different regional roots.
In MST region 3 in Figure 19, the regional root of MSTI 1 is Device B, the regional root of MSTI 2 is Device
C, and the regional root of MSTI 0 (also known as the IST) is Device A.
67
Port roles
A port can play different roles in different MSTIs. As shown in Figure 20, an MST region comprises
Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common
root bridge. Port B2 and Port B3 of Device B form a loop. Port C3 and Port C4 of Device C connect to
other MST regions. Port D3 of Device D directly connects to a host.
Figure 20 Port roles
Port states
In MSTP, a port can be in one of the following states:
68
• Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user
traffic.
• Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user
traffic. Learning is an intermediate port state.
• Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward
user traffic.
NOTE:
When in different MSTIs, a port can be in different states.
A port state is not exclusively associated with a port role. Table 9 lists the port states that each port role
supports. (A check mark [√] indicates that the port supports this state, while a dash [—] indicates that the
port does not support this state.)
Table 9 Port states that different port roles support
Learning √ √ — —
Discarding √ √ √ √
CIST calculation
The calculation of a CIST tree is also the process of configuration BPDU comparison. During this process,
the device with the highest priority is elected as the root bridge of the CIST. MSTP generates an IST within
each MST region through calculation. At the same time, MSTP regards each MST region as a single
device and generates a CST among these MST regions through calculation. The CST and ISTs constitute
the CIST of the entire network.
MSTI calculation
Within an MST region, MSTP generates different MSTIs for different VLANs based on the
VLAN-to-instance mappings. For each spanning tree, MSTP performs a separate calculation process
similar to spanning tree calculation in STP. For more information, see "Calculation process of the STP
algorithm."
In MSTP, a VLAN packet is forwarded along the following paths:
• Within an MST region, the packet is forwarded along the corresponding MSTI.
• Between two MST regions, the packet is forwarded along the CST.
69
MSTP implementation on devices
MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning
tree calculation can identify STP and RSTP protocol packets.
In addition to basic MSTP functions, the following functions are provided for ease of management:
• Root bridge hold
• Root bridge backup
• Root guard
• BPDU guard
• Loop guard
• TC-BPDU guard
• Port role restriction
• TC-BPDU transmission restriction.
70
STP configuration task list
Tasks at a glance
Configuring the root bridge:
• (Required.) Setting the spanning tree mode
• (Optional.) Configuring the root bridge or a secondary root bridge
• (Optional.) Configuring the device priority
• (Optional.) Configuring the network diameter of a switched network
• (Optional.) Configuring spanning tree timers
• (Optional.) Configuring the timeout factor
• (Optional.) Configuring the BPDU transmission rate
• (Optional.) Enabling outputting port state transition information
• (Required.) Enabling the spanning tree feature
71
Tasks at a glance
Configuring the leaf nodes:
• (Required.) Setting the spanning tree mode
• (Optional.) Configuring the device priority
• (Optional.) Configuring the timeout factor
• (Optional.) Configuring the BPDU transmission rate
• (Optional.) Configuring edge ports
• (Optional.) Configuring path costs of ports
• (Optional.) Configuring the port priority
• (Optional.) Configuring the port link type
• (Optional.) Enabling outputting port state transition information
• (Required.) Enabling the spanning tree feature
72
Tasks at a glance
Configuring the leaf nodes:
• (Required.) Setting the spanning tree mode
• (Required.) Configuring an MST region
• (Optional.) Configuring the device priority
• (Optional.) Configuring the timeout factor
• (Optional.) Configuring the BPDU transmission rate
• (Optional.) Configuring edge ports
• (Optional.) Configuring path costs of ports
• (Optional.) Configuring the port priority
• (Optional.) Configuring the port link type
• (Optional.) Configuring the mode a port uses to recognize and send MSTP packets
• (Optional.) Enabling outputting port state transition information
• (Required.) Enabling the spanning tree feature
73
Configuring an MST region
Two or more spanning tree devices belong to the same MST region only if they are configured to have the
same format selector (0 by default, not configurable), MST region name, MST region revision level, and
the same VLAN-to-instance mapping entries in the MST region, and they are connected through a
physical link.
The configuration of MST region-related parameters (especially the VLAN-to-instance mapping table)
might cause MSTP to begin a new spanning tree calculation. To reduce the possibility of topology
instability, the MST region configuration takes effect only after you activate it by using the active
region-configuration command, or enable a spanning tree protocol by using the stp global enable
command if the spanning tree protocol is disabled.
To configure an MST region:
74
When the root bridge of an instance fails or is shut down, the secondary root bridge (if you have
specified one) becomes the root bridge if you have not specified a new root bridge. If you specify
multiple secondary root bridges for an instance, the secondary root bridge with the lowest MAC address
is given priority.
You can specify one root bridge for each spanning tree, regardless of the device priority settings. Once
you specify a device as the root bridge or a secondary root bridge, you cannot change its priority.
You can configure the current device as the root bridge by setting the device priority to 0. For the device
priority configuration, see "Configuring the device priority."
75
Step Command Remarks
1. Enter system view. system-view N/A
• In STP/RSTP mode:
stp priority priority
2. Configure the priority of
the current device. • In MSTP mode: The default setting is 32768.
stp [ instance instance-list ] priority
priority
76
Step Command Remarks
1. Enter system view. system-view N/A
2. Configure the network
diameter of the switched stp bridge-diameter diameter The default setting is 7.
network.
77
• If the max age timer is too short, the device frequently begins spanning tree calculations and might
mistake network congestion as a link failure. If the max age timer is too long, the device might fail
to promptly detect link failures and quickly launch spanning tree calculations, reducing the
auto-sensing capability of the network. H3C recommends using the automatically calculated value.
Configuration procedure
To configure the spanning tree timers:
3. Configure the hello timer. stp timer hello time The default setting is 2 seconds.
78
The higher the BPDU transmission rate, the more BPDUs are sent within each hello time, and the more
system resources are used. By setting an appropriate BPDU transmission rate, you can limit the rate at
which the port sends BPDUs and prevent spanning tree protocols from using excessive network resources
when the network becomes unstable. H3C recommends using the default setting.
To configure the BPDU transmission rate:
Configuration procedure
To specify a port as an edge port:
79
Configuring path costs of ports
Path cost is a parameter related to the rate of a port. On a spanning tree device, a port can have different
path costs in different MSTIs. Setting appropriate path costs allows VLAN traffic flows to be forwarded
along different physical links, achieving VLAN-based load balancing.
You can have the device automatically calculate the default path cost, or you can configure the path cost
for ports.
You can specify a standard for the device to use in automatic calculation for the default path cost. The
device supports the following standards:
• dot1d-1998—The device calculates the default path cost for ports based on IEEE 802.1d-1998.
• dot1t—The device calculates the default path cost for ports based on IEEE 802.1t.
• legacy—The device calculates the default path cost for ports based on a private standard.
When you specify a standard for the device to use when it calculates the default path cost, follow these
guidelines:
• When it calculates the path cost for an aggregate interface, IEEE 802.1t takes into account the
number of Selected ports in its aggregation group, but IEEE 802.1d-1998 does not. The calculation
formula of IEEE 802.1t is: Path cost = 200,000,000/link speed (in 100 kbps), where link speed is
the sum of the link speed values of the Selected ports in the aggregation group.
• IEEE 802.1d-1998 or the private standard always assigns the smallest possible value to a single port
or an aggregate interface when the link speed of the port or interface exceeds 10 Gbps. The
forwarding path selected based on this criterion might not be the best one. To solve this problem,
use dot1t as the standard for default path cost calculation, or manually set the path cost for the port
(see "Configuring path costs of ports").
To specify a standard for the device to use when it calculates the default path cost:
80
Table 10 Mappings between the link speed and the path cost
Path cost
Link speed Port type IEEE
IEEE 802.1t Private standard
802.1d-1998
0 N/A 65535 200000000 200000
Aggregate interface
containing two Selected 1000000 1800
ports
Aggregate interface
containing four Selected 500000 1400
ports
Aggregate interface
containing two Selected 100000 180
ports
Aggregate interface
containing four Selected 50000 140
ports
Aggregate interface
containing two Selected 10000 18
ports
Aggregate interface
containing four Selected 5000 14
ports
Aggregate interface
containing two Selected 1000 1
ports
Aggregate interface
containing four Selected 500 1
ports
81
Path cost
Link speed Port type IEEE
IEEE 802.1t Private standard
802.1d-1998
Single port 1000 1
Aggregate interface
containing two Selected 500 1
ports
Aggregate interface
containing four Selected 250 1
ports
Aggregate interface
containing two Selected 250 1
ports
Aggregate interface
containing four Selected 125 1
ports
Aggregate interface
containing two Selected 100 1
ports
Aggregate interface
containing four Selected 50 1
ports
82
Step Command Remarks
• In STP/RSTP mode:
stp cost cost By default, the system
3. Configure the path cost of the
automatically calculates the
ports. • In MSTP mode:
path cost of each port.
stp [ instance instance-list ] cost cost
Configuration example
# In MSTP mode, specify the device to calculate the default path costs of its ports by using IEEE
802.1d-1998, and set the path cost of Ten-GigabitEthernet 1/0/3 to 200 on MSTI 2.
<Sysname> system-view
[Sysname] stp pathcost-standard dot1d-1998
Cost of every port will be reset and automatically re-calculated after you change the
current pathcost standard. Continue?[Y/N]:y
Cost of every port has been re-calculated.
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] stp instance 2 cost 200
83
Configuration restrictions and guidelines
• You can configure the link type as point-to-point for an aggregate interface or a port that operates
in full duplex mode. H3C recommends using the default setting and letting the device to
automatically detect the port link type.
• The stp point-to-point force-false or stp point-to-point force-true command configured on a port in
MSTP mode takes effect on all MSTIs.
• If you configure a non-point-to-point link as a point-to-point link, the configuration might cause a
temporary loop.
Configuration procedure
To configure the link type of a port:
84
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter Ethernet or aggregate
interface interface-type interface-number N/A
interface view.
3. Configure the mode that the
port uses to recognize/send stp compliance { auto | dot1s | legacy } The default setting is auto.
MSTP packets.
85
Performing mCheck
The mCheck feature enables user intervention in the port status transition process.
If a port on a device that is running MSTP or RSTP connects to an STP device, this port automatically
transits to STP mode when the port receives STP BPDUs. However, if the peer STP device is shut down or
removed and the local device cannot detect the change, the local device cannot automatically transit
back to the original mode. To forcibly transit the port to operate in the original mode, you can perform
an mCheck operation.
Suppose a scenario where Device A, Device B, and Device C are connected in sequence. Device A runs
STP, Device B does not run any spanning tree protocol, and Device C runs RSTP or MSTP. In this case,
when Device C receives an STP BPDU transparently transmitted by Device B, the receiving port transits to
the STP mode. If you configure Device B to run RSTP or MSTP with Device C, you must perform mCheck
operations on the ports interconnecting Device B and Device C.
Configuration procedure
Performing mCheck globally
Step Command
1. Enter system view. system-view
Step Command
1. Enter system view. system-view
2. Enter Ethernet or aggregate interface view. interface interface-type interface-number
3. Perform mCheck. stp mcheck
86
16-byte long and is the result calculated through the HMAC-MD5 algorithm based on VLAN-to-instance
mappings.
Because spanning tree implementations vary by vendor, the configuration digests calculated through
private keys are different. The devices of different vendors in the same MST region cannot communicate
with each other.
To enable communication between an H3C device and a third-party device, enable the Digest Snooping
feature on the port that connects the H3C device to the third-party device in the same MST region.
Configuration procedure
You can enable Digest Snooping only on the H3C device that is connected to a third-party device that
uses its private key to calculate the configuration digest.
To configure Digest Snooping:
87
Digest Snooping configuration example
Network requirements
As shown in Figure 21, Device A and Device B connect to Device C, which is a third-party device. All
these devices are in the same region.
Enable Digest Snooping on the ports of Device A and Device B that connect to Device C, so that the three
devices can communicate with one another.
Figure 21 Network diagram
Configuration procedure
# Enable Digest Snooping on Ten-GigabitEthernet 1/0/1 of Device A and enable global Digest
Snooping on Device A.
<DeviceA> system-view
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] stp config-digest-snooping
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] stp global config-digest-snooping
# Enable Digest Snooping on Ten-GigabitEthernet 1/0/1 of Device B and enable global Digest
Snooping on Device B.
<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] stp config-digest-snooping
[DeviceB-Ten-GigabitEthernet1/0/1] quit
[DeviceB] stp global config-digest-snooping
88
Both RSTP and MSTP devices can perform rapid transition on a designated port only when the port
receives an agreement packet from the downstream device. RSTP and MSTP devices have the following
differences:
• For MSTP, the root port of the downstream device sends an agreement packet only after it receives
an agreement packet from the upstream device.
• For RSTP, the downstream device sends an agreement packet regardless of whether an agreement
packet from the upstream device is received.
Figure 22 Rapid state transition of an MSTP designated port
If the upstream device is a third-party device, the rapid state transition implementation might be limited.
For example, when the upstream device uses a rapid transition mechanism similar to that of RSTP, and the
downstream device adopts MSTP and does not operate in RSTP mode, the root port on the downstream
device receives no agreement packet from the upstream device and sends no agreement packets to the
upstream device. As a result, the designated port of the upstream device fails to transit rapidly, and can
only change to the forwarding state after a period twice the Forward Delay.
You can enable the No Agreement Check feature on the downstream device's port to enable the
designated port of the upstream device to transit its state rapidly.
Configuration prerequisites
Before you configure the No Agreement Check function, complete the following tasks:
89
• Connect a device to a third-party upstream device that supports spanning tree protocols through a
point-to-point link.
• Configure the same region name, revision level and VLAN-to-instance mappings on the two devices,
assigning them to the same region.
Configuration procedure
Enable the No Agreement Check feature on the root port.
To configure No Agreement Check:
Device A Device B
Configuration procedure
# Enable No Agreement Check on Ten-GigabitEthernet 1/0/1 of Device A.
<DeviceA> system-view
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] stp no-agreement-check
90
• Root guard
• Loop guard
• Port role restriction
• TC-BPDU transmission restriction
• TC-BPDU guard
• BPDU drop
91
On a port, the loop guard function, the root guard function, and the edge port setting are mutually
exclusive, and the one configured first takes effect.
Configure root guard on a designated port.
To enable root guard:
92
The change to the bridge ID of a device in the user access network might cause a change to the spanning
tree topology in the core network. To avoid this problem, you can enable port role restriction on a port.
With this feature enabled, when the port receives a superior BPDU, it becomes an alternate port rather
than a root port.
Make this configuration on the port that connects to the user access network.
To configure port role restriction:
The topology change to the user access network might cause the forwarding address changes to the core
network. When the user access network topology is unstable, the user access network might affect the
core network. To avoid this problem, you can enable TC-BPDU transmission restriction on a port. With
this feature enabled, when the port receives a TC-BPDU, it does not forward the TC-BPDU to other ports.
Make this configuration on the port that connects to the user access network.
To configure TC-BPDU transmission restriction:
93
entry flush when the time period expires. This prevents frequent flushing of forwarding address entries.
H3C recommends that you enable TC-BPDU guard.
To enable TC-BPDU guard:
interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
3. Enable BPDU drop on the
bpdu-drop any By default, BPDU drop is disabled.
current interface.
Task Command
Display information about ports blocked by spanning tree
display stp abnormal-port
protection functions.
94
Task Command
Display information about ports shut down by spanning
display stp down-port
tree protection functions.
Display the historical information of port role calculation display stp [ instance instance-list ] history [ slot
for the specified MSTI or all MSTIs. slot-number ]
Display the statistics of TC/TCN BPDUs sent and received display stp [ instance instance-list ] tc [ slot
by all ports in the specified MSTI or all MSTIs. slot-number ]
Display the root bridge information of all MSTIs. display stp root
XG
/0/
E1
E1
/0/
XG
XG
1
/0/
E1
E1
/0/
XG
95
Configuration procedure
1. Configure VLANs and VLAN member ports (details not shown):
{ Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.
{ Create VLAN 10, VLAN 20, and VLAN 40 on Device C.
{ Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
{ Configure the ports on these devices as trunk ports and assign them to related VLANs.
2. Configure Device A:
# Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30,
and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively, and configure the revision level of the
MST region as 0.
<DeviceA> system-view
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name example
[DeviceA-mst-region] instance 1 vlan 10
[DeviceA-mst-region] instance 3 vlan 30
[DeviceA-mst-region] instance 4 vlan 40
[DeviceA-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
# Specify the current device as the root bridge of MSTI 1.
[DeviceA] stp instance 1 root primary
# Enable the spanning tree feature globally.
[DeviceA] stp global enable
3. Configure Device B:
# Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30,
and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively, and configure the revision level of the
MST region as 0.
<DeviceB> system-view
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name example
[DeviceB-mst-region] instance 1 vlan 10
[DeviceB-mst-region] instance 3 vlan 30
[DeviceB-mst-region] instance 4 vlan 40
[DeviceB-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
# Specify the current device as the root bridge of MSTI 3.
[DeviceB] stp instance 3 root primary
# Enable the spanning tree feature globally.
[DeviceB] stp global enable
4. Configure Device C:
96
# Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30,
and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively, and configure the revision level of the
MST region as 0.
