Professional Documents
Culture Documents
01-06 Typical Ethernet Switching Configuration
01-06 Typical Ethernet Switching Configuration
01-06 Typical Ethernet Switching Configuration
Overview
MAC address entries are automatically generated when the switch learns the
source MAC addresses of packets. Static MAC address entries are manually
configured.
If a large number of static MAC address entries are manually configured, network
maintenance can be difficult. You can enable port security to dynamically bind
MAC addresses to interfaces.
Configuration Notes
This example applies to all versions of all S series switches.
Networking Requirements
In Figure 6-1, the server connects to the switch through GE1/0/2. To prevent the
switch from broadcasting packets destined for the server, the static MAC address
entry of the server needs to be configured on the switch. This ensures that the
switch unicasts packets destined for the server through GE1/0/2. The MAC address
of the PC is statically bound to GE1/0/1 to ensure secure communication between
the PC and server.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VLAN on the switch and add an interface to the VLAN to implement
Layer 2 forwarding.
2. Configure the static MAC address entry of the server on the switch.
3. Configure the static MAC address entry of the PC on the switch.
Procedure
Step 1 Create VLAN 2 on the switch and add GE1/0/1 and GE1/0/2to VLAN 2.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan batch 2 //Create VLAN 2.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type access //The interface connected to the PC must be the
access interface. The default link type of an interface is not access, so you need to manually configure the
access interface.
[Switch-GigabitEthernet1/0/1] port default vlan 2 //Add GE1/0/1 to VLAN 2.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2 //The configuration of GE1/0/2 is similar to that of GE1/0/1.
[Switch-GigabitEthernet1/0/2] port link-type access
[Switch-GigabitEthernet1/0/2] port default vlan 2
[Switch-GigabitEthernet1/0/2] quit
Step 2 Configure the static MAC address entry of the server on the switch.
[Switch] mac-address static xxxx-xxxx-xxx4 gigabitethernet 1/0/2 vlan 2
Step 3 Configure the static MAC address entry of the PC on the switch.
[Switch] mac-address static xxxx-xxxx-xxx2 gigabitethernet 1/0/1 vlan 2
-------------------------------------------------------------------------------
Total items displayed = 2
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 2
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2
port link-type access
port default vlan 2
#
mac-address static xxxx-xxxx-xxx2 GigabitEthernet1/0/1 vlan 2
mac-address static xxxx-xxxx-xxx4 GigabitEthernet1/0/2 vlan 2
#
return
Configuration Notes
This example applies to all versions of all S series switches.
Networking Requirements
As shown in Figure 6-2, the switch receives a packet from an unauthorized PC
whose MAC address is 0005-0005-0005 and belongs to VLAN 3. This MAC address
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VLAN to implement Layer 2 forwarding.
2. Configure a blackhole MAC address to block packets from this MAC address.
Procedure
Step 1 Configure a blackhole MAC address entry.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan 3 //Create VLAN 3.
[Switch-vlan3] quit
[Switch] mac-address blackhole xxxx-xxxx-xxx5 vlan 3 //Configure MAC address 0005-0005-0005 as the
blackhole MAC address in VLAN 3.
-------------------------------------------------------------------------------
Total items displayed = 1
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 3
#
mac-address blackhole xxxx-xxxx-xxx5 vlan 3
#
return
Configuration Notes
● After the port-security enable command is configured on an interface, MAC
address limiting cannot take effect on the interface. Do not configure port
security and MAC address limiting on the same interface simultaneously.
● This example applies to all versions of all S series switches.
● After the number of learned MAC address entries reaches the limit, SA cards
of S series and F series cards of chassis devices and box devices (excluding the
S5320-EI) cannot discard packets with nonexistent source MAC addresses.
Networking Requirements
In Figure 6-3, user network 1 is connected to GE1/0/1 of the switch through
LSW1, user network 2 is connected to GE1/0/2 of the switch through LSW2, and
GE1/0/1 and GE1/0/2 belong to VLAN 2. To control the number of access users,
configure MAC address limiting in VLAN 2.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Create VLAN 2 and add GE1/0/1 and GE1/0/2 to VLAN 2.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan batch 2
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk //Configure the link type of the interface as trunk.
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 //Add GE1/0/1 to VLAN 2.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2 //The configuration of GE1/0/2 is similar to the configuration of
GE1/0/1.
[Switch-GigabitEthernet1/0/2] port link-type trunk
[Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 2
[Switch-GigabitEthernet1/0/2] quit
Step 2 Configure the following MAC address limiting rule in VLAN 2: A maximum of 100
MAC addresses can be learned. When the number of learned MAC address entries
reaches the limit, the device forwards the packets with new source MAC address
entries and generates an alarm.
[Switch] vlan 2
[Switch-vlan2] mac-limit maximum 100 action forward //The default action taken for packets in
different versions is different. You are advised to manually configure the action. For fixed switches, the
action parameter can be set in the VLAN view only on the S5320-EI. On other fixed switches, the forward
action is used in the VLAN view by default, and the action parameter does not need to be set. The alarm
function is enabled by default, so you do not need to configure the alarm function manually.
[Switch-vlan2] quit
# Run the display mac-limit command in any view to check whether the MAC
address limiting rule is successfully configured.
[Switch] display mac-limit
MAC limit is enabled
Total MAC limit rule count : 1
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 2
#
vlan 2
mac-limit maximum 100 action forward
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 2
#
return
Overview
The switch limits the number of MAC address entries based on VLANs or
interfaces. In offices where clients seldom change, you can configure MAC address
limiting to control user access. This can protect against certain attacks. For
example, if an attacker forges a large number of packets with different source
MAC addresses and sends the packets to the device, finite MAC address entries in
the MAC address table of the device may be exhausted. When the MAC address
table is full, the device cannot learn source MAC addresses of valid packets. As a
result, the device broadcasts the valid packets, wasting bandwidth resources.
Configuration Notes
● After port-security enable is configured on an interface, MAC address
limiting cannot be configured on the interface.
Networking Requirements
In Figure 6-4, user network 1 and user network 2 connect to the switch through
the LSW, and GE1/0/1 of the switch connects to the LSW. User network 1 and user
network 2 belong to VLAN 10 and VLAN 20 respectively. On the switch, MAC
address limiting can be configured on GE1/0/1 to control the number of access
users.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Create VLAN 10 and VLAN 20 and add GE1/0/1 to VLAN 10 and VLAN 20.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan batch 10 20 //Create VLAN 10 and VLAN 20.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk //Configure the link type of the interface as trunk.
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 20 //Add GE1/0/1 to VLAN 10 and VLAN 20.
[Switch-GigabitEthernet1/0/1] quit
Step 2 Configure the switch to learn a maximum of 100 MAC address entries on GE1/0/1.
When the number of learned MAC address entries reaches the limit, the switch
discards the packets with new source MAC address entries and generates an
alarm.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] mac-limit maximum 100 action discard //The default action taken for
packets in different versions is different. You are advised to manually specify the action. The alarm function
is enabled by default, so you do not need to specify it manually.
[Switch-GigabitEthernet1/0/1] quit
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 20
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
mac-limit maximum 100
#
return
Extensible EE series
FC series
SC series
X series
LE1D2S04SEC0, LE1D2X32SEC0,
LE1D2H02QEC0, and LE2D2X48SEC0 in
the EC series
Non-extensible BC series
EA series
ED series
FA series
SA series
EC1series
EA1series
EC series (excluding the LE1D2S04SEC0,
LE1D2X32SEC0, LE1D2H02QEC0, and
LE2D2X48SEC0)
– If the hash mode of a card is set to advanced before the upgrade, the
hash mode of the card remains advanced after the upgrade and no
configuration information is generated.
● Card replacement
Table 6-2 lists the hash modes of cards in a slot before and after card
replacement.
Table 6-2 Hash modes of cards in a slot before and after card replacement
Replaced Card Hash Mode New Card Hash
of the Mode of
Replaced the
Card New
Card
● Card removal
When the card with Eth-Trunk specification extension in advanced mode is
removed, the configuration of the hash mode is reserved in the system. You
can run the undo eth-trunk load-balance hash-mode command to clear the
configuration of the hash mode.
● Other
– When interfaces on the card with Eth-Trunk specification extension form
an inter-card Eth-Trunk with interfaces on other cards, the hash mode of
the card with Eth-Trunk specification extension cannot be changed. To
change the hash mode of the card with Eth-Trunk specification extension,
first delete the inter-card Eth-Trunk member interfaces of the card with
Eth-Trunk specification extension from the inter-card Eth-Trunk.
– When interfaces on the FC series, SC series, EE series, or LE2D2X48SEC0
card, card without Eth-Trunk specification extension, and LE1D2S04SEC0,
LE1D2X32SEC0, LE1D2H02QEC0, or X series card working in normal
mode form an inter-card Eth-Trunk, first run the unknown-unicast load-
balance command to set the load balancing mode of unknown unicast
packets to lbid. After the inter-card Eth-Trunk is created, the load
balancing mode of unknown unicast packets cannot be changed.
– If interfaces on the card with Eth-Trunk specification extension in normal
mode or card without Eth-Trunk specification extension are added to the
same Eth-Trunk with interfaces on the card with Eth-Trunk specification
● Load balancing
– When interfaces on the FC series, SC series, EE series, or LE2D2X48SEC0
card, card without Eth-Trunk specification extension, and LE1D2S04SEC0,
LE1D2X32SEC0, LE1D2H02QEC0, or X series card working in normal
mode form an inter-card Eth-Trunk, first run the unknown-unicast load-
balance command to set the load balancing mode of unknown unicast
packets to lbid. After the inter-card Eth-Trunk is created, the load
balancing mode of unknown unicast packets cannot be changed.
– If incoming traffic enters the Eth-Trunk on the card without Eth-Trunk
specification extension, outgoing traffic goes out of the card with Eth-
Trunk specification extension, and the Eth-Trunk on the card with Eth-
Trunk specification extension has more than eight member interfaces,
traffic may be unevenly load balanced on the Eth-Trunk of the card with
Eth-Trunk specification extension and known unicast traffic can be only
sent out from the eight Eth-Trunk member interfaces.
– If interfaces on the card with Eth-Trunk specification extension in normal
mode or card without Eth-Trunk specification extension are added to the
same Eth-Trunk with interfaces on the card with Eth-Trunk specification
extension in advanced mode, load balancing of the Eth-Trunk is uneven
and the alarm IFPDT_1.3.6.1.4.1.2011.5.25.157.2.211
hwNotSameBoardInTrunk is triggered.
● Card installation
On the switches except the S9300X-4, S9300X-8, and S9300X-12, if only cards
with Eth-Trunk specification extension are installed on a switch and the
configuration specified by the assign trunk command takes effect, the hash
mode of cards that are installed later is as follows:
– Card with Eth-Trunk specification extension: If the Eth-Trunk index is
larger than 127, cards with Eth-Trunk specification extension work in
advanced mode, and the corresponding configuration is generated. If the
Eth-Trunk index does not exceed 127, cards with Eth-Trunk specification
extension work in normal mode.
– Card without Eth-Trunk specification extension: The Eth-Trunk index
cannot exceed 127. However, if the Eth-Trunk index exceeds 127, the card
without Eth-Trunk specification extension fails to be registered, and the
L2IFPPI_1.3.6.1.4.1.2011.5.25.219.2.2.13_hwBoardPowerOff alarm is
triggered. If the Eth-Trunk index does not exceed 127 but the value of
member-number is larger than 8, the
IFPDT_1.3.6.1.4.1.2011.5.25.157.2.247_hwBoardNotSupportAssignTrunk
alarm is triggered.
NOTE
The index is the internal number that the switch allocates to each Eth-Trunk, and
is different from the Eth-Trunk ID. If the configured number of Eth-Trunks
supported by the switch is larger than 128 and many Eth-Trunks are created on
the switch, the index larger than 127 may be occupied. The card without Eth-
Trunk specification extension can only use the index of 127 or smaller, the system
checks the index and limits its registration. If the non-registered card without
Eth-Trunk specification extension is reserved, this card cannot be registered even
if the switch restarts.
– You can run the display reset-reason command to check the registration
failure cause. The system displays the message "This LPU only supports
the trunks with index 127 or smaller than 127.". If the card without Eth-
Trunk specification extension must be used, you must delete the Eth-
Trunk with the index larger than 127.
● Card replacement
Table 6-3 lists the hash modes of cards in a slot before and after card
replacement.
Table 6-3 Hash modes of cards in a slot before and after card replacement
Replaced Card Hash New Card Hash
Mode of Mode of
the the
Replaced New
Card Card
● Card removal
When the card with Eth-Trunk specification extension in advanced mode is
removed, the configuration of the hash mode is reserved in the system. You
can run the undo eth-trunk load-balance hash-mode command to clear the
configuration of the hash mode.
● Other
– When interfaces on the card with Eth-Trunk specification extension form
an inter-card Eth-Trunk with interfaces on other cards, the hash mode of
the card with Eth-Trunk specification extension cannot be changed. To
change the hash mode of the card with Eth-Trunk specification extension,
first delete the inter-card Eth-Trunk member interfaces of the card with
Eth-Trunk specification extension from the inter-card Eth-Trunk.
– The card without Eth-Trunk specification extension and the card with Eth-
Trunk specification extension working in normal mode do not support
Eth-Trunk specification extensions. If the switch that is configured with
Eth-Trunk specification extensions is equipped with these cards, a
maximum of eight Eth-Trunk member interfaces are allowed on these
cards.
Configuration Notes
● Member interfaces of an Eth-Trunk must use the same Ethernet type and rate.
● Both devices of the Eth-Trunk must use the same number of physical
interfaces, interface rate, duplex mode, and flow control mode.
● If an interface of the local device is added to an Eth-Trunk, an interface of the
remote device directly connected to the interface of the local device must also
be added to an Eth-Trunk. Otherwise, the two ends cannot communicate.
● Both devices of an Eth-Trunk must use the same link aggregation mode.
● This example applies to all versions of all S series switches.
Networking Requirements
In Figure 6-5, SwitchA and SwitchB connect to devices in VLAN 10 and VLAN 20
through Ethernet links, and heavy traffic is transmitted between SwitchA and
SwitchB.
SwitchA and SwitchB can provide higher link bandwidth to implement inter-VLAN
communication. Data transmission and link reliability need to be ensured.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Create an Eth-Trunk on SwitchA and SwitchB and add member interfaces to the
Eth-Trunk.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface eth-trunk 1 //Create Eth-Trunk 1.
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 1/0/1 to 1/0/3 //Add GE1/0/1, GE1/0/2, and GE1/0/3 to
Eth-Trunk 1.
[SwitchA-Eth-Trunk1] quit
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] interface eth-trunk 1 //Create Eth-Trunk 1.
[SwitchB-Eth-Trunk1] trunkport gigabitethernet 1/0/1 to 1/0/3 //Add GE1/0/1, GE1/0/2, and GE1/0/3 to
Eth-Trunk 1.
[SwitchB-Eth-Trunk1] quit
# Create VLAN 10 and VLAN 20 and add interfaces to them. The configuration of
SwitchB is similar to the configuration of SwitchA, and is not mentioned here.
[SwitchA] vlan batch 10 20
[SwitchA] interface gigabitethernet 1/0/4
[SwitchA-GigabitEthernet1/0/4] port link-type trunk //Configure the interface as a trunk interface. The
default link type of an interface is not trunk.
[SwitchA-GigabitEthernet1/0/4] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet1/0/4] quit
[SwitchA] interface gigabitethernet 1/0/5
[SwitchA-GigabitEthernet1/0/5] port link-type trunk //Configure the interface as a trunk interface. The
default link type of an interface is not trunk.
[SwitchA-GigabitEthernet1/0/5] port trunk allow-pass vlan 20
[SwitchA-GigabitEthernet1/0/5] quit
Step 3 Set the load balancing mode of Eth-Trunk 1. The configuration of SwitchB is
similar to the configuration of SwitchA, and is not mentioned here.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] load-balance src-dst-mac //Configure load balancing based on the source and
destination MAC addresses on Eth-Trunk 1.
[SwitchA-Eth-Trunk1] quit
Run the display eth-trunk 1 command in any view to check whether the Eth-
Trunk is created and whether member interfaces are added.
[SwitchA] display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL Hash arithmetic: According to SA-XOR-DA
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 3
--------------------------------------------------------------------------------
PortName Status Weight
GigabitEthernet1/0/1 Up 1
GigabitEthernet1/0/2 Up 1
GigabitEthernet1/0/3 Up 1
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10 20
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
load-balance src-dst-mac
#
interface GigabitEthernet1/0/1
eth-trunk 1
#
interface GigabitEthernet1/0/2
eth-trunk 1
#
interface GigabitEthernet1/0/3
eth-trunk 1
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/5
port link-type trunk
port trunk allow-pass vlan 20
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 10 20
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
load-balance src-dst-mac
#
interface GigabitEthernet1/0/1
eth-trunk 1
#
interface GigabitEthernet1/0/2
eth-trunk 1
#
interface GigabitEthernet1/0/3
eth-trunk 1
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/5
port link-type trunk
port trunk allow-pass vlan 20
#
return
Overview
Ethernet link aggregation increases link bandwidth by bundling multiple physical
links to form a logical link. Link aggregation can work in manual mode or Link
Aggregation Control Protocol (LACP) mode.
If a high link bandwidth between two directly connected devices is required and
devices support LACP, the LACP mode is recommended. The LACP mode increases
bandwidth, improves reliability, implements load balancing, enhances Eth-Trunk
fault tolerance, and provides backup.
In LACP mode, some links are active links and other links are backup links. All the
active links participate in data forwarding. If an active link becomes faulty, a
backup link is selected to replace the faulty link. That is, the number of links
participating in data forwarding remains unchanged.
Configuration Notes
● Member interfaces of an Eth-Trunk must use the same Ethernet type and rate.
● Both devices of the Eth-Trunk must use the same number of physical
interfaces, interface rate, duplex mode, and flow control mode.
● If an interface of the local device is added to an Eth-Trunk, an interface of the
remote device directly connected to the interface of the local device must also
be added to an Eth-Trunk. Otherwise, the two ends cannot communicate.
● Both devices of an Eth-Trunk must use the same link aggregation mode.
● This example applies to all versions of all S series switches.
Networking Requirements
In Figure 6-6, SwitchA and SwitchB connect to devices in VLAN 10 and VLAN 20
through Ethernet links, and heavy traffic is transmitted between SwitchA and
SwitchB. The link between SwitchA and SwitchB is required to provide high
bandwidth to implement inter-VLAN communication. Link aggregation in LACP
mode is configured on SwitchA and SwitchB to improve the bandwidth and
reliability. The following requirements must be met:
Figure 6-6 Networking diagram for configuring link aggregation in LACP mode
Configuration Roadmap
The configuration roadmap is as follows:
1. Create an Eth-Trunk and configure the Eth-Trunk to work in LACP mode to
implement link aggregation.
2. Add member interfaces to the Eth-Trunk.
3. Set the LACP system priority and determine the Actor so that the Partner
selects active interfaces based on the Actor interface priority.
4. Set the upper threshold for the number of active interfaces to improve
reliability.
5. Set LACP interface priorities and determine active interfaces so that interfaces
with higher priorities are selected as active interfaces.
6. Create VLANs and add interfaces to the VLANs.
Procedure
Step 1 Create Eth-Trunk 1 on SwitchA and configure Eth-Trunk 1 to work in LACP mode.
The configuration of SwitchB is similar to that of SwitchA, and is not mentioned
here.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface eth-trunk 1 //Create Eth-Trunk 1.
[SwitchA-Eth-Trunk1] mode lacp //Configure link aggregation in LACP mode.
[SwitchA-Eth-Trunk1] quit
Step 3 Set the LACP system priority of SwitchA to 100 so that SwitchA becomes the Actor.
[SwitchA] lacp priority 100 //The default LACP system priority is 32768. Change the LACP priority of
SwitchA to be higher than that of SwitchB so that SwitchA functions as the Actor.
Step 4 On SwitchA, set the upper threshold for the number of active interfaces to 2.
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] max active-linknumber 2 //The default upper threshold for the number of active
interfaces in the LAG is 8. Change the upper threshold for the number of active interfaces to 2.
[SwitchA-Eth-Trunk1] quit
Step 5 Set the LACP system priority and determine active links on SwitchA.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] lacp priority 100 //The default LACP interface priority is 32768. Change
the LACP priority of GE1/0/1 to 100 so that GE1/0/1 serves as the active interface.
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] lacp priority 100 //The default LACP interface priority is 32768. Change
the LACP priority of GE1/0/2 to 100 so that GE1/0/2 serves as the active interface.
[SwitchA-GigabitEthernet1/0/2] quit
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet1/0/1 32768 00e0-fca6-7f85 32768 6145 2609 11111100
GigabitEthernet1/0/2 32768 00e0-fca6-7f85 32768 6146 2609 11111100
GigabitEthernet1/0/3 32768 00e0-fca6-7f85 32768 6147 2609 11110000
[SwitchB] display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: LACP
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 32768 System ID: 00e0-fca6-7f85
Least Active-linknumber: 1 Max Active-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet1/0/1 Selected 1GE 32768 6145 2609 11111100 1
GigabitEthernet1/0/2 Selected 1GE 32768 6146 2609 11111100 1
GigabitEthernet1/0/3 Unselect 1GE 32768 6147 2609 11110000 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet1/0/1 100 00e0-fca8-0417 100 6145 2865 11111100
GigabitEthernet1/0/2 100 00e0-fca8-0417 100 6146 2865 11111100
GigabitEthernet1/0/3 100 00e0-fca8-0417 32768 6147 2865 11100000
The preceding information shows that the LACP system priority of SwitchA is 100
and is higher than the LACP system priority of SwitchB. GigabitEthernet1/0/1 and
GigabitEthernet1/0/2 are active interfaces and are in Selected state.
GigabitEthernet1/0/3 is in Unselect state. In addition, load balancing and
redundancy are implemented.
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10 20
#
lacp priority 100
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20
mode lacp
max active-linknumber 2
#
interface GigabitEthernet1/0/1
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet1/0/2
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet1/0/3
eth-trunk 1
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/5
port link-type trunk
port trunk allow-pass vlan 20
#
return
Overview
Enhanced Trunk (E-Trunk) is an extension to LACP (a link aggregation protocol for
a single device) and implements link aggregation among multiple devices. E-Trunk
achieves device-level link reliability but not card-level link reliability.
Configuration Notes
● Devices must use link aggregation in LACP mode.
● In Figure 6-7, the E-Trunk configuration on PE1 and PE2 must be the same.