<DeviceC> system-view
[DeviceC] stp region-configuration
[DeviceC-mst-region] region-name example
[DeviceC-mst-region] instance 1 vlan 10
[DeviceC-mst-region] instance 3 vlan 30
[DeviceC-mst-region] instance 4 vlan 40
[DeviceC-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceC-mst-region] active region-configuration
[DeviceC-mst-region] quit
# Specify the current device as the root bridge of MSTI 4.
[DeviceC] stp instance 4 root primary
# Enable the spanning tree feature globally.
[DeviceC] stp global enable
5. Configure Device D:
# Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30,
and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively, and configure the revision level of the
MST region as 0.
<DeviceD> system-view
[DeviceD] stp region-configuration
[DeviceD-mst-region] region-name example
[DeviceD-mst-region] instance 1 vlan 10
[DeviceD-mst-region] instance 3 vlan 30
[DeviceD-mst-region] instance 4 vlan 40
[DeviceD-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceD-mst-region] active region-configuration
[DeviceD-mst-region] quit
# Enable the spanning tree feature globally.
[DeviceD] stp global enable
6. Verify the configuration:
In this example, suppose that Device B has the lowest root bridge ID. As a result, Device B is
elected as the root bridge in MSTI 0.
You can use the display stp brief command to display brief spanning tree information on each
device after the network is stable.
# Display brief spanning tree information on Device A.
[DeviceA] display stp brief
[DeviceA] display stp brief
MSTID Port Role STP State Protection
0 Ten-GigabitEthernet1/0/1 ALTE DISCARDING NONE
0 Ten-GigabitEthernet1/0/2 DESI FORWARDING NONE
0 Ten-GigabitEthernet1/0/3 ROOT FORWARDING NONE
1 Ten-GigabitEthernet1/0/1 DESI FORWARDING NONE
97
1 Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE
3 Ten-GigabitEthernet1/0/2 DESI FORWARDING NONE
3 Ten-GigabitEthernet1/0/3 ROOT FORWARDING NONE
# Display brief spanning tree information on Device B.
[DeviceB] display stp brief
MSTID Port Role STP State Protection
0 Ten-GigabitEthernet1/0/1 DESI FORWARDING NONE
0 Ten-GigabitEthernet1/0/2 DESI FORWARDING NONE
0 Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE
1 Ten-GigabitEthernet1/0/2 DESI FORWARDING NONE
1 Ten-GigabitEthernet1/0/3 ROOT FORWARDING NONE
3 Ten-GigabitEthernet1/0/1 DESI FORWARDING NONE
3 Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE
# Display brief spanning tree information on Device C.
[DeviceC] display stp brief
MSTID Port Role STP State Protection
0 Ten-GigabitEthernet1/0/1 DESI FORWARDING NONE
0 Ten-GigabitEthernet1/0/2 ROOT FORWARDING NONE
0 Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE
1 Ten-GigabitEthernet1/0/1 ROOT FORWARDING NONE
1 Ten-GigabitEthernet1/0/2 ALTE DISCARDING NONE
4 Ten-GigabitEthernet1/0/3 DESI FORWARDING NONE
# Display brief spanning tree information on Device D.
[DeviceD] display stp brief
MSTID Port Role STP State Protection
0 Ten-GigabitEthernet1/0/1 ROOT FORWARDING NONE
0 Ten-GigabitEthernet1/0/2 ALTE DISCARDING NONE
0 Ten-GigabitEthernet1/0/3 ALTE DISCARDING NONE
3 Ten-GigabitEthernet1/0/1 ROOT FORWARDING NONE
3 Ten-GigabitEthernet1/0/2 ALTE DISCARDING NONE
4 Ten-GigabitEthernet1/0/3 ROOT FORWARDING NONE
Based on the output, you can draw each MSTI mapped to each VLAN, as shown in Figure 26.
98
Figure 26 MSTIs mapped to different VLANs
A B A B
C C D
A B
D C D
99
Configuring loop detection
Overview
Incorrect network connections or configurations can create Layer 2 loops, which results in repeated
transmission of broadcasts, multicasts, or unknown unicasts, waste network resources, and sometimes
even paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs
so that you are promptly notified to adjust network connections and configurations. You can even
configure loop detection to shut down the looped port. Logs are maintained in the information center. For
more information, see Network Management and Monitoring Configuration Guide.
The Ethernet frame header for loop detection contains the following fields:
• DMAC—Destination MAC address of the frame, which is the multicast MAC address
010F-E200-0007. When a loop detection-enabled device receives a frame with this destination
MAC address, it sends the frame to the CPU and floods the frame in the VLAN from which the frame
was originally received.
• SMAC—Source MAC address of the frame, which is the bridge MAC address of the sending
device.
• TPID—Type of the VLAN tag, with the value of 0x8100.
• TCI—Information of the VLAN tag, including the priority and VLAN ID.
• Type—Protocol type, with the value of 0x8918.
100
Figure 28 Inner frame header for loop detection
The inner frame header for loop detection contains the following fields:
• Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol.
• Version—Protocol version, which is always 0x0000.
• Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header.
• Reserved—This field is reserved.
Frames for loop detection are encapsulated as TLV triplets.
Table 11 TLVs supported by loop detection
101
Port status auto recovery
Port status auto recovery applies only to the block and no-learning loop protection actions. If the device
receives no loop detection frame three loop detection intervals after a loop is detected on a port, the
device automatically sets the port to the forwarding state, and notifies the user of the event.
NOTE:
Incorrect recovery can occur when loop detection frames are discarded to reduce the load. To avoid this,
use the shutdown action, or manually remove the loop.
102
Configuring the loop protection action
You can configure the loop protection action globally or on specific ports. The global configuration
applies to all ports. The per-port configuration applies to the individual ports. The per-port configuration
takes precedence over the global configuration.
interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
interface bridge-aggregation
2. Enter aggregate interface view. N/A
interface-number
103
Setting the loop detection interval
With loop detection enabled, the device sends loop detection frames at a specified interval. A shorter
interval offers more sensitive detection but consumes more resources. Consider the system performance
and loop detection speed when you set the loop detection interval.
To set the loop detection interval:
loopback-detection interval-time
2. Set the loop detection interval. The default setting is 30 seconds.
interval
Task Command
Display the loop detection configuration and status. display loopback-detection
Device A
XGE1/0/1 XGE1/0/2
Device B Device C
VLAN 100
104
Configuration procedure
1. Configure Device A:
# Create VLAN 100, and globally enable loop detection for the VLAN.
<DeviceA> system-view
[DeviceA] vlan 100
[DeviceA-vlan100] quit
[DeviceA] loopback-detection global enable vlan 100
# Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and
assign them to VLAN 100.
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[DeviceA-Ten-GigabitEthernet1/0/2] quit
# Configure the global loop protection action as shutdown.
[DeviceA] loopback-detection global action shutdown
# Set the loop detection interval to 35 seconds.
[DeviceA] loopback-detection interval-time 35
2. Configure Device B:
# Create VLAN 100.
<DeviceB> system-view
[DeviceB] vlan 100
[DeviceB–vlan100] quit
# Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and
assign them to VLAN 100.
[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
[DeviceB-Ten-GigabitEthernet1/0/1] quit
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[DeviceB-Ten-GigabitEthernet1/0/2] quit
3. Configure Device C:
# Create VLAN 100.
<DeviceC> system-view
[DeviceC] vlan 100
[DeviceC–vlan100] quit
# Configure Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as trunk ports, and
assign them to VLAN 100.
[DeviceC] interface ten-gigabitethernet 1/0/1
[DeviceC-Ten-GigabitEthernet1/0/1] port link-type trunk
105
[DeviceC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
[DeviceC-Ten-GigabitEthernet1/0/1] quit
[DeviceC] interface ten-gigabitethernet 1/0/2
[DeviceC-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[DeviceC-Ten-GigabitEthernet1/0/2] quit
106
Configuring VLANs
This chapter provides an overview of VLANs and explains how to configure them.
Overview
Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet
LAN is both a collision domain and a broadcast domain. As the medium is shared, collisions and
broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce
collisions in an Ethernet LAN, but to confine broadcasts, a Layer 2 switch must use the Virtual Local Area
Network (VLAN) technology.
VLANs enable a Layer 2 switch to break a LAN down into smaller broadcast domains, as shown
in Figure 30.
Figure 30 A VLAN diagram
VLAN 2
Switch A Switch B
Router
VLAN 5
A VLAN is logically divided on an organizational basis rather than on a physical basis. For example, you
can assign all workstations and servers used by a particular workgroup to the same VLAN, regardless of
their physical locations. Hosts in the same VLAN can directly communicate with one another. You need
a router or a Layer 3 switch for hosts in different VLANs to communicate with one another.
All these VLAN features reduce bandwidth waste, improve LAN security, and enable flexible virtual
group creation.
107
Figure 31 VLAN tag placement and format
108
Step Command Remarks
By default, VLAN names are in the format
4. Configure a name for
name text VLAN vlan-id. For example, the name of
the VLAN.
VLAN 100 is VLAN 0100 by default.
NOTE:
• As the default VLAN, VLAN 1 cannot be created or removed.
• You cannot use the undo vlan command to delete a dynamic VLAN, a VLAN with a QoS policy
applied, or a VLAN locked by an application. To delete such a VLAN, first remove the configuration
from the VLAN.
109
Step Command Remarks
By default, a VLAN interface is not
8. (Optional.) Cancel the manually shut down. The VLAN interface
action of manually shutting undo shutdown is up if one or more ports in the VLAN is
down the VLAN interface. up, and goes down if all ports in the
VLAN go down.
PVID
By default, VLAN 1 is the PVID for all ports. You can configure the PVID for a port, as required.
Use the following guidelines when configuring the PVID on a port:
• An access port can join only one VLAN. The VLAN to which the access port belongs is the PVID of
the port.
• A trunk or hybrid port can carry multiple VLANs, and you can configure a PVID for the port.
• You can use a nonexistent VLAN as the PVID for a hybrid or trunk port, but not for an access port.
After you remove the VLAN that an access port resides in with the undo vlan command, the PVID
of the port changes to VLAN 1. However, the removal of the VLAN specified as the PVID of a trunk
or hybrid port does not affect the PVID setting on the port.
H3C recommends setting the same PVID for local and remote ports.
Make sure a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the PVID
or untagged frames, the port filters out these frames.
110
How ports of different link types handle frames
111
Step Command Remarks
Use one of the commands.
• The configuration made in
Ethernet interface view applies
only to the port.
• The configuration made in
• Enter Ethernet interface view: aggregate interface view applies
interface interface-type to the aggregate interface and its
interface-number aggregation member ports. If the
• Enter aggregate interface system fails to apply the
view: configuration to an aggregation
interface member port, it skips the port and
2. Enter interface view. moves to the next member port. If
bridge-aggregation
interface-number the system fails to apply the
configuration to the aggregate
• Enter S-channel interface
interface, it stops applying the
view:
configuration to aggregation
interface s-channel
member ports.
interface-number.channel-id
• The configuration made in
S-channel interface view applies
only to the interface. For more
information about S-channel
interfaces, see EVB Configuration
Guide.
3. Configure the link type of the
port link-type access By default, all ports are access ports.
ports as access.
4. (Optional.) Assign the access By default, all access ports belong to
port access vlan vlan-id
ports to a VLAN. VLAN 1.
112
Step Command Remarks
Use one of the commands.
• The configuration made in
Ethernet interface view applies
only to the port.
• The configuration made in
aggregate interface view
applies to the aggregate
• Enter Ethernet interface view: interface and its aggregation
interface interface-type member ports. If the system fails
interface-number to apply the configuration to an
• Enter aggregate interface view: aggregation member port, it
2. Enter interface view. interface bridge-aggregation skips the port and moves to the
interface-number next member port. If the system
fails to apply the configuration
• Enter S-channel interface view:
to the aggregate interface, it
interface s-channel
stops applying the
interface-number.channel-id
configuration to aggregation
member ports.
• The configuration made in
S-channel interface view
applies only to the interface.
For more information about
S-channel interfaces, see EVB
Configuration Guide.
3. Configure the link type of the By default, all ports are access
port link-type trunk
ports as trunk. ports.
4. Assign the trunk ports to the port trunk permit vlan { vlan-list | By default, a trunk port only permits
specified VLANs. all } VLAN 1.
5. (Optional.) Configure the
port trunk pvid vlan vlan-id The default setting is VLAN 1.
PVID of the trunk ports.
113
Step Command Remarks
Use one of the commands.
• The configuration made in
Ethernet interface view applies
only to the port.
• The configuration made in
aggregate interface view
applies to the aggregate
• Enter Ethernet interface view: interface and its aggregation
interface interface-type member ports. If the system fails
interface-number to apply the configuration to an
• Enter aggregate interface view: aggregation member port, it
2. Enter interface view. interface bridge-aggregation skips the port and moves to the
interface-number next member port. If the system
fails to apply the configuration
• Enter S-channel interface view:
to the aggregate interface, it
interface s-channel
stops applying the
interface-number.channel-id
configuration to aggregation
member ports.
• The configuration made in
S-channel interface view
applies only to the interface.
For more information about
S-channel interfaces, see EVB
Configuration Guide.
3. Configure the link type of the By default, all ports are access
port link-type hybrid
ports as hybrid. ports.
Task Command
display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic |
Display VLAN information.
reserved | static ]
114
Port-based VLAN configuration example
Network requirements
As shown in Figure 32, Host A and Host C belong to Department A, and access the enterprise network
through different devices. Host B and Host D belong to Department B. They also access the enterprise
network through different devices.
To ensure communication security and avoid broadcast storms, VLANs are configured in the enterprise
network to isolate Layer 2 packets of different departments. VLAN 100 is assigned to Department A, and
VLAN 200 is assigned to Department B.
Make sure hosts within the same VLAN can communicate with each other: Host A can communicate with
Host C, and Host B can communicate with Host D.
Figure 32 Network diagram
Configuration procedure
1. Configure Device A:
# Create VLAN 100, and assign port Ten-GigabitEthernet 1/0/1 to VLAN 100.
<DeviceA> system-view
[DeviceA] vlan 100
[DeviceA-vlan100] port ten-gigabitethernet 1/0/1
[DeviceA-vlan100] quit
# Create VLAN 200, and assign port Ten-GigabitEthernet 1/0/2 to VLAN 200.
[DeviceA] vlan 200
[DeviceA-vlan200] port ten-gigabitethernet 1/0/2
[DeviceA-vlan200] quit
# Configure port Ten-GigabitEthernet 1/0/3 as a trunk port, and assign it to VLANs 100 and 200,
enabling Ten-GigabitEthernet 1/0/3 to forward packets of VLANs 100 and 200 to Device B.
[DeviceA] interface ten-gigabitethernet 1/0/3
[DeviceA-Ten-GigabitEthernet1/0/3] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/3] port trunk permit vlan 100 200
Please wait... Done.
2. Configure Device B as you configure Device A.
3. Configure hosts:
{ Configure Host A and Host C to be on the same IP subnet. For example, 192.168.100.0/24.
115
{ Configure Host B and Host D to be on the same IP subnet. For example, 192.168.200.0/24.
116
Configuring QinQ
Overview
802.1Q-in-802.1Q (QinQ) is an easy-to-implement L2 VPN technology that enables service providers to
extend Layer 2 Ethernet connections across a MAN between two customer sites.
QinQ enables service providers to separate customer traffic by adding a layer of service provider VLAN
tag (SVLAN tag) to customer traffic.
QinQ provides the following benefits:
• Enables a service provider to use a single SVLAN to convey multiple CVLANs for a customer.
• Enables customers to plan CVLANs without conflicting with SVLANs.
• Enables customers to keep their VLAN assignment schemes unchanged when the service provider
changes its VLAN assignment scheme.
• Allows customers to use overlapping CVLAN IDs, because devices in the service provider network
make forwarding decisions based on SVLAN IDs instead of CVLAN IDs.
117
Figure 33 Single-tagged Ethernet frame header and double-tagged Ethernet frame header
For correct transmission of tagged frames, H3C recommends that you set the MTU of each interface on
the service provider network to at least 1504 bytes, which is the sum of the default interface MTU (1500
bytes) and the size of a VLAN tag (4 bytes).
The devices in the service provider network forward a tagged frame according to its SVLAN tag only,
and they transmit the CVLAN tag as part of the frame's payload.
Figure 34 Typical QinQ application scenario
As shown in Figure 34, customer network A has CVLANs 1 through 10, and customer network B has
CVLANs 1 through 20. The service provider assigns SVLAN 3 to customer network A, and assigns
SVLAN 4 to customer network B.
1. When a tagged Ethernet frame from customer network A arrives at PE1, the PE tags the frame with
SVLAN 3. When a tagged Ethernet frame from customer network B arrives at a PE2, the PE tags
the frame with SVLAN 4.
2. The double-tagged Ethernet frame is then transmitted over the service provider network and arrives
at the other PE. The PE removes the SVLAN tag of the frame before sending it to the target CE.
118
Implementations of QinQ
QinQ is enabled on a per-port basis. The link type of a QinQ-enabled port can be access, hybrid, or
trunk. The QinQ tagging behaviors are the same across these types of ports.
A QinQ-enabled port tags all incoming frames (tagged or untagged) with the PVID tag. If an incoming
frame already has one tag, it becomes a double-tagged frame. If the frame does not have any 802.1Q
tag, it becomes a frame tagged with the PVID.
QinQ provides the most basic VLAN manipulation method, which tags all incoming frames (tagged or
untagged) with the PVID tag. To perform advanced VLAN manipulations, use VLAN mapping (see
"Configuring VLAN mapping") or QoS policies. For example:
• To use different SVLANs for different CVLAN tags, use one-to-two VLAN mapping.
• To replace the SVLAN ID, CVLAN ID, or both IDs for an incoming double-tagged frame, configure
two-to-two VLAN mapping.
• To set the 802.1p priority in SVLAN tags, configure a QoS policy as described in "Setting the
802.1p priority in SVLAN tags."
Enabling QinQ
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter Ethernet interface view interface interface-type
N/A
or aggregate interface view. interface-number
3. Enable QinQ. qinq enable By default, QinQ is disabled.
119
Configuring transparent transmission for VLANs
You can exclude traffic of a VLAN (for example, the management VLAN) from the QinQ tagging action.
To avoid transmission failure for an excluded VLAN, follow these configuration guidelines:
• Set the link type of the port to trunk or hybrid, and assign the port to the VLAN.
• Make sure all ports on the traffic path permit the VLAN to pass through.
• Do not configure any other VLAN manipulation action for the VLAN on the port.
To configure transparent transmission for a list of VLANs:
120
Configuring the CVLAN TPID
Step Command Remarks
1. Enter system view. system-view N/A
2. Configure the TPID value for qinq ethernet-type customer-tag The default setting is 0x8100 for
CVLAN tags. hex-value CVLAN tags.
121
Step Command Remarks
5. Create a traffic behavior
and enter traffic behavior traffic behavior behavior-name N/A
view.
For more information about QoS policies, see ACL and QoS Configuration Guide.
Task Command
display qinq [ interface interface-type
Display the QinQ-enabled ports.
interface-number ]
122
QinQ configuration example
Network requirements
As shown in Figure 35, the two branches of Company A, Site 1 and Site 2, are connected through the
service provider network and use CVLANs 10 through 70. The two branches of Company B, Site 3 and
Site 4, are connected through the service provider network and use CVLANs 30 through 90. PE 1 and
PE 2 are edge devices on the service provider network and are connected through third-party devices
with a TPID value of 0x8200.
Configure the edge and third-party devices to enable communication between the branches of Company
A through SVLAN 100 and communication between the branches of Company B through SVLAN 200.
Figure 35 Network diagram
Configuration procedure
Configuring PE 1
1. Configure Ten-GigabitEthernet 1/0/1:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port and assign it to VLAN 100 and VLANs 10
through 70.
<PE1> system-view
[PE1] interface ten-gigabitethernet 1/0/1
[PE1-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 10 to 70
# Configure VLAN 100 as the PVID for the port.
[PE1-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100
# Enable QinQ on the port.
123
[PE1-Ten-GigabitEthernet1/0/1] qinq enable
[PE1-Ten-GigabitEthernet1/0/1] quit
2. Configure Ten-GigabitEthernet 1/0/2:
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port and assign it to VLAN 100 and VLAN
200.
[PE1] interface ten-gigabitethernet 1/0/2
[PE1-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200
# Set the TPID value in the SVLAN tags to 0x8200 on the port.
[PE1-Ten-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200
[PE1-Ten-GigabitEthernet1/0/2] quit
3. Configure Ten-GigabitEthernet 1/0/3:
# Configure Ten-GigabitEthernet 1/0/3 as a trunk port and assign it to VLAN 200 and VLANs 30
through 90.
[PE1] interface ten-gigabitethernet 1/0/3
[PE1-Ten-GigabitEthernet1/0/3] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/3] port trunk permit vlan 200 30 to 90
# Configure VLAN 200 as the PVID for the port.
[PE1-Ten-GigabitEthernet1/0/3] port trunk pvid vlan 200
# Enable QinQ on the port.
[PE1-Ten-GigabitEthernet1/0/3] qinq enable
[PE1-Ten-GigabitEthernet1/0/3] quit
Configuring PE 2
1. Configure Ten-GigabitEthernet 1/0/1:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port and assign it to VLAN 200 and VLANs 30
through 90.
<PE2> system-view
[PE2] interface ten-gigabitethernet 1/0/1
[PE2-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 200 30 to 90
# Configure VLAN 200 as the PVID for the port.
[PE2-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 200
# Enable QinQ on the port.
[PE2-Ten-GigabitEthernet1/0/1] qinq enable
[PE2-Ten-GigabitEthernet1/0/1] quit
2. Configure Ten-GigabitEthernet 1/0/2:
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port and assign it to VLAN 100 and VLAN
200.
[PE2] interface ten-gigabitethernet 1/0/2
[PE2-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200
# Set the TPID value in the SVLAN tags to 0x8200 on the port.
[PE2-Ten-GigabitEthernet1/0/2] qinq ethernet-type service-tag 8200
[PE2-Ten-GigabitEthernet1/0/2] quit
3. Configure Ten-GigabitEthernet 1/0/3:
124
# Configure Ten-GigabitEthernet 1/0/3 as a trunk port and assign it to VLAN 100 and VLANs 10
through 70.
[PE2] interface ten-gigabitethernet 1/0/3
[PE2-Ten-GigabitEthernet1/0/3] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/3] port trunk permit vlan 100 10 to 70
# Configure VLAN 100 as the PVID for the port.
[PE2-Ten-GigabitEthernet1/0/3] port trunk pvid vlan 100
# Enable QinQ on the port.
[PE2-Ten-GigabitEthernet1/0/3] qinq enable
[PE2-Ten-GigabitEthernet1/0/3] quit
125
Configuration procedure
Configuring PE 1
1. Configure Ten-GigabitEthernet 1/0/1:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port and assign it to VLANs 10 through 50,
100, and 3000.
<PE1> system-view
[PE1] interface ten-gigabitethernet 1/0/1
[PE1-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 10 to 50
# Configure VLAN 100 as the PVID of Ten-GigabitEthernet 1/0/1.
[PE1-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100
# Enable QinQ on the port.
[PE1-Ten-GigabitEthernet1/0/1] qinq enable
# Configure the port to transparently transmit frames from VLAN 3000.
[PE1-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 3000
[PE1-Ten-GigabitEthernet1/0/1] quit
2. Configure Ten-GigabitEthernet 1/0/2 as a trunk port and assign it to VLANs 100 and 3000.
[PE1] interface ten-gigabitethernet 1/0/2
[PE1-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 3000
[PE1-Ten-GigabitEthernet1/0/2] quit
Configuring PE 2
1. Configure Ten-GigabitEthernet 1/0/1:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port and assign it to VLANs 10 through 50,
100, and 3000.
<PE2> system-view
[PE2] interface ten-gigabitethernet 1/0/1
[PE2-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 3000 10 to 50
# Configure VLAN 100 as the PVID of Ten-GigabitEthernet 1/0/1.
[PE1-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100
# Enable QinQ on the port.
[PE2-Ten-GigabitEthernet1/0/1] qinq enable
# Configure the port to transparently transmit frames from VLAN 3000.
[PE2-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 3000
[PE2-Ten-GigabitEthernet1/0/1] quit
2. Configure Ten-GigabitEthernet 1/0/2 as a trunk port and assign it to VLANs 100 and 3000.
[PE2] interface ten-gigabitethernet 1/0/2
[PE2-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 3000
126
Configuring devices between PE 1 and PE 2
On the devices between PE 1 and PE 2, configure the port that connects to PE 1 and the port that
connects to PE 2 to allow tagged frames from VLAN 100 and VLAN 3000 to pass through. (Details not
shown.)
127
Configuring VLAN mapping
Overview
VLAN mapping re-marks VLAN tagged traffic with new VLAN IDs. H3C provides the following types of
VLAN mapping:
• One-to-one VLAN mapping—Replaces one VLAN tag with another. You can use one-to-one VLAN
mapping to sub-classify traffic from a particular VLAN for granular QoS control.
• Many-to-one VLAN mapping—Replaces multiple VLAN tags with the same VLAN tag. You can use
many-to-one VLAN mapping to aggregate traffic from different VLANs to regulate the aggregate
traffic as a whole. Many-to-one VLAN mapping is usually used together with one-to-one VLAN
mapping.
• One-to-two VLAN mapping—Tags single-tagged packets with an outer VLAN tag. One-to-two
VLAN mapping expands the VLAN tag space, and enables a service provider and its customers to
assign VLANs independently without the risk of VLAN assignment conflicts.
• Two-to-two VLAN mapping—Replaces the outer and inner VLAN IDs of double tagged traffic with
a new pair of VLAN IDs. You can use two-to-two VLAN mapping to enable two remote sites in
different VLANs to communicate at Layer 2 across two service provider networks that use different
VLAN assignment schemes.
128
Figure 37 Application scenario of one-to-one and many-to-one VLAN mapping
...
...
...
...
...
...
...
129
Application scenario of one-to-two and two-to-two VLAN
mapping
Figure 38 shows a typical application scenario in which two remote sites of VPN A, Site 1 and Site 2,
must communicate across two SP networks, SP 1 and SP 2.
Figure 38 Application scenario of one-to-two and two-to-two VLAN mapping
Site 1 and Site 2 are in VLAN 2 and VLAN 3, respectively. The VLAN assigned to VPN A is VLAN 10
in the SP 1 network and VLAN 20 in the SP 2 network. When the packet from Site 1 arrives at the edge
of network SP 1, PE 1 tags the packet with outer VLAN 10 by using one-to-two VLAN mapping. With
one-to-two VLAN mapping, a VPN user can plan the VLAN IDs in the network without conflicting with
SVLANs. One-to-two VLAN mapping adds a VLAN tag to a tagged packet and expands the number of
available VLANs to 4094 × 4094. One-to-two VLAN mapping releases the stress on the SVLAN
resources, which were 4094 VLANs in the SP network before the mapping process was initiated.
When the double-tagged packet enters the SP 2 network, PE 3 replaces the outer VLAN tag (VLAN 10)
with VLAN 20, which is the VLAN that the SP 2 network assigns to VPN A. Also, PE 3 replaces the inner
tag (VLAN 2) of the packet with VLAN 3, so that users in Site 1 can communicate with users in Site 2.
130
Figure 39 Basic concepts of VLAN mapping
SP
Network-side port
Customer-side port
Uplink traffic
Downlink traffic
In Figure 40, after you configure one-to-one VLAN mapping on the customer-side port, the device
replaces the CVLAN with the SVLAN for the uplink traffic and replaces the SVLAN with the CVLAN for
the downlink traffic.
131
• For the uplink traffic, after you configure customer-side many-to-one VLAN mapping on the
customer-side port, the device replaces multiple CVLANs with the same SVLAN.
• For the downlink traffic, after you configure network-side many-to-one VLAN mapping on the
network-side port, the device looks up the DHCP snooping table, and replaces the SVLAN with the
CVLAN found in the table. For more information about DHCP snooping, see Layer 3—IP Services
Configuration Guide.
One-to-two VLAN
mapping
Two-to-two VLAN
mapping
In Figure 43, after you configure two-to-two VLAN mapping on the customer-side port, the device
replaces the CVLAN and the SVLAN with the CVLAN' and the SVLAN' for the uplink traffic and replaces
the SVLAN' and CVLAN' with the SVLAN and the CVLAN for the downlink traffic.
132
VLAN mapping configuration task list
When you configure VLAN mapping, follow these guidelines:
• VLAN mapping is mutually exclusive with EVB. Do not enable VLAN mapping and EVB on a port.
• When you configure both VLAN mapping and QinQ to add VLAN tags to packets, if the
configurations conflict, VLAN mapping takes effect. For more information about QinQ, see
"Configuring QinQ."
• When you configure both VLAN mapping and a QoS policy to modify VLAN tags of packets or
add VLAN tags to packets, if the configurations conflict, the QoS policy takes effect. For information
about QoS policies, see ACL and QoS Configuration Guide.
Use the VLAN mapping methods as appropriate to the roles of your devices in the network.
Task Remarks
Configure one-to-one VLAN mapping on the wiring-closet
Configuring one-to-one VLAN mapping
switch as shown in Figure 37.
133
Step Command Remarks
• Configure the port as a trunk port:
port link-type trunk
By default, the link type of a
3. Set the link type of the port. • Configure the port as a hybrid
port is access.
port:
port link-type hybrid
5. Configuring one-to-one VLAN vlan mapping vlan-id translated-vlan By default, VLAN mapping is
mapping. vlan-id not configured on an interface.
Tasks at a glance
• Enabling DHCP snooping
• Enabling ARP detection
• Configuring the customer-side port
• Configuring the network-side port
134
Step Command Remarks
2. Enable DHCP
dhcp snooping enable By default, DHCP snooping is disabled.
snooping.
135
Configuring the network-side port
By default:
• When the port is a trunk port: • A trunk port is assigned to
4. Assign the port to the port trunk permit vlan vlan-list only VLAN 1.
translated VLAN. • When the port is a hybrid port: • A hybrid port is assigned to
port hybrid vlan vlan-list tagged only VLAN 1 as an
untagged member.
136
Step Command Remarks
• Enter Layer 2 Ethernet interface
view:
interface interface-type
2. Enter Layer 2 Ethernet
interface-number
interface view or Layer 2 N/A
aggregate interface view. • Enter Layer 2 aggregate interface
view:
interface bridge-aggregation
interface-number
3. Configure the link type of the By default, the link type of a
port link-type hybrid
port as hybrid. port is access.
137
Step Command Remarks
Use one of the commands.
4. Assign the port to the original By default, a trunk port is
• port trunk permit vlan vlan-list
VLANs and the translated assigned to only VLAN 1, and
VLANs. • port hybrid vlan vlan-list tagged
a hybrid port is only an
untagged member of VLAN 1.
Task Command
Display VLAN mapping
display vlan mapping [ interface interface-type interface-number ]
information.
138
Figure 44 Network diagram
Configuration procedure
1. Configure Switch A:
# Configure customer-side port Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to
original VLANs and translated VLANs.
<SwitchA> system-view
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 2 3 101 201 301
[SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 1 translated-vlan 101
[SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 2 translated-vlan 201
[SwitchA-Ten-GigabitEthernet1/0/1] vlan mapping 3 translated-vlan 301
[SwitchA-Ten-GigabitEthernet1/0/1] quit
139
# Configure customer-side port Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to
original VLANs and translated VLANs.
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 1 2 3 102 202 302
[SwitchA-Ten-GigabitEthernet1/0/2] vlan mapping 1 translated-vlan 102
[SwitchA-Ten-GigabitEthernet1/0/2] vlan mapping 2 translated-vlan 202
[SwitchA-Ten-GigabitEthernet1/0/2] vlan mapping 3 translated-vlan 302
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# Configure network-side port Ten-GigabitEthernet 1/0/3 as a trunk port, and assign the port to
the translated VLANs.
[SwitchA] interface ten-gigabitethernet 1/0/3
[SwitchA-Ten-GigabitEthernet1/0/3] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/3] port trunk permit vlan 101 201 301 102 202 302
[SwitchA-Ten-GigabitEthernet1/0/3] quit
2. Configure Switch in the same way as you configure Switch A.
3. Configure Switch C:
# Enable DHCP snooping.
<SwitchC> system-view
[SwitchC] dhcp snooping enable
# Create the original VLANs and translated VLANs, and enable ARP detection for these VLANs.
[SwitchC] vlan 101
[SwitchC-vlan101] arp detection enable
[SwitchC-vlan101] vlan 201
[SwitchC-vlan201] arp detection enable
[SwitchC-vlan201] vlan 301
[SwitchC-vlan301] arp detection enable
[SwitchC-vlan301] vlan 102
[SwitchC-vlan102] arp detection enable
[SwitchC-vlan102] vlan 202
[SwitchC-vlan202] arp detection enable
[SwitchC-vlan202] vlan 302
[SwitchC-vlan302] arp detection enable
[SwitchC-vlan302] vlan 103
[SwitchC-vlan103] arp detection enable
[SwitchC-vlan103] vlan 203
[SwitchC-vlan203] arp detection enable
[SwitchC-vlan203] vlan 303
[SwitchC-vlan303] arp detection enable
[SwitchC-vlan303] vlan 104
[SwitchC-vlan104] arp detection enable
[SwitchC-vlan104] vlan 204
[SwitchC-vlan204] arp detection enable
[SwitchC-vlan204] vlan 304
[SwitchC-vlan304] arp detection enable
[SwitchC-vlan304] vlan 501
[SwitchC-vlan501] arp detection enable
140
[SwitchC-vlan501] vlan 502
[SwitchC-vlan502] arp detection enable
[SwitchC-vlan502] vlan 503
[SwitchC-vlan503] arp detection enable
[SwitchC-vlan503] quit
# Configure customer-side port Ten-GigabitEthernet 1/0/1 as a trunk port, assign the port to
original VLANs and translated VLANs, and enable DHCP snooping entry recording on the port.
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 101 102 201 202 301 302 501
to 503
[SwitchC-Ten-GigabitEthernet1/0/1] vlan mapping uni range 101 to 102 translated-vlan
501
[SwitchC-Ten-GigabitEthernet1/0/1] vlan mapping uni range 201 to 202 translated-vlan
502
[SwitchC-Ten-GigabitEthernet1/0/1] vlan mapping uni range 301 to 302 translated-vlan
503
[SwitchC-Ten-GigabitEthernet1/0/2] dhcp snooping binding record
[SwitchC-Ten-GigabitEthernet1/0/1] quit
# Configure customer-side port Ten-GigabitEthernet 1/0/2 as a trunk port, assign the port to
original VLANs and translated VLANs, and enable DHCP snooping entry recording on the port.