The Eth-Trunks between PE1 and CE1 and between PE2 and CE1 must use the
same rate and duplex mode (key values must be the same) and join the same
E-Trunk. After the Eth-Trunks are added to the E-Trunk, ensure that the LACP
priorities and system IDs of PE1 and PE2 are the same. On CE1, interfaces
directly connected to PE1 and PE2 must be added to the same Eth-Trunk. The
Eth-Trunk can have a different Eth-Trunk ID from that on the PEs. For
example, the CE is configured with Eth-Trunk 20, while both PEs are
configured with Eth-Trunk 10.
● You must specify an IP address (loopback address recommended) for each PE
to ensure Layer 3 connectivity. Ensure that the peer IP address of a PE is the
local IP address of the other PE.
● The E-Trunk must be bound to a BFD session.
● You must set the same protocol packet password for PE1 and PE2.
● This example applies to the following products:
– S5300-HI, S5310-EI, S5320-EI, S5320-HI, S5330-HI, S5331-S, S5331-H,
S5332-H
– S6300-EI, S6320-EI, S6320-HI, S6330-H
– S9303, S9306, S9312, S9310
– S9310X, S9300X-4, S9300X-8, S9300X-12
– S9303E, S9306E, S9312E
● For the product models whose applicable versions are not listed above, see
Table 1-1 in "Applicable Products and Versions" for details.
NOTE
For details about software mappings, visit Hardware Center and select the desired
product model.
Networking Requirements
If no E-Trunk is configured, a CE can be connected to only one PE using an Eth-
Trunk. If the Eth-Trunk or the PE fails, the CE cannot communicate with the PE.
After an E-Trunk is configured, the CE can be dual-homed to PEs. E-Trunk achieves
device-level link reliability but not card-level link reliability.
In Figure 6-7, CE1 is connected to PE1 and PE2 using two Eth-Trunks in LACP
mode and is dual-homed to a VPLS network.
Initially, CE1 communicates with CE2 on the VPLS network through PE1. If PE1 or
the Eth-Trunk between CE1 and PE1 fails, CE1 cannot communicate with CE2. To
prevent service interruption, configure an E-Trunk on PE1 and PE2. When
communication between CE1 and PE1 fails, traffic is switched to PE2 so that CE1
can communicate with CE2 through PE2. When PE1 or the Eth-Trunk between CE1
and PE1 recovers, traffic is switched back to PE1.
The E-Trunk implements backup of link aggregation groups (LAGs) between PE1
and PE2 and therefore improves network reliability.
PE1 GigabitEthernet1/0 - -
/1
- GigabitEthernet1/0 - -
/2
- Loopback1 - 1.1.1.9/32
PE2 GigabitEthernet1/0 - -
/1
- GigabitEthernet1/0 - -
/2
- Loopback1 - 2.2.2.9/32
- GigabitEthernet1/0 GigabitEthernet1/0 -
/3 /3.1
- Loopback1 - 3.3.3.9/32
CE1 GigabitEthernet1/0 - -
/1
- GigabitEthernet1/0 - -
/2
- GigabitEthernet1/0 - -
/3
- GigabitEthernet1/0 - -
/4
CE2 GigabitEthernet1/0 - -
/3
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an E-Trunk.
– Create Eth-Trunks in LACP mode between CE1 and PE1 and between CE1
and PE2. Add member interfaces to the Eth-Trunks.
– Create an E-Trunk on PE1 and PE2 and add the two Eth-Trunks in LACP
mode to the E-Trunk.
– Set E-Trunk parameters:
▪ E-Trunk priority
Procedure
Step 1 Configure VLANs and IP addresses on the PW-side interfaces according to Figure
6-7. Configure a routing protocol on the backbone network to implement the
interworking between devices. OSPF is used in this example.
After the configuration is complete, PE1, PE2, and PE3 use OSPF to discover IP
routes to each other's Loopback1 interface, and can ping one another. Run the
display ip routing-table command on PE1, PE2, and PE3 to determine whether
the PEs have learned the routes to one another.
NOTE
● The AC-side interface and PW-side interface of a PE cannot be added to the same VLAN;
otherwise, a loop may occur.
● When configuring OSPF, configure PE1, PE2, and PE3 to advertise 32-bit loopback
addresses.
Step 2 Configure Eth-Trunks in LACP mode on user-side switch CE1, PE1, and PE2, and
add member interfaces to the Eth-Trunks. Configure Layer 2 forwarding on CE1.
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] vlan batch 10
[CE1] interface eth-trunk 20 //Create Eth-Trunk 20 and enter the view of Eth-Trunk 20.
[CE1-Eth-Trunk20] port link-type trunk //Set the link type of the interface to trunk.
[CE1-Eth-Trunk20] port trunk allow-pass vlan 10 //Add Eth-Trunk 20 to VLAN 10.
[CE1-Eth-Trunk20] mode lacp //Configure Eth-Trunk 20 to work in LACP mode.
[CE1-Eth-Trunk20] trunkport GigabitEthernet 1/0/1 to 1/0/4 //Add GE1/0/1 to GE1/0/4 to Eth-Trunk20.
[CE1-Eth-Trunk20] quit
# Configure PE1.
[PE1] interface eth-trunk 10 //Create Eth-Trunk 10 and enter the view of Eth-Trunk 10.
[PE1-Eth-Trunk10] port link-type trunk //Set the link type of the interface to trunk.
[PE1-Eth-Trunk10] mode lacp //Configure Eth-Trunk 10 to work in LACP mode.
[PE1-Eth-Trunk10] trunkport GigabitEthernet 1/0/1 to 1/0/2 //Add GE1/0/1 and GE1/0/2 to Eth-Trunk10.
[PE1-Eth-Trunk10] quit
# Configure PE2.
[PE2] interface eth-trunk 10 //Create Eth-Trunk 10 and enter the view of Eth-Trunk 10.
[PE2-Eth-Trunk10] port link-type trunk //Set the link type of the interface to trunk.
[PE2-Eth-Trunk10] mode lacp //Configure Eth-Trunk 10 to work in LACP mode.
[PE2-Eth-Trunk10] trunkport GigabitEthernet 1/0/1 to 1/0/2 //Add GE1/0/1 and GE1/0/2 to Eth-Trunk10.
[PE2-Eth-Trunk10] quit
Step 3 Create an E-Trunk and set the LACP priority, LACP system ID, E-Trunk priority, time
multiplier for detecting hello packets, interval at which hello packets are sent, and
local and remote IP addresses.
# Configure PE1.
[PE1] e-trunk 1 //Create E-Trunk 1 and enter the view of E-Trunk 1.
[PE1-e-trunk-1] quit
[PE1] lacp e-trunk priority 1 //Set the LACP priority of E-Trunk 1 to 1.
[PE1] lacp e-trunk system-id 00e0-fc12-3450 //Set the LACP system ID of E-Trunk 1 to 00e0-fc12-3450.
[PE1] e-trunk 1 //Enter the view of E-Trunk 1.
[PE1-e-trunk-1] priority 10 //Set the priority of E-Trunk 1 to 10.
[PE1-e-trunk-1] timer hold-on-failure multiplier 3 //Set the time multiplier for detecting hello packets to
3.
[PE1-e-trunk-1] timer hello 9 //Set the interval at which hello packets are sent to 9 ms.
[PE1-e-trunk-1] peer-address 2.2.2.9 source-address 1.1.1.9 //Set the remote IP address to 2.2.2.9 and
local IP address to 1.1.1.9.
[PE1-e-trunk-1] quit
# Configure PE2.
[PE2] e-trunk 1 //Create E-Trunk 1 and enter the view of E-Trunk 1.
[PE2-e-trunk-1] quit
[PE2] lacp e-trunk priority 1 //Set the LACP priority of E-Trunk 1 to 1.
[PE2] lacp e-trunk system-id 00e0-fc12-3450 //Set the LACP system ID of E-Trunk 1 to 00e0-fc12-3450.
[PE2] e-trunk 1 //Enter the view of E-Trunk 1.
[PE2-e-trunk-1] priority 20 //Set the priority of E-Trunk 1 to 20.
[PE2-e-trunk-1] timer hold-on-failure multiplier 3 //Set the time multiplier for detecting hello packets to
3.
[PE2-e-trunk-1] timer hello 9 //Set the interval at which hello packets are sent to 9 ms.
[PE2-e-trunk-1] peer-address 1.1.1.9 source-address 2.2.2.9 //Set the remote IP address to 1.1.1.9 and
local IP address to 2.2.2.9.
[PE2-e-trunk-1] quit
# Configure PE2.
[PE2] interface eth-trunk 10 //Enter the view of Eth-Trunk 10.
[PE2-Eth-Trunk10] e-trunk 1 //Add Eth-Trunk 10 to E-Trunk 1.
[PE2-Eth-Trunk10] quit
Step 6 Configure PEs so that CE1 can access the VPLS network.
1. Configure basic MPLS functions and LDP on PE1, PE2, and PE3.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 //Set the LSR ID to 1.1.1.9.
[PE1] mpls //Enable global MPLS.
[PE1-mpls] quit
[PE1] mpls ldp //Enable global LDP.
[PE1-mpls-ldp] quit
[PE1] interface vlanif 100
[PE1-Vlanif100] mpls //Enable MPLS on an interface.
[PE1-Vlanif100] mpls ldp //Enable LDP on an interface.
[PE1-Vlanif100] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9 //Set the LSR ID to 2.2.2.9.
[PE2] mpls //Enable global MPLS.
[PE2-mpls] quit
[PE2] mpls ldp //Enable global LDP.
[PE2-mpls-ldp] quit
[PE2] interface vlanif 200
[PE2-Vlanif200] mpls //Enable MPLS on an interface.
[PE2-Vlanif200] mpls ldp //Enable LDP on an interface.
[PE2-Vlanif200] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.9 //Set the LSR ID to 3.3.3.9.
[PE3] mpls //Enable global MPLS.
[PE3-mpls] quit
[PE3] mpls ldp //Enable global LDP.
[PE3-mpls-ldp] quit
[PE3] interface vlanif 100
[PE3-Vlanif100] mpls //Enable MPLS on an interface.
[PE3-Vlanif100] mpls ldp //Enable LDP on an interface.
[PE3-Vlanif100] quit
[PE3] interface vlanif 200
[PE3-Vlanif200] mpls //Enable MPLS on an interface.
[PE3-Vlanif200] mpls ldp //Enable LDP on an interface.
[PE3-Vlanif200] quit
After the configuration is complete, run the display mpls ldp session
command on PEs to determine whether the status of the remote LDP peer
relationship is Operational. This indicates that remote LDP sessions are set
up.
2. Enable MPLS L2VPN on PE1, PE2, and PE3.
# Configure PE1.
[PE1] mpls l2vpn //Enable global MPLS L2VPN.
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn //Enable global MPLS L2VPN.
[PE2-l2vpn] quit
# Configure PE3.
[PE3] mpls l2vpn //Enable global MPLS L2VPN.
[PE3-l2vpn] quit
3. Create a VSI ldp1 on PE1, PE2, and PE3 and specify LDP as the signaling
protocol in the VSI.
# Configure PE1.
[PE1] vsi ldp1 static //Create a VSI named ldp1 and configure static member discovery.
[PE1-vsi-ldp1] pwsignal ldp //Set the signaling mode to LDP.
[PE1-vsi-ldp1-ldp] vsi-id 2 //Set the ID of the VSI to 2.
[PE1-vsi-ldp1-ldp] peer 3.3.3.9 //Set the peer address of the VSI to 3.3.3.9.
[PE1-vsi-ldp1-ldp] quit
[PE1-vsi-ldp1] quit
# Configure PE2.
[PE2] vsi ldp1 static //Create a VSI named ldp1 and configure static member discovery.
[PE2-vsi-ldp1] pwsignal ldp //Set the signaling mode to LDP.
[PE2-vsi-ldp1-ldp] vsi-id 2 //Set the ID of the VSI to 2.
[PE2-vsi-ldp1-ldp] peer 3.3.3.9 //Set the peer address of the VSI to 3.3.3.9.
[PE2-vsi-ldp1-ldp] quit
[PE2-vsi-ldp1] quit
# Configure PE3.
[PE3] vsi ldp1 static //Create a VSI named ldp1 and configure static member discovery.
[PE3-vsi-ldp1] pwsignal ldp //Set the signaling mode to LDP.
[PE3-vsi-ldp1-ldp] vsi-id 2 //Set the ID of the VSI to 2.
[PE3-vsi-ldp1-ldp] peer 1.1.1.9 //Set the peer address of the VSI to 1.1.1.9.
[PE3-vsi-ldp1-ldp] peer 2.2.2.9 //Set the peer address of the VSI to 2.2.2.9.
[PE3-vsi-ldp1-ldp] quit
[PE3-vsi-ldp1] quit
4. Configure Eth-Trunk sub-interfaces on PE1 and PE2, and bind the VSI to the
Eth-Trunk sub-interfaces.
# Configure PE1.
[PE1] vcmp role silent
[PE1] interface Eth-Trunk 10.1 //Create Eth-Trunk 10.1 and enter the view of Eth-Trunk 10.1.
[PE1-Eth-Trunk10.1] dot1q termination vid 10 //Set the single VLAN ID for dot1q encapsulation on
Eth-Trunk 10.1 to VLAN 10.
[PE1-Eth-Trunk10.1] l2 binding vsi ldp1 //Bind Eth-Trunk 10.1 to the VSI ldp1.
[PE1-Eth-Trunk10.1] quit
# Configure PE2.
[PE2] vcmp role silent
[PE2] interface Eth-Trunk 10.1 //Create Eth-Trunk 10.1 and enter the view of Eth-Trunk 10.1.
[PE2-Eth-Trunk10.1] dot1q termination vid 10 //Set the single VLAN ID for dot1q encapsulation on
Eth-Trunk 10.1 to VLAN 10.
[PE2-Eth-Trunk10.1] l2 binding vsi ldp1 //Bind Eth-Trunk 10.1 to the VSI ldp1.
[PE2-Eth-Trunk10.1] quit
The preceding information shows that the E-Trunk priority on PE1 is 10, and
the E-Trunk status is Master; the E-Trunk priority on PE2 is 20, and the E-
Trunk status is Backup. Device backup is implemented.
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Eth-Trunk20
port link-type trunk
port trunk allow-pass vlan 10
mode lacp
#
interface GigabitEthernet1/0/1
eth-trunk 20
#
interface GigabitEthernet1/0/2
eth-trunk 20
#
interface GigabitEthernet1/0/3
eth-trunk 20
#
interface GigabitEthernet1/0/4
eth-trunk 20
#
return
● PE1 configuration file
#
sysname PE1
#
vcmp role silent
#
vlan batch 100
#
lacp e-trunk system-id 00e0-fc12-3450
lacp e-trunk priority 1
#
bfd
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
e-trunk 1
priority 10
peer-address 2.2.2.9 source-address 1.1.1.9
timer hello 9
timer hold-on-failure multiplier 3
e-trunk track bfd-session session-name hello1
#
interface Eth-Trunk10
port link-type trunk
mode lacp
e-trunk 1
#
interface Eth-Trunk10.1
dot1q termination vid 10
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1
eth-trunk 10
#
interface GigabitEthernet1/0/2
eth-trunk 10
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 100
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bfd hello1 bind peer-ip 2.2.2.9 source-ip 1.1.1.9
discriminator local 1
discriminator remote 2
commit
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
different chassis. When devices in the CSS or stack forward traffic, the Eth-Trunk
may select an inter-chassis member interface based on a hash algorithm. The
cable bandwidth between devices in the CSS or stack is limited, so inter-chassis
traffic forwarding occupies bandwidth resources between devices, lowering traffic
forwarding efficiency. To address this issue, you can enable an Eth-Trunk to
preferentially forward local traffic.
Configuration Notes
● If active interfaces of an Eth-Trunk on the local device have sufficient
bandwidth to forward traffic, you can configure the Eth-Trunk to preferentially
forward local traffic. This improves traffic forwarding efficiency and increases
bandwidth capacity between devices in the CSS.
● If active interfaces of an Eth-Trunk on the local device do not have sufficient
bandwidth to forward traffic, you can configure the Eth-Trunk not to
preferentially forward local traffic. In this case, some traffic on the local
device is forwarded through member interfaces of an Eth-Trunk on another
device, preventing packet loss.
● This example applies to the following products and versions:
– S2350-EI, S2320-EI, S5320-EI, S5320-SI, S5320-HI, S5320-LI, S5330-SI,
S5330-HI, S5331-S, S5331-H,
S5332-H: For the applicable versions, see TableTable 1-1.
– S6320-EI, S6320-SI, S6320-HI, S6330-H: For the applicable versions, see
TableTable 1-1.
– S5300-LI, S5310-EI, S5300-HI, S6300-EI: running V200R003C00 and later
versions.
– S5300-SI, S5300-EI: running V200R002C00 and later versions.
– S5335-L, S5335-S: V200R019C10 and later versions.
– S5335-L1: For the applicable versions, see TableTable 1-1.
– S9306, S9312, S9310: For the applicable versions, see TableTable 1-1.
– S9310X, S9300X-4, S9300X-8, S9300X-12: For the applicable versions, see
TableTable 1-1.
– S9306E, S9312E: For the applicable versions, see TableTable 1-1.
NOTE
For details about software mappings, visit Hardware Center and select the desired
product model.
Networking Requirements
On the network shown in Figure 6-8, CSS technology is used to increase the total
capacity of switches. Switch3 and Switch4 are connected through stack cables to
form a logical switch. To implement backup between switches and improve
reliability, physical interfaces on the two switches are added to an Eth-Trunk. In
normal situations, traffic from VLAN 2 and VLAN 3 is forwarded through GE1/0/1
and GE1/0/2 respectively. This increases bandwidth capacity between switches and
reduces traffic forwarding efficiency.
To ensure that traffic from VLAN 2 is forwarded through GE1/0/1 and traffic from
VLAN 3 is forwarded through GE1/0/2, you can configure the Eth-Trunk to
preferentially forward local traffic.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create an Eth-Trunk.
2. Add member interfaces to the Eth-Trunk.
3. Enable the Eth-Trunk to preferentially forward local traffic.
4. Add interfaces to VLANs to implement Layer 2 connectivity.
Procedure
Step 1 Create an Eth-Trunk and configure the ID of a VLAN from which packets can pass
through the Eth-Trunk.
# Configure the CSS.
<Quidway> system-view
[Quidway] sysname CSS
[CSS] interface eth-trunk 10 //Create Eth-Trunk 10 and enter the view of Eth-Trunk 10.
[CSS-Eth-Trunk10] port link-type trunk //Set the link type of the interface to trunk.
[CSS-Eth-Trunk10] port trunk allow-pass vlan all //Configure the interface to allow all VLANs.
[CSS-Eth-Trunk10] quit
Step 3 Configure the Eth-Trunk on devices in the CSS to preferentially forward local
traffic.
[CSS] interface eth-trunk 10
[CSS-Eth-Trunk10] local-preference enable //Enable Eth-Trunk 10 to preferentially forward local traffic.
[CSS-Eth-Trunk10] quit
NOTE
By default, an Eth-Trunk is enabled to preferentially forward local traffic. If you run the
local-preference enable command, the system displays the message "Error: The local
preferential forwarding mode has been configured."
[CSS-GigabitEthernet2/1/0/3] quit
----End
Configuration Files
● CSS configuration file
#
sysname CSS
#
vlan batch 2 3
#
interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet1/1/0/3
port link-type trunk
● PE configuration file
#
sysname PE
#
interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet1/0/1
eth-trunk 10
#
interface GigabitEthernet1/0/2
eth-trunk 10
#
return
When the master detects that the uplink interface fails, the master reduces its
priority to be lower than the priority of the backup and immediately sends VRRP
packets. After the backup receives the VRRP packets, it detects that the priority in
the VRRP packets is lower than its priority and switches to the master. This ensures
correct traffic forwarding.
Configuration Notes
● In V200R003 and earlier versions, VRRP can be configured only on the VLANIF
interface.
In V200R005 and later versions, VRRP can be configured on the VLANIF
interface and Layer 3 Ethernet interface.
For a modular switch in V200R006 and later versions, VRRP can be configured
on the VLANIF interface, Layer 3 Ethernet interface, Dot1q termination sub-
interface, and QinQ termination sub-interface.
For a fixed switch in V200R009 and later versions, VRRP can be configured on
the VLANIF interface, Layer 3 Ethernet interface, and sub-interface.
● Ensure that each device of the same VRRP group is configured with the same
VRID.
● VRRP groups must use different virtual IP addresses. The virtual IP address of
a VRRP group must be on the same network segment as the IP address of the
interface where the VRRP group is configured.
● A VRRP group can be associated with a maximum of eight interfaces.
Association between a VRRP group and the interface status cannot be
configured on the device as the IP address owner.
● This example applies to the following products:
– S2320-EI
– S3300-EI, S3300-HI
– S5320-LI, S5320-SI, S5300-EI, S5300-HI, S5310-EI, S5320-EI, S5320-HI,
S5330-SI, S5330-HI, S5331-S, S5331-H, S5332-H, S5335-S, S5335-L,
S5335-L1, S5336-S
– S6300-EI, S6320-EI, S6320-SI, S6320-HI, S6330-H
– S9300X-4, S9300X-8, S9300X-12, S9303, S9303E, S9306, S9306E, S9310,
S9310X, S9312, S9312E
● For the product models whose applicable versions are not listed above, see
Table 1-1 in "Applicable Products and Versions" for details.
NOTE
For details about software mappings, visit Hardware Center and select the desired
product model.
Networking Requirements
As shown in Figure 6-9, the user hosts are dual-homed to SwitchA and SwitchB
through the switch. The requirements are as follows:
● The hosts use SwitchA as the default gateway to connect to the Internet.
When SwitchA or the downlink/uplink fails, SwitchB functions as the gateway
to implement gateway backup.
● The bandwidth of the link between SwitchA and SwitchB is increased to
implement link backup and improve link reliability.
● After SwitchA recovers, it becomes the gateway within 20s.
Figure 6-9 Networking of association between VRRP and the interface status
Configuration Roadmap
A VRRP group in active/standby mode is used to implement gateway backup. The
configuration roadmap is as follows:
1. Assign an IP address to each interface and configure a routing protocol to
ensure network connectivity.
2. Configure VLAN aggregation on SwitchA and SwitchB to implement Layer 2
isolation and Layer 3 connectivity of VLANs 101 to 180 and save IP addresses.
3. Create an Eth-Trunk on SwitchA and SwitchB and add member interfaces to
the Eth-Trunk to increase the link bandwidth and implement link backup.
4. Configure a VRRP group between SwitchA and SwitchB. Set a higher priority
for SwitchA so that SwitchA functions as the master to forward traffic, and set
the preemption delay to 20s on SwitchA. Set a lower priority for SwitchB so
that SwitchB functions as the backup.
5. Associate VRRP with GE1/0/1 and GE1/0/2 on SwitchA so that the VRRP group
can detect the fault of the master and perform an active/standby switchover
immediately.
NOTE
SwitchA and SwitchB are core switches, and the switch is an aggregation switch.
Procedure
Step 1 Configure devices to ensure network connectivity.
# Assign an IP address to each interface on core devices. SwitchA is used as an
example. The configuration of SwitchB is similar to the configuration of SwitchA,
and is not mentioned here. For details, see the configuration files.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 11 to 15 101 to 180 301 to 305 400
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 400
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 101 to 180
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface vlanif 11
[SwitchA-Vlanif11] ip address 10.1.1.2 24
[SwitchA-Vlanif11] quit
[SwitchA] interface vlanif 12
[SwitchA-Vlanif12] ip address 10.1.2.2 24
[SwitchA-Vlanif12] quit
[SwitchA] interface vlanif 13
[SwitchA-Vlanif13] ip address 10.1.3.2 24
[SwitchA-Vlanif13] quit
[SwitchA] interface vlanif 14
[SwitchA-Vlanif14] ip address 10.1.4.2 24
[SwitchA-Vlanif14] quit
[SwitchA] interface vlanif 15
[SwitchA-Vlanif15] ip address 10.1.5.2 24
[SwitchA-Vlanif15] quit
[SwitchA] interface vlanif 400
[SwitchA-Vlanif400] ip address 192.168.1.1 24
[SwitchA-Vlanif400] quit
configuration of SwitchA, and are not mentioned here. For details, see the
configuration files.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.5.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Configure a VRRP group on SwitchA, and set the priority of SwitchA to 120 and
the preemption delay to 20s.
[SwitchA] interface vlanif 11
[SwitchA-Vlanif11] vrrp vrid 1 virtual-ip 10.1.1.1
[SwitchA-Vlanif11] vrrp vrid 1 priority 120 //The default priority of the device
in a VRRP group is 100. Change the priority of the master to be higher than that of the backup.
[SwitchA-Vlanif11] vrrp vrid 1 preempt-mode timer delay 20 //The device in a VRRP
group uses the immediate preemption mode by default. Change the preemption delay of the master to
prevent traffic interruptions when the master and backup frequently preempt the bandwidth on an
unstable network.
[SwitchA-Vlanif11] vrrp vrid 1 track interface gigabitethernet 1/0/1 reduced 100 //Associate the VRRP
group with the uplink interface. Set the decreased priority to ensure that the priority of the backup is higher
than the priority of the master. Then an active/standby switchover can be triggered.
[SwitchA-Vlanif11] vrrp vrid 1 track interface gigabitethernet 1/0/2 reduced 100 //Associate the VRRP
group with the downlink interface. Set the decreased priority to ensure that the priority of the backup is
higher than the priority of the master. Then an active/standby switchover can be triggered.
[SwitchA-Vlanif11] vrrp advertise send-mode 301 //Specify VLAN 301 where
VRRP packets are transmitted to save the network bandwidth.
[SwitchA-Vlanif11] quit
[SwitchA] interface vlanif 12
[SwitchA-Vlanif12] vrrp vrid 2 virtual-ip 10.1.2.1
[SwitchA-Vlanif12] vrrp vrid 2 priority 120
[SwitchA-Vlanif12] vrrp vrid 2 preempt-mode timer delay 20
[SwitchA-Vlanif12] vrrp vrid 2 track interface gigabitethernet 1/0/1 reduced 100
[SwitchA-Vlanif12] vrrp vrid 2 track interface gigabitethernet 1/0/2 reduced 100
[SwitchA-Vlanif12] vrrp advertise send-mode 302
[SwitchA-Vlanif12] quit
[SwitchA] interface vlanif 13
[SwitchA-Vlanif13] vrrp vrid 3 virtual-ip 10.1.3.1
[SwitchA-Vlanif13] vrrp vrid 3 priority 120
[SwitchA-Vlanif13] vrrp vrid 3 preempt-mode timer delay 20
[SwitchA-Vlanif13] vrrp vrid 3 track interface gigabitethernet 1/0/1 reduced 100
[SwitchA-Vlanif13] vrrp vrid 3 track interface gigabitethernet 1/0/2 reduced 100
[SwitchA-Vlanif13] vrrp advertise send-mode 303
[SwitchA-Vlanif13] quit
[SwitchA] interface vlanif 14
[SwitchA-Vlanif14] vrrp vrid 4 virtual-ip 10.1.4.1
[SwitchA-Vlanif14] vrrp vrid 4 priority 120
[SwitchA-Vlanif14] vrrp vrid 4 preempt-mode timer delay 20
[SwitchA-Vlanif14] vrrp vrid 4 track interface gigabitethernet 1/0/1 reduced 100
[SwitchA-Vlanif14] vrrp vrid 4 track interface gigabitethernet 1/0/2 reduced 100
[SwitchA-Vlanif14] vrrp advertise send-mode 304
[SwitchA-Vlanif14] quit
[SwitchA] interface vlanif 15
[SwitchA-Vlanif15] vrrp vrid 5 virtual-ip 10.1.5.1
[SwitchA-Vlanif15] vrrp vrid 5 priority 120
[SwitchA-Vlanif15] vrrp vrid 5 preempt-mode timer delay 20
[SwitchA-Vlanif15] vrrp vrid 5 track interface gigabitethernet 1/0/1 reduced 100
[SwitchA-Vlanif15] vrrp vrid 5 track interface gigabitethernet 1/0/2 reduced 100
[SwitchA-Vlanif15] vrrp advertise send-mode 305
[SwitchA-Vlanif15] quit
# Configure a VRRP group on SwitchB. SwitchB uses the default priority of 100.
[SwitchB] interface vlanif 11
[SwitchB-Vlanif11] vrrp vrid 1 virtual-ip 10.1.1.1
[SwitchB-Vlanif11] vrrp advertise send-mode 301
[SwitchB-Vlanif11] quit
[SwitchB] interface vlanif 12
[SwitchB-Vlanif12] vrrp vrid 2 virtual-ip 10.1.2.1
[SwitchB-Vlanif12] vrrp advertise send-mode 302
[SwitchB-Vlanif12] quit
[SwitchB] interface vlanif 13
[SwitchB-Vlanif13] vrrp vrid 3 virtual-ip 10.1.3.1
[SwitchB-Vlanif13] vrrp advertise send-mode 303
[SwitchB-Vlanif13] quit
[SwitchB] interface vlanif 14
[SwitchB-Vlanif14] vrrp vrid 4 virtual-ip 10.1.4.1
[SwitchB-Vlanif14] vrrp advertise send-mode 304
[SwitchB-Vlanif14] quit
[SwitchB] interface vlanif 15
[SwitchB-Vlanif15] vrrp vrid 5 virtual-ip 10.1.5.1
[SwitchB-Vlanif15] vrrp advertise send-mode 305
[SwitchB-Vlanif15] quit
# Run the display vrrp command on SwitchB. You can see that SwitchB is the
backup. VRRP group 1 is used as an example.
[SwitchB] display vrrp 1
Vlanif11 | Virtual Router 1
State : Backup
Virtual IP : 10.1.1.1
Master IP : 10.1.1.2
Send VRRP packet to subvlan : 301
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
# After 20s, run the display vrrp command on SwitchA and SwitchB. You can see
that SwitchA is restored as the master and SwitchB is restored as the backup, and
the associated interface is in Up state.
[SwitchA] display vrrp 1
Vlanif11 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.1
Master IP : 10.1.1.2
Send VRRP packet to subvlan : 301
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1 Priority reduced : 100
IF state : UP
Track IF : GigabitEthernet1/0/2 Priority reduced : 100
IF state : UP
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 14:17:36
[SwitchB] display vrrp 1
Vlanif11 | Virtual Router 1
State : Backup
Virtual IP : 10.1.1.1
Master IP : 10.1.1.2
Send VRRP packet to subvlan : 301
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 14:17:36
----End
Configuration Files
● Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 11 to 15 101 to 180 301 to 305 400
#
vlan 11
aggregate-vlan
access-vlan 101 to 116 301
vlan 12
aggregate-vlan
access-vlan 117 to 132 302
vlan 13
aggregate-vlan
access-vlan 133 to 148 303
vlan 14
aggregate-vlan
access-vlan 149 to 164 304
vlan 15
aggregate-vlan
access-vlan 165 to 180 305
#
interface Vlanif11
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
vrrp vrid 1 track interface gigabitethernet1/0/1 reduced 100
vrrp vrid 1 track interface gigabitethernet1/0/2 reduced 100
vrrp advertise send-mode 301
#
interface Vlanif12
ip address 10.1.2.2 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.2.1
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 20
vrrp vrid 2 track interface gigabitethernet1/0/1 reduced 100
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
network 10.1.5.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
● Configuration file of SwitchC
#
sysname SwitchC
#
vlan batch 200 300 400
#
interface Vlanif200
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif300
ip address 172.16.1.1 255.255.255.0
#
interface Vlanif400
ip address 192.168.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 400
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 200
#
interface GigabitEthernet1/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 300
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
● Configuration file of the switch
#
sysname Switch
#
vlan batch 11 to 15 101 to 180
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 11 to 15 101 to 180
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 11 to 15 101 to 180
#
return
Overview
VLANs can be assigned based on interfaces, MAC addresses, IP subnets, protocols,
and policies (MAC addresses, IP addresses, and interfaces). Table 6-4 compares
different VLAN assignment modes.
respon
se
time.
Configuration Notes
This example applies to all versions of all switches.
Networking Requirements
In Figure 6-10, the switch of an enterprise connects to many users, and users
accessing the same service connect to the enterprise network through different
devices. To ensure communication security and prevent broadcast storms, the
enterprise requires that users using the same service communicate with each
other and users accessing different services be isolated. You can configure
interface-based VLAN assignment on the switch so that the switch adds interfaces
connected to users using the same service to the same VLAN. Users in different
VLANs cannot communicate with each other at Layer 2, and users in the same
VLAN can communicate with each other.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and add interfaces that connect users to VLANs to isolate Layer
2 traffic of different services.
2. Configure link types of interfaces between SwitchA and SwitchB and VLANs
allowed by interfaces so that users accessing the same service can
communicate with each other through SwitchA and SwitchB.
Procedure
Step 1 Create VLAN 2 and VLAN 3 on SwitchA and add interfaces that are connected to
users to VLANs. The configuration of SwitchB is similar to the configuration of
SwitchA, and is not mentioned here.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 2 3 //Create VLAN 2 and VLAN 3 in a batch.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type access //The interface connected to the access device must
be the access interface. The default link type of an interface is not access, so you need to manually
configure the access interface.
[SwitchA-GigabitEthernet1/0/1] port default vlan 2 //Add GE1/0/1 to VLAN 2.
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type access
[SwitchA-GigabitEthernet1/0/2] port default vlan 3 //Add GE1/0/2 to VLAN 3.
[SwitchA-GigabitEthernet1/0/2] quit
Step 2 Configure the link type of the interface on SwitchA that is connected to SwitchB
and VLAN allowed by the interface. The configuration of SwitchB is similar to the
configuration of SwitchA, and is not mentioned here.
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk //The link type of interfaces connecting switches
must be trunk. The default link type of an interface is not trunk, so you need to manually configure the
trunk interface.
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 2 3 //Add GE1/0/3 to VLAN 2 and VLAN 3.
User1 and User2 are on the same network segment, for example,
192.168.100.0/24; User3 and User4 are on the same network segment, for
example, 192.168.200.0/24.
User1 and User2 can ping each other, but cannot ping User3 or User4. User3 and
User4 can ping each other, but cannot ping User1 or User2.
----End
Configuration Files
SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2
port link-type access
port default vlan 3
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
Overview
VLANs can be assigned based on interfaces, MAC addresses, IP subnets, protocols,
and policies (MAC addresses, IP addresses, and interfaces). Interface-based VLAN
assignment is the simplest and commonly used.
In typical hierarchical networking, when the access switch is a Layer 3 switch, the
access switch can be used as the gateway of PCs to simplify the configuration of
the aggregation switch.
Configuration Notes
This example applies to all versions of all switches.
Networking Requirements
In Figure 6-11, PC1 and PC2 belong to VLAN 2 and VLAN 3, respectively. PC1 and
PC2 connect to the aggregation switch SW1 through the access switch SW2. PC3
belongs to VLAN 4 and connects to SW1 through SW3. SW2 functions as the
gateway of PC1 and PC2, and SW3 is used as the gateway of PC3. Static routes are
configured on switches so that PCs can communicate with each other and can be
connected to the router.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure SW2.
# Create VLANs.
<Quidway> system-view
[Quidway] sysname SW2 //Change the device name to SW2 for easy identification.
[SW2] vlan batch 2 to 3 //Create VLAN 2 and VLAN 3 in a batch.
# Create VLANs.
<Quidway> system-view
[Quidway] sysname SW3 //Change the device name to SW3.
[SW3] vlan batch 4 //Create VLAN 4.
# Configure a default route so that PCs can communicate with the router.
[SW1] ip route-static 0.0.0.0 0.0.0.0 192.168.5.4 //The IP address is the IP address of the interface
connected to SW1.
----End
Configuration Files
SW1 configuration file
#
sysname SW1
#
vlan batch 5
#
interface Vlanif5
ip address 192.168.5.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/2
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/3
port link-type access
port default vlan 5
#
ip route-static 0.0.0.0 0.0.0.0 192.168.5.4
ip route-static 192.168.2.0 255.255.255.0 192.168.5.2
ip route-static 192.168.3.0 255.255.255.0 192.168.5.2
ip route-static 192.168.4.0 255.255.255.0 192.168.5.3
#
return
#
return
In typical hierarchical networking, when the access switch is a Layer 2 switch, the
aggregation switch can be used as the gateway of PCs. The configuration of the
access switch is simplified, and PCs access the external network through one
outbound interface, thereby facilitating maintenance and management.
Configuration Notes
This example applies to all versions of all switches.
Networking Requirements
In Figure 6-12, PC1 and PC2 belong to VLAN 2 and VLAN 3, respectively. PC1 and
PC2 connect to the aggregation switch SW1 through the access switch SW2. PC3
belongs to VLAN 4 and connects to SW1 through SW3. No configuration is
performed on SW3, and SW3 functions as the hub and is plug-and-play. SW1
functions as the gateway of PC1, PC2, and PC3 so that PCs can communicate with
each other and can be connected to the router.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure SW2.
# Create VLANs.
<Quidway> system-view
[Quidway] sysname SW2 //Change the device name to SW2 for easy identification.
[SW2] vlan batch 2 3 //Create VLAN 2 and VLAN 3 in a batch.
[SW2-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 3 //Add the interface to VLAN 2 and VLAN 3.
[SW2-GigabitEthernet1/0/1] quit
----End
Configuration Files
SW1 configuration file
#
sysname SW1
#
vlan batch 2 to 5
#
interface Vlanif2
ip address 192.168.2.1 255.255.255.0
#
interface Vlanif3
ip address 192.168.3.1 255.255.255.0
#
interface Vlanif4
ip address 192.168.4.1 255.255.255.0
#
interface Vlanif5
ip address 192.168.5.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet1/0/3
port link-type access
port default vlan 4
#
return
respon
se
time.
Configuration Notes
This example applies to all versions of all switches.
Networking Requirements
In Figure 6-13, GE1/0/1 interfaces on SwitchA and SwitchB connect to two
conference rooms, respectively. Laptop1 and Laptop2 are portal computers used in
the two conferences rooms. Laptop1 and Laptop2 belong to two departments,
which belong to VLAN 100 and VLAN 200, respectively. Regardless of which
conference room in which Laptop1 and Laptop2 are used, Laptop1 and Laptop2
are required to access the servers of their respective departments (Server1 and
Server2, respectively). The MAC addresses of Laptop1 and Laptop2 are 00e0-
fcef-00c0 and 00e0-fcef-00c1.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs on SwitchA and SwitchB and add interfaces to VLANs to
implement Layer 2 connectivity.
2. Configure MAC address-based VLAN assignment on SwitchA and SwitchB.
3. Configure transparent transmission of VLAN tagged-packets on the switch so
that Laptop1 and Laptop2 can access Server1 and Server2 of their respective
departments.
Procedure
Step 1 Configure SwitchA. The configuration of SwitchB is similar to the configuration of
SwitchA, and is not mentioned here.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 100 200 //Create VLAN 100 and VLAN 200.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk //The link type of interfaces connecting switches
must be trunk. The default link type of an interface is not trunk, so you need to manually configure the
trunk interface.
[SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200 //Add GE1/0/2 to VLAN 100 and
VLAN 200.
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] vlan 100
[SwitchA-vlan100] mac-vlan mac-address 00e0-fcef-00c0 //Packets with the MAC address of 00e0-
fcef-00c0 are transmitted in VLAN 100.
[SwitchA-vlan100] quit
[SwitchA] vlan 200
[SwitchA-vlan200] mac-vlan mac-address 00e0-fcef-00c1 //Packets with the MAC address of 00e0-
fcef-00c1 are transmitted in VLAN 200.
[SwitchA-vlan200] quit
Step 2 Configure the switch. The configurations of GE1/0/2, GE1/0/3, and GE1/0/4 are
similar to the configuration of GE1/0/1, and are not mentioned here.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan batch 100 200
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 200 //Add GE1/0/1 to VLAN 100 and VLAN
200.
[Switch-GigabitEthernet1/0/1] quit
----End
Configuration Files
SwitchA configuration file
#
sysname SwitchA
#
vlan batch 100 200
#
interface GigabitEthernet1/0/1
port hybrid untagged vlan 100 200
mac-vlan enable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 100 200
#
vlan 100
mac-vlan mac-address 00e0-fcef-00c0 priority 0
vlan 200
mac-vlan mac-address 00e0-fcef-00c1 priority 0
#
return
mac-vlan enable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 100 200
#
vlan 100
mac-vlan mac-address 00e0-fcef-00c0 priority 0
vlan 200
mac-vlan mac-address 00e0-fcef-00c1 priority 0
#
return
respon
se
time.
Configuration Notes
This example applies to all versions of all switches.
Networking Requirements
In Figure 6-14, an enterprise has multiple services, including IPTV, VoIP, and
Internet access. Each service uses a different IP subnet. To facilitate management,
the company requires that packets of the same service be transmitted in the same
VLAN and packets of different services in different VLANs. The switch receives
packets of multiple services such as data, IPTV, and voice services, and user devices
of these services use IP addresses on different IP subnets. The switch needs to
assign VLANs to packets of different services so that the router can transmit
packets with different VLAN IDs to different servers.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs and add interfaces to VLANs so that the interfaces allow the IP
subnet-based VLANs.
2. Enable IP subnet-based VLAN assignment and associate IP subnets with
VLANs so that the switch determines VLANs based on source IP addresses or
network segments of packets.
Procedure
Step 1 Create VLANs.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan batch 100 200 300 //Create VLAN100, VLAN 200, and VLAN 300 in a batch.
# Run the display ip-subnet-vlan vlan all command on the switch. The following
information is displayed:
[Switch] display ip-subnet-vlan vlan all
----------------------------------------------------------------
Vlan Index IpAddress SubnetMask Priority
----------------------------------------------------------------
100 1 192.168.1.2 255.255.255.0 2
200 1 192.168.2.2 255.255.255.0 3
300 1 192.168.3.2 255.255.255.0 4
----------------------------------------------------------------
ip-subnet-vlan count: 3 total count: 3
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 100 200 300
#
vlan 100
ip-subnet-vlan 1 ip 192.168.1.2 255.255.255.0 priority 2
vlan 200
ip-subnet-vlan 1 ip 192.168.2.2 255.255.255.0 priority 3
vlan 300
ip-subnet-vlan 1 ip 192.168.3.2 255.255.255.0 priority 4
#
interface GigabitEthernet1/0/1
port hybrid untagged vlan 100 200 300
ip-subnet-vlan enable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 100 200 300
#
return
Overview
After VLANs are assigned, broadcast packets are only forwarded within the same
VLAN. That is, hosts in different VLANs cannot communicate at Layer 2 because
VLAN technology isolates broadcast domains. In real-world applications, hosts in
different VLANs often need to communicate, so inter-VLAN communication needs
to be implemented to resolve this. Layer 3 routing or VLAN technology is required
to implement inter-VLAN communication.
● VLANIF interface
A VLANIF interface is a Layer 3 logical interface. You can configure an IP
address for a VLANIF interface to implement inter-VLAN Layer 3
communication.
● Dot1q termination sub-interface
Similar to a VLANIF interface, a sub-interface is also a Layer 3 logical
interface. You can configure dot1q termination and an IP address for a sub-
interface to implement inter-VLAN Layer 3 communication.
VLANIF interfaces are the most commonly used for inter-VLAN communication
due to their simple configurations. However, a VLANIF interface needs to be
configured for each VLAN and each VLANIF interface requires an IP address, which
wastes IP addresses.
The VLANIF interface and Dot1q termination sub-interface can only allow hosts
on different network segments in different VLANs to communicate, whereas
super-VLAN (VLAN aggregation) and the VLAN Switch function allow hosts on the
same network segment in different VLANs to communicate.
Configuration Notes
● The default gateway address of hosts in a VLAN must be the IP address of the
VLANIF interface that corresponds to the VLAN.
● This example applies to all versions of all switches.
Networking Requirements
Different user hosts of an enterprise transmit the same service, and are located on
different network segments. User hosts transmitting the same service belong to
different VLANs and need to communicate.
In Figure 6-15, User1 and User2 access the same service but belong to different
VLANs and are located on different network segments. User1 and User2 need to
communicate.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure the switch.
# Create VLANs, and configure interfaces on the switch connected to user hosts as
access interfaces and add them to VLANs.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan batch 10 20
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type access //Configure the link type of the interface as access.
[Switch-GigabitEthernet1/0/1] port default vlan 10 //Add the interface to VLAN 10.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port link-type access
[Switch-GigabitEthernet1/0/2] port default vlan 20
[Switch-GigabitEthernet1/0/2] quit
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.10.10.2 255.255.255.0
#
interface Vlanif20
ip address 10.10.20.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type access
Overview
After VLANs are assigned, broadcast packets are only forwarded within the same
VLAN. That is, hosts in different VLANs cannot communicate at Layer 2 because
VLAN technology isolates broadcast domains. In real-world applications, hosts in
different VLANs often need to communicate, so inter-VLAN communication needs
to be implemented to resolve this. Layer 3 routing or VLAN technology is required
to implement inter-VLAN communication.
The VLANIF interface and Dot1q termination sub-interface can only allow hosts
on different network segments in different VLANs to communicate, whereas
super-VLAN (VLAN aggregation) and the VLAN Switch function allow hosts on the
same network segment in different VLANs to communicate.