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 103 104 203 204 303 304 501
to 503
[SwitchC-Ten-GigabitEthernet1/0/2] vlan mapping uni range 103 to 104 translated-vlan
501
[SwitchC-Ten-GigabitEthernet1/0/2] vlan mapping uni range 203 to 204 translated-vlan
502
[SwitchC-Ten-GigabitEthernet1/0/2] vlan mapping uni range 303 to 304 translated-vlan
503
[SwitchC-Ten-GigabitEthernet1/0/2] dhcp snooping binding record
[SwitchC-Ten-GigabitEthernet1/0/2] quit
# Configure network-side many-to-one VLAN mapping on network-side port Ten-GigabitEthernet
1/0/3.
[SwitchC] interface ten-gigabitethernet 1/0/3
[SwitchC-Ten-GigabitEthernet1/0/3] vlan mapping nni
# Configure Ten-GigabitEthernet 1/0/3 as a trunk port, assign the port to the translated VLANs,
and configure the port as a DHCP snooping trusted port and an ARP trusted port.
[SwitchC-Ten-GigabitEthernet1/0/3] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/3] port trunk permit vlan 501 to 503
[SwitchC-Ten-GigabitEthernet1/0/3] dhcp snooping trust
[SwitchC-Ten-GigabitEthernet1/0/3] arp detection trust
[SwitchC-Ten-GigabitEthernet1/0/3] quit
4. Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to the translated VLANs
on Switch D.
<SwitchD> system-view
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] port link-type trunk
141
[SwitchD-Ten-GigabitEthernet1/0/1] port trunk permit vlan 501 to 503
[SwitchD-Ten-GigabitEthernet1/0/1] quit
142
Figure 45 Network diagram
SP 1 SP 2
PE 1 PE 2 PE 3 PE 4
XGE1/0/2 XGE1/0/1 XGE1/0/2 XGE1/0/1 XGE1/0/2 XGE1/0/1
XGE1/0/1 XGE1/0/2
VLAN 100 VLAN 5 Data VLAN 200 VLAN 6 Data
VPN A VPN A CE 2
CE 1
Site 1 Site 2
Configuration procedure
1. Configure PE 1:
# Configure one-to-two VLAN mapping on customer-side port Ten-GigabitEthernet 1/0/1 to add
outer VLAN tag 100 to packets from VLAN 5.
<PE1> system-view
[PE1] interface ten-gigabitethernet 1/0/1
[PE1-Ten-GigabitEthernet1/0/1] vlan mapping nest single 5 nested-vlan 100
# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, assign the port to VLAN 5 as a tagged
member, and assign the port to VLAN 100 as an untagged member.
[PE1-Ten-GigabitEthernet1/0/1] port link-type hybrid
[PE1-Ten-GigabitEthernet1/0/1] port hybrid vlan 5 tagged
[PE1-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged
[PE1-Ten-GigabitEthernet1/0/1] quit
# Configure network-side port Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to
VLAN 100.
[PE1] interface ten-gigabitethernet 1/0/2
[PE1-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[PE1-Ten-GigabitEthernet1/0/2] quit
2. Configure PE 2:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 100.
<PE2> system-view
[PE2] interface ten-gigabitethernet 1/0/1
[PE2-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
[PE2-Ten-GigabitEthernet1/0/1] quit
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 100.
[PE2] interface ten-gigabitethernet 1/0/2
[PE2-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE2-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[PE2-Ten-GigabitEthernet1/0/2] quit
143
3. Configure PE 3:
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLANs 100 and
200.
<PE3> system-view
[PE3] interface ten-gigabitethernet 1/0/1
[PE3-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE3-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 200
# Configure two-to-two VLAN mapping on Ten-GigabitEthernet 1/0/1 to map outer VLAN 100
and inner VLAN 5 to outer VLAN 200 and inner VLAN 6.
[PE3-Ten-GigabitEthernet1/0/1] vlan mapping tunnel 100 5 translated-vlan 200 6
[PE3-Ten-GigabitEthernet1/0/1] quit
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 200.
[PE3] interface ten-gigabitethernet 1/0/2
[PE3-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE3-Ten-GigabitEthernet1/0/2] port trunk permit vlan 200
[PE3-Ten-GigabitEthernet1/0/2] quit
4. Configure PE 4:
# Configure network-side port Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to
VLAN 200.
<PE4> system-view
[PE4] interface ten-gigabitethernet 1/0/1
[PE4-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE4-Ten-GigabitEthernet1/0/1] port trunk permit vlan 200
[PE4-Ten-GigabitEthernet1/0/1] quit
# Configure customer-side port Ten-GigabitEthernet 1/0/2 as a hybrid port, assign the port to
VLAN 6 as a tagged member, and assign the port to VLAN 200 as an untagged member.
[PE4] interface ten-gigabitethernet 1/0/2
[PE4-Ten-GigabitEthernet1/0/2] port link-type hybrid
[PE4-Ten-GigabitEthernet1/0/2] port hybrid vlan 6 tagged
[PE4-Ten-GigabitEthernet1/0/2] port hybrid vlan 200 untagged
# Configure one-to-two VLAN mapping on customer-side port Ten-GigabitEthernet 1/0/2 to add
outer VLAN tag 200 to packets from VLAN 6.
[PE4-Ten-GigabitEthernet1/0/2] vlan mapping nest single 6 nested-vlan 200
[PE4-Ten-GigabitEthernet1/0/2] quit
144
[PE4] display vlan mapping
Interface Ten-GigabitEthernet1/0/2:
Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN
6 N/A 200 6
The output shows that one-to-two VLAN mapping is successfully configured on PE 1 and PE 4, and
two-to-two VLAN mapping is successfully configured on PE 3.
145
Configuring LLDP
Overview
In a heterogeneous network, a standard configuration exchange platform ensures that different types of
network devices from different vendors can discover one another and exchange configuration for the
sake of interoperability and management.
The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data
link layer to exchange device information between directly connected devices. With LLDP, a device sends
local device information (including its major functions, management IP address, device ID, and port ID)
as TLV (type, length, and value) triplets in LLDP Data Units (LLDPDUs) to the directly connected devices. At
the same time, the device stores the device information received in LLDPDUs sent from the LLDP neighbors
in a standard MIB. For more information about MIBs, see Network Management and Monitoring
Configuration Guide. LLDP enables a network management system to quickly detect and identify Layer 2
network topology changes.
Basic concepts
LLDP agent
An LLDP agent is a mapping of an entity where LLDP runs. Multiple LLDP agents can run on an interface
at the same time. LLDP agents are divided into the following types: nearest bridge agent, nearest
customer bridge agent, and nearest non-TPMR bridge agent. A Two-port MAC Relay (TPMR) is a type of
bridge that has only two externally-accessible bridge ports, and supports a subset of the functions of a
MAC bridge. A TPMR is transparent to all frame-based media independent protocols except those
destined to it and those destined to reserved MAC addresses that the relay function of the TPMR is
defined not to forward. LLDP exchanges packets between neighbor agents and creates and maintains
neighbor information for them. Figure 46 shows the neighbor relationships for these LLDP agents. LLDP
has two bridge modes: customer bridge (CB) and service bridge (SB).
Figure 46 LLDP neighbor relationships
LLDPDU formats
LLDP sends device information in LLDPDUs. LLDPDUs are encapsulated in Ethernet II or SNAP frames.
1. LLDPDU encapsulated in Ethernet II
146
Figure 47 Ethernet II-encapsulated LLDPDU
Field Description
MAC address to which the LLDPDU is advertised. To distinguish between LLDP
packets sent and received by different agent types on the same interface, LLDP
specifies different multicast MAC addresses as destination MAC addresses for
LLDP packets to different agent types. It is fixed to multicast MAC address
Destination MAC address
0x0180-C200-000E (only for LLDP packets destined for the nearest bridge
neighbor), 0x0180-C200-0000 (only for LLDP packets destined for the nearest
customer bridge neighbor), or 0x0180-C200-0003 (only for LLDP packets
destined for the nearest TPMR bridge neighbor).
Type Ethernet type for the upper layer protocol. It is 0x88CC for LLDP.
Data LLDPDU.
Frame check sequence, a 32-bit CRC value used to determine the validity of
FCS
the received Ethernet frame.
147
Table 13 Fields in a SNAP-encapsulated LLDPDU
Field Description
MAC address to which the LLDPDU is advertised. It is fixed at
Destination MAC address
0x0180-C200-000E, a multicast MAC address.
Data LLDPDU.
Frame check sequence, a 32-bit CRC value used to determine the validity of
FCS
the received Ethernet frame.
LLDPDUs
LLDP uses LLDPDUs to exchange information. An LLDPDU comprises multiple TLV sequences. Each TLV
carries a type of device information, as shown in Figure 49.
Figure 49 LLDPDU encapsulation format
An LLDPDU can carry up to 28 types of TLVs. Mandatory TLVs include Chassis ID TLV, Port ID TLV, Time
to Live TLV, and End of LLDPDU TLV. Other TLVs are optional.
TLVs
TLVs are type, length, and value sequences that carry information elements.
LLDPDU TLVs include the following categories:
• Basic management TLVs
• Organizationally (IEEE 802.1 and IEEE 802.3) specific TLVs
• LLDP-MED (media endpoint discovery) TLVs
Basic management TLVs are essential to device management. Organizationally specific TLVs and
LLDP-MED TLVs are used for enhanced device management; they are defined by standardization or other
organizations and are optional to LLDPDUs.
1. Basic management TLVs
Table 14 lists the basic management TLV types. Some of them are mandatory to LLDPDUs (they
must be included in every LLDPDU).
Table 14 Basic management TLVs
Port ID If the LLDPDU carries LLDP-MED TLVs, the port ID TLV carries the
MAC address of the sending port. Otherwise, the port ID TLV Mandatory.
carries the port name.
148
Type Description Remarks
End of LLDPDU Marks the end of the TLV sequence in the LLDPDU.
Type Description
Specifies the port's VLAN identifier (PVID). An LLDPDU carries only one TLV of
Port VLAN ID
this type.
Indicates whether the device supports protocol VLANs and, if so, what VLAN
Port And Protocol VLAN ID IDs these protocols will be associated with. An LLDPDU can carry multiple
different TLVs of this type.
Specifies the textual name of any VLAN to which the port belongs. An LLDPDU
VLAN Name
can carry multiple different TLVs of this type.
NOTE:
H3C devices support only receiving protocol identity TLVs.
Type Description
Contains the bit-rate and duplex capabilities of the sending port,
MAC/PHY Configuration/Status support for autonegotiation, enabling status of autonegotiation, and
the current rate and duplex mode.
Contains the power supply capability of the port, including the PoE
type (PSE or PD), PoE mode, whether PSE power supply is supported,
Power Via MDI
whether PSE power supply is enabled, and whether the PoE mode is
controllable.
Indicates the supported maximum frame size. It is now the MTU of the
Maximum Frame Size
port.
149
Type Description
Indicates the power state control configured on the sending port,
Power Stateful Control including the power type of the PSE/PD, PoE sourcing/receiving
priority, and PoE sourcing/receiving power.
NOTE:
The power stateful control TLV is defined in IEEE P802.3at D1.0 and is not supported in later versions. H3C
devices send this type of TLVs only after receiving them.
4. LLDP-MED TLVs
LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic
configuration, network policy configuration, and address and directory management. LLDP-MED
TLVs provide a cost-effective and easy-to-use solution for deploying voice devices in Ethernet.
LLDP-MED TLVs are shown in Table 17.
Table 17 LLDP-MED TLVs
Type Description
Allows a network device to advertise the LLDP-MED TLVs that it
LLDP-MED Capabilities
supports.
Allows a terminal device to advertise its asset ID. The typical case is
Asset ID that the user specifies the asset ID for the endpoint to facilitate
directory management and asset tracking.
NOTE:
If the MAC/PHY configuration/status TLV is not advertisable, none of the LLDP-MED TLVs will be
advertised even if they are advertisable. If the LLDP-MED capabilities TLV is not advertisable, the other
LLDP-MED TLVs will not be advertised even if they are advertisable.
150
Management address
The network management system uses the management address of a device to identify and manage the
device for topology maintenance and network management. The management address is encapsulated
in the management address TLV.
Work mechanism
LLDP operating modes
LLDP can operate in one of the following modes:
• TxRx mode—A port in this mode can send and receive LLDPDUs.
• Tx mode—A port in this mode can only send LLDPDUs.
• Rx mode—A port in this mode can only receive LLDPDUs.
• Disable mode—A port in this mode cannot send or receive LLDPDUs.
Each time the LLDP operating mode of a port changes, its LLDP protocol state machine re-initializes. A
configurable re-initialization delay prevents frequent initializations because of frequent changes to the
operating mode. With this delay configured, before a port can initialize LLDP, it must wait for the
specified interval after the LLDP operating mode changes.
Transmitting LLDPDUs
An LLDP-enabled port operating in TxRx mode or Tx mode sends LLDPDUs to its directly connected
devices both periodically and when the local configuration changes. To prevent LLDPDUs from
overwhelming the network during times of frequent changes to local device information, you can set a
delay between two successive LLDPDUs.
This interval is shortened to 1 second in either of the following cases:
• A new neighbor is discovered. A new LLDPDU is received and carries device information new to the
local device.
• The LLDP operating mode of the port changes from Disable or Rx to TxRx or Tx.
This is the fast sending mechanism of LLDP. With this mechanism, a specific number of LLDPDUs are sent
successively at 1-second intervals to help LLDP neighbors discover the local device as soon as possible.
Then, the normal LLDPDU transmit interval resumes.
Receiving LLDPDUs
An LLDP-enabled port that is operating in TxRx mode or Rx mode checks the validity of TLVs carried in
every received LLDPDU. If valid, the information is saved and an aging timer is set for it based on the TTL
value in the TTL TLV carried in the LLDPDU. If the TTL value is zero, the information ages out immediately.
151
LLDP configuration task list
Tasks at a glance
Performing basic LLDP configuration:
• (Required.) Enabling LLDP
• (Optional.) Setting the LLDP operating mode
• (Optional.) Setting the LLDP re-initialization delay
• (Optional.) Enabling LLDP polling
• (Optional.) Configuring the advertisable TLVs
• (Optional.) Configuring the management address and its encoding format
• (Optional.) Setting other LLDP parameters
• (Optional.) Setting an encapsulation format for LLDPDUs
By default:
• When the switch starts
up with empty
configuration, LLDP is
disabled globally.
• When the switch starts
2. Enable LLDP globally. up with the default
lldp global enable
configuration file, LLDP
is enabled globally.
For more information about
empty configuration and
the default configuration
file, see Fundamentals
Configuration Guide.
152
Step Command Remarks
By default, LLDP is enabled
4. (Optional.) Enable LLDP. lldp enable
on a port.
153
Step Command Remarks
1. Enter system view. system-view N/A
154
Step Command Remarks
By default, the
management address is
sent through LLDPDUs.
For a Ethernet port, the
management address is
the main IP address of
the VLAN interface that
3. Allow LLDP to advertise the is in up state and whose
management address in corresponding VLAN ID
lldp tlv-enable basic-tlv
LLDPDUs and configure the is the lowest among the
management-address-tlv [ ip-address ]
advertised management VLANs permitted on the
address. port. If none of the
VLAN interfaces of the
permitted VLANs is
assigned an IP address
or all VLAN interfaces
are down, no
management address
will be advertised.
By default, the
4. Configure the encoding
management address is
format of the management lldp management-address-format string
encapsulated in the
address as character string.
numeric format.
155
Step Command Remarks
3. Set the LLDPDU transmit The default setting is 30
lldp timer tx-interval interval
interval. seconds.
4. Set the LLDPDU transmit delay. lldp timer tx-delay delay The default setting is 2 seconds.
5. Set the number of LLDPDUs
sent each time fast LLDPDU lldp fast-count count The default setting is 3.
transmission is triggered.
156
Configuration prerequisites
Before you configure CDP compatibility, complete the following tasks:
• Globally enable LLDP.
• Enable LLDP on the port connecting to a device supporting CDP, and configure the port to operate
in TxRx mode.
Configuration procedure
CDP-compatible LLDP operates in one of the following modes:
• TxRx—CDP packets can be transmitted and received.
• Disable—CDP packets cannot be transmitted or received.
LLDP traps are sent periodically, and the interval is configurable. To make CDP-compatible LLDP take
effect on specific ports, first enable CDP-compatible LLDP globally, and then configure CDP-compatible
LLDP to operate in TxRx mode.
The maximum TTL value that CDP allows is 255 seconds. To make CDP-compatible LLDP work correctly
with Cisco IP phones, configure the LLDPDU transmit interval to be no more than 1/3 of the TTL value.
To enable LLDP to be compatible with CDP:
interface interface-type
3. Enter Ethernet interface view. N/A
interface-number
4. Configure CDP-compatible lldp compliance admin-status cdp By default, CDP-compatible LLDP
LLDP to operate in TxRx mode. txrx operates in Disable mode.