Configuration Notes
● Only E series cards, X series cards, F series cards, and SC cards among S series
support the termination sub-interface. For details, see the card classification
in Hardware Description.
X1E cards among X series support the termination sub-interface in
V200R007C00 and later versions.
● For Layer 2 interfaces, only hybrid and trunk interfaces support termination
sub-interfaces.
● The VLAN IDs terminated by a sub-interface cannot be created in the system
view or be displayed.
● When IP packets need to be sent out from the termination sub-interface and
there is no corresponding ARP entry on the device. If ARP broadcast is not
enabled on the termination sub-interface through the command arp
broadcast enable, the system does not send or forward broadcast ARP
packets to learn ARP entries. In this case, the IP packets are discarded directly.
● This example applies to all versions of the modular switches.
Networking Requirements
In Figure 6-16, Host A and Host B belong to the R&D department, and Host C and
Host D belong to the quality department. The two departments are connected
through a Layer 2 switch, and require Layer 2 isolation and Layer 3 connectivity.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure Layer 2 switch SwitchA.
# Create VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA //Change the device name to SwitchA for easy identification.
[SwitchA] vlan batch 2 to 3 //Create VLAN 2 and VLAN 3 in a batch.
Configure the IP address 1.1.1.2/24 for Host A and the default gateway address as
the IP address 1.1.1.1.1/24 of GE1/0/1.1.
Configure the IP address 1.1.1.3/24 for Host B and the default gateway address as
the IP address 1.1.1.1.1/24 of GE1/0/1.1.
Configure the IP address 2.2.2.2/24 for Host C and the default gateway address as
the IP address 2.2.2.1/24 of GE1/0/1.2.
Configure the IP address 2.2.2.3/24 for Host D and the default gateway address as
the IP address 2.2.2.1/24 of GE1/0/1.2.
After the configuration is complete, Host A, Host B, Host C, and Host D can ping
each other and communicate at Layer 3.
----End
Configuration Files
SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet1/0/4
port link-type access
port default vlan 3
#
interface GigabitEthernet1/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
Static routes can be easily configured and have low requirements on the system.
They are applicable to simple, stable, and small-scale networks. However, static
routes cannot automatically adapt to changes in the network topology, and
manual intervention is required.
With routing algorithms, dynamic routing protocols can automatically adapt to
changes in the network topology. They are applicable to the network where some
Layer 3 devices are deployed. The configurations of dynamic routes are complex.
Dynamic routes have higher requirements on the system than static ones and
consume more network and system resources.
Configuration Notes
This example applies to all versions of all switches.
Networking Requirements
In Figure 6-17, to ensure security and facilitate management, an enterprise
assigns a VLAN for a server. The user device belongs to VLAN 10, and the server
belongs to VLAN 20. Access, aggregation, and core switches are deployed between
the user and server. Access switches are layer 2 switches, and aggregation and
core switches are Layer 3 switches. The user and server need to communicate with
each other due to service requirements.
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure the access switch ACC1.
# Create VLANs.
<Quidway> system-view
[Quidway] sysname ACC1 //Change the device name to ACC1 for easy identification.
[ACC1] vlan batch 10 //Create VLAN 10 in a batch.
# Create VLANs.
<Quidway> system-view
[Quidway] sysname CORE //Change the device name to CORE.
[CORE] vlan batch 20 30 //Create VLAN 20 and VLAN 30 in a batch.
# Configure a static route so that the server and PC can access each other.
[CORE] ip route-static 10.1.1.0 255.255.255.0 10.10.30.1 //Configure a static route. The packets with the
destination IP address of 10.1.1.0/24 are forwarded to the IP address 10.10.30.1 of VLANIF 30 on the
aggregation switch.
----End
Configuration Files
ACC1 configuration file
#
sysname ACC1
#
vlan batch 10
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return
configure than super-VLAN, but its access control is more flexible. When the
switch queries temporarily offline users in the super-VLAN, the gateway needs to
broadcast packets in each sub-VLAN, consuming many CPU resources.
Configuration Notes
● VLAN 1 cannot be configured as a super-VLAN.
● No physical interface can be added to a VLAN configured as a super-VLAN.
● This example applies to the following products:
– S2352P-EI
– S3300-SI, S3300-EI, S3300-HI
– S5300-EI, S5300-SI, S5300-HI, S5310-EI, S5320-EI, S5320-SI, S5320-HI,
S5330-SI, S5330-HI, S5331-S, S5331-H, S5332-H, S5335-S
– S6300-EI, S6320-EI, S6320-SI, S6320-HI, S6330-H
– S9303, S9306, S9312, S9310
– S9310X, S9300X-4, S9300X-8, S9300X-12
– S9303E, S9306E, S9312E
● For the product models whose applicable versions are not listed above, see
Table 1-1 in "Applicable Products and Versions" for details.
NOTE
For details about software mappings, visit Hardware Center and select the desired
product model.
Networking Requirements
In Figure 6-18, a company has many departments on the same network segment.
To improve service security, the company assigns different departments to
different VLANs. VLAN 2 and VLAN 3 belong to different departments. Each
department wants to access the Internet, and PCs in different departments need
to communicate.
Configuration Roadmap
Configure VLAN aggregation on SwitchB to add VLANs of different departments
to a super-VLAN so that PCs in different departments can access the Internet
using the super-VLAN. Deploy proxy ARP in the super-VLAN so that PCs in
different departments can communicate. The configuration roadmap is as follows:
1. Configure VLANs and interfaces on SwitchA and SwitchB, add PCs of different
departments to different VLANs, and configure interfaces on SwitchA and
SwitchB to transparently transmit packets from VLANs.
2. Configure a super-VLAN, a VLANIF interface, and a static route on SwitchB so
that PCs in different departments can access the Internet.
3. Configure proxy ARP in the super-VLAN on SwitchB so that PCs in different
departments can communicate at Layer 3.
Procedure
Step 1 Configure SwitchA.
# Add GE1/0/1, GE1/0/2, GE1/0/3, and GE1/0/4 to VLANs.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 2 to 3
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type access //Configure the link type of the interface as access.
[SwitchA-GigabitEthernet1/0/1] port default vlan 2 //Add the interface to VLAN 2.
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type access
[SwitchA-GigabitEthernet1/0/2] port default vlan 2
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/3
# Create VLAN 2, VLAN 3, VLAN 4, and VLAN 10 and configure the interface of
SwitchB connected to SwitchA to transparently transmit packets from VLAN 2 and
VLAN 3 to SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 2 3 4 10
[SwitchB] interface gigabitethernet 1/0/5
[SwitchB-GigabitEthernet1/0/5] port link-type trunk
[SwitchB-GigabitEthernet1/0/5] port trunk allow-pass vlan 2 3
[SwitchB-GigabitEthernet1/0/5] quit
# Create and configure VLANIF 4 so that PCs in different departments can access
the Internet using super-VLAN 4.
[SwitchB] interface vlanif 4
[SwitchB-Vlanif4] ip address 10.1.1.1 24
[SwitchB-Vlanif4] quit
# Create and configure VLANIF 10 and specify the IP address of VLANIF 10 as the
IP address for connecting SwitchB and the router. (Assume that the IP address
used by the router to communicate with SwitchB is 10.10.1.2, and VLAN 10 is
allowed to pass through the port through which the router communicates with
SwitchB in tag mode.)
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 10.10.1.1 24
[SwitchB-Vlanif10] quit
# Configure a static route to the router on SwitchB so that users can access the
Internet.
[SwitchB] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
NOTE
Configure the router interface connected to SwitchB and assign the IP address of 10.10.1.2
to the router interface. See the router configuration manual.
----End
Configuration Files
SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet1/0/4
port link-type access
port default vlan 3
#
interface GigabitEthernet1/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.1.1.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface Vlanif10
ip address 10.10.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
#
return
Configuration Notes
● The VLAN ID assigned to a principal VLAN cannot be used to configure the
super-VLAN or sub-VLAN. Additionally, it is not recommended that this VLAN
ID be used to configure VLAN mapping and VLAN stacking.
● The VLAN ID assigned to a group or separate VLAN cannot be used to
configure a VLANIF interface, super-VLAN, or sub-VLAN. Additionally, it is not
recommended that this VLAN ID be used to configure VLAN mapping and
VLAN stacking.
● Disabling MAC address learning or limiting the number of learned MAC
addresses on an interface affects the MUX VLAN function on the interface.
● MUX VLAN and port security cannot be configured on the same interface
simultaneously.
● MUX VLAN and MAC address authentication cannot be configured on the
same interface simultaneously.
● MUX VLAN and 802.1x authentication cannot be configured on the same
interface simultaneously.
Networking Requirements
All employees of an enterprise can access servers on the enterprise network. The
enterprise allows some employees to communicate but isolates other employees.
In Figure 6-19, Switch1 is deployed at the aggregation layer and used as the
gateway for downstream hosts. Switch2, Switch3, Switch4, Switch5, and Switch6
are access switches. Their GE1/0/1 interfaces connect to downstream hosts, and
their GE1/0/2 interfaces connect to Switch1. You can configure MUX VLAN on
Switch1. This reduces the number of VLAN IDs on the enterprise network and
facilitates network management.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the principal VLAN and a VLANIF interface. The IP address of the
VLANIF interface is used as the gateway IP address for downstream hosts and
servers.
2. Configure the group VLAN.
3. Configure the separate VLAN.
4. Add interfaces to VLANs and enable the MUX VLAN function on the
interfaces.
5. Add interfaces of access switches to VLANs.
Procedure
Step 1 Enable the MUX VLAN function on Switch1.
# On Switch1, create VLAN 2, VLAN 3, and VLAN 4, and a VLANIF interface for
VLAN 2. The IP address of the VLANIF interface is used as the gateway IP address
for downstream hosts and servers.
<Quidway> system-view
[Quidway] sysname Switch1
[Switch1] vlan batch 2 3 4
[Switch1] interface vlanif 2
[Switch1-Vlanif2] ip address 192.168.100.100 24
[Switch1-Vlanif2] quit
# Configure the group VLAN and separate VLAN of the MUX VLAN on Switch1.
[Switch1] vlan 2
[Switch1-vlan2] mux-vlan
[Switch1-vlan2] subordinate group 3 //Configure VLAN 3 as the group VLAN.
[Switch1-vlan2] subordinate separate 4 //Configure VLAN 4 as the separate VLAN.
[Switch1-vlan2] quit
# Add interfaces to the VLANs on Switch1 and enable the MUX VLAN function on
interfaces.
[Switch1] interface gigabitethernet 1/0/2
[Switch1-GigabitEthernet1/0/2] port link-type trunk
[Switch1-GigabitEthernet1/0/2] port trunk allow-pass vlan 2
[Switch1-GigabitEthernet1/0/2] port mux-vlan enable vlan 2 //In V200R003C00 and earlier versions, you
do not need to specify the VLAN. An interface can only join the MUX VLAN or Separate VLAN, or a group
VLAN.
[Switch1-GigabitEthernet1/0/2] quit
[Switch1] interface gigabitethernet 1/0/3
[Switch1-GigabitEthernet1/0/3] port link-type trunk
[Switch1-GigabitEthernet1/0/3] port trunk allow-pass vlan 3
[Switch1-GigabitEthernet1/0/3] port mux-vlan enable vlan 3
[Switch1-GigabitEthernet1/0/3] quit
[Switch1] interface gigabitethernet 1/0/4
[Switch1-GigabitEthernet1/0/4] port link-type trunk
[Switch1-GigabitEthernet1/0/4] port trunk allow-pass vlan 3
[Switch1-GigabitEthernet1/0/4] port mux-vlan enable vlan 3
[Switch1-GigabitEthernet1/0/4] quit
[Switch1] interface gigabitethernet 1/0/5
[Switch1-GigabitEthernet1/0/5] port link-type trunk
[Switch1-GigabitEthernet1/0/5] port trunk allow-pass vlan 4
[Switch1-GigabitEthernet1/0/5] port mux-vlan enable vlan 4
[Switch1-GigabitEthernet1/0/5] quit
[Switch1] interface gigabitethernet 1/0/6
[Switch1-GigabitEthernet1/0/6] port link-type trunk
[Switch1-GigabitEthernet1/0/6] port trunk allow-pass vlan 4
[Switch1-GigabitEthernet1/0/6] port mux-vlan enable vlan 4
[Switch1-GigabitEthernet1/0/6] quit
Step 2 Configure interfaces of access switches and add them to VLANs. The
configurations of Switch3, Switch4, Switch5, and Switch6 are similar to the
configuration of Switch2, and are not mentioned here.
<Quidway> system-view
[Quidway] sysname Switch2
[Switch2] vlan batch 2
[Switch2] interface gigabitethernet 1/0/1
[Switch2-GigabitEthernet1/0/1] port link-type access //Configure the link type of the interface as access.
[Switch2-GigabitEthernet1/0/1] port default vlan 2
[Switch2-GigabitEthernet1/0/1] quit
[Switch2] interface gigabitethernet 1/0/2
[Switch2-GigabitEthernet1/0/2] port link-type trunk
[Switch2-GigabitEthernet1/0/2] port trunk allow-pass vlan 2 //Configure the link type of the interface as
trunk.
[Switch2-GigabitEthernet1/0/2] quit
Configuration Files
Switch1 configuration file
#
sysname Switch1
#
vlan batch 2 to 4
#
vlan 2
mux-vlan
subordinate separate 4
subordinate group 3
#
interface Vlanif2
ip address 192.168.100.100 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 2
port mux-vlan enable vlan 2
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 3
port mux-vlan enable vlan 3
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk allow-pass vlan 3
port mux-vlan enable vlan 3
#
interface GigabitEthernet1/0/5
port link-type trunk
port trunk allow-pass vlan 4
port mux-vlan enable vlan 4
#
interface GigabitEthernet1/0/6
port link-type trunk
port trunk allow-pass vlan 4
port mux-vlan enable vlan 4
#
return
#
vlan batch 2
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 2
#
return
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 4
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 4
#
return
Configuration Notes
This example applies to all versions of all S series switches.
Networking Requirements
As shown in Figure 6-20, a network has two enterprises: enterprise 1 and
enterprise 2. Both enterprises have two branches. Enterprise 1 and enterprise 2
networks connect to SwitchA and SwitchB, respectively, of the ISP network. In
addition, there are non-Huawei devices on the public network and the TPID in the
outer VLAN tag is 0x9100.
The requirements are as follows:
● VLANs need to be independently assigned to enterprise 1 and enterprise 2.
● Traffic between the two branches of each enterprise is transparently
transmitted through the public network. Users accessing the same service in
different branches of each enterprise are allowed to communicate, and users
accessing different services must be isolated.
QinQ can be used to meet the preceding requirements. Configure VLAN 100 and
VLAN 200 to implement connectivity of enterprise 1 and enterprise 2 respectively
and to isolate enterprise 1 and enterprise 2; configure the TPID in the outer VLAN
tag on switch interfaces connected to non-Huawei devices so that Huawei
switches can communicate with the non-Huawei devices.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLAN 100 and VLAN 200 on SwitchA and SwitchB, configure
connected interfaces as QinQ interfaces, and add the interfaces to VLANs so
that different VLAN tags are added to packets of different services.
2. Add interfaces of SwitchA and SwitchB that are connected to the public
network to VLANs so that packets from VLAN 100 and VLAN 200 are allowed
to pass through.
3. Configure the TPID in the outer VLAN tag on interfaces of SwitchA and
SwitchB that are connected to the public network so that SwitchA and
SwitchB can communicate with non-Huawei devices.
Procedure
Step 1 Create VLANs.
# Create VLAN 100 and VLAN 200 on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 100 200
200. VLAN 100 and VLAN 200 are added to outer tags. The configuration of
SwitchB is similar to the configuration of SwitchA, and is not mentioned here.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type dot1q-tunnel //Configure the link type of the interface as
QinQ.
[SwitchA-GigabitEthernet1/0/1] port default vlan 100
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type dot1q-tunnel //Configure the link type of the interface as
QinQ.
[SwitchA-GigabitEthernet1/0/2] port default vlan 200
[SwitchA-GigabitEthernet1/0/2] quit
----End
Configuration Files
● Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 100 200
#
interface GigabitEthernet1/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface GigabitEthernet1/0/2
Configuration Notes
When configuring selective QinQ on the switch, pay attention to the following
points:
● Before configuring selective QinQ on a fixed switch, you must run the qinq
vlan-translation enable command to enable VLAN translation.
● You are advised to configure selective QinQ on a hybrid interface. Selective
QinQ can take effect on the interface only in the inbound direction.
● The outer VLAN must be created before Selective QinQ is performed.
● When an interface configured with VLAN stacking needs to remove the outer
tag from outgoing frames, the interface must join the VLAN specified by
stack-vlan in untagged mode. If the outer VLAN does not need to be
removed, the interface must join the VLAN specified by stack-vlan in tagged
mode.
● The device configured with selective QinQ can add only one outer VLAN tag
to a frame with an inner VLAN tag on an interface.
● If only single-tagged packets from a VLAN need to be transparently
transmitted, do not specify the VLAN as the inner VLAN of selective QinQ.
● VLAN mapping (for example, port vlan-mapping vlan 20 map-vlan 20)
must be configured to map the VLAN to itself from which single-tagged
packets need to be transparently transmitted after selective QinQ is
configured on the following cards and devices:
– LE0MG24CA and LE0MG24SA cards
– S5300-EI, S3300-EI, and S3300-SI
● This example applies to all versions of all S series switches.
Networking Requirements
As shown in Figure 6-21, Internet access users (using PCs) and VoIP users (using
VoIP phones) connect to the ISP network through SwitchA and SwitchB and
communicate with each other through the ISP network.
In the enterprise, VLAN 100 is allocated to PCs and VLAN 300 is allocated to VoIP
phones.
It is required that packets of PCs and VoIP phones are tagged VLAN 2 and VLAN 3
respectively when the packets are transmitted through the ISP network.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs on SwitchA and SwitchB.
2. Configure link types of interfaces and add interfaces to VLANs on SwitchA
and SwitchB.
Procedure
Step 1 Create VLANs.
# On SwitchA, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN
tag to be added.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 2 3
# On SwitchB, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN tag
to be added.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 2 3
When a fixed switch is used, you must run the qinq vlan-translation enable command in the
interface view to enable VLAN translation.
If the configurations on SwitchA and SwitchB are correct, you can obtain the
following information:
● PCs can communicate with each other through the ISP network.
● VoIP phones can communicate with each other through the ISP network.
----End
Configuration Files
● Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 3
#
interface GigabitEthernet1/0/1
port hybrid untagged vlan 2 to 3
port vlan-stacking vlan 100 stack-vlan 2
port vlan-stacking vlan 300 stack-vlan 3
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
QinQ Overview
802.1Q-in-802.1Q (QinQ) expands VLAN space by adding an additional 802.1Q
tag to 802.1Q tagged packets. It allows services in a private VLAN to be
transparently transmitted over a public network.
Flow-based selective QinQ adds outer VLAN tags based on traffic policies. It can
provide differentiated services based on service types.
Configuration Notes
When configuring selective QinQ on the switch, pay attention to the following
points:
Networking Requirements
As shown in Figure 6-22, Internet access users (using PCs) and VoIP users (using
VoIP phones) connect to the ISP network through SwitchA and SwitchB and
communicate with each other through the ISP network.
It is required that packets of PCs and VoIP phones are tagged VLAN 2 and VLAN 3
respectively when the packets are transmitted through the ISP network. Flow-
based selective QinQ can be configured to meet the requirement.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs on SwitchA and SwitchB.
2. Configure traffic classifiers, traffic behaviors, and traffic policies on SwitchA
and SwitchB.
3. Configure link types of interfaces on SwitchA and SwitchB and add the
interfaces to VLANs.
4. Apply the traffic policies to interfaces on SwitchA and SwitchB to implement
selective QinQ.
Procedure
Step 1 Create VLANs.
# On SwitchA, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN
tag to be added.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 2 3
# On SwitchB, create VLAN 2 and VLAN 3, that is, VLAN IDs of the outer VLAN tag
to be added.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 2 3
Step 2 Configure traffic classifiers, traffic behaviors, and traffic policies on SwitchA and
SwitchB.
# Configure the traffic classifiers, traffic behaviors, and traffic policy on SwitchA.
[SwitchA] traffic classifier name1 //Configure a traffic classifier named name1.
[SwitchA-classifier-name1] if-match vlan-id 100 to 200 //Configure a matching rule to match packets
from VLANs 100 to 200.
[SwitchA-classifier-name1] quit
[SwitchA] traffic behavior name1 //Configure a traffic behavior named name1.
[SwitchA-behavior-name1] nest top-most vlan-id 2 //Configure an action of adding VLAN 2 in an outer
VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.
[SwitchA-behavior-name1] quit
[SwitchA] traffic classifier name2 //Configure a traffic classifier named name2.
[SwitchA-classifier-name2] if-match vlan-id 300 to 400 //Configure a matching rule to match packets
from VLANs 300 to 400.
[SwitchA-classifier-name2] quit
[SwitchA] traffic behavior name2 //Configure a traffic behavior named name2.
[SwitchA-behavior-name2] nest top-most vlan-id 3 //Configure an action of adding VLAN 3 in an outer
VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.
[SwitchA-behavior-name2] quit
[SwitchA] traffic policy name1 //Configure a traffic policy named name1.
[SwitchA-trafficpolicy-name1] classifier name1 behavior name1
[SwitchA-trafficpolicy-name1] classifier name2 behavior name2
[SwitchA-trafficpolicy-name1] quit
# Configure the traffic classifiers, traffic behaviors, and traffic policy on SwitchB.
[SwitchB] traffic classifier name1 //Configure a traffic classifier named name1.
[SwitchB-classifier-name1] if-match vlan-id 100 to 200 //Configure a matching rule to match packets
from VLANs 100 to 200.
[SwitchB-classifier-name1] quit
[SwitchB] traffic behavior name1 //Configure a traffic behavior named name1.
[SwitchB-behavior-name1] nest top-most vlan-id 2 //Configure an action of adding VLAN 2 in an outer
VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.
[SwitchB-behavior-name1] quit
[SwitchB] traffic classifier name2 //Configure a traffic classifier named name2.
[SwitchB-classifier-name2] if-match vlan-id 300 to 400 //Configure a matching rule to match packets
from VLANs 300 to 400.
[SwitchB-classifier-name2] quit
[SwitchB] traffic behavior name2 //Configure a traffic behavior named name2.
[SwitchB-behavior-name2] nest top-most vlan-id 3 //Configure an action of adding VLAN 3 in an outer
VLAN tag in a traffic behavior. In V200R009 and later versions, the command is changed to add-tag vlan-id.
[SwitchB-behavior-name2] quit
[SwitchB] traffic policy name1 //Configure a traffic policy named name1.
[SwitchB-trafficpolicy-name1] classifier name1 behavior name1
[SwitchB-trafficpolicy-name1] classifier name2 behavior name2
[SwitchB-trafficpolicy-name1] quit
Step 3 Apply the traffic policies to interfaces on SwitchA and SwitchB to implement
selective QinQ.
# Configure GE1/0/1 on SwitchA.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type hybrid
[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 2 3
[SwitchA-GigabitEthernet1/0/1] traffic-policy name1 inbound //Apply the traffic policy name1 to the
interface in the inbound direction.
[SwitchA-GigabitEthernet1/0/1] quit
----End
Configuration Files
● Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 2 to 3
#
traffic classifier name1 operator or precedence 5
if-match vlan-id 100 to 200
traffic classifier name2 operator or precedence 10
if-match vlan-id 300 to 400
#
traffic behavior name1
permit
nest top-most vlan-id 2
traffic behavior name2
permit
nest top-most vlan-id 3
#
traffic policy name1 match-order config
classifier name1 behavior name1
classifier name2 behavior name2
#
interface GigabitEthernet1/0/1
port hybrid untagged vlan 2 to 3
traffic-policy name1 inbound
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
return
Configuration Notes
● This example applies to all versions of all S series switches.
● The ports connected to terminals do not participate in STP calculation.
Therefore, configure the ports as edge ports or disable STP on the ports.
Networking Requirements
To implement redundancy on a complex network, network designers tend to
deploy multiple physical links between two devices, one of which is the primary
link and the others are backup links. Loops may occur, causing broadcast storms
or rendering the MAC address table unstable.
After a network designer deploys a network, STP can be deployed on the network
to prevent loops. When loops exist on a network, STP blocks a port to eliminate
the loops. In Figure 6-23, SwitchA, SwitchB, SwitchC, and SwitchD running STP
exchange STP BPDUs to discover loops on the network and block ports to prune
the network into a loop-free tree network. STP prevents infinite looping of packets
to ensure packet processing capabilities of switches.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the switching devices on the ring network to work in STP mode.
2. Configure the root bridge and secondary root bridge.
3. Configure the path cost of a port so that the port can be blocked.
4. Enable STP to eliminate loops.
Procedure
Step 1 Configure basic STP functions.
1. Configure the switching devices on the ring network to work in STP mode.
# Configure SwitchA to work in STP mode.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp mode stp
3. Configure the path cost of a port so that the port can be blocked.
NOTE
– The path cost range depends on the algorithm. Huawei's proprietary algorithm is
used as an example. Set the path costs of the ports to be blocked to 20000.
– Switching devices on the same network must use the same algorithm to calculate
the path cost of ports.
# Configure SwitchA to use Huawei's proprietary algorithm to calculate the
path cost.
[SwitchA] stp pathcost-standard legacy
NOTE
If edge ports are connected to network devices that have STP enabled and BPDU
protection is enabled, the edge ports will be shut down and their attributes
remain unchanged after they receive BPDUs.
– Enable STP globally on devices.
# Enable STP globally on SwitchA.
[SwitchA] stp enable
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
stp mode stp
stp instance 0 root primary
stp pathcost-standard legacy
stp enable
#
return
Configuration Notes
● This example applies to all versions of all S series switches.
● The ports connected to terminals do not participate in RSTP calculation.
Therefore, configure the ports as edge ports or disable STP on the ports.
Networking Requirements
To implement redundancy on a complex network, network designers tend to
deploy multiple physical links between two devices, one of which is the primary
link and the others are backup links. Loops may occur, causing broadcast storms
or rendering the MAC address table unstable.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic RSTP functions on switching devices of the ring network.
a. Configure the switching devices on the ring network to work in RSTP
mode.
b. Configure the root bridge and secondary root bridge.
c. Configure the path cost of a port so that the port can be blocked.
d. Enable RSTP to eliminate loops.
Procedure
Step 1 Configure basic RSTP functions.
1. Configure the switching devices on the ring network to work in RSTP mode.
# Configure SwitchA to work in RSTP mode.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp mode rstp
3. Configure the path cost of a port so that the port can be blocked.
NOTE
– The path cost range depends on the algorithm. Huawei's proprietary algorithm is
used as an example. Set the path costs of the ports to be blocked to 20000.
– Switching devices on the same network must use the same algorithm to calculate
the path cost of ports.
# Configure SwitchA to use Huawei's proprietary algorithm to calculate the
path cost.
[SwitchA] stp pathcost-standard legacy
NOTE
If edge ports are connected to network devices that have STP enabled and BPDU
protection is enabled, the edge ports will be shut down and their attributes
remain unchanged after they receive BPDUs.
– Enable RSTP globally on devices.
# Enable RSTP on SwitchA.
[SwitchA] stp enable
Step 2 Enable protection functions. The following uses root protection on the designated
port of the root bridge as an example.
After the configuration is complete and the network topology becomes stable,
perform the following operations to verify the configuration.
# Run the display stp brief command on SwitchA to view the status and
protection type on the ports. The displayed information is as follows:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
stp mode rstp
stp instance 0 root primary
stp pathcost-standard legacy
stp enable
#
interface GigabitEthernet1/0/1
stp root-protection
#
interface GigabitEthernet1/0/2
stp root-protection
#
return
● SwitchB configuration file
#
sysname SwitchB
#
stp mode rstp
stp bpdu-protection
stp pathcost-standard legacy
stp enable
#
interface GigabitEthernet1/0/2
stp edged-port enable
#
return
● SwitchC configuration file
#
sysname SwitchC
#
stp mode rstp
stp bpdu-protection
stp pathcost-standard legacy
stp enable
#
interface GigabitEthernet1/0/1
stp instance 0 cost 20000
#
interface GigabitEthernet1/0/2
stp edged-port enable
#
return
Configuration Notes
● This example applies to all versions of all S series switches.
● The ports connected to terminals do not participate in MSTP calculation.
Therefore, configure the ports as edge ports or disable STP on the ports.
Networking Requirements
To implement redundancy on a complex network, network designers tend to
deploy multiple physical links between two devices, one of which is the primary
link and the others are backup links. Loops may occur, causing broadcast storms
or rendering the MAC address table unstable. MSTP can be used to prevent loops.
MSTP blocks redundant links and prunes a network into a tree topology free from
loops.
In Figure 6-25, SwitchA, SwitchB, SwitchC, and SwitchD run MSTP. MSTP uses
multiple instances to implement load balancing of traffic in VLANs 2 to 10 and
VLANs 11 to 20. The VLAN mapping table that defines the mapping between
VLANs and MSTIs can be used.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP functions on switching devices of the ring network.
2. Enable protection functions to protect devices or links. For example, enable
root protection on the designed port of the root bridge in each MSTI.
NOTE
When the link between the root bridge and secondary root bridge goes Down, the port
enabled with root protection becomes Discarding because root protection takes effect.
To improve reliability, you are advised to bind the link between the root bridge and
secondary root bridge to an Eth-Trunk.
3. Configure Layer 2 forwarding on devices.
Procedure
Step 1 Configure basic MSTP functions.
1. Configure SwitchA, SwitchB, SwitchC, and SwitchD (access switches) in the
MST region RG1 and create MSTI 1 and MSTI 2.
NOTE
Two switches belong to the same MST region when they have the same:
– Name of the MST region
– Mapping between VLANs and MSTIs
– Revision level of the MST region
# Configure an MST region of root bridge SwitchA in MSTI 1.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchA-mst-region] instance 1 vlan 2 to 10 //Map VLANs 2 to 10 to MSTI 1.
[SwitchA-mst-region] instance 2 vlan 11 to 20 //Map VLANs 11 to 20 to MSTI 2.
[SwitchA-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchA-mst-region] quit
# Configure an MST region of root bridge SwitchB in MSTI 1.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchB-mst-region] instance 1 vlan 2 to 10 //Map VLANs 2 to 10 to MSTI 1.
[SwitchB-mst-region] instance 2 vlan 11 to 20 //Map VLANs 11 to 20 to MSTI 2.
[SwitchB-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchB-mst-region] quit
# Configure an MST region of SwitchC.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] stp region-configuration
[SwitchC-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchC-mst-region] instance 1 vlan 2 to 10 //Map VLANs 2 to 10 to MSTI 1.
[SwitchC-mst-region] instance 2 vlan 11 to 20 //Map VLANs 11 to 20 to MSTI 2.
[SwitchC-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchC-mst-region] quit
# Configure an MST region of SwitchD.
<Quidway> system-view
[Quidway] sysname SwitchD
[SwitchD] stp region-configuration
[SwitchD-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchD-mst-region] instance 1 vlan 2 to 10 //Map VLANs 2 to 10 to MSTI 1.
[SwitchD-mst-region] instance 2 vlan 11 to 20 //Map VLANs 11 to 20 to MSTI 2.
[SwitchD-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchD-mst-region] quit
2. Configure root bridges and secondary root bridges of MSTI 1 and MSTI 2 in
the MST region RG1.
3. Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be
larger than the default values.
NOTE
– The path cost range depends on the algorithm. Huawei's proprietary algorithm is
used as an example. Set the path costs of the ports to be blocked in MSTI 1 and
MSTI 2 to 20000.
– Switching devices on the same network must use the same algorithm to calculate
the path cost of ports.
Configure SwitchA to use Huawei's proprietary algorithm to calculate the
path cost.
[SwitchA] stp pathcost-standard legacy
NOTE
If edge ports are connected to network devices that have STP enabled and BPDU
protection is enabled, the edge ports will be shut down and their attributes
remain unchanged after they receive BPDUs.
Step 2 Enable protection functions. For example, enable root protection on the designed
port of the root bridge in each MSTI.
# Enable root protection on GE1/0/1 of SwitchA.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] stp root-protection
[SwitchA-GigabitEthernet1/0/1] quit
NOTE
MSTI 1 and MSTI 2 are used as examples, so you do not need to check the port status in
MSTI 0.
# Run the display stp brief command on SwitchA to view the port status and
protection type. The displayed information is as follows:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING ROOT
0 Eth-Trunk1 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING ROOT
GE1/0/3 on SwitchC is the root port in MSTI 1 and MSTI 2. GE1/0/2 on SwitchC is
blocked in MSTI 2 and is the designated port in MSTI 1.
# Run the display stp interface brief command on SwitchD. The following
information is displayed:
[SwitchD] display stp interface gigabitethernet 1/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/3 ROOT FORWARDING NONE
1 GigabitEthernet1/0/3 ROOT FORWARDING NONE
2 GigabitEthernet1/0/3 ROOT FORWARDING NONE
[SwitchD] display stp interface gigabitethernet 1/0/2 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/2 ALTE DISCARDING NONE
1 GigabitEthernet1/0/2 ALTE DISCARDING NONE
2 GigabitEthernet1/0/2 DESI FORWARDING NONE
GE1/0/3 on SwitchD is the root port in MSTI 1 and MSTI 2. GE1/0/2 on SwitchD is
blocked in MSTI 1 and is the designated port in MSTI 2.
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 20
#
stp instance 1 root primary
stp instance 2 root secondary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp root-protection
#
interface GigabitEthernet1/0/2
eth-trunk 1
#
interface GigabitEthernet1/0/3
eth-trunk 1
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 2 to 20
#
stp instance 1 root secondary
stp instance 2 root primary
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp root-protection
#
interface GigabitEthernet1/0/2
eth-trunk 1
#
interface GigabitEthernet1/0/3
eth-trunk 1
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 2 to 20
#
stp bpdu-protection
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 2
stp edged-port enable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 2 cost 20000
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
● SwitchD configuration file
#
sysname SwitchD
#
vlan batch 2 to 20
#
stp bpdu-protection
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2 to 10
instance 2 vlan 11 to 20
active region-configuration
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 11
stp edged-port enable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 20
stp instance 1 cost 20000
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 20
#
return
Configuration Notes
● The ports connected to terminals do not participate in MSTP calculation.
Therefore, configure the ports as edge ports or disable STP on the ports.
● This example applies to the following products:
– S2320-EI
– S3300-EI, S3300-HI
– S5320-LI, S5320-SI, S5300-EI, S5300-HI, S5310-EI, S5320-EI, S5320-HI,
S5330-SI, S5330-HI, S5331-S, S5331-H, S5332-H, S5335-S, S5335-L,
S5335-L1, S5336-S
– S6300-EI, S6320-EI, S6320-SI, S6320-HI, S6330-H
– S9300X-4, S9300X-8, S9300X-12, S9303, S9303E, S9306, S9306E, S9310,
S9310X, S9312, S9312E
● For the product models whose applicable versions are not listed above, see
Table 1-1 in "Applicable Products and Versions" for details.
NOTE
For details about software mappings, visit Hardware Center and select the desired
product model.
Networking Requirements
In Figure 6-26, hosts connect to the network through SwitchC. SwitchC is dual-
homed to SwitchA and SwitchB and connects to the Internet. Redundant links are
deployed for access backup. The use of redundant links, however, may produce
loops, causing broadcast storms and rendering the MAC address table unstable.
It is required that network loops be prevented when redundant links are deployed,
traffic be switched to another link when one link is disconnected, and network
bandwidth be effectively used.
MSTP can be configured on the network. MSTP blocks redundant links and prunes
a network into a tree topology free from loops. VRRP can be configured on
SwitchA and SwitchB. HostA connects to the Internet with SwitchA as the default
gateway and SwitchB as the backup gateway; HostB connects to the Internet with
SwitchB as the default gateway and SwitchA as the backup gateway. This setting
implements reliability and traffic load balancing.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP functions on switching devices of the ring network.
a. Configure an MST region and create multi-instance, and map VLAN 2 to
MSTI 1 and VLAN 3 to MSTI 2 to load balance traffic.
b. Configure the root bridge and secondary root bridge in each MST region.
c. Configure the path cost of a port in each MSTI so that the port can be
blocked.
d. Enable MSTP to prevent loops.
In this example, SwitchA and SwitchB need to support VRRP and OSPF. For details
about the models supporting VRRP and OSPF, see the documentation.
5. Create VRRP groups 1 and 2 on SwitchA and SwitchB. In VRRP group 1,
configure SwitchA as the master and SwitchB as the backup. In VRRP group 2,
configure SwitchB as the master and SwitchA as the backup.
Procedure
Step 1 Configure basic MSTP functions.
1. Configure SwitchA, SwitchB, and SwitchC in the MST region RG1 and create
MSTI 1 and MSTI 2.
# Configure an MST region on SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stp region-configuration //Enter the MST region view.
[SwitchA-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchA-mst-region] instance 1 vlan 2 //Maps VLAN 2 to MSTI 1.
[SwitchA-mst-region] instance 2 vlan 3 //Maps VLAN 3 to MSTI 2.
[SwitchA-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchA-mst-region] quit
# Configure an MST region on SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] stp region-configuration //Enter the MST region view.
[SwitchB-mst-region] region-name RG1 //Configure the region name as RG1.
[SwitchB-mst-region] instance 1 vlan 2 //Maps VLAN 2 to MSTI 1.
[SwitchB-mst-region] instance 2 vlan 3 //Maps VLAN 3 to MSTI 2.
[SwitchB-mst-region] active region-configuration //Activate the MST region configuration.
[SwitchB-mst-region] quit
# Configure an MST region on SwitchC.
<Quidway> system-view
[Quidway] sysname SwitchC
2. Configure root bridges and secondary root bridges of MSTI 1 and MSTI 2 in
the MST region RG1.
– Configure the root bridge and secondary root bridge in MSTI 1.
# Configure SwitchA as the root bridge in MSTI 1.
[SwitchA] stp instance 1 root primary
3. Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be
larger than the default values.
NOTE
– The path cost range depends on the algorithm. Huawei's proprietary algorithm is
used as an example. Set the path costs of the ports to be blocked in MSTI 1 and
MSTI 2 to 20000.
– Switching devices on the same network must use the same algorithm to calculate
the path cost of ports.
# Configure SwitchA to use Huawei's proprietary algorithm to calculate the
path cost.
[SwitchA] stp pathcost-standard legacy
NOTE
If edge ports are connected to network devices that have STP enabled and BPDU
protection is enabled, the edge ports will be shut down and their attributes
remain unchanged after they receive BPDUs.
Step 2 Enable protection functions. For example, enable root protection on the designed
port of the root bridge in each MSTI.
# Enable root protection on GE1/0/1 of SwitchA.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] stp root-protection
[SwitchA-GigabitEthernet1/0/1] quit
NOTE
MSTI 1 and MSTI 2 are used as examples, so you do not need to check the port status in
MSTI 0.
# Run the display stp brief command on SwitchA to view the port status and
protection type. The displayed information is as follows:
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING ROOT
0 GigabitEthernet1/0/2 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING ROOT
1 GigabitEthernet1/0/2 DESI FORWARDING NONE
2 GigabitEthernet1/0/1 DESI FORWARDING ROOT
2 GigabitEthernet1/0/2 ROOT FORWARDING NONE
In MSTI 1, GE1/0/2 and GE1/0/1 on SwitchA are designed ports because SwitchA is
the root bridge. In MSTI 2, GE1/0/1 on SwitchA is the designed port and GE1/0/2 is
the root port.
# Run the display stp brief command on SwitchB. The displayed information is as
follows:
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING ROOT
0 GigabitEthernet1/0/2 ROOT FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING ROOT
1 GigabitEthernet1/0/2 ROOT FORWARDING NONE
2 GigabitEthernet1/0/1 DESI FORWARDING ROOT
2 GigabitEthernet1/0/2 DESI FORWARDING NONE
In MSTI 2, GE1/0/1 and GE1/0/2 on SwitchB are designed ports because SwitchB is
the root bridge. In MSTI 1, GE1/0/1 on SwitchB is the designed port and GE1/0/2 is
the root port.
# Run the display stp interface brief command on SwitchC. The displayed
information is as follows:
[SwitchC] display stp interface gigabitethernet 1/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 ROOT FORWARDING NONE
1 GigabitEthernet1/0/1 ROOT FORWARDING NONE
2 GigabitEthernet1/0/1 ALTE DISCARDING NONE
[SwitchC] display stp interface gigabitethernet 1/0/4 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/4 ALTE DISCARDING NONE
1 GigabitEthernet1/0/4 ALTE DISCARDING NONE
2 GigabitEthernet1/0/4 ROOT FORWARDING NONE
GE1/0/1 on SwitchC is the root port in MSTI 1 and is blocked in MSTI 2. GE1/0/4
on SwitchC is blocked in MSTI 1 and is the designated port in MSTI 2.
Step 5 Configure devices to ensure network connectivity.
# Assign an IP address to each interface. SwitchA is used as an example. The
configuration of SwitchB is similar to that of SwitchA, and is not mentioned here.
For details, see the configuration files.
[SwitchA] vlan batch 4
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 4
[SwitchA-GigabitEthernet1/0/3] quit
[SwitchA] interface vlanif 2
[SwitchA-Vlanif2] ip address 10.1.2.102 24
[SwitchA-Vlanif2] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] ip address 10.1.3.102 24
[SwitchA-Vlanif3] quit
[SwitchA] interface vlanif 4
[SwitchA-Vlanif4] ip address 10.1.4.102 24
[SwitchA-Vlanif4] quit
# Configure VRRP group 2 on SwitchA and SwitchB, set the priority of SwitchB to
120 and the preemption delay to 20s, and set the default priority for SwitchA.
[SwitchB] interface vlanif 3
[SwitchB-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100 //Create VRRP group 2 and set the virtual IP address to
10.1.3.100.
[SwitchB-Vlanif3] vrrp vrid 2 priority 120 //Set the priority of VRRP group 2 to 120.
[SwitchB-Vlanif3] vrrp vrid 2 preempt-mode timer delay 20 //Set the preemption delay of VRRP group 2
to 20s.
[SwitchB-Vlanif3] quit
[SwitchA] interface vlanif 3
[SwitchA-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100 //Create VRRP group 2 and set the virtual IP address to
10.1.3.100.
[SwitchA-Vlanif3] quit
Master IP : 10.1.3.103
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:40:18
Last change time : 2012-05-26 11:48:58
# After the configuration is complete, run the display vrrp command on SwitchB.
The following output shows that SwitchB is the backup in VRRP group 1 and the
master in VRRP group 2.
[SwitchB] display vrrp
Vlanif2 | Virtual Router 1
State : Backup
Virtual IP : 10.1.2.100
Master IP : 10.1.2.102
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 2 to 4
#
stp instance 1 root primary
stp instance 2 root secondary
stp bpdu-protection
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.102 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
#
interface Vlanif3
ip address 10.1.3.102 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.3.100
#
interface Vlanif4
ip address 10.1.4.102 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
stp root-protection
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 3
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 4
stp edged-port enable
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 2 to 3 5
#
stp instance 1 root secondary
stp instance 2 root primary
stp bpdu-protection
stp pathcost-standard legacy
stp enable
#
stp region-configuration
region-name RG1
instance 1 vlan 2
instance 2 vlan 3
active region-configuration
#
interface Vlanif2
ip address 10.1.2.103 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.2.100
#
interface Vlanif3
ip address 10.1.3.103 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.3.100
Configuration Notes
● STP and Smart Link must be disabled on the interface added to an RRPP
domain.
● DHCP and MAC address limiting rules cannot be configured in an RRPP
control VLAN.
● When the mapping between the protected instance and MUX VLAN needs to
be configured, you are advised to configure the principal VLAN, subordinate
group VLAN, and subordinate separate VLAN in the MUX VLAN in the
protected instance. Otherwise, loops may occur.
● This example applies to all versions of all S series switches.
Networking Requirements
In Figure 6-27, SwitchA, SwitchB, and SwitchC constitute a ring network. The
network is required to prevent loops when the ring is complete and to implement
fast convergence to rapidly restore communication between nodes in the ring
when the ring fails. You can enable RRPP on SwitchA, SwitchB, and SwitchC to
meet this requirement.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create an RRPP domain and its control VLAN.
2. Map VLANs from which data needs to pass through in the RRPP ring to
instance 1, including data VLANs 100 to 300 and control VLANs 20 and 21
(VLAN 21 is the sub-control VLAN generated by the device).
3. Configure interfaces to be added to the RRPP domain on the devices so that
data can pass through the interfaces. Disable protocols that conflict with
RRPP, such as STP.
4. In the RRPP domain, configure a protected VLAN, create an RRPP ring and
configure SwitchA, SwitchB, and SwitchC as nodes in ring 1 in domain 1.
Configure SwitchA as the master node in ring 1 and configure SwitchB and
SwitchC as transit nodes in ring 1.