Configuring DCBX
Data Center Ethernet (DCE), also known as Converged Enhanced Ethernet (CEE), is enhancement and
expansion of traditional Ethernet local area networks for use in data centers. DCE uses the Data Center
Bridging Exchange Protocol (DCBX) to negotiate and remotely configure the bridge capability of
network elements.
DCBX has two self-adaptable versions, DCB Capability Exchange Protocol Specification Rev 1.00 and
DCB Capability Exchange Protocol Base Specification Rev 1.01. DCBX offers the following functions:
• Discovers the peer devices' capabilities and determines whether devices at both ends support these
capabilities.
• Detects configuration errors on peer devices.
• Remotely configures the peer device if the peer device accepts the configuration.
NOTE:
H3C devices support only the remote configuration function.
157
Figure 50 DCBX application scenario
Tasks at a glance
(Required.) Enabling LLDP and DCBX TLV advertising
158
Step Command Remarks
By default:
• When the switch starts up
with empty configuration,
LLDP is disabled globally.
2. Enable LLDP globally. lldp global enable
• When the switch starts up
with the default
configuration file, LLDP is
enabled globally.
3. Enter Ethernet interface
interface interface-type interface-number N/A
view.
159
Step Command Remarks
An Ethernet frame header ACL
number is in the range of 4000 to
4999. An IPv4 advanced ACL
2. Create an Ethernet frame number is in the range of 3000 to
acl number acl-number [ name 3999.
header ACL or an IPv4
acl-name ] [ match-order { auto |
advanced ACL and enter ACL DCBX Rev 1.00 supports only
config } ]
view. Ethernet frame header ACLs. DCBX
Rev 1.01 supports both Ethernet
frame header ACLs and IPv4
advanced ACLs.
• For the Ethernet frame header
ACL:
rule [ rule-id ] permit type
protocol-type ffff Create rules according to the type
3. Create a rule for the ACL.
of the ACL previously created.
• For the IPv4 advanced ACL:
rule [ rule-id ] permit { tcp |
udp } destination-port eq port
4. Return to system view. quit N/A
5. Create a class, specify the
traffic classifier classifier-name
operator of the class as OR, N/A
operator or
and enter class view.
6. Use the specified ACL as the
if-match acl acl-number N/A
match criterion of the class.
7. Return to system view. quit N/A
8. Create a traffic behavior and
traffic behavior behavior-name N/A
enter traffic behavior view.
9. Configure the behavior to
mark packets with the specific remark dot1p 8021p N/A
802.1p priority.
10. Return to system view. quit N/A
11. Create a QoS policy and
qos policy policy-name N/A
enter QoS policy view.
160
Step Command Remarks
• (Method 1) To the outgoing
traffic of all ports:
qos apply policy policy-name
global outbound
• (Method 2) To the outgoing
• Configurations made in system
traffic of an Ethernet interface:
view take effect on all ports.
14. Apply the QoS policy. a. Enter Ethernet interface
• Configurations made in
view:
Ethernet interface view take
interface interface-type
effect on the interface.
interface-number
b. Apply the QoS policy to
the outgoing traffic:
qos apply policy
policy-name outbound
For more information about the acl, rule, traffic classifier, if-match, traffic behavior, remark dot1p, qos
policy, classifier behavior, qos apply policy global, and qos apply policy commands, see ACL and QoS
Command Reference.
interface interface-type
5. Enter Ethernet interface view. N/A
interface-number
6. Configure the interface to
By default, the port priority of the
trust the 802.1p priority qos trust dot1p
incoming port is trusted.
carried in packets.
161
For more information about the qos map-table and import commands, see ACL and QoS Command
Reference.
For more information about the qos wrr, qos wrr byte-count, and qos wrr group sp commands, see ACL
and QoS Command Reference.
interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
162
Step Command Remarks
By default, PFC is disabled for all
802.1p priorities.
H3C recommends that you enable
4. Enable PFC for specific 802.1p priority-flow-control no-drop PFC for the 802.1p priority of
priorities. dot1p dot1p-list FCoE traffic. If you enable PFC for
multiple 802.1p priorities, packet
loss might occur during periods of
congestion.
5. Configure the interface to trust
By default, the port priority of the
the 802.1p priority carried in qos trust dot1p
incoming port is trusted.
packets.
For more information about the priority-flow-control and priority-flow-control no-drop dot1p commands,
see Layer 2—LAN Switching Command Reference.
Configuration prerequisites
Before you configure the DCBX version, complete the following tasks:
• Enable LLDP globally and configure the interface to advertise DCBX TLVs.
• Configure the APP parameters, ETS parameters, or PFC parameters to be advertised on the
interface.
Configuration procedure
To configure the DCBX version:
163
Step Command Remarks
By default, the DCBX version is
3. Configure the DCBX autonegotiated by two interfaces, with
dcbx version { rev100 | rev101 }
version. the DCBX Rev 1.01 as the initial version
for negotiation at the local end.
Task Command
Display the global LLDP information
display lldp local-information [ global | interface interface-type
or the information contained in the
interface-number ]
LLDP TLVs to be sent through a port.
Display LLDP statistics. display lldp statistics [ global | interface interface-type interface-number ]
Display LLDP status of a port. display lldp status [ interface interface-type interface-number ]
164
Basic LLDP configuration example
Network requirements
As shown in Figure 51, the NMS and Switch A are located in the same Ethernet network. An MED device
and Switch B are connected to Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 of Switch A.
Enable LLDP globally on Switch A and Switch B to monitor the link between Switch A and Switch B and
the link between Switch A and the MED device on the NMS.
Figure 51 Network diagram
Configuration procedure
1. Configure Switch A:
# Enable LLDP globally.
<SwitchA> system-view
[SwitchA] lldp global enable
# Enable LLDP on Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2. (You can skip this
step because LLDP is enabled on ports by default.) Set the LLDP operating mode to Rx.
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] lldp enable
[SwitchA-Ten-GigabitEthernet1/0/1] lldp admin-status rx
[SwitchA-Ten-GigabitEthernet1/0/1] quit
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] lldp enable
[SwitchA-Ten-GigabitEthernet1/0/2] lldp admin-status rx
[SwitchA-Ten-GigabitEthernet1/0/2] quit
2. Configure Switch B:
# Enable LLDP globally.
<SwitchB> system-view
[SwitchB] lldp global enable
# Enable LLDP on Ten-GigabitEthernet1/0/1. (You can skip this step because LLDP is enabled on
ports by default.) Set the LLDP operating mode to Tx.
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] lldp enable
[SwitchB-Ten-GigabitEthernet1/0/1] lldp admin-status tx
[SwitchB-Ten-GigabitEthernet1/0/1] quit
3. Verify the configuration:
# Display the global LLDP status and port LLDP status on Switch A.
165
[SwitchA] display lldp status
Global status of LLDP: Enable
The current number of LLDP neighbors: 2
The current number of CDP neighbors: 0
LLDP neighbor information last changed time: 0 days, 0 hours, 4 minutes, 40 seconds
Transmit interval : 30s
Hold multiplier : 4
Reinit delay : 2s
Transmit delay : 2s
Trap interval : 5s
Fast start times : 3
166
Hold multiplier : 4
Reinit delay : 2s
Transmit delay : 2s
Trap interval : 5s
Fast start times : 3
NOTE:
Suppose that both Switch A and DC server support DCBX Rev 1.01.
167
Figure 52 Network diagram
Configuration procedure
1. Enable LLDP and DCBX TLV advertising:
# Enable LLDP globally.
<SwitchA> system-view
[SwitchA] lldp global enable
# Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1.
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] lldp enable
[SwitchA-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx
[SwitchA-Ten-GigabitEthernet1/0/1] quit
2. Configure APP parameters:
# Create Ethernet frame header ACL 4000, and configure the ACL to permit FCoE packets (whose
protocol number is 0x8906) and FIP packets (whose protocol number is 0x8914) to pass through.
[SwitchA] acl number 4000
[SwitchA-acl-ethernetframe-4000] rule permit type 8906 ffff
[SwitchA-acl-ethernetframe-4000] rule permit type 8914 ffff
[SwitchA-acl-ethernetframe-4000] quit
# Create a class named app_c, specify the operator of the class as OR, and use ACL 4000 as the
match criterion of the class.
[SwitchA] traffic classifier app_c operator or
[SwitchA-classifier-app_c] if-match acl 4000
[SwitchA-classifier-app_c] quit
# Create a traffic behavior named app_b, and configure the traffic behavior to mark packets with
802.1p priority value 3.
[SwitchA] traffic behavior app_b
[SwitchA-behavior-app_b] remark dot1p 3
[SwitchA-behavior-app_b] quit
# Create a QoS policy named plcy, associate class app_c with traffic behavior app_b in the QoS
policy, and apply the association to DCBX.
[SwitchA] qos policy plcy
[SwitchA-qospolicy-plcy] classifier app_c behavior app_b mode dcbx
[SwitchA-qospolicy-plcy] quit
# Apply the policy named plcy to the outgoing traffic of interface Ten-GigabitEthernet 1/0/1.
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy plcy outbound
[SwitchA-Ten-GigabitEthernet1/0/1] quit
3. Configure ETS parameters:
168
# Configure the 802.1p-to-local priority mapping table to map 802.1p priority value 3 to local
precedence 3. (This is the default mapping table. You can modify this configuration as needed.)
[SwitchA] qos map-table dot1p-lp
[SwitchA-maptbl-out-dot1p-lp] import 3 export 3
[SwitchA-maptbl-out-dot1p-lp] quit
# Enable byte-count WRR queuing on interface Ten-GigabitEthernet 1/0/1, and configure queue
3 on the interface to use strict priority queuing.
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr byte-count
[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr 3 group sp
4. Enable interface Ten-GigabitEthernet 1/0/1 to automatically negotiate with its peer to decide
whether to enable PFC, and enable PFC for 802.1 priority 3.
[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control auto
[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control no-drop dot1p 3
5. Verify the configuration:
Through the specific menu on the DC server, you can see the data exchange procedure between
the DC server and Switch A. Take a Qlogic adapter on the DC server, for example. The data
exchange procedure is as follows:
------------------------------------------------------
DCBX Parameters Details for CNA Instance 0 - QLE8142
------------------------------------------------------
169
Priority Group 0 Percentage: 2
Priority Group 1 Percentage: 4
Priority Group 2 Percentage: 6
Priority Group 3 Percentage: 0
Priority Group 4 Percentage: 10
Priority Group 5 Percentage: 18
Priority Group 6 Percentage: 27
Priority Group 7 Percentage: 31
170
DCBX Parameter Data
Priority Group ID of Priority 1: 0
Priority Group ID of Priority 0: 0
171
DCBX Parameter Information
Parameter Type: Remote
Pad Byte Present: No
DCBX Parameter Valid: Yes
Reserved: 0
172
Configuring service loopback groups
A service loopback group contains one or multiple Ethernet ports for looping packets sent out by the
device back to the device. This feature must work with other features, such as GRE.
A service loopback group provides one of the following services:
• Tunnel—Supports unicast tunnel traffic.
• Multicast tunnel—Supports multicast tunnel traffic.
The device supports only one service loopback group for each service type. However, you can use one
service loopback group with multiple features.
Member ports in a service loopback group are load balanced.
Configuration procedure
Follow these guidelines when you configure a service loopback group:
• Make sure the ports you are assigning to a service loopback group meet the following
requirements:
{ The ports are not used for any other purposes. The configuration on a port is removed when it
is assigned to a service loopback group.
{ The ports support the service type of the service loopback group and are not members of any
other service loopback group.
• You cannot change the service type of a service loopback group.
• For correct traffic processing, make sure a service loopback group has at least one member port
when it is being used by a feature.
To configure a service loopback group:
interface interface-type
3. Enter Ethernet interface view. N/A
interface-number
4. Assign the port to the service port service-loopback group By default, a port does not belong
loopback group. number to any service loopback group.
173
Task Command
Display information about service loopback groups. display service-loopback group [ number ]
Configuration procedure
# Create service loopback group 1, and specify its service type as Tunnel.
<DeviceA> system-view
[DeviceA] service-loopback group 1 type tunnel
# Create tunnel interface 1 operating in GRE mode, which will automatically reference service loopback
group 1.
[DeviceA] interface tunnel 1 mode gre
[DeviceA-Tunnel1]
174
Configuring cut-through forwarding
A cut-through forwarding-enabled device forwards a frame after it receives the first 64 bytes of the frame.
This feature reduces the transmission time of a frame within the device, and enhances forwarding
performance.