5. Enable the RRPP ring and RRPP on devices.
Procedure
Step 1 Create an RRPP domain and its control VLAN.
# Configure SwitchA. The configurations of SwitchB and SwitchC are similar to the
configuration of SwitchA, and are not mentioned here. For details, see the
configuration files.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] control-vlan 20 //Each RRPP domain has a major control VLAN and a
sub-control VLAN. You only need to specify the major control VLAN. The system uses the VLAN whose ID is
one greater than the ID of the major control VLAN as the sub-control VLAN.
[SwitchA-rrpp-domain-region1] quit
Step 2 Map instance 1 to control VLANs 20 and 21 and data VLANs 100 to 300.
# Configure SwitchA. The configurations of SwitchB and SwitchC are similar to the
configuration of SwitchA, and are not mentioned here. For details, see the
configuration files.
[SwitchA] vlan batch 100 to 300
[SwitchA] stp region-configuration
[SwitchA-mst-region] instance 1 vlan 20 21 100 to 300 //Add the major control VLAN, sub-control VLAN,
and data VLANs to instance 1.
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
Step 3 Configure the interfaces to be added to the RRPP ring as trunk interfaces,
configure the interfaces to allow VLANs 100 to 300 to pass through, and disable
STP on the interfaces.
# Configure SwitchA. The configurations of SwitchB and SwitchC are similar to the
configuration of SwitchA, and are not mentioned here. For details, see the
configuration files.
[SwitchA] interface gigabitethernet 2/0/1
[SwitchA-GigabitEthernet2/0/1] port link-type trunk
[SwitchA-GigabitEthernet2/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet2/0/1] port trunk allow-pass vlan 100 to 300
[SwitchA-GigabitEthernet2/0/1] stp disable
[SwitchA-GigabitEthernet2/0/1] quit
[SwitchA] interface gigabitethernet 2/0/2
[SwitchA-GigabitEthernet2/0/2] port link-type trunk
[SwitchA-GigabitEthernet2/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet2/0/2] port trunk allow-pass vlan 100 to 300
[SwitchA-GigabitEthernet2/0/2] stp disable
[SwitchA-GigabitEthernet2/0/2] quit
Step 4 Specify a protected VLAN, and create and enable an RRPP ring.
# Configure SwitchA.
[SwitchA] rrpp domain 1
[SwitchA-rrpp-domain-region1] protected-vlan reference-instance 1 //Configure instance 1 as the
protected instance of the RRPP domain.
[SwitchA-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet 2/0/1
secondary-port gigabitethernet 2/0/2 level 0
[SwitchA-rrpp-domain-region1] ring 1 enable
[SwitchA-rrpp-domain-region1] quit
# Configure SwitchB.
[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchB-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 2/0/1 secondary-
port gigabitethernet 2/0/2 level 0
[SwitchB-rrpp-domain-region1] ring 1 enable
[SwitchB-rrpp-domain-region1] quit
# Configure SwitchC.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] protected-vlan reference-instance 1
[SwitchC-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 2/0/1 secondary-
port gigabitethernet 2/0/2 level 0
[SwitchC-rrpp-domain-region1] ring 1 enable
[SwitchC-rrpp-domain-region1] quit
# Configure SwitchA. The configurations of SwitchB and SwitchC are similar to the
configuration of SwitchA, and are not mentioned here. For details, see the
configuration files.
[SwitchA] rrpp enable
After the configuration is complete and the network topology becomes stable,
perform the following operations to verify the configuration. The display on
SwitchA is used as an example.
# Run the display rrpp brief command on SwitchA. The following information is
displayed:
[SwitchA] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet2/0/1 Port status: UP
Secondary port : GigabitEthernet2/0/2 Port status: BLOCKED
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 1
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2
level 0
ring 1 enable
#
interface GigabitEthernet2/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface GigabitEthernet2/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 1
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2
level 0
ring 1 enable
#
interface GigabitEthernet2/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface GigabitEthernet2/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 20 to 21 100 to 300
#
rrpp enable
#
stp region-configuration
instance 1 vlan 20 to 21 100 to 300
active region-configuration
#
rrpp domain 1
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2
level 0
ring 1 enable
#
interface GigabitEthernet2/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
interface GigabitEthernet2/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21 100 to 300
stp disable
#
return
Overview
Generally, a metro Ethernet network uses two-layer rings:
● One layer is the aggregation layer between aggregation devices PE-AGGs, for
example, RRPP domain 1 in Figure 6-28.
● The other layer is the access layer between PE-AGGs and UPEs, for example,
RRPP domain 2 and RRPP domain 3 in Figure 6-28.
In Figure 6-28, intersecting RRPP rings can be used. RRPP rings are configured at
aggregation and access layers, and the two layers are connected through tangent
RRPP rings.
Two tangent rings cannot belong to the same RRPP domain. The tangent point of
the two tangent rings belongs to two RRPP domains, and the major node can be
located in the tangent point.
When there are multiple tangent RRPP rings, a fault on a ring does not affect
other domains and the convergence process of RRPP rings in a domain is the same
as that of a single ring.
Configuration Notes
● STP and Smart Link must be disabled on the interface added to an RRPP
domain.
● DHCP and MAC address limiting rules cannot be configured in an RRPP
control VLAN.
● When the mapping between the protected instance and MUX VLAN needs to
be configured, you are advised to configure the principal VLAN, subordinate
group VLAN, and subordinate separate VLAN in the MUX VLAN in the
protected instance. Otherwise, loops may occur.
● This example applies to all versions of all S series switches.
Networking Requirements
In Figure 6-28, the network is required to prevent loops when the ring is complete
and to implement fast convergence to rapidly restore communication between
nodes in the ring when the ring fails. RRPP can meet this requirement. RRPP
supports multiple rings. You can configure RRPP rings at the aggregation and
access layers. The two rings are tangent, simplifying the network configuration.
Configuration Roadmap
The configuration roadmap is as follows:
1. Map the VLANs that need to pass through ring 1 to instance 1, including data
VLANs and control VLANs, which are used for configuring protected VLANs.
Map the VLANs that need to pass through ring 2 to instance 2, including data
VLANs and control VLANs, which are used for configuring protected VLANs.
2. Create RRPP domains, control VLANs and configure protected VLANs for
configuring RRPP rings.
3. Configure interfaces to be added to the RRPP domain on the devices so that
data can pass through the interfaces. Disable protocols that conflict with
RRPP, such as STP.
4. Create RRPP rings in RRPP domains.
a. Configure SwitchA, SwitchB, and SwitchC to be in ring 2 of RRPP domain
2.
b. Configure SwitchC, SwitchD, and SwitchE to be in ring 1 of RRPP domain
1.
c. Configure SwitchA as the master node in ring 2, and configure SwitchB
and SwitchC as transit nodes in ring 2.
d. Configure SwitchE as the master node in ring 1, and configure SwitchC
and SwitchD as transit nodes in ring 1.
5. Enable the RRPP ring and RRPP on devices.
Procedure
Step 1 Configure instance 2 and map it to the data VLANs and control VLANs allowed by
the RRPP interface.
Step 2 Create RRPP domains and configure control VLANs and protected VLANs of the
RRPP domains.
Step 3 Configure the interfaces to be added to RRPP rings as trunk interfaces and disable
STP on the interfaces.
# Configure SwitchB as a transit node in ring 2 (major ring) and specify the
primary and secondary interfaces.
[SwitchB] rrpp domain 2
[SwitchB-rrpp-domain-region2] ring 2 node-mode transit primary-port gigabitethernet 2/0/1
secondary-port gigabitethernet 2/0/2 level 0
[SwitchB-rrpp-domain-region2] ring 2 enable
[SwitchB-rrpp-domain-region2] quit
# Configure SwitchC as a transit node in ring 2 and specify the primary and
secondary interfaces.
[SwitchC] rrpp domain 2
[SwitchC-rrpp-domain-region2] ring 2 node-mode transit primary-port gigabitethernet 2/0/1
secondary-port gigabitethernet 2/0/2 level 0
[SwitchC-rrpp-domain-region2] ring 2 enable
[SwitchC-rrpp-domain-region2] quit
# Configure SwitchC as a transit node in ring 1 and specify the primary and
secondary interfaces.
[SwitchC] rrpp domain 1
[SwitchC-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/1
secondary-port gigabitethernet 1/0/2 level 0
[SwitchC-rrpp-domain-region1] ring 1 enable
[SwitchC-rrpp-domain-region1] quit
# Configure SwitchD as a transit node in ring 1 and specify the primary and
secondary interfaces.
Domain Index : 1
Control VLAN : major 10 sub 11
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
1 0 T GigabitEthernet1/0/1 GigabitEthernet1/0/2 Yes
Domain Index : 2
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 2
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
----------------------------------------------------------------------------
2 0 T GigabitEthernet2/0/1 GigabitEthernet2/0/2 Yes
RRPP Ring :1
Ring Level :0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet1/0/1 Port status: UP
Secondary port : GigabitEthernet1/0/2 Port status: UP
RRPP Ring :2
Ring Level :0
Node Mode : Transit
Ring State : LinkUp
Is Enabled : Enable Is Active: Yes
Primary port : GigabitEthernet2/0/1 Port status: UP
Secondary port : GigabitEthernet2/0/2 Port status: UP
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 20 to 21
#
rrpp enable
#
stp region-configuration
instance 2 vlan 20 to 21
active region-configuration
#
rrpp domain 2
control-vlan 20
protected-vlan reference-instance 2
ring 2 node-mode master primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2
level 0
ring 2 enable
#
interface GigabitEthernet2/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21
stp disable
#
interface GigabitEthernet2/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21
stp disable
#
return
#
vlan batch 20 to 21
#
rrpp enable
#
stp region-configuration
instance 2 vlan 20 to 21
active region-configuration
#
rrpp domain 2
control-vlan 20
protected-vlan reference-instance 2
ring 2 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2
level 0
ring 2 enable
#
interface GigabitEthernet2/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21
stp disable
#
interface GigabitEthernet2/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 to 21
stp disable
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 10 to 11 20 to 21
#
rrpp enable
#
stp region-configuration
instance 1 vlan 10 to 11
instance 2 vlan 20 to 21
active region-configuration
#
rrpp domain 1
control-vlan 10
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet1/0/2
level 0
ring 1 enable
rrpp domain 2
control-vlan 20
protected-vlan reference-instance 2
ring 2 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2
level 0
ring 2 enable
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 11
stp disable
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 11
stp disable
#
interface GigabitEthernet2/0/1
port link-type trunk
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 11
stp disable
#
return
In Figure 6-30, UPEs constitute an RRPP ring and connect to the VPLS network
where NPEs are located. NPEs are connected through a PW, so they cannot serve
as RRPP nodes to respond to RRPP packets. As a result, the VPLS network cannot
detect changes to the RRPP ring status. When the RRPP ring topology changes,
each node on the VPLS network forwards downstream data according to the MAC
address table generated before the RRPP ring topology changes. Consequently, the
downstream traffic cannot be forwarded
You can enable RRPP snooping on the sub-interface or VLANIF interface of NPED
and associate the interface with VSIs on the local device. When the RRPP ring is
faulty, NPED on the VPLS network deletes forwarding entries of VSIs (including
the associated VSIs) on the local node and forwarding entries of NPEB to re-learn
forwarding entries. This ensures that traffic can be switched to a normal path and
downstream traffic can be properly forwarded.
Configuration Notes
● RRPP and RRPP snooping cannot be configured on the same interface.
● SA series cards and XGE interfaces connected to LE1D2FW00S01 and ACU2
cards do not support RRPP snooping. In earlier versions of V200R007C00, X1E
series cards do not support RRPP snooping.
● This example applies to the following products:
– S5300-HI, S5310-EI, S5320-EI, S5320-HI, S5330-HI, S5331-S, S5331-H,
S5332-H
– S6300-EI, S6320-EI, S6320-HI, S6330-H
– S9303, S9306, S9312, S9310
– S9310X, S9300X-4, S9300X-8, S9300X-12
– S9303E, S9306E, S9312E
● For the product models whose applicable versions are not listed above, see
Table 1-1 in "Applicable Products and Versions" for details.
NOTE
For details about software mappings, visit Hardware Center and select the desired
product model.
Networking Requirements
In Figure 6-31, SwitchA, SwitchB, SwitchC, and SwitchD constitute an RRPP ring.
The network is required to prevent loops when the ring is complete and to
implement fast convergence to rapidly restore communication between nodes in
the ring when the ring fails. The VPLS network can transparently transmit RRPP
packets, detect RRPP ring status changes, and update forwarding entries so that
traffic can be rapidly switched to a normal path according to the ring status.
Configuration Roadmap
The configuration roadmap is as follows:
NOTE
Procedure
Step 1 Configure VPLS. SwitchC is used as an example. The configuration of SwitchD is
similar to the configuration of SwitchC, and is not mentioned here. For details, see
the configuration files.
NOTE
# Configure SwitchB as a transit node in ring 1 (major ring) and specify the
primary and secondary interfaces.
[SwitchB] rrpp domain 1
[SwitchB-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet 1/0/1 secondary-
After the configuration is complete and the network topology becomes stable,
perform the following operations to verify the configuration. SwitchA is used as an
example.
● Run the display rrpp brief command on SwitchA. The following information
is displayed:
[SwitchA] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
is VLAN 21. SwitchA is the master node in ring 1. The primary interface is
GE1/0/1 and the secondary interface is GE1/0/2.
● Run the display rrpp verbose domain command on SwitchA. The following
information is displayed.
# Check detailed information about RRPP domain 1 on SwitchA.
[SwitchA] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 20 sub 21
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
RRPP Ring :1
Ring Level :0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/1 Port status: UP
Secondary port : GigabitEthernet1/0/2 Port status: BLOCKED
The preceding information shows that VSI 20 and VLAN 20 are associated
with GE2/0/0.20.
# Check information about other VSIs associated with GE2/0/0.20 on SwitchC.
[SwitchC] display rrpp snooping vsi interface gigabitethernet 2/0/0.20
Port VsiName
---------------------------------------------------------------------
GigabitEthernet2/0/0.20 VSI10
GigabitEthernet2/0/0.20 VSI20
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10 20 to 21
#
rrpp enable
#
stp region-configuration
instance 1 vlan 10 20 to 21
active region-configuration
#
rrpp domain 1
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet1/0/2
level 0
ring 1 enable
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 to 21
stp disable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 to 21
stp disable
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 10 20 to 21
#
rrpp enable
#
stp region-configuration
instance 1 vlan 10 20 to 21
active region-configuration
#
rrpp domain 1
control-vlan 20
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet1/0/1 secondary-port GigabitEthernet1/0/2
level 0
ring 1 enable
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 to 21
stp disable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 to 21
stp disable
#
return
● SwitchC configuration file
#
sysname SwitchC
#
interface GigabitEthernet2/0/0
undo portswitch
#
interface GigabitEthernet2/0/0.10
dot1q termination vid 10
l2 binding vsi VSI10
#
interface GigabitEthernet2/0/0.20
dot1q termination vid 20
l2 binding vsi VSI20
rrpp snooping enable
rrpp snooping vsi VSI10
#
return
● SwitchD configuration file
#
sysname SwitchD
#
interface GigabitEthernet2/0/0
undo portswitch
#
interface GigabitEthernet2/0/0.10
dot1q termination vid 10
l2 binding vsi VSI10
#
interface GigabitEthernet2/0/0.20
Configuration Notes
This example applies to all versions of all S series switches.
Networking Requirements
Company A needs to deploy multiple Layer 2 access devices. In Figure 6-32, Layer
2 switching devices form a ring at the access layer, and Layer 3 devices form a ring
at the aggregation layer. The aggregation layer uses MSTP to eliminate redundant
links. Company A requires that services be rapidly switched to prevent traffic
interruption when a link at the access layer fails.
You can deploy multiple Layer 2 devices in a ring and configure SEP to meet the
following requirements of company A:
● When there is no faulty link on the ring network, SEP can eliminate loops.
● When a link fails on the ring network, SEP can quickly restore communication
between nodes in the ring.
● The topology change notification function is configured on an edge device in
a SEP segment so that devices on the upper-layer network can promptly
detect topology changes on the lower-layer network. After receiving a
topology change notification from a lower-layer network, a device on an
upper-layer network sends a TC packet to instruct other devices to delete
original MAC addresses and learn new MAC addresses. This ensures nonstop
traffic forwarding.
NOTE
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic SEP functions.
a. Configure SEP segment 1 on LSW1 to LSW3 and configure VLAN 10 as
the control VLAN of SEP segment 1.
b. Add LSW1 to LSW3 to SEP segment 1 and configure interface roles on
edge devices (LSW1 and LSW2) of the SEP segment.
NOTE
PE1 and PE2 do not support the SEP protocol; therefore, the interfaces of LSW1
and LSW2 connected to the PEs must be no-neighbor edge interfaces.
c. On the device where the no-neighbor primary edge interface is located,
specify the interface in the middle of the SEP segment as the interface to
block.
d. Configure manual preemption.
e. Configure the topology change notification function so that the upper-
layer network running MSTP can be notified of topology changes in the
SEP segment.
2. Configure basic MSTP functions.
a. Add PE1 to PE4, LSW1, and LSW2 to the MST region RG1.
b. Create VLANs on PE1 to PE4, LSW1, and LSW2 and add interfaces on the
STP ring to the VLANs.
c. Configure PE3 as the root bridge and PE4 as the secondary root bridge.
3. Set up a single-hop BFD session between NPE1 and NPE2 to detect the status
of the interfaces configured with VRRP. Then, report the detection result to
VRRP to complete VRRP fast switching.
4. Configure VRRP.
a. Create VRRP group 1 on GE 1/0/1 of NPE1, and set a higher VRRP priority
for NPE1 to ensure that NPE1 functions as the master.
b. Create VRRP group 1 in the view of GE 1/0/1 interface of NPE2, and allow
NPE2 to use the default VRRP priority.
c. Bind a BFD session to VRRP group 1.
5. Configure Layer 2 forwarding on the CE and LSW1 to LSW3.
NOTE
PE1 and PE2 are aggregation switches, PE3 is the root bridge, PE4 is the secondary root bridge,
LSWs are access switches, and CEs are user-side switches.
Procedure
Step 1 Configure basic SEP functions.
1. Configure SEP segment 1 on LSW1 to LSW3 and configure VLAN 10 as the
control VLAN of SEP segment 1.
# Configure access switch LSW1.
<Quidway> system-view
[Quidway] sysname LSW1
NOTE
– The control VLAN must be a VLAN that has not been created or used. However, the
command for creating a common VLAN is automatically displayed in the configuration
file after the control VLAN is created.
– Each SEP segment must have a control VLAN. After an interface is added to a SEP
segment that has a control VLAN, the interface is automatically added to the control
VLAN.
2. Add access switch LSW1 to LSW3 to SEP segment 1 and configure interface
roles.
NOTE
Step 3 Configure VLAN 100 to transmit VRRP packets and VLAN 200 to transmit BFD
packets.
# Enable BFD on NPE2 and configure a BFD session between NPE1 and NPE2.
[NPE2] bfd
[NPE2-bfd] quit
[NPE2] bfd NPE1 bind peer-ip default-ip interface gigabitethernet 1/0/1 //Configure a static BFD
session to monitor the link of the VRRP group.
[NPE2-bfd-session-npe1] discriminator local 2
[NPE2-bfd-session-npe1] discriminator remote 1
[NPE2-bfd-session-npe1] commit
[NPE2-bfd-session-npe1] quit
# After completing the configuration, run the display bfd session all on NPE1
and NPE2. The command output shows that the BFD session is set up
between NPE1 and NPE2 and its status is Up.
Use the display on NPE1 as an example.
[NPE1] display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
1 2 224.0.0.184 Up S_IP_IF GigabitEthernet1/0/1
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
# Configure NPE2.
[NPE2] bfd
[NPE2-bfd] quit
[NPE2] bfd NPE1
[NPE2-bfd-session-npe1] process-interface-status sub-if
[NPE2-bfd-session-npe1] commit
[NPE2-bfd-session-npe1] quit
After completing the preceding configurations, run the display bfd session all
verbose command on NPE1 and NPE2. Check that the Proc interface status
field displays Enable (Sub-If).
Use the display on NPE1 as an example.
[NPE1] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 257 (One Hop) State : Up Name : npe2
--------------------------------------------------------------------------------
Local Discriminator : 1 Remote Discriminator : 2
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Interface(GigabitEthernet1/0/1)
Bind Session Type : Static
Bind Peer IP Address : 224.0.0.184
NextHop Ip Address : 224.0.0.184
Bind Interface : GigabitEthernet1/0/1
FSM Board Id :0 TOS-EXP :7
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000
Local Detect Multi :3 Detect Interval (ms) : 3000
Echo Passive : Disable Acl Number :-
Destination Port : 3784 TTL : 255
Proc Interface Status : Enable(Sub-If) Process PST : Disable
WTR Interval (ms) :- Local Demand Mode : Disable
Active Multi :3
Last Local Diagnostic : No Diagnostic
Bind Application : IFNET
Session TX TmrID : 93 Session Detect TmrID : 94
Session Init TmrID :- Session WTR TmrID :-
After completing the preceding configurations, run the display vrrp command on
NPE1. Check that the status of NPE1 is Master. Run the display vrrp command on
NPE2. Check that the status of NPE2 is Backup.
[NPE1] display vrrp
GigabitEthernet1/0/1.1 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.10
Master IP : 10.1.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 10
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Config track link-bfd down-number : 0
Track BFD : 1 type: peer
BFD-session state : UP
Create time : 2013-12-29 22:46:32 UTC+07:00
Last change time : 2013-12-29 22:46:35 UTC+07:00
[NPE2] display vrrp
GigabitEthernet1/0/1.1 | Virtual Router 1
State : Backup
Virtual IP : 10.1.1.10
Master IP : 10.1.1.2
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Config track link-bfd down-number : 0
Track BFD : 2 type: peer
BFD-session state : UP
Create time : 2013-12-29 22:46:32 UTC+07:00
Last change time : 2013-12-29 22:46:35 UTC+07:00
Step 6 Configure the Layer 2 forwarding function on the user-side switch CE and access
switch LSW1 to LSW3.
The configuration details are not mentioned here. For details, see configuration
files in this example.
Step 7 Verify the configuration.
After the configuration is complete and the network topology becomes stable,
perform the following operations to verify the configuration.
● # Run the shutdown command on GE1/0/1 of LSW2 to simulate a fault, and
then run the display sep interface command on LSW3 to check whether
GE1/0/2 on LSW3 changes from the discarding state to the forwarding state.
<LSW3> display sep interface gigabitethernet 1/0/2
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
GE1/0/2 common up forwarding
----End
Configuration Files
● LSW1 configuration file
#
sysname LSW1
#
vlan batch 10 100
# stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
sep segment 1
control-vlan 10
block port middle
tc-notify stp
protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 10 100
sep segment 1 edge no-neighbor primary
#
interface GigabitEthernet1/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
● LSW2 configuration file
#
sysname LSW2
#
vlan batch 10 100
# stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
sep segment 1
control-vlan 10
tc-notify stp
protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 10 100
sep segment 1 edge no-neighbor secondary
#
interface GigabitEthernet1/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
return
● LSW3 configuration file
#
sysname LSW3
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet1/0/2
port hybrid tagged vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet1/0/3
port hybrid tagged vlan vlan 100
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 100
# stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/2
port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/3
port hybrid tagged vlan 100
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 100
# stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/2
port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/3
port hybrid tagged vlan 100
#
return
● PE3 configuration file
#
sysname PE3
#
vlan batch 100
#
stp instance 0 root primary
stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/2
port hybrid tagged vlan 100 200
#
interface GigabitEthernet1/0/3
port hybrid tagged vlan 100 200
#
return
● PE4 configuration file
#
sysname PE4
#
vlan batch 100
#
stp instance 0 root secondary
stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 100
#
interface GigabitEthernet1/0/2
port hybrid tagged vlan 100 200
#
interface GigabitEthernet1/0/3
port hybrid tagged vlan 100 200
#
return
● NPE1 configuration file
#
sysname NPE1
#
vlan batch 100
#
bfd
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 100
ip address 10.1.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.10
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 10
vrrp vrid 1 track bfd-session 1 peer
#
bfd npe2 bind peer-ip default-ip interface GigabitEthernet1/0/1
discriminator local 1
discriminator remote 2
process-interface-status sub-if
commit
#
return
● NPE2 configuration file
#
sysname NPE2
#
vlan batch 100
#
bfd
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1.1
● CE configuration file
#
sysname CE
#
vlan batch 100
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 100
#
return
Configuration Notes
This example applies to all versions of all S series switches.
Networking Requirements
In Figure 6-33, Layer 2 switching devices at access and aggregation layers
constitute a ring network and connect to the core layer. The aggregation layer
uses RRPP to eliminate redundant links, and the access layer uses SEP.
● When there is no faulty link on the ring network, SEP can eliminate loops on
the Ethernet network.
● When a link fails on the ring network, SEP can quickly restore communication
between nodes in the ring.
● The topology change notification function is configured on an edge device in
a SEP segment so that devices on the upper-layer network can promptly
detect topology changes on the lower-layer network.
After receiving a topology change notification from a lower-layer network, a
device on an upper-layer network sends a TC packet to instruct other devices
to delete original MAC addresses and learn new MAC addresses. This ensures
nonstop traffic forwarding.
NOTE
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic SEP functions.
a. Configure SEP segment 1 on PE1, PE2, and LSW1 to LSW3 and configure
VLAN 10 as the control VLAN of SEP segment 1.
b. Add PE1, PE2, and LSW1 to LSW3 to SEP segment and configure interface
roles on edge devices (PE1 and PE2) of the SEP segment.
c. On the device where the primary edge interface is located, specify the
mode in which an interface is blocked.
d. Configure a SEP preemption mode to ensure that the specified blocked
interface takes effect when the fault is rectified.
e. Configure the topology change notification function so that the upper-
layer network running RRPP can be notified of topology changes in the
SEP segment.
2. Configure basic RRPP functions.
a. Add PE1 to PE4 to RRPP domain 1, configure VLAN 5 as the control VLAN
on PE1 to PE4, and configure the protected VLAN.
b. Configure PE1 as the master node and PE2 to PE4 as the transit nodes on
the major ring, and configure primary and secondary interfaces of the
master node.
c. Create VLANs on PE1 to PE4 and add interfaces on the RRPP ring to the
VLANs.
3. Set up a single-hop BFD session between NPE1 and NPE2 to detect the status
of the interfaces configured with VRRP. Then, report the detection result to
VRRP to complete VRRP fast switching.
4. Configure VRRP.
a. Create VRRP group 1 on GE 1/0/1 of NPE1, and set a higher VRRP priority
for NPE1 to ensure that NPE1 functions as the master.
b. Create VRRP group 1 in the view of GE 1/0/1 interface of NPE2, and allow
NPE2 to use the default VRRP priority.
c. Bind a BFD session to VRRP group 1.
5. Configure Layer 2 forwarding on the CE, LSW1 to LSW3, and PE1 to PE4.
NOTE
PEs are aggregation switches, LSWs are access switches, and CEs are user-side switches.
Procedure
Step 1 Configure basic SEP functions.
1. Configure SEP segment 1 and configure VLAN 10 as the control VLAN of SEP
segment 1.
# Configure aggregation switch PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] sep segment 1 //Create SEP segment 1.
[PE1-sep-segment1] control-vlan 10 //Configure VLAN 10 as the control VLAN of SEP segment 1.
NOTE
– The control VLAN must be a VLAN that has not been created or used. However, the
command for creating a common VLAN is automatically displayed in the configuration
file after the control VLAN is created.
– Each SEP segment must have a control VLAN. After an interface is added to a SEP
segment that has a control VLAN, the interface is automatically added to the control
VLAN.
2. Add aggregation switch PE1, aggregation switch PE2, and access switch LSW1
to LSW3 to SEP segment 1 and configure interface roles.
NOTE
After the configuration is complete, run the display sep topology command
on aggregation switch PE1 to check the topology of the SEP segment. The
command output shows that the blocked interface is one of the two
interfaces on the link that last completes neighbor negotiation.
[PE1] display sep topology
SEP segment 1
-------------------------------------------------------------------------
System Name Port Name Port Role Port Status Hop
-------------------------------------------------------------------------
PE1 GE1/0/1 primary forwarding 1
LSW1 GE1/0/1 common forwarding 2
LSW1 GE1/0/2 common forwarding 3
LSW3 GE1/0/2 common forwarding 4
LSW3 GE1/0/1 common forwarding 5
LSW2 GE1/0/2 common forwarding 6
LSW2 GE1/0/1 common forwarding 7
PE2 GE1/0/1 secondary discarding 8
After the configuration is complete, perform the following operations to verify the
configuration. Aggregation switch PE1 is used as an example.
● Run the display sep topology command on aggregation switch PE1 to check
the topology of the SEP segment.
The command output shows that GE1/0/2 of access switch LSW3 is in
discarding state and other interfaces are in forwarding state.
[PE1] display sep topology
SEP segment 1
-------------------------------------------------------------------------
System Name Port Name Port Role Port Status Hop
-------------------------------------------------------------------------
PE1 GE1/0/1 primary forwarding 1
LSW1 GE1/0/1 common forwarding 2
LSW1 GE1/0/2 common forwarding 3
LSW3 GE1/0/2 common discarding 4
LSW3 GE1/0/1 common forwarding 5
LSW2 GE1/0/2 common forwarding 6
LSW2 GE1/0/1 common forwarding 7
PE2 GE1/0/1 secondary forwarding 8
● Run the display sep interface verbose command on aggregation switch PE1
to check detailed information about interfaces in the SEP segment.
[PE1] display sep interface verbose
SEP segment 1
Control-vlan :10
Preempt Delay Timer :0
TC-Notify Propagate to :rrpp
----------------------------------------------------------------
Interface :GE1/0/1
Port Role :Config = primary / Active = primary
Port Priority :64
Port Status :forwarding
Neighbor Status :up
Neighbor Port :LSW1 - GE1/0/1 (00e0-0829-7c00.0000)
NBR TLV rx :2124 tx :2126
LSP INFO TLV rx :2939 tx :135
LSP ACK TLV rx :113 tx :768
PREEMPT REQ TLV rx :0 tx :3
PREEMPT ACK TLV rx :3 tx :0
TC Notify rx :5 tx :3
EPA rx :363 tx :397
[PE1-mst-region] quit
[PE1] rrpp domain 1 //Create RRPP domain 1.
[PE1-rrpp-domain-region1] control-vlan 5 //Configure VLAN 5 as the control VLAN of RRPP domain
1.
[PE1-rrpp-domain-region1] protected-vlan reference-instance 1 //Configure the protected VLAN in
protected instance 1.
# Configure aggregation switch PE2.
[PE2] stp region-configuration //Enter the MST region view.
[PE2-mst-region] instance 1 vlan 5 6 100 //Map VLAN 5, VLAN 6, and VLAN 100 to MSTI 1.
[PE2-mst-region] active region-configuration //Activate MST region configuration.
[PE2-mst-region] quit
[PE2] rrpp domain 1 //Create RRPP domain 1.
[PE2-rrpp-domain-region1] control-vlan 5 //Configure VLAN 5 as the control VLAN of RRPP domain
1.
[PE2-rrpp-domain-region1] protected-vlan reference-instance 1 //Configure the protected VLAN in
protected instance 1.
# Configure aggregation switch PE3.
[PE3] stp region-configuration //Enter the MST region view.
[PE3-mst-region] instance 1 vlan 5 6 100 //Map VLAN 5, VLAN 6, and VLAN 100 to MSTI 1.
[PE3-mst-region] active region-configuration //Activate MST region configuration.
[PE3-mst-region] quit
[PE3] rrpp domain 1 //Create RRPP domain 1.
[PE3-rrpp-domain-region1] control-vlan 5 //Configure VLAN 5 as the control VLAN of RRPP domain
1.
[PE3-rrpp-domain-region1] protected-vlan reference-instance 1 //Configure the protected VLAN in
protected instance 1.
# Configure aggregation switch PE4.
[PE4] stp region-configuration //Enter the MST region view.
[PE4-mst-region] instance 1 vlan 5 6 100 //Map VLAN 5, VLAN 6, and VLAN 100 to MSTI 1.
[PE4-mst-region] active region-configuration //Activate MST region configuration.
[PE4-mst-region] quit
[PE4] rrpp domain 1 //Create RRPP domain 1.
[PE4-rrpp-domain-region1] control-vlan 5 //Configure VLAN 5 as the control VLAN of RRPP domain
1.
[PE4-rrpp-domain-region1] protected-vlan reference-instance 1 //Configure the protected VLAN in
protected instance 1.
NOTE
The control VLAN must be a VLAN that has not been created or used. However, the
command for creating a common VLAN is automatically displayed in the configuration file
after the control VLAN is created.
2. Create a VLAN and add interfaces on the ring network to the VLAN.
# On aggregation switch PE1, create VLAN 100 and add GE1/0/1, GE1/0/2,
and GE1/0/3 to VLAN 100.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] stp disable //Disable STP.
[PE1-GigabitEthernet1/0/1] port link-type trunk
[PE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] stp disable //Disable STP.
[PE1-GigabitEthernet1/0/2] port link-type trunk
[PE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 100
[PE1-GigabitEthernet1/0/2] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] stp disable //Disable STP.
[PE1-GigabitEthernet1/0/3] port link-type trunk
[PE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 100
[PE1-GigabitEthernet1/0/3] quit
# On aggregation switch PE2, create VLAN 100 and add GE1/0/1, GE1/0/2,
and GE1/0/3 to VLAN 100.
After the configuration is complete, run the display rrpp brief or display rrpp
verbose domain command. Aggregation switch PE1 is used as an example.
[PE1] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 5 sub 6
Protected VLAN : Reference Instance 1
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 6 sec(default is 6 sec)
The major control VLAN is VLAN 5 and the sub-control VLAN is VLAN 6 in RRPP
domain 1. VLANs mapping Instance1 are protected VLANs. Aggregation switch
PE1 is the master node in Complete state. The primary interface is GE1/0/2 and
the secondary interface is GE1/0/3.
Step 3 Configure VLAN 100 to transmit VRRP packets and VLAN 200 to transmit BFD
packets.
# Configure aggregation switch PE3.
[PE3] vlan batch 100 200
[PE3] interface gigabitethernet 1/0/2
[PE3-GigabitEthernet1/0/2] stp disable //Disable STP.
[PE3-GigabitEthernet1/0/2] port link-type trunk
[PE3-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200
[PE3-GigabitEthernet1/0/2] quit
[PE3] interface gigabitethernet 1/0/3
[PE3-GigabitEthernet1/0/3] stp disable //Disable STP.
[PE3-GigabitEthernet1/0/3] port link-type trunk
[PE3-GigabitEthernet1/0/3] port trunk allow-pass vlan 100 200
[PE3-GigabitEthernet1/0/3] quit
# Enable BFD on NPE2 and configure a BFD session between NPE1 and NPE2.
[NPE2] bfd
[NPE2-bfd] quit
[NPE2] bfd NPE1 bind peer-ip default-ip interface gigabitethernet 1/0/1 //Configure a static BFD
session to monitor the link of the VRRP group.
[NPE2-bfd-session-npe1] discriminator local 2
[NPE2-bfd-session-npe1] discriminator remote 1
[NPE2-bfd-session-npe1] commit
[NPE2-bfd-session-npe1] quit
# After completing the configuration, run the display bfd session all on NPE1
and NPE2. The command output shows that the BFD session is set up
between NPE1 and NPE2 and its status is Up.
Use the display on NPE1 as an example.
[NPE1] display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
1 2 224.0.0.184 Up S_IP_IF GigabitEthernet1/0/1
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
# Configure NPE2.
[NPE2] bfd
[NPE2-bfd] quit
[NPE2] bfd NPE1
[NPE2-bfd-session-npe1] process-interface-status sub-if
[NPE2-bfd-session-npe1] commit
[NPE2-bfd-session-npe1] quit
After completing the preceding configurations, run the display bfd session all
verbose command on NPE1 and NPE2. Check that the Proc interface status
field displays Enable (Sub-If).
Use the display on NPE1 as an example.
[NPE1] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 257 (One Hop) State : Up Name : npe2
--------------------------------------------------------------------------------
Local Discriminator : 1 Remote Discriminator : 2
Session Detect Mode : Asynchronous Mode Without Echo Function
After completing the preceding configurations, run the display vrrp command on
NPE1. Check that the status of NPE1 is Master. Run the display vrrp command on
NPE2. Check that the status of NPE2 is Backup.
[NPE1] display vrrp
GigabitEthernet1/0/1.1 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.10
Master IP : 10.1.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 10
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Step 6 Configure Layer 2 forwarding on the user-side switch CE, access switch LSW1 to
LSW3, and aggregation switch PE1 to PE4.
The configuration details are not mentioned here. For details, see configuration
files in this example.
Step 7 Verify the configuration.
After the configuration is complete and the network topology becomes stable,
perform the following operations to verify the configuration.
● # Run the shutdown command on GE1/0/1 of LSW2 to simulate a fault, and
then run the display sep interface command on LSW3 to check whether
GE1/0/2 on LSW3 changes from the discarding state to the forwarding state.
[LSW3] display sep interface gigabitethernet 1/0/2
SEP segment 1
----------------------------------------------------------------
Interface Port Role Neighbor Status Port Status
----------------------------------------------------------------
GE1/0/2 common up forwarding
● Run the shutdown command on GE 1/0/1.1 on NPE1 to simulate an interface
fault, and then run the display vrrp command on NPE2 to check whether the
status of NPE2 changes from backup to master.
[NPE2] display vrrp
GigabitEthernet1/0/1.1 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.10
Master IP : 10.1.1.2
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
----End
Configuration Files
● LSW1 configuration file
#
sysname LSW1
#
vlan batch 10 100
#
sep segment 1
control-vlan 10
protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
return
control-vlan 10
protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 100
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 5 to 6 10 100
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode master primary-port GigabitEthernet 1/0/2 secondary-port GigabitEthernet 1/0/3
level 0
ring 1 enable
#
sep segment 1
control-vlan 10
block port middle
tc-notify rrpp
protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1 edge primary
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 5 to 6 10 100
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet 1/0/2 secondary-port GigabitEthernet 1/0/3
level 0
ring 1 enable
#
sep segment 1
control-vlan 10
tc-notify rrpp
protected-instance 0 to 4094
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
stp disable
sep segment 1 edge secondary
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 5 to 6 100
stp disable
#
return
#
return
● PE4 configuration file
#
sysname PE4
#
vlan batch 5 to 6 100 200
#
rrpp enable
#
stp region-configuration
instance 1 vlan 5 to 6 100
active region-configuration
#
rrpp domain 1
control-vlan 5
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port GigabitEthernet 1/0/1 secondary-port GigabitEthernet 1/0/2
level 0
ring 1 enable
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 100
stp disable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 5 to 6 100 200
stp disable
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass 100 200
stp disable
#
return
● NPE1 configuration file
#
sysname NPE1
#
vlan batch 100
#
bfd
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 100
ip address 10.1.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.10
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 10
vrrp vrid 1 track bfd-session 1 peer
#
bfd npe2 bind peer-ip default-ip interface GigabitEthernet1/0/1
discriminator local 1
discriminator remote 2
process-interface-status sub-if
commit
#
return
● NPE2 configuration file
#
sysname NPE2
#
vlan batch 100
#
bfd
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 100
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.10
vrrp vrid 1 track bfd-session 2 peer
#
bfd npe1 bind peer-ip default-ip interface GigabitEthernet1/0/1
discriminator local 2
discriminator remote 1
process-interface-status sub-if
commit
#
return
● CE configuration file
#
sysname CE1
#
vlan batch 100
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
return
Overview
VLAN-based Spanning Tree (VBST) constructs a spanning tree in each VLAN so
that traffic from different VLANs can be forwarded through different spanning
trees. VBST is a Huawei proprietary that is equivalent to the Spanning Tree
Protocol (STP) or Rapid Spanning Tree Protocol (RSTP) running in each VLAN.
Spanning trees in different VLANs are independent of each other.
Currently, the three standard spanning tree protocols are STP, RSTP, and Multiple
Spanning Tree Protocol (MSTP). STP and RSTP cannot implement VLAN-based
load balancing, because all the VLANs on a LAN share a spanning tree and
packets in all VLANs are forwarded along this spanning tree. In addition, the
blocked link does not carry any traffic, which wastes bandwidth and may prevent
some VLANs from forwarding packets. MSTP is generally preferred because it is
compatible with STP and RSTP, ensures fast convergence, and provides multiple
paths to load balance traffic.
On enterprise networks, enterprise users need functions that are easy to use and
maintain, whereas the configuration of MSTP multi-instance and multi-process is
complex and requires in-depth knowledge.
To address this issue, Huawei developed VBST. VBST constructs a spanning tree in
each VLAN so that traffic from different VLANs is load balanced along different
spanning trees. In addition, VBST is easy to configure and maintain.
Configuration Notes
This example applies to all models of V200R005C00 and later versions.
When configuring VBST on the switch, pay attention to the following points:
● When HVRP is enabled on a modular switch, do not change the STP mode to
VBST.
● When VBST is enabled on a ring network, VBST immediately starts spanning
tree calculation. Parameters such as the device priority and port priority affect
spanning tree calculation, and changes of these parameters may cause
network flapping. To ensure fast and stable spanning tree calculation, perform
basic configurations on the switch and interfaces before enabling VBST.
● If the protected instance has been configured in a SEP segment or ERPS ring
but the mapping between protected instances and VLANs is not configured,
VBST cannot be enabled.
● VBST cannot be enabled in the ignored VLAN or control VLAN used by ERPS,
RRPP, SEP, or Smart Link.
● If 1:N (N>1) mapping between MSTIs and VLANs has been configured on the
switch, you must delete the mapping before changing the STP working mode
to VBST.
● If stp vpls-subinterface enable has been configured on the switch, you must
run the undo stp vpls-subinterface enable command on the interface before
changing the STP working mode to VBST.
● If the device has been configured as the root bridge or secondary root bridge,
run the undo stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> root command to
disable the root bridge or secondary root bridge function and run the stp vlan
{ vlan-id1 [ to vlan-id2 ] } &<1-10> priority priority command to change the
device priority.
● When the number of MSTIs that are dynamically specified exceeds the
number of protected VLANs, STP is disabled in a created VLAN in the
configuration file, for example, stp vlan 100 disable.
● To prevent frequent network flapping, ensure that the values of Hello time,
Forward Delay, and Max Age conform to the following formulas:
– 2 x (Forward Delay - 1.0 second) >= Max Age
– Max Age >= 2 x (Hello Time + 1.0 second)
● It is recommended that fast convergence in normal mode be used. If the fast
mode is used, frequently deleting ARP entries may result in 100% CPU usage
of the MPU and LPU. As a result, packet processing expires and network
flapping occurs.
● After all ports are configured as edge ports and BPDU filter ports in the
system view, none of ports on the switch send BPDUs or negotiate the VBST
status with directly connected ports on the peer device. All ports are in
forwarding state. This may cause loops on the network, leading to broadcast
storms. Exercise caution when you configure a port as an edge port and BPDU
filter port.
● After a port is configured as an edge port and BPDU filter port in the
interface view, the port does not process or send BPDUs. The port cannot
negotiate the VBST status with the directly connected port on the peer device.
Exercise caution when you configure a port as an edge port and BPDU filter
port.
Networking Requirements
In Figure 6-34, SwitchC and SwitchD (access switches) are dual-homed to SwitchA
and SwitchB (aggregation switches). SwitchC transmits traffic from VLAN 10 and
VLAN 20, and SwitchD transmits traffic from VLAN 20 and VLAN 30. A ring
network is formed between the access layer and aggregation layer. The enterprise
requires that service traffic in each VLAN be correctly forwarded and service traffic
from different VLANs be load balanced to improve link use efficiency.
Configuration Roadmap
VBST can be used to eliminate loops between the access layer and aggregation
layer and ensures that service traffic in each VLAN is correctly forwarded. In
addition, traffic from different VLANs can be load balanced. The configuration
roadmap is as follows:
1. Configure Layer 2 forwarding on access and aggregation switches.
2. Configure basic VBST functions on SwitchA, SwitchB, SwitchC, and SwitchD.
Perform the following operations so that a spanning tree shown in Figure
6-34 is formed through calculation:
– Configure SwitchA and SwitchB as the root bridge and secondary root
bridge of VLAN 10 respectively, configure SwitchA and SwitchB as the
root bridge and secondary root bridge of VLAN 20 respectively, and
configure SwitchB and SwitchA as the root bridge and secondary root
bridge of VLAN 30 respectively.
– Set a larger path cost for GE1/0/2 on SwitchC in VLAN 10 and VLAN 20
so that GE1/0/2 is blocked in spanning trees of VLAN 10 and VLAN 20.
Set a larger path cost for GE1/0/2 on SwitchD in VLAN 20 and VLAN 30
so that GE1/0/2 is blocked in the spanning tree of VLAN 20 and VLAN 30.
3. Configure ports on SwitchC and SwitchD connected to terminals as edge ports
to reduce VBST topology calculation and improve topology convergence.