To configure cut-through forwarding:
175
Index
176
STP TC-BPDU guard, 93 CIST
STP TC-BPDU transmission restriction, 93 calculation, 69
transmission rate configuration, 78 network device connection, 67
bridge STP max age timer, 77
LAN switching LLDP agent customer bridge, 146 combining
LAN switching LLDP agent nearest bridge, 146 Ethernet 10-GE interfaces into 40-GE interface, 2
LAN switching LLDP agent non-TPMR common root bridge, 67
bridge, 146 configuration example
MST common root bridge, 67, 67 many-to-one VLAN mapping, 138
MST regional root, 67 one-to-one VLAN mapping, 138
MSTP root bridge configuration, 74 one-to-two VLAN mapping, 142
MSTP secondary root bridge configuration, 74 two-to-two VLAN mapping, 142
RSTP root bridge configuration, 74 configuring
RSTP secondary root bridge configuration, 74 basic settings for an Ethernet interface, 1
STP designated bridge, 59 Ethernet aggregate interface, 41
STP loop guard, 92 Ethernet aggregate interface (description), 41
STP root bridge, 59 Ethernet interface, 1
STP root bridge configuration, 74 Ethernet interface generic flow control, 6
STP root guard, 91 Ethernet interface jumbo frame support, 3
STP secondary root bridge configuration, 74 Ethernet interface PFC, 7
bulk Ethernet interface physical state change
interface configuration, 16 suppression, 4
C Ethernet interfaces, 1
Ethernet link aggregation, 32, 39, 48
cable
Ethernet link aggregation group, 39
Layer 2 Ethernet interface cable connection, 13
Ethernet link aggregation group load sharing
calculating
criteria, 44
MSTI calculation, 69
Ethernet link aggregation load sharing, 44
MSTP CIST calculation, 69
Ethernet link dynamic aggregation group, 40
STP algorithm, 60
Ethernet link static aggregation group, 40
STP port path cost calculation standard, 80
LAN switching LLDP, 146, 152
STP timeout factor, 78
LAN switching LLDP 802.1p-to-local priority
CDP mapping, 161
LAN switching LLDP CDP compatibility, 156 LAN switching LLDP advertisable TLVs, 154
changing LAN switching LLDP APP parameter, 159
MAC Information change send interval, 30 LAN switching LLDP basics, 152, 165
checking LAN switching LLDP CDP compatibility, 156
STP mCheck, 86 LAN switching LLDP DCBX, 157, 167
STP mCheck (global), 86 LAN switching LLDP ETS parameter, 161
STP mCheck (interface view), 86 LAN switching LLDP group-based WRR
STP No Agreement Check, 88, 90 queuing, 162
choosing LAN switching LLDP management address, 154
Ethernet link aggregation reference port, 34 LAN switching LLDP management address
Cisco encoding format, 154
LAN switching LLDP CDP compatibility, 156 LAN switching LLDP PFC parameter, 162
177
LAN switching LLDP trapping, 164 QinQ CVLAN tag TPID value, 121
LAN switching LLDP-MED trapping, 164 QinQ SVLAN tag TPID value, 121
Layer 2 cut-through forwarding, 175 QinQ VLAN tag TPID value, 120
Layer 2 Ethernet interface storm control, 9 QinQ VLAN transparent transmission, 120, 125
Layer 2 Ethernet interface storm suppression, 8 RSTP, 58, 70, 95
Layer 2 Ethernet link aggregation load RSTP device priority, 75
sharing, 51 RSTP root bridge, 74
Layer 2 Ethernet link dynamic aggregation, 49 RSTP root bridge device, 75
Layer 2 Ethernet link static aggregation, 48 RSTP secondary root bridge, 74
loop detection, 100, 102, 104 RSTP secondary root bridge device, 75
loop detection protection action, 103 service loopback group, 173, 173, 174
loop detection protection action (aggregate STP, 58, 70, 95
interface), 103 STP BPDU transmission rate, 78
loop detection protection action (Ethernet STP device priority, 75
interface), 103
STP Digest Snooping, 86, 88
loop detection protection action (global), 103
STP edge port, 79
loopback interface, 14, 14
STP No Agreement Check, 88, 90
MAC address table, 18, 19, 27
STP port link type, 83
MAC address table dynamic aging timer, 23
STP port mode, 84
MAC address table entry, 19
STP port path cost, 80, 82
MAC address table learning limit on
STP port priority, 83
interface, 23
STP port role restriction, 92
MAC Information, 29, 31
STP protection functions, 90
MAC Information change send interval, 30
STP root bridge, 74
MAC Information mode, 30
STP root bridge device, 75
MAC Information queue length, 30
STP secondary root bridge, 74
Management Ethernet interface, 1
STP secondary root bridge device, 75
many-to-one VLAN mapping, 134
STP switched network diameter, 76
many-to-one VLAN mapping customer-side
STP TC-BPDU transmission restriction, 93
port, 135
STP timeout factor, 78
many-to-one VLAN mapping network-side
port, 136 STP timer, 77
MST region, 74 two-to-two VLAN mapping, 137
MST region max hops, 76 VLAN (port-based), 110, 115
MSTP, 58, 70, 95 VLAN basic settings, 108
MSTP device priority, 75 VLAN interface basic settings, 109
MSTP root bridge, 74 VLAN mapping, 128, 138
MSTP root bridge device, 75 connecting
MSTP secondary root bridge, 74 Layer 2 Ethernet interface cable connection, 13
MSTP secondary root bridge device, 75 Converged Enhanced Ethernet. Use CEE
null interface, 14, 14 cost
one-to-one VLAN mapping, 133 STP path cost, 59
one-to-two VLAN mapping, 136 STP port path cost calculation standard, 80
port isolation, 55 STP port path cost configuration, 80, 82
port isolation (on VLAN), 56 CST
QinQ, 117, 119, 123 MST region connection, 67
178
customer Ethernet link aggregate interface default
VLAN mapping many-to-one customer-side port settings, 44
configuration, 135 designated
cut-through Layer 2 forwarding, 175 MST port, 68
CVLAN STP bridge, 59
many-to-one VLAN mapping application STP port, 59
scenario, 128 device
many-to-one VLAN mapping configuration, 134 Ethernet interface 40-GE interface split into 10-GE
many-to-one VLAN mapping customer-side port interfaces, 2, 3
configuration, 135 Ethernet interface configuration, 1
many-to-one VLAN mapping Layer 2 cut-through forwarding configuration, 175
implementation, 131 loop protection actions, 101
many-to-one VLAN mapping network-side port MSTP implementation, 70
configuration, 136
MSTP priority, 75
one-to-one VLAN mapping application
MSTP root bridge configuration, 75
scenario, 128
MSTP secondary root bridge configuration, 75
one-to-one VLAN mapping configuration, 133
RSTP priority, 75
one-to-one VLAN mapping implementation, 131
RSTP root bridge configuration, 75
one-to-two VLAN mapping application
RSTP secondary root bridge configuration, 75
scenario, 130
STP BPDU drop, 94
one-to-two VLAN mapping configuration, 136
STP BPDU guard, 91
one-to-two VLAN mapping implementation, 132
STP Digest Snooping, 86, 88
QinQ configuration, 117, 119, 123
STP loop guard, 92
QinQ VLAN transparent transmission
configuration, 125 STP No Agreement Check, 88, 90
two-to-two VLAN mapping application STP port role restriction, 92
scenario, 130 STP priority, 75
two-to-two VLAN mapping configuration, 137 STP protection functions, 90
two-to-two VLAN mapping implementation, 132 STP root bridge configuration, 75
VLAN mapping configuration, 128 STP root guard, 91
STP secondary root bridge configuration, 75
D
STP TC-BPDU guard, 93
Data Center
STP TC-BPDU transmission restriction, 93
Bridging Exchange Protocol. Use DCBX
Digest Snooping (STP), 86, 88
Ethernet. Use DCE
disabling
DCBX
MAC address learning, 22
configuration, 157, 167
discarding
LAN switching LLDP APP parameter
MST discarding port state, 68
configuration, 159
displaying
LAN switching LLDP ETS parameter
Ethernet interface, 13
configuration, 161
Ethernet link aggregation, 47
LAN switching LLDP PFC parameter
configuration, 162 LAN switching LLDP, 164
LAN switching LLDP+DCBX TLV loop detection, 104
advertisement, 158 loopback interface, 15
default MAC address table, 26
MSTP, 94
179
null interface, 15 QinQ, 119
port isolation, 55 STP BPDU drop, 94
QinQ, 122 STP BPDU guard, 91
RSTP, 94 STP feature, 85
service loopback group, 173 STP loop guard, 92
STP, 94 STP port state transition information output, 85
VLAN, 114 STP root guard, 91
VLAN mapping, 138 STP TC-BPDU guard, 93
dot1d-1998 (STP port path cost calculation), 80 encapsulating
dot1s (STP port mode), 84 LAN switching LLDPDU encapsulated in Ethernet
dot1t (STP port path cost calculation), 80 II, 146
dynamic LAN switching LLDPDU encapsulated in SNAP
Ethernet link aggregation dynamic mode, 35 format, 146
Ethernet link aggregation mode, 33 LAN switching LLDPDU encapsulation format, 156
Ethernet link dynamic aggregation group Energy Efficient Ethernet. See see EEE
configuration, 40 energy-saving functions, 11
Layer 2 Ethernet link aggregation Ethernet
configuration, 49 interface. See Ethernet interface
link aggregation process, 36 LAN switching LLDP APP parameters, 159
MAC address table dynamic aging timer, 23 LAN switching LLDP DCBX configuration, 157, 167
MAC address table entry, 18 LAN switching LLDP ETS parameters, 161
E LAN switching LLDP group-based WRR
queuing, 162
edge port
LAN switching LLDP PFC parameters, 162
MST, 68
LAN switching LLDP trapping, 164
STP, 79
LAN switching LLDP+DCBX TLV advertisement, 158
EEE energy saving, 11
LAN switching LLDPDU encapsulated in Ethernet
enabling II, 146
Ethernet interface auto power-down, 11 LAN switching LLDP-MED trapping, 164
Ethernet interface EEE energy saving, 11 link aggregation. See Ethernet link aggregation
Ethernet interface energy-saving functions, 11 loop detection configuration, 100, 104
Ethernet link aggregation traffic redirection, 46 MAC address table configuration, 18, 19, 27
LAN switching LLDP, 152 MAC Information configuration, 29, 31
LAN switching LLDP polling, 153 port isolation configuration, 55
LAN switching LLDP+DCBX TLV port isolation configuration (on VLAN), 56
advertisement, 158
QinQ CVLAN frame header tag, 117
loop detection, 102
QinQ SVLAN frame header tag, 117
loop detection (global), 102
service loopback group
loop detection (port-specific), 102 configuration, 173, 173, 174
MAC address synchronization, 25 VLAN access port assignment, 111
MAC Information globally, 29 VLAN basic configuration, 108
MAC Information on interface, 29 VLAN hybrid port assignment, 113
many-to-one VLAN mapping ARP VLAN interface basic configuration, 109
detection, 135
VLAN port-based configuration, 110, 115
many-to-one VLAN mapping DHCP
VLAN trunk port assignment, 112
snooping, 134
180
Ethernet interface Layer 2 dynamic aggregation configuration, 49
10-GE interfaces into 40-GE interface Layer 2 static aggregation configuration, 48
combine, 2 load sharing configuration, 44
40-GE interface split, 2 load sharing criteria, 39
40-GE interface split into 10-GE interfaces, 2, 3 local-first load sharing, 45
auto power-down enable, 11 maintaining, 47
configuration, 1, 1, 1 member port, 32
configuring basic settings, 1 member port state, 32, 34
configuring the management Ethernet modes, 33
interface, 1 operational key, 33
displaying, 13 reference port choosing, 34
EEE energy saving enable, 11 static group configuration, 40
energy-saving functions, 11 static mode, 34
generic flow control, 6 traffic redirection, 46
jumbo frame support configuration, 3 traffic redirection restrictions, 46
loopback test, 5 ETS parameter (LLDP), 161
maintaining, 13 external loopback test (Ethernet interface), 5
Naming conventions, 1
F
PFC configuration, 7
physical state change suppression, 4 FCoE
statistics polling interval, 11 LAN switching LLDP APP parameters, 159
Ethernet link aggregation LAN switching LLDP DCBX configuration, 167
aggregate group min/max number Selected flow control
ports, 42 Ethernet interface generic flow control, 6
aggregate interface, 32 Ethernet interface PFC, 7
aggregate interface (description), 41 format
aggregate interface configuration, 41 LAN switching LLDP management address
aggregate interface default settings, 44 encoding format, 154
aggregate interface shutdown, 43 LAN switching LLDPDU encapsulated in Ethernet
II, 146
aggregation group, 32
LAN switching LLDPDU encapsulated in SNAP
basic concepts, 32
format, 146
configuration, 32, 39, 48
LAN switching LLDPDU encapsulation format, 156
configuration types, 33
forwarding
displaying, 47
Layer 2 cut-through forwarding configuration, 175
dynamic group configuration, 40
MST forwarding port state, 68
dynamic mode, 35
STP BPDU forwarding, 64
dynamic process, 36
STP forward delay timer, 64, 77
group configuration, 39
frame
group load sharing criteria, 44
Ethernet interface jumbo frame support, 3
ignored VLAN on Layer 2 aggregate
Layer 2 cut-through forwarding configuration, 175
interface, 42
loop detection, 100
LACP, 35
loop detection (Ethernet frame header), 100
Layer 2 aggregate interface (ignored
VLAN), 42 loop detection (inner frame header), 100
Layer 2 aggregation load sharing, 51 loop detection interval, 101
MAC address learning, 18
181
MAC address table blackhole entry, 20 Ethernet link aggregate interface shutdown, 43
MAC address table configuration, 18, 19, 27 Layer 2 Ethernet aggregate interface (ignored
MAC address table entry configuration, 19 VLAN), 42
MAC address table multiport unicast entry, 20 internal loopback test (Ethernet interface), 5
MAC Information configuration, 29, 31 interval
QinQ CVLAN Ethernet frame header tag, 117 loop detection, 101, 104
QinQ implementation, 119 MAC Information change send interval, 30
QinQ SVLAN Ethernet frame header tag, 117 isolating
frame encapsulation, VLAN, 107 ports. See port isolation
IST
G
MST region, 67
generic flow control (Ethernet interface), 6
J
group
Ethernet link aggregate group min/max number jumbo frame support (Ethernet interface), 3
Selected ports, 42 K
Ethernet link aggregation group, 32
key
Ethernet link aggregation group
Ethernet link aggregation operational key, 33
configuration, 39
Ethernet link aggregation LACP, 35 L
Ethernet link aggregation load sharing, 44 LACP
Ethernet link aggregation load sharing Ethernet link aggregation, 35
criteria, 39, 44 LAN
Ethernet link aggregation member port state, 32 VLAN basic configuration, 108
Ethernet link dynamic aggregation group VLAN interface basic configuration, 109
configuration, 40
VLAN port-based configuration, 110, 115
Ethernet link static aggregation group
LAN switching
configuration, 40
Ethernet aggregate interface configuration, 41
H Ethernet link aggregation basic concepts, 32
hello Ethernet link aggregation configuration, 32, 39, 48
STP timer, 64, 77 Ethernet link aggregation dynamic mode, 35
hybrid port assignment (VLAN), 113 Ethernet link aggregation group configuration, 39
I Ethernet link aggregation LACP, 35
Ethernet link aggregation load sharing, 44
ignored VLAN
Ethernet link aggregation load sharing criteria, 39
Layer 2 aggregate interface, 42
Ethernet link aggregation static mode, 34
implementing
Ethernet link aggregation traffic redirection, 46
MSTP device implementation, 70
Ethernet link dynamic aggregation group
QinQ, 119
configuration, 40
interface
LLDP basic concepts, 146
bulk configuration, 16
LLDP basic configuration, 152, 165
configuring loopback, 14
LLDP CDP compatibility, 156
configuring null, 14
LLDP configuration, 146, 152
Ethernet aggregate interface (description), 41
LLDP DCBX configuration, 167
Ethernet aggregate interface configuration, 41
Layer 2
Ethernet link aggregate interface default
cut-through forwarding configuration, 175
settings, 44
182
Ethernet aggregate interface (description), 41 Layer 2 Ethernet interface
Ethernet aggregate interface configuration, 41 cable connection, 13
Ethernet link aggregate group min/max number configuration, 1
Selected ports, 42 mode, 12
Ethernet link aggregate interface default storm control configuration, 9
settings, 44 storm suppression configuration, 8
Ethernet link aggregate interface shutdown, 43 Layer 3
Ethernet link aggregation LAN switching LLDP basic configuration, 165
configuration, 32, 39, 48
LAN switching LLDP trapping, 164
Ethernet link aggregation group
LAN switching LLDP-MED trapping, 164
configuration, 39
VLAN access port assignment, 111
Ethernet link aggregation group load sharing
VLAN basic configuration, 108
criteria, 44
VLAN hybrid port assignment, 113
Ethernet link aggregation load sharing, 44, 51
VLAN interface basic configuration, 109
Ethernet link aggregation load sharing
criteria, 39 VLAN port-based configuration, 110, 115
Ethernet link aggregation local-first load VLAN trunk port assignment, 112
sharing, 45 learning
Ethernet link aggregation traffic redirection, 46 loop detection no-learning action, 101
Ethernet link dynamic aggregation MAC address, 18
configuration, 49 MAC address learning disable, 22
Ethernet link dynamic aggregation group MAC address table learning limit on interface, 23
configuration, 40 MAC address table learning priority, 24
Ethernet link static aggregation MST learning port state, 68
configuration, 48 legacy
Ethernet link static aggregation group STP port mode, 84
configuration, 40
STP port path cost calculation, 80
LAN switching LLDP basic configuration, 165
link
LAN switching LLDP group-based WRR
aggregation. See Ethernet link aggregation
queuing, 162
link layer discovery protocol. See LLDP
LAN switching LLDP trapping, 164
MSTP configuration, 58, 70, 95
LAN switching LLDP+DCBX TLV
advertisement, 158 RSTP configuration, 58, 70, 95
LAN switching LLDP-MED trapping, 164 STP configuration, 58, 70, 95
loop detection configuration, 100, 102, 104 STP hello time, 77
port isolation configuration, 55 STP port link type configuration, 83
port isolation configuration (on VLAN), 56 LLDP
QinQ configuration, 117, 119, 123 802.1p-to-local priority mapping, 161
QinQ VLAN transparent transmission advertisable TLV configuration, 154
configuration, 125 agent, 146
VLAN access port assignment, 111 APP parameter configuration, 159
VLAN basic configuration, 108 basic concepts, 146
VLAN hybrid port assignment, 113 basic configuration, 152, 165
VLAN interface basic configuration, 109 CDP compatibility configuration, 156
VLAN mapping configuration, 128 configuration, 146, 152
VLAN port-based configuration, 110, 115 DCBX configuration, 157, 167
VLAN trunk port assignment, 112 displaying, 164
183
enable, 152 load balancing
ETS parameter configuration, 161 service loopback group
group-based WRR queuing, 162 configuration, 173, 173, 174
how it works, 151 load sharing
LAN switching LLDP+DCBX TLV Ethernet link aggregation configuration, 44
advertisement, 158 Ethernet link aggregation group criteria, 44
LAN switching LLDP-MED trapping Ethernet link aggregation group load sharing, 39
configuration, 164 Ethernet link aggregation local-first load
LLDPDU encapsulation format, 156 sharing, 45
LLDPDU format, 146 Ethernet link aggregation packet type-based load
LLDPDU management address TLV, 151 sharing, 39
LLDPDU reception, 151 Ethernet link aggregation per-flow load sharing, 39
LLDPDU TLV types, 148 Ethernet link aggregation per-packet load
LLDPDU TLVs, 148 sharing, 39
LLDPDU transmission, 151 Layer 2 Ethernet link aggregation configuration, 51
management address configuration, 154 local
management address encoding format, 154 Ethernet link aggregation local-first load
sharing, 45
operating mode (disable), 151
logging
operating mode (Rx), 151
loop detection configuration, 100, 102, 104
operating mode (Tx), 151
loop
operating mode (TxRx), 151
MSTP configuration, 58, 70, 95
operating mode set, 153
RSTP configuration, 58, 70, 95
parameter set, 155
STP configuration, 58, 70, 95
PFC parameter configuration, 162
STP loop guard, 92
polling enable, 153
loop detection
protocols and standards, 151
configuration, 100, 102, 104
re-initialization delay, 153
displaying, 104
trapping configuration, 164
enable, 102
LLDPDU
enable (global), 102
encapsulated in Ethernet II format, 146
enable (port-specific), 102
encapsulated in SNAP format, 146
interval, 101
encapsulation format, 156
interval setting, 104
LAN switching LLDP basic configuration, 165
mechanisms, 100
LAN switching LLDP configuration, 152
port status auto recovery, 102
LLDP basic configuration, 152
protection action configuration, 103
LLDP configuration, 146
protection action configuration (aggregate
LLDP parameters, 155
interface), 103
management address configuration, 154
protection action configuration (Ethernet
management address encoding format, 154
interface), 103
management address TLV, 151
protection action configuration (global), 103
receiving, 151
protection actions, 101
TLV basic management types, 148
loopback
TLV LLDP-MED types, 148
Ethernet interface loopback test, 5
TLV organization-specific types, 148
loopback interface
transmitting, 151
configuration, 14
184
displaying, 15 network-side port configuration, 136, 136
maintaining, 15 many-to-one VLAN mapping ARP detection
M enabling, 135
many-to-one VLAN mapping DHCP snooping
MAC address table
enabling, 134
address learning, 18
mapping
address synchronization, 25
MSTP VLAN-to-instance mapping table, 67
blackhole entry, 20
master port (MST), 68
configuration, 18, 19, 27
max age timer (STP), 64
displaying, 26
mCheck (STP), 86, 86, 86
dynamic aging timer, 23
MDI mode (Ethernet interface), 12
entry configuration, 19
MDIX mode (Ethernet interface), 12
entry creation, 18
MED (LLDP-MED trapping), 164
entry types, 18
MIB
learning limit configuration on interface, 23
LAN switching LLDP basic configuration, 152, 165
learning priority assignment, 24
LAN switching LLDP configuration, 146, 152
MAC address learning disable, 22
mode
manual entries, 18
Ethernet link aggregation dynamic, 33
multiport unicast entry, 20
Ethernet link aggregation dynamic mode, 35
MAC Information
Ethernet link aggregation load sharing criteria, 39
change send interval, 30
Ethernet link aggregation static, 33
configuration, 29, 31
Ethernet link aggregation static mode, 34
enable globally, 29
LAN switching LLDP disable, 151, 153
enable on interface, 29
LAN switching LLDP Rx, 151, 153
mode configuration, 30
LAN switching LLDP Tx, 151, 153
queue length configuration, 30
LAN switching LLDP TxRx, 151, 153
MAC relay (LLDP agent), 146
Layer 2 Ethernet interface Auto MDIX mode, 12
maintaining
Layer 2 Ethernet interface MDI mode, 12
Ethernet interface, 13
Layer 2 Ethernet interface MDIX mode, 12
Ethernet link aggregation, 47
MAC Information syslog, 30
loopback interface, 15
MAC Information trap, 30
MSTP, 94
modifying
null interface, 15
MAC address table blackhole entry, 20
RSTP, 94
MAC address table multiport unicast entry, 20
STP, 94
MQC 802.1p-to-local priority mapping, 161
VLAN, 114
MST
management address
CIST, 67
LAN switching LLDP encoding format, 154
common root bridge, 67
Management Ethernet interface
CST, 67
configuration, 1
IST, 67
many-to-one VLAN mapping
MSTI, 67
application scenario, 128
port roles, 68
configuration, 134, 134
port states, 68
configuration example, 138
region, 66
customer-side port configuration, 135, 135
region configuration, 74
185
region max hops, 76 Ethernet interface physical state change
regional root, 67 suppression, 4
MSTI Ethernet interface statistics polling interval, 11
calculation, 69 Ethernet link aggregation configuration types, 33
MST instance, 67 Ethernet link aggregation dynamic mode, 35
MSTP, 58, See also STP Ethernet link aggregation LACP, 35
basic concepts, 65 Ethernet link aggregation member port state, 34
CIST calculation, 69 Ethernet link aggregation modes, 33
configuration, 58, 70, 72, 95 Ethernet link aggregation operational key, 33
device implementation, 70 Ethernet link aggregation reference port
device priority configuration, 75 choosing, 34
displaying, 94 Ethernet link aggregation static mode, 34
features, 65 LAN switching LLDP basic configuration, 152
how it works, 69 Layer 2 Ethernet interface cable connection, 13
maintaining, 94 Layer 2 Ethernet interface mode, 12
mode set, 73 Layer 2 Ethernet interface storm control
configuration, 9
MSTI calculation, 69
Layer 2 Ethernet interface storm suppression
No Agreement Check, 88, 90
configuration, 8
protocols and standards, 70
loop detection interval, 101, 104
relationship to RSTP and STP, 65
loop detection protection action configuration, 103
root bridge configuration, 74
loop protection actions, 101
root bridge device configuration, 75
loopback interface configuration, 14
secondary root bridge configuration, 74
MAC address table address synchronization, 25
secondary root bridge device configuration, 75
MAC address table blackhole entry, 20
STP basic concepts, 59
MAC address table dynamic aging timer, 23
STP max age timer, 77
MAC address table entry configuration, 19
STP port mode configuration, 84
MAC address table entry types, 18
VLAN-to-instance mapping table, 67
MAC address table learning limit on interface, 23
multiport unicast entry (MAC address table), 18, 20
MAC address table learning priority, 24
N MAC address table multiport unicast entry, 20
network many-to-one VLAN mapping customer-side port
Ethernet 10-GE interfaces into 40-GE interface configuration, 135
combine, 2 many-to-one VLAN mapping network-side port
Ethernet 40-GE interface split, 2 configuration, 136
Ethernet interface 40-GE interface split into MST region configuration, 74
10-GE interfaces, 2, 3 MSTP mode set, 73
Ethernet interface auto power-down, 11 null interface configuration, 14
Ethernet interface EEE energy saving, 11 QinQ CVLAN tag TPID value, 121
Ethernet interface energy-saving functions, 11 QinQ SVLAN tag TPID value, 121
Ethernet interface generic flow control, 6 QinQ VLAN tag TPID value, 120
Ethernet interface jumbo frame support QinQ VLAN transparent transmission, 120
configuration, 3 RSTP mode set, 73
Ethernet interface loopback test, 5 RSTP network convergence, 64
Ethernet interface PFC, 7 service loopback group configuration, 173, 174
STP algorithm calculation, 60
186
STP BPDU drop, 94 Layer 2 Ethernet link static aggregation
STP BPDU guard, 91 configuration, 48
STP BPDU transmission rate, 78 loop detection, 100
STP designated bridge, 59 loop detection configuration, 102, 104
STP designated port, 59 loopback interface configuration, 14
STP Digest Snooping, 86, 88 MAC address table configuration, 18, 19, 27
STP edge port, 79 MAC Information configuration, 29, 31
STP loop guard, 92 many-to-one VLAN mapping application
STP mode set, 73 scenario, 128
STP No Agreement Check, 88, 90 many-to-one VLAN mapping configuration, 134
STP path cost, 59 many-to-one VLAN mapping implementation, 131
STP port link type, 83 MSTP configuration, 58, 70, 95
STP port mode, 84 null interface configuration, 14
STP port path cost, 80, 82 one-to-one VLAN mapping application
scenario, 128
STP port priority, 83
one-to-one VLAN mapping configuration, 133
STP port role restriction, 92
one-to-one VLAN mapping implementation, 131
STP port state transition, 85
one-to-two VLAN mapping application
STP protection functions, 90
scenario, 130
STP root bridge, 59
one-to-two VLAN mapping configuration, 136
STP root guard, 91
one-to-two VLAN mapping implementation, 132
STP root port, 59
port isolation configuration, 55
STP switched network diameter, 76
port isolation configuration (on VLAN), 56
STP TC-BPDU guard, 93
QinQ configuration, 117, 119, 123
STP TC-BPDU transmission restriction, 93
QinQ VLAN transparent transmission
VLAN access port assignment, 111
configuration, 125
VLAN hybrid port assignment, 113
RSTP configuration, 58, 70, 95
VLAN interface basic configuration, 109
service loopback group configuration, 173
VLAN port-based configuration, 110, 115
STP configuration, 58, 70, 95
VLAN trunk port assignment, 112
two-to-two VLAN mapping application
network management scenario, 130
Ethernet interface configuration, 1 two-to-two VLAN mapping configuration, 137
Ethernet link aggregation two-to-two VLAN mapping implementation, 132
configuration, 32, 39, 48
VLAN basic configuration, 108
interface bulk configuration, 16
VLAN mapping configuration, 128, 138
LAN switching LLDP basic concepts, 146
No Agreement Check (STP), 88, 90
LAN switching LLDP basic configuration, 165
no-learning action (loop detection), 101
LAN switching LLDP configuration, 146, 152
null interface
LAN switching LLDP DCBX
configuration, 14, 14, 14
configuration, 157, 167
displaying, 15
Layer 2 cut-through forwarding
maintaining, 15
configuration, 175
Layer 2 Ethernet link aggregation load O
sharing, 51 one-to-one VLAN mapping
Layer 2 Ethernet link dynamic aggregation application scenario, 128
configuration, 49
configuration, 133
187
configuration example, 138 LAN switching LLDP ETS configuration, 161
one-to-two VLAN mapping LAN switching LLDP PFC configuration, 162
application scenario, 130 STP timeout factor, 78
configuration, 136, 136 per-flow load sharing, 39
configuration example, 142 performing
operational key (Ethernet link aggregation), 33 Ethernet interface loopback test, 5
organization-specific LLDPDU TLV types, 148 STP mCheck, 86
outputting STP mCheck globally, 86
STP port state transition information, 85 STP mCheck in interface view, 86
P per-packet load sharing, 39
PFC (Ethernet interface), 7
packet
PFC priority (LLDP), 162
Ethernet link aggregation packet type-based
physical
load sharing, 39
Ethernet interface physical state change
LAN switching LLDP CDP compatibility, 156
suppression, 4
LAN switching LLDP DCBX configuration, 167
polling
LAN switching LLDP PFC parameters, 162
LAN switching LLDP enable, 153
many-to-one VLAN mapping application
polling interval, 11
scenario, 128
port
many-to-one VLAN mapping configuration, 134
customer-side configuration, 135
many-to-one VLAN mapping customer-side port
configuration, 135 Ethernet aggregate interface (description), 41
many-to-one VLAN mapping Ethernet aggregate interface configuration, 41
implementation, 131 Ethernet link aggregate group min/max number
many-to-one VLAN mapping network-side port Selected ports, 42
configuration, 136 Ethernet link aggregate interface default
one-to-one VLAN mapping application settings, 44
scenario, 128 Ethernet link aggregate interface shutdown, 43
one-to-one VLAN mapping configuration, 133 Ethernet link aggregation configuration, 32, 39, 48
one-to-one VLAN mapping implementation, 131 Ethernet link aggregation configuration types, 33
one-to-two VLAN mapping application Ethernet link aggregation dynamic mode, 35
scenario, 130 Ethernet link aggregation group configuration, 39
one-to-two VLAN mapping configuration, 136 Ethernet link aggregation LACP, 35
one-to-two VLAN mapping implementation, 132 Ethernet link aggregation load sharing, 44
service loopback group Ethernet link aggregation load sharing criteria, 39
configuration, 173, 173, 174 Ethernet link aggregation local-first load
STP BPDU protocol packets, 58 sharing, 45
STP port mode configuration, 84 Ethernet link aggregation member port, 32
STP TCN BPDU protocol packets, 58 Ethernet link aggregation member port
two-to-two VLAN mapping application state, 32, 34
scenario, 130 Ethernet link aggregation modes, 33
two-to-two VLAN mapping configuration, 137 Ethernet link aggregation operational key, 33
two-to-two VLAN mapping implementation, 132 Ethernet link aggregation reference port
VLAN mapping configuration, 128, 138 choosing, 34
parameter Ethernet link aggregation static mode, 34
LAN switching LLDP APP configuration, 159 Ethernet link aggregation traffic redirection, 46
188
Ethernet link dynamic aggregation group RSTP network convergence, 64
configuration, 40 service loopback group
Ethernet link static aggregation group configuration, 173, 173, 174
configuration, 40 STP BPDU drop, 94
group assignment (port isolation), 55 STP BPDU guard, 91
isolation. See port isolation STP BPDU transmission rate, 78
LAN switching LLDP basic STP designated port, 59
configuration, 152, 165 STP edge port configuration, 79
LAN switching LLDP configuration, 146, 152 STP forward delay timer, 77
LAN switching LLDP disable operating STP loop guard, 92
mode, 151
STP mCheck, 86
LAN switching LLDP enable, 152
STP mCheck (global), 86
LAN switching LLDP operating mode, 153
STP mCheck (interface view), 86
LAN switching LLDP polling, 153
STP path cost calculation standard, 80
LAN switching LLDP re-initialization delay, 153
STP path cost configuration, 80, 82
LAN switching LLDP Rx operating mode, 151
STP port link type configuration, 83
LAN switching LLDP Tx operating mode, 151
STP port mode configuration, 84
LAN switching LLDP TxRx operating mode, 151
STP port priority configuration, 83
LAN switching LLDPDU encapsulation
STP port role restriction, 92
format, 156
STP port state transition output, 85
LAN switching LLDPDU reception, 151
STP root guard, 91
LAN switching LLDPDU transmission, 151
STP root port, 59
Layer 2 aggregate interface (ignored
STP TC-BPDU guard, 93
VLAN), 42
STP TC-BPDU transmission restriction, 93
Layer 2 Ethernet link aggregation load
sharing, 51 port isolation
Layer 2 Ethernet link dynamic aggregation configuration, 55
configuration, 49 configuration (on VLAN), 56
Layer 2 Ethernet link static aggregation displaying, 55
configuration, 48 port assignment to group (multiple), 55
loop detection configuration, 100, 102, 104 port link type, 110
loop detection interval, 101, 104 port-based VLAN
loop detection protection action access port assignment, 111
configuration, 103 configuration, 110, 115
loop detection protection actions, 101 configuration example, 115
loop detection status auto recovery, 102 configuration procedure, 115
MAC address learning, 18 how ports of different link types handle frames, 111
MAC address table blackhole entry, 20 hybrid port assignment, 113
MAC address table configuration, 18, 19, 27 introduction, 110
MAC address table entry configuration, 19 network requirements, 115
MAC address table multiport unicast entry, 20 port link type, 110
MAC Information configuration, 29, 31 PVID, 110
MST port roles, 68 trunk port assignment, 112
MST port states, 68 verifying the configuration, 116
network-side configuration, 136 power
QinQ implementation, 119 Ethernet interface auto power-down, 11
189
Ethernet interface EEE energy saving, 11 configuring Ethernet interface physical state change
Ethernet interface energy-saving functions, 11 suppression, 4
priority configuring Ethernet interfaces, 1
802.1p-to-local priority mapping, 161 configuring Ethernet link aggregation, 39, 48
Ethernet link aggregation LACP, 35 configuring Ethernet link aggregation global load
LAN switching LLDP PFC 802.1p priority, 162 sharing criteria, 44
MAC address table learning priority, 24 configuring Ethernet link aggregation group, 39
MSTP device priority, 75 configuring Ethernet link aggregation group load
sharing criteria, 44
QinQ SVLAN tag 802.1p priority, 121
configuring Ethernet link aggregation group-specific
RSTP device priority, 75
load sharing criteria, 45
STP device priority, 75
configuring Ethernet link aggregation load
STP port priority configuration, 83
sharing, 44
priority-based flow control. Use PFC
configuring Ethernet link dynamic aggregation
procedure group, 40
adding MAC address table blackhole entry, 20 configuring Ethernet link static aggregation
adding MAC address table multiport unicast group, 40
entry, 20 configuring LAN switching LLDP, 152
assigning a hybrid port to a VLAN, 113 configuring LAN switching LLDP 802.1p-to-local
assigning a trunk port to a VLAN, 112 priority mapping, 161
assigning an access port to a VLAN, 111 configuring LAN switching LLDP advertisable
assigning MAC address table learning priority TLVs, 154
to interface, 24 configuring LAN switching LLDP APP
assigning port to isolation group (multiple), 55 parameters, 159
assigning VLAN access port, 111 configuring LAN switching LLDP basics, 152, 165
assigning VLAN hybrid port, 113 configuring LAN switching LLDP CDP
assigning VLAN trunk port, 112 compatibility, 156
bulk configuring interfaces, 16 configuring LAN switching LLDP DCBX, 157, 167
combining Ethernet 10-GE interfaces into 40-GE configuring LAN switching LLDP ETS
interface, 2 parameters, 161
configuring basic settings of an Ethernet configuring LAN switching LLDP group-based WRR
interface, 1 queuing, 162
configuring Ethernet aggregate interface, 41 configuring LAN switching LLDP management
configuring Ethernet aggregate interface address, 154
(description), 41 configuring LAN switching LLDP management
configuring Ethernet interface auto address encoding format, 154
power-down, 11 configuring LAN switching LLDP PFC
configuring Ethernet interface EEE energy parameters, 162
saving, 11 configuring LAN switching LLDP trapping, 164
configuring Ethernet interface energy-saving configuring LAN switching LLDP-MED trapping, 164
functions, 11 configuring Layer 2 cut-through forwarding, 175
configuring Ethernet interface generic flow configuring Layer 2 Ethernet interface storm
control, 6 control, 9
configuring Ethernet interface jumbo frame configuring Layer 2 Ethernet interface storm
support, 3 suppression, 8
configuring Ethernet interface PFC, 7 configuring Layer 2 Ethernet link aggregation load
sharing, 51
190
configuring Layer 2 Ethernet link dynamic configuring QinQ transparent transmission for
aggregation, 49 VLAN, 120
configuring Layer 2 Ethernet link static configuring QinQ VLAN tag TPID value, 120
aggregation, 48 configuring QinQ VLAN transparent
configuring loop detection, 102, 104 transmission, 125
configuring loop detection protection configuring RSTP, 70, 71, 95
action, 103 configuring RSTP device priority, 75
configuring loop detection protection action configuring RSTP root bridge, 74
(aggregate interface), 103 configuring RSTP root bridge device, 75
configuring loop detection protection action configuring RSTP secondary root bridge, 74
(Ethernet interface), 103
configuring RSTP secondary root bridge device, 75
configuring loop detection protection action
configuring service loopback group, 173, 174
(global), 103
configuring STP, 70, 71, 95
configuring loopback interface, 14
configuring STP BPDU transmission rate, 78
configuring MAC address table, 27
configuring STP device priority, 75
configuring MAC address table dynamic aging
configuring STP Digest Snooping, 86, 88
timer, 23
configuring STP edge port, 79
configuring MAC address table entry, 19
configuring STP No Agreement Check, 88, 90
configuring MAC address table learning limit
on interface, 23 configuring STP port link type, 83
configuring MAC Information, 31 configuring STP port mode for MSTP packets, 84
configuring MAC Information change send configuring STP port path cost, 80, 82
interval, 30 configuring STP port priority, 83
configuring MAC Information mode, 30 configuring STP port role restriction, 92
configuring MAC Information queue length, 30 configuring STP protection functions, 90
configuring many-to-one VLAN mapping, 134 configuring STP root bridge, 74
configuring many-to-one VLAN mapping configuring STP root bridge device, 75
customer-side port, 135 configuring STP secondary root bridge, 74
configuring many-to-one VLAN mapping configuring STP secondary root bridge device, 75
network-side port, 136 configuring STP switched network diameter, 76
configuring MST region, 74 configuring STP TC-BPDU transmission
configuring MST region max hops, 76 restriction, 93
configuring MSTP, 70, 72, 95 configuring STP timeout factor, 78
configuring MSTP device priority, 75 configuring STP timer, 77
configuring MSTP root bridge, 74 configuring the management Ethernet interface, 1
configuring MSTP root bridge device, 75 configuring two-to-two VLAN mapping, 137
configuring MSTP secondary root bridge, 74 configuring VLAN (port-based), 110, 115
configuring MSTP secondary root bridge configuring VLAN basic settings, 108
device, 75 configuring VLAN interface basic settings, 109
configuring null interface, 14 configuring VLAN mapping, 138
configuring one-to-one VLAN mapping, 133 configuring VLANs, 107
configuring one-to-two VLAN mapping, 136 disabling global MAC address learning, 22
configuring port isolation (on VLAN), 56 disabling MAC address learning, 22
configuring QinQ, 119, 123 disabling MAC address learning on interface, 22
configuring QinQ CVLAN tag TPID value, 121 disabling MAC address learning on VLAN, 23
configuring QinQ SVLAN tag TPID value, 121 displaying Ethernet interface, 13
191
displaying Ethernet link aggregation, 47 maintaining null interface, 15
displaying LAN switching LLDP, 164 maintaining RSTP, 94
displaying loop detection, 104 maintaining STP, 94
displaying loopback interface, 15 maintaining VLAN, 114
displaying MAC address table, 26 modifying MAC address table blackhole entry, 20
displaying MSTP, 94 modifying MAC address table multiport unicast
displaying null interface, 15 entry, 20
displaying port isolation, 55 performing Ethernet interface loopback test, 5
displaying QinQ, 122 performing STP mCheck, 86
displaying RSTP, 94 performing STP mCheck globally, 86
displaying service loopback group, 173 performing STP mCheck in interface view, 86
displaying STP, 94 restoring Ethernet link aggregate interface default
displaying VLAN, 114 settings, 44
displaying VLAN mapping, 138 setting 802.1p priority in QinQ SVLAN tags, 121
enabling Ethernet link aggregation local-first setting Ethernet interface statistics polling
load sharing, 45 interval, 11
enabling Ethernet link aggregation traffic setting Ethernet link aggregate group min/max
redirection, 46 number Selected ports, 42
enabling LAN switching LLDP, 152 setting LAN switching LLDP operating mode, 153
enabling LAN switching LLDP polling, 153 setting LAN switching LLDP parameters, 155
enabling LAN switching LLDP+DCBX TLV setting LAN switching LLDP re-initialization
advertisement, 158 delay, 153
enabling loop detection, 102 setting LAN switching LLDPDU encapsulation
format, 156
enabling loop detection (global), 102
setting Layer 2 Ethernet interface mode, 12
enabling loop detection (port-specific), 102
setting loop detection interval, 104
enabling MAC address synchronization
globally, 25 setting MSTP mode, 73
enabling MAC Information globally, 29 setting RSTP mode, 73
enabling MAC Information on interface, 29 setting STP mode, 73
enabling many-to-one VLAN mapping ARP shutting down Ethernet link aggregate interface, 43
detection, 135 specifying ignored VLAN on Layer 2 aggregate
enabling many-to-one VLAN mapping DHCP interface, 42
snooping, 134 specifying STP port path cost calculation
enabling QinQ, 119 standard, 80
enabling STP BPDU drop, 94 splitting Ethernet 40-GE interface, 2
enabling STP BPDU guard, 91 splitting Ethernet interface 40-GE interface into
10-GE interfaces, 2, 3
enabling STP feature, 85
testing Layer 2 Ethernet interface cable
enabling STP loop guard, 92
connection, 13
enabling STP port state transition information
protecting
output, 85
STP protection functions, 90
enabling STP root guard, 91
protocols and standards
enabling STP TC-BPDU guard, 93
Ethernet link aggregation protocol
maintaining Ethernet interface, 13
configuration, 33
maintaining Ethernet link aggregation, 47
LAN switching LLDP, 151
maintaining loopback interface, 15
MSTP, 70
maintaining MSTP, 94
192
QinQ, 119 MST region configuration, 74
STP protocol packets, 58 MST region max hops, 76
protocols and standards, VLAN, 108 MST regional root, 67
PVID, 110 re-initialization delay (LLDP), 153
Q restoring
Ethernet link aggregate interface default
QinQ
settings, 44
configuration, 117, 119, 123
restrictions
configuration restrictions, 119
Ethernet link aggregation traffic redirection, 46
CVLAN tag, 117
QinQ configuration, 119
CVLAN tag TPID value, 121
STP Digest Snooping configuration, 87
displaying, 122
STP edge port configuration, 79
enable, 119
STP mCheck configuration, 86
how it works, 117
STP port link type configuration, 84
implementation, 119
STP port role restriction, 92
loop detection configuration, 100, 102, 104
STP TC-BPDU transmission restriction, 93
protocols and standards, 119
STP timer configuration, 77
SVLAN tag, 117
root
SVLAN tag 802.1p priority, 121
MST common root bridge, 67
SVLAN tag TPID value, 121
MST regional root, 67
VLAN tag TPID value, 120
MST root port role, 68
VLAN transparent transmission, 120
MSTP root bridge configuration, 74
VLAN transparent transmission
MSTP secondary root bridge configuration, 74
configuration, 125
RSTP root bridge configuration, 74
QoS
RSTP secondary root bridge configuration, 74
LAN switching LLDP 802.1p-to-local priority
STP algorithm calculation, 60
mapping, 161
STP root bridge, 59
LAN switching LLDP APP parameters, 159
STP root bridge configuration, 74
LAN switching LLDP ETS parameters, 161
STP root guard, 91
LAN switching LLDP group-based WRR
queuing, 162 STP root port, 59
LAN switching LLDP PFC parameters, 162 STP secondary root bridge configuration, 74
QinQ SVLAN tag 802.1p priority, 121 RSTP, 58, See also STP
queuing configuration, 58, 70, 71, 95
MAC Information queue length, 30 device priority configuration, 75
displaying, 94
R
maintaining, 94
rate mode set, 73
STP BPDU transmission rate, 78 network convergence, 64
receiving No Agreement Check, 88, 90
LAN switching LLDPDUs, 151 root bridge configuration, 74
recovering root bridge device configuration, 75
loop detection port status auto recovery, 102 secondary root bridge configuration, 74
reference port (Ethernet link aggregation), 34 secondary root bridge device configuration, 75
region STP basic concepts, 59
MST, 66
S
193
selecting state
Ethernet link aggregation Selected ports, 42 Ethernet interface state change suppression, 4
Ethernet link aggregation selected state, 32 Ethernet link aggregation member port
Ethernet link aggregation unselected state, 32 state, 32, 34
sending static
MAC Information change send interval, 30 Ethernet link aggregation mode, 33
service loopback group Ethernet link aggregation static mode, 34
configuration, 173, 173, 174 Ethernet link static aggregation group
displaying, 173 configuration, 40
setting Layer 2 Ethernet link aggregation configuration, 48
Ethernet interface statistics polling interval, 11 MAC address table entry, 18
Ethernet link aggregate group min/max number statistics
Selected ports, 42 polling interval, 11
Ethernet link aggregation member port state, 34 storm
LAN switching LLDP operating mode, 153 Layer 2 Ethernet interface storm control, 9
LAN switching LLDP parameters, 155 Layer 2 Ethernet interface storm suppression, 8
LAN switching LLDP re-initialization delay, 153 STP
LAN switching LLDPDU encapsulation algorithm calculation, 60
format, 156 basic concepts, 59
Layer 2 Ethernet interface mode, 12 BPDU drop, 94
loop detection interval, 104 BPDU forwarding, 64
MSTP mode, 73 BPDU guard enable, 91
QinQ SVLAN tag 802.1p priority, 121 BPDU transmission rate configuration, 78
RSTP mode, 73 CIST, 67
STP mode, 73 configuration, 58, 70, 71, 95
shutting down CST, 67
Ethernet link aggregate interface, 43 designated bridge, 59
loop detection shutdown action, 101 designated port, 59
SNAP device priority configuration, 75
LAN switching LLDPDU encapsulated in SNAP Digest Snooping, 86, 88
format, 146 Digest Snooping configuration restrictions, 87
LAN switching LLDPDU encapsulation displaying, 94
format, 156 edge port configuration, 79
SNMP edge port configuration restrictions, 79
MAC Information configuration, 29, 31 feature enable, 85
snooping IST, 67
STP Digest Snooping, 86, 88 loop detection, 58
spanning tree. Use STP, RSTP, MSTP loop guard enable, 92
specifying maintaining, 94
ignored VLAN on Layer 2 aggregate mCheck, 86
interface, 42
mCheck (global), 86
STP port path cost calculation standard, 80
mCheck (interface view), 86
splitting
mCheck configuration restrictions, 86
Ethernet 40-GE interface, 2
mode set, 73
Ethernet interface 40-GE interface into 10-GE
MST common root bridge, 67
interfaces, 2, 3
194
MST port roles, 68 SVLAN
MST port states, 68 many-to-one VLAN mapping application
MST region, 66 scenario, 128
MST region configuration, 74 many-to-one VLAN mapping configuration, 134
MST regional root, 67 many-to-one VLAN mapping customer-side port
MSTI, 67 configuration, 135
MSTI calculation, 69 many-to-one VLAN mapping implementation, 131
MSTP, 65, See also MSTP many-to-one VLAN mapping network-side port
configuration, 136
MSTP CIST calculation, 69
one-to-one VLAN mapping application
MSTP device implementation, 70
scenario, 128
No Agreement Check, 88, 90
one-to-one VLAN mapping configuration, 133
path cost, 59
one-to-one VLAN mapping implementation, 131
port link type configuration, 83
one-to-two VLAN mapping application
port link type configuration restrictions, 84
scenario, 130
port mode configuration, 84
one-to-two VLAN mapping configuration, 136
port path cost calculation standard, 80
one-to-two VLAN mapping implementation, 132
port path cost configuration, 80, 82
QinQ configuration, 117, 119, 123
port priority configuration, 83
QinQ SVLAN tag 802.1p priority, 121
port role restriction, 92
QinQ VLAN transparent transmission
port state transition output, 85 configuration, 125
protection functions, 90 two-to-two VLAN mapping application
protocol packets, 58 scenario, 130
root bridge, 59 two-to-two VLAN mapping configuration, 137
root bridge configuration, 74 two-to-two VLAN mapping implementation, 132
root bridge device configuration, 75 VLAN mapping configuration, 128
root guard enable, 91 switching
root port, 59 Ethernet interface configuration, 1
RSTP, 64, See also RSTP loopback interface configuration, 14, 14
secondary root bridge configuration, 74 MAC address table configuration, 18, 19, 27
secondary root bridge device configuration, 75 null interface configuration, 14, 14
switched network diameter, 76 port isolation configuration, 55
TC-BPDU guard, 93 port isolation configuration (on VLAN), 56
TC-BPDU transmission restriction, 93 VLAN access port assignment, 111
timeout factor configuration, 78 VLAN basic configuration, 108
timer configuration, 77 VLAN hybrid port assignment, 113
timer configuration restrictions, 77 VLAN interface basic configuration, 109
timers, 64 VLAN port-based configuration, 110, 115
VLAN-to-instance mapping table, 67 VLAN trunk port assignment, 112
suppressing synchronizing
Ethernet interface physical state change MAC addresses, 25
suppression, 4 system
Layer 2 Ethernet interface storm control interface bulk configuration, 16
configuration, 9
T
Layer 2 Ethernet interface storm suppression
configuration, 8 table
195
LAN switching LLDP priority mapping table, 161 timer
MAC address, 18, 19, 27 LAN switching LLDP re-initialization delay, 153
MAC address table learning limit on MAC address table dynamic aging timer, 23
interface, 23 STP forward delay, 64, 77
MSTP VLAN-to-instance mapping table, 67 STP hello, 64, 77
tag STP max age, 64, 77
CVLAN tag TPID value, 121 TLV
many-to-one VLAN mapping application LAN switching LLDP advertisable TLV
scenario, 128 configuration, 154
many-to-one VLAN mapping configuration, 134 LAN switching LLDP management address
many-to-one VLAN mapping customer-side port configuration, 154
configuration, 135 LAN switching LLDP management address
many-to-one VLAN mapping encoding format, 154
implementation, 131 LAN switching LLDP parameters, 155
many-to-one VLAN mapping network-side port LAN switching LLDP+DCBX TLV advertisement, 158
configuration, 136 LAN switching LLDPDU basic management
one-to-one VLAN mapping application types, 148
scenario, 128 LAN switching LLDPDU LLDP-MED types, 148
one-to-one VLAN mapping configuration, 133 LAN switching LLDPDU management address
one-to-one VLAN mapping implementation, 131 TLV, 151
one-to-two VLAN mapping application LAN switching LLDPDU organization-specific
scenario, 130 types, 148
one-to-two VLAN mapping configuration, 136 topology
one-to-two VLAN mapping implementation, 132 STP TCN BPDU protocol packets, 58
QinQ CVLAN tag, 117 traffic
QinQ CVLAN tag TPID value, 121 Ethernet link aggregation traffic redirection, 46
QinQ SVLAN tag, 117 transmitting
QinQ SVLAN tag 802.1p priority, 121 LAN switching LLDPDUs, 151
QinQ SVLAN tag TPID value, 121 QinQ VLAN transparent transmission, 120, 125
QinQ VLAN tag TPID value, 120 STP TC-BPDU transmission restriction, 93
SVLAN tag TPID value, 121 transparent transmission (QinQ for VLAN), 120, 125
two-to-two VLAN mapping application trapping
scenario, 130 LAN switching LLDP configuration, 164
two-to-two VLAN mapping configuration, 137 LAN switching LLDP-MED configuration, 164
two-to-two VLAN mapping implementation, 132 MAC Information configuration, 29, 31
VLAN mapping configuration, 128, 138 MAC Information mode configuration, 30
TC-BPDU trunk port assignment (VLAN), 112
STP TC-BPDU guard, 93 two-to-two VLAN mapping
STP TC-BPDU transmission restriction, 93 application scenario, 130
testing configuration, 137, 137
Layer 2 Ethernet interface cable connection, 13 configuration example, 142
time
U
Ethernet link aggregation LACP timeout
interval, 35 unicast
timeout MAC address table configuration, 18, 19, 27
STP timeout factor, 78 MAC address table multiport unicast entry, 18
196
V enabling many-to-one VLAN mapping ARP
detection, 135
VLAN
enabling many-to-one VLAN mapping DHCP
access port assignment, 111
snooping, 134
assigning a hybrid port to a VLAN, 113
many-to-one application scenario, 128
assigning a trunk port to a VLAN, 112
many-to-one configuration, 134
assigning an access port to a VLAN, 111
many-to-one customer-side port configuration, 135
basic configuration, 108
many-to-one network-side port configuration, 136
configuration, 107
many-to-one VLAN mapping configuration
configuring, 107
example, 138
displaying, 114
many-to-one VLAN mapping implementation, 131
frame encapsulation, 107
one-to-one application scenario, 128
how ports of different link types handle
one-to-one configuration, 133
frames, 111
one-to-one VLAN mapping configuration
hybrid port assignment, 113
example, 138
interface basic configuration, 109
one-to-one VLAN mapping implementation, 131
LAN switching LLDP CDP compatibility, 156
one-to-two application scenario, 130
Layer 2 Ethernet aggregate interface (ignored
one-to-two configuration, 136
VLAN), 42
one-to-two VLAN mapping configuration
loop detection configuration, 100, 102, 104
example, 142
maintaining, 114
one-to-two VLAN mapping implementation, 132
MSTP VLAN-to-instance mapping table, 67
two-to-two application scenario, 130
port isolation configuration, 55, 56
two-to-two configuration, 137
port link type, 110
two-to-two VLAN mapping configuration
port-based configuration, 110, 115 example, 142
port-based VLAN configuration example, 115 two-to-two VLAN mapping implementation, 132
port-based VLAN introduction, 110 voice traffic
protocols and standards, 108 LAN switching LLDP CDP compatibility, 156
PVID, 110 VPN
QinQ configuration, 117, 119, 123 QinQ configuration, 117, 119, 123
QinQ CVLAN tag, 117 QinQ VLAN transparent transmission
QinQ CVLAN tag TPID value, 121 configuration, 125
QinQ implementation, 119
W
QinQ SVLAN tag, 117
WRR queuing
QinQ SVLAN tag 802.1p priority, 121
LAN switching LLDP group-based WRR
QinQ SVLAN tag TPID value, 121
queuing, 162
QinQ transparent transmission, 120
QinQ VLAN tag TPID value, 120
QinQ VLAN transparent transmission
configuration, 125
trunk port assignment, 112
VLAN mapping configuration, 128
VLAN frame encapsulation, 107
VLAN mapping
configuration, 128, 138
displaying, 138
197