Procedure
Step 1 Configure Layer 2 forwarding on switches of the ring network.
● Create VLAN 10, VLAN 20, and VLAN 30 on SwitchA, SwitchB, SwitchC, and
SwitchD.
# Create VLAN 10, VLAN 20, and VLAN 30 on aggregation switch SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10 20 30
# Create VLAN 10, VLAN 20, and VLAN 30 on aggregation switch SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 10 20 30
# Create VLAN 10 and VLAN 20 on access switch SwitchC.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] vlan batch 10 20
# Create VLAN 20 and VLAN 30 on access switch SwitchD.
<Quidway> system-view
[Quidway] sysname SwitchD
[SwitchD] vlan batch 20 30
● Add ports connected to the ring to VLANs.
# Add GE1/0/1 on SwitchA to VLAN 10, VLAN 20, and VLAN 30.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 20 30
[SwitchA-GigabitEthernet1/0/1] quit
# Add GE1/0/2 on SwitchA to VLAN 20 and VLAN 30.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
# Add GE1/0/1 on SwitchB to VLAN 10, VLAN 20, and VLAN 30.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 20 30
[SwitchB-GigabitEthernet1/0/1] quit
– The path cost range depends on the algorithm. IEEE 802.1t standard is used as an
example. Set the path costs of the ports to be blocked to 2000000.
– All switches on the same network must use the same path cost calculation
method.
# Set the path cost of GE1/0/2 on SwitchC to 2000000 in VLAN 10 and VLAN
20.
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] stp vlan 10 cost 2000000
[SwitchC-GigabitEthernet1/0/2] stp vlan 20 cost 2000000
[SwitchC-GigabitEthernet1/0/2] quit
# Set the path cost of GE1/0/2 on SwitchD to 2000000 in VLAN 20 and VLAN
30.
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] stp vlan 20 cost 2000000
[SwitchD-GigabitEthernet1/0/2] stp vlan 30 cost 2000000
[SwitchD-GigabitEthernet1/0/2] quit
By default, all ports join VLAN 1 and VBST is enabled in VLAN 1. To reduce
spanning tree calculation, disable VBST in VLAN 1. To prevent loops in VLAN 1
after VBST is disabled, delete ports from VLAN 1.
# Disable VBST in VLAN 1 on SwitchA.
[SwitchA] stp vlan 1 disable
# Disable VBST in VLAN 1 on SwitchB.
[SwitchB] stp vlan 1 disable
# Disable VBST in VLAN 1 on SwitchC.
[SwitchC] stp vlan 1 disable
# Disable VBST in VLAN 1 on SwitchD.
[SwitchD] stp vlan 1 disable
# Delete GE1/0/1, GE1/0/2, and GE1/0/3 on SwitchA from VLAN 1.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet1/0/3] quit
# Delete GE1/0/1, GE1/0/2, and GE1/0/3 on SwitchB from VLAN 1.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet1/0/2] quit
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet1/0/3] quit
# Delete GE1/0/2, and GE1/0/3 on SwitchB from VLAN 1.
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1
[SwitchC-GigabitEthernet1/0/2] quit
[SwitchC] interface gigabitethernet 1/0/3
[SwitchC-GigabitEthernet1/0/3] undo port trunk allow-pass vlan 1
[SwitchC-GigabitEthernet1/0/3] quit
# Delete GE1/0/2, and GE1/0/3 on SwitchD from VLAN 1.
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1
[SwitchD-GigabitEthernet1/0/2] quit
[SwitchD] interface gigabitethernet 1/0/3
[SwitchD-GigabitEthernet1/0/3] undo port trunk allow-pass vlan 1
[SwitchD-GigabitEthernet1/0/3] quit
– Enable VBST globally.
# Enable VBST on SwitchA globally.
[SwitchA] stp enable
# Enable VBST on SwitchB globally.
[SwitchB] stp enable
# Enable VBST on SwitchC globally.
[SwitchC] stp enable
The preceding information shows that SwitchA is selected as the root bridge in
VLAN 10 and GE1/0/1 and GE1/0/3 are selected as designated ports in
FORWARDING state.
# Run the display stp brief command on SwitchB, SwitchC, and SwitchD to check
the port status.
[SwitchB] display stp brief
VLAN-ID Port Role STP State Protection
10 GigabitEthernet1/0/1 ROOT FORWARDING NONE
10 GigabitEthernet1/0/2 DESI FORWARDING NONE
20 GigabitEthernet1/0/1 ROOT FORWARDING NONE
20 GigabitEthernet1/0/2 DESI FORWARDING NONE
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10 20 30
#
stp mode vbst
stp enable
#
stp vlan 1 disable
stp vlan 30 root secondary
stp vlan 10 20 root primary
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 30
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 30
#
interface GigabitEthernet1/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
#
return
● SwitchB configuration file
#
sysname SwitchB
#
vlan batch 10 20 30
#
stp mode vbst
stp enable
#
stp vlan 1 disable
stp vlan 10 20 root secondary
stp vlan 30 root primary
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 30
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet1/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 30
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 10 20
#
stp mode vbst
stp enable
#
stp vlan 1 disable
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
stp vlan 10 20 cost 2000000
#
interface GigabitEthernet1/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet1/0/4
port link-type access
port default vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/5
port link-type access
port default vlan 20
stp edged-port enable
#
return
● SwitchD configuration file
#
sysname SwitchD
#
vlan batch 20 30
#
stp mode vbst
stp enable
#
Overview
When a loop occurs on a network, broadcast, multicast, and unknown unicast
packets are repeatedly transmitted on the network. This wastes network resources
and may even cause a network breakdown. To minimize the impact of loops on a
Layer 2 network, a detection technology that quickly notifies users of loops is
required. When a loop occurs, users are requested to check network connections
and configurations, and control the problematic interface.
After loops are detected, the device can send alarms to the NMS and record logs,
and can control the interface status (the interface is shut down by default)
according to the device configuration so that the impact of loops on the device
and network is minimized. The device provides the following actions after LDT
detects a loop:
● Trap: The device reports a trap to the NMS and records a log, but does not
take any action on the interface.
● Block: The device blocks this interface, and can forward only BPDUs.
● No learning: The interface is disabled from learning MAC addresses.
● Shutdown: The device shuts down the interface.
● Quitvlan: The interface is removed from the VLAN where a loop occurs.
The problematic interface continues to send LDT packets. If the device receives no
LDT packets from the problematic interface within the recovery time, it considers
that the loop is eliminated on the interface and restores the interface.
LDT can only detect loops on a single node, but cannot eliminate loops on the
entire network in the same manner as ring network technologies of ERPS, RRPP,
SEP, Smart Link, and STP/RSTP/MSTP/VBST.
Configuration Notes
● This example applies to all versions of the modular switches.
● In V200R008C00 and earlier versions, LDT does not take effect in dynamic
VLANs
● LDT and LBDT cannot be configured simultaneously.
● LDT needs to send a large number of LDT packets to detect loops, occupying
system resources. Therefore, disable LDT if loops do not need to be detected.
● When loops occur in multiple VLANs on many interfaces, LDT performance is
lowered due to limitations of security policies and CPU processing capability.
The greater the number of involved VLANs and interfaces, the lower the
performance. In particular, the performance of the standby chassis in the
cluster is lowered. Manually eliminating loops is recommended.
● LDT cannot be used with ring network technologies of ERPS, RRPP, SEP, Smart
Link, and STP/RSTP/MSTP/VBST. Do not configure ring network technologies
on an interface of a LDT-enabled VLAN. If LDT has been enabled globally and
ring network technologies need to be configured on an interface, disable LDT
on the interface first.
● LDT sends only tagged packets and can only detect loops based on VLANs.
LDT can detect loops in a maximum of 4094 VLANs.
● When a loop occurs on the network-side interface where the Block or
Shutdown action is configured, all services on the device are interrupted. Do
not deploy LDT on the network-side interface.
● The Quitvlan action cannot be used with GVRP, HVRP, or the action of
removing an interface from the VLAN where MAC address flapping occurs.
● The blocked ports of LDT cannot block GVRP packets. To ensure that GVRP
runs normally and prevent GVRP loops, do not enable GVRP on the blocked
port of LDT.
Networking Requirements
In Figure 6-35, a new branch network of an enterprise connects to the
aggregation switch Switch, and VLANs 10 to 20 are deployed on the branch
network. Loops occur due to incorrect connections or configurations. As a result,
communication on the Switch and uplink network is affected.
It is required that the Switch should immediately detect loops on the new branch
network to prevent the impact of loops on the Switch and uplink network.
Figure 6-35 Networking for configuring LDT to detect loops on the downstream
network
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable LDT on GE1/0/1 of the Switch to detect loops in a specified VLAN so
that loops on the downstream network can be detected.
2. Configure an action after loops are detected so that the Switch can
immediately shut down the interface where a loop is detected. This prevents
the impact of the loop on the Switch and uplink network.
NOTE
Configure interfaces on other switching devices as trunk or hybrid interfaces and configure
these interfaces to allow packets from corresponding VLANs to pass through. This ensures
Layer 2 connectivity on the new network and between the new network and the Switch.
Procedure
Step 1 Enable global LDT.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] loop-detection enable //Enable LDT globally.
The command output shows that LDT is enabled in VLANs 10 to 20 and the
Shutdown action is taken on GE1/0/1 in VLAN 10, indicating that loops are
detected in VLAN 10.
NOTE
After loops are detected in one or more VLANs, the system shuts down the involved
interface and loops are removed. In this case, LDT may be unable to detect all VLANs where
loops occur.
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 to 20
#
loop-detection enable
loop-detection interval-time 10
loop-detection enable vlan 10 to 20
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 10 to 20
stp disable
#
snmp-agent trap enable feature-name LDTTRAP
#
return
Overview
When a loop occurs on a network, broadcast, multicast, and unknown unicast
packets are repeatedly transmitted on the network. This wastes network resources
and may even cause a network breakdown. To minimize the impact of loops on a
Layer 2 network, a detection technology that quickly notifies users of loops is
required. When a loop occurs, users are requested to check network connections
and configurations, and control the problematic interface.
After loops are detected, the device can send alarms to the NMS and record logs,
and can control the interface status (the interface is shut down by default)
according to the device configuration so that the impact of loops on the device
and network is minimized. The device provides the following actions after LDT
detects a loop:
● Trap: The device reports a trap to the NMS and records a log, but does not
take any action on the interface.
● Block: The device blocks this interface, and can forward only BPDUs.
● No learning: The interface is disabled from learning MAC addresses.
● Shutdown: The device shuts down the interface.
● Quitvlan: The interface is removed from the VLAN where a loop occurs.
The problematic interface continues to send LDT packets. If the device receives no
LDT packets from the problematic interface within the recovery time, it considers
that the loop is eliminated on the interface and restores the interface.
LDT can only detect loops on a single node, but cannot eliminate loops on the
entire network in the same manner as ring network technologies of ERPS, RRPP,
SEP, Smart Link, and STP/RSTP/MSTP/VBST.
Configuration Notes
● This example applies to all versions of the modular switches.
● In V200R008C00 and earlier versions, LDT does not take effect in dynamic
VLANs
● LDT and LBDT cannot be configured simultaneously.
● LDT needs to send a large number of LDT packets to detect loops, occupying
system resources. Therefore, disable LDT if loops do not need to be detected.
● When loops occur in multiple VLANs on many interfaces, LDT performance is
lowered due to limitations of security policies and CPU processing capability.
The greater the number of involved VLANs and interfaces, the lower the
performance. In particular, the performance of the standby chassis in the
cluster is lowered. Manually eliminating loops is recommended.
● LDT cannot be used with ring network technologies of ERPS, RRPP, SEP, Smart
Link, and STP/RSTP/MSTP/VBST. Do not configure ring network technologies
on an interface of a LDT-enabled VLAN. If LDT has been enabled globally and
ring network technologies need to be configured on an interface, disable LDT
on the interface first.
● LDT sends only tagged packets and can only detect loops based on VLANs.
LDT can detect loops in a maximum of 4094 VLANs.
● When a loop occurs on the network-side interface where the Block or
Shutdown action is configured, all services on the device are interrupted. Do
not deploy LDT on the network-side interface.
● The Quitvlan action cannot be used with GVRP, HVRP, or the action of
removing an interface from the VLAN where MAC address flapping occurs.
● The blocked ports of LDT cannot block GVRP packets. To ensure that GVRP
runs normally and prevent GVRP loops, do not enable GVRP on the blocked
port of LDT.
Networking Requirements
In Figure 6-36, an enterprise uses Layer 2 networking. The Switch is the
aggregation switch, and each switch allows packets from VLANs 10 to 20 to pass
through. Because employees often move, the network topology changes
frequently. Connections or configurations may be incorrect due to misoperations.
As a result, loops may occur in VLANs 10 to 20.
Loops cause broadcast storms and affect device and network communication. It is
required that loops be detected and eliminated in VLANs in a timely manner to
prevent broadcast storms.
Figure 6-36 Networking for configuring LDT to detect loops on the local network
Configuration Roadmap
Loops need to be detected in VLANs 10 to 20. Because there are more than eight
VLANs, you can configure LDT to detect loops and configure an action after loops
are detected to prevent broadcast storms. All VLANs share a link. To prevent loop
removal in a VLAN from affecting data forwarding in other VLANs, configure the
Quitvlan action. The configuration roadmap is as follows:
1. Enable LDT on GE1/0/0 and GE2/0/0 on the Switch to detect loops in VLANs
10 to 20.
2. Configure an action to be taken after a loop is detected on GE1/0/0 and
GE2/0/0, and set the recovery time so that the Switch can immediately take
the preconfigured action on the interface to prevent broadcast storms after a
loop is detected. In addition, the Switch can restore the interface after the
loop is eliminated.
NOTE
Configure interfaces on other switching devices as trunk or hybrid interfaces and configure
these interfaces to allow packets from corresponding VLANs to pass through to ensure
Layer 2 connectivity.
Procedure
Step 1 Enable global LDT.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] loop-detection enable //Enable LDT globally.
The VLANs that an interface is removed from are uncertain, but the interface will be
removed from all VLANs where loops occur.
2. After the loop is eliminated (for example, GE2/0/0 is shut down, and
connections between devices are corrected), check whether GE1/0/0 and
GE2/0/0 are restored.
[Switch] display loop-detection interface gigabitethernet 1/0/0
The port is enabled.
The port's status list:
Status WorkMode Recovery-time EnabledVLAN
-----------------------------------------------------------------------
Normal Quitvlan 30 10
Normal Quitvlan 30 11
Normal Quitvlan 30 12
Normal Quitvlan 30 13
Normal Quitvlan 30 14
Normal Quitvlan 30 15
Normal Quitvlan 30 16
Normal Quitvlan 30 17
Normal Quitvlan 30 18
Normal Quitvlan 30 19
Normal Quitvlan 30 20
[Switch] display loop-detection interface gigabitethernet 2/0/0
The port is enabled.
The port's status list:
Status WorkMode Recovery-time EnabledVLAN
-----------------------------------------------------------------------
Normal Quitvlan 30 10
Normal Quitvlan 30 11
Normal Quitvlan 30 12
Normal Quitvlan 30 13
Normal Quitvlan 30 14
Normal Quitvlan 30 15
Normal Quitvlan 30 16
Normal Quitvlan 30 17
Normal Quitvlan 30 18
Normal Quitvlan 30 19
Normal Quitvlan 30 20
The command output shows that GE1/0/0 and GE2/0/0 are restored.
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 to 20
#
loop-detection enable
loop-detection interval-time 10
loop-detection enable vlan 10 to 20
#
interface GigabitEthernet1/0/0
port hybrid tagged vlan 10 to 20
stp disable
loop-detection mode port-quitvlan
loop-detection recovery-time 30
#
interface GigabitEthernet2/0/0
port hybrid tagged vlan 10 to 20
stp disable
loop-detection mode port-quitvlan
loop-detection recovery-time 30
#
snmp-agent trap enable feature-name LDTTRAP
#
return
Overview
When a loop occurs on a network, broadcast, multicast, and unknown unicast
packets are repeatedly transmitted on the network. This wastes network resources
and may even cause a network breakdown. To minimize the impact of loops on a
Layer 2 network, a detection technology that quickly notifies users of loops is
required. When a loop occurs, users are requested to check network connections
and configurations, and control the problematic interface.
After loops are detected, the device can send alarms to the NMS and record logs,
and can control the interface status (the interface is shut down by default)
according to the device configuration so that the impact of loops on the device
and network is minimized. The device provides the following actions after LBDT
detects a loop:
● Trap: The device reports a trap to the NMS and records a log, but does not
take any action on the interface.
● Block: The device blocks this interface, and can forward only BPDUs.
● No learning: The interface is disabled from learning MAC addresses.
Configuration Notes
● This example applies to all versions of all S series switches.
● In V200R008C00 and earlier versions, LBDT does not take effect in dynamic
VLANs. In V200R008C00 and later versions, the LBDT-enabled switch can
detect loops in dynamic VLANs, but the Quitvlan action is invalid for dynamic
VLANs.
● LBDT needs to send a large number of LBDT packets to detect loops,
occupying system resources. Therefore, disable LBDT if loops do not need to
be detected.
● In versions earlier than V200R019C00, LBDT cannot be configured on an Eth-
Trunk or its member interfaces. In V200R019C00 and later versions, LBDT can
be configured on an Eth-Trunk but cannot be configured on its member
interfaces.
● Manual LBDT can be configured on a maximum of 128 Eth-Trunks.
● An interface can send LBDT packets with the specified VLAN tag only when
the specified VLAN has been created.
● LBDT can detect loops in a maximum of 32 VLANs.
● When the PVID of the interface in the loop is the detected VLAN ID or the
interface joins the detected VLAN in untagged mode, VLAN tags of LBDT
packets are removed. As a result, the packet priority changes and the system
may fail to detect loops.
● When the Quitvlan action is used, the configuration file remains unchanged.
● The LBDT action and MAC address flapping action affect each other, and
cannot be configured simultaneously.
● The Quitvlan action of LBDT conflicts with dynamic removal from VLANs (for
example, GVRP and HVRP), and cannot be configured simultaneously.
● The blocked ports of LBDT cannot block GVRP packets. To ensure that GVRP
runs normally and prevent GVRP loops, do not enable GVRP on the blocked
port of LBDT.
● On a modular switch, LBDT and loop detection (LDT) cannot be configured
simultaneously.
Networking Requirements
In Figure 6-37, aggregation switch SwitchA on an enterprise network connects to
access switch SwitchB. To prevent loopbacks on a TX-RX interface (GE1/0/0)
Configuration Roadmap
To detect loopbacks on downlink interface GE1/0/0 of SwitchA, configure LBDT on
GE1/0/0 of SwitchA. The configuration roadmap is as follows:
1. Enable LBDT on GE1/0/0 of SwitchA to detect loopbacks.
2. Configure an action to be taken after a loopback is detected and set the
recovery time. After a loopback is detected, the Switch blocks the interface to
reduce the impact of the loopback on the network. After a loop is eliminated,
the interface can be restored.
Procedure
Step 1 Enable LBDT on an interface.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface gigabitethernet 1/0/0
[SwitchA-GigabitEthernet1/0/0] loopback-detect enable //Enable LBDT on the interface.
[SwitchA-GigabitEthernet1/0/0] quit
Step 2 Configure an action to be taken after a loop is detected and set the recovery time.
[SwitchA] interface gigabitethernet 1/0/0
[SwitchA-GigabitEthernet1/0/0] loopback-detect action block //Configure the Block action to be taken
after a loop is detected.
[SwitchA-GigabitEthernet1/0/0] loopback-detect recovery-time 30 //Set the recovery delay to 30s.
[SwitchA-GigabitEthernet1/0/0] quit
----------------------------------------------------------------------------------
GigabitEthernet1/0/0 30 block
NORMAL
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
GigabitEthernet1/0/0 30 block
NORMAL
----------------------------------------------------------------------------------
----End
Configuration Files
SwitchA configuration file
#
sysname SwitchA
#
interface GigabitEthernet1/0/0
loopback-detect recovery-time 30
loopback-detect enable
loopback-detect action block
#
return
Configuration Notes
● This example applies to all versions of all S series switches.
● In V200R008C00 and earlier versions, LBDT does not take effect in dynamic
VLANs. In V200R008C00 and later versions, the LBDT-enabled switch can
detect loops in dynamic VLANs, but the Quitvlan action is invalid for dynamic
VLANs.
Networking Requirements
In Figure 6-38, a new department of an enterprise connects to the aggregation
switch Switch. This department belongs to VLAN 100. Loops occur due to incorrect
connections or configurations. As a result, communication on the Switch and
uplink network is affected.
It is required that the Switch should detect loops on the new network to prevent
the impact of loops on the Switch and connected network.
Figure 6-38 Networking for configuring LBDT to detect loops on the downstream
network
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable LBDT on GE1/0/1 of the Switch to detect loops in a specified VLAN so
that loops on the downstream network can be detected.
2. Set LBDT parameters so that the Switch can immediately shut down GE1/0/1
after a loop is detected. This prevents the impact of the loop on the Switch
and connected network.
NOTE
Configure interfaces on other switching devices as trunk or hybrid interfaces and configure
these interfaces to allow packets from corresponding VLANs to pass through. This ensures
Layer 2 connectivity on the new network and between the new network and the Switch.
Procedure
Step 1 Enable LBDT on the interface.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] loopback-detect enable //Enable LBDT on the interface.
[Switch-GigabitEthernet1/0/1] quit
----------------------------------------------------------------------------------
GigabitEthernet1/0/1 30 shutdown
NORMAL
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 100
#
loopback-detect packet-interval 10
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 100
loopback-detect packet vlan 100
loopback-detect enable
#
return
Configuration Notes
● This example applies to all versions of all S series switches.
● In V200R008C00 and earlier versions, LBDT does not take effect in dynamic
VLANs. In V200R008C00 and later versions, the LBDT-enabled switch can
detect loops in dynamic VLANs, but the Quitvlan action is invalid for dynamic
VLANs.
Networking Requirements
In Figure 6-39, a small-scale enterprise uses Layer 2 networking and belongs to
VLAN 100. Because employees often move, the network topology changes
frequently. Loops occur due to incorrect connections or configurations during the
change. As a result, broadcast storms occur and affect communication of the
Switch and entire network.
The requirements are as follows:
● The Switch detects loops.
● When a loop exists, the interface is blocked to reduce the impact of the loop
on the Switch and network.
● When the loop is eliminated, the interface can be restored.
Figure 6-39 Networking for configuring LBDT to detect loops on the local network
Configuration Roadmap
To detect loops on the network where the Switch is deployed, configure LBDT on
GE1/0/1 and GE1/0/2 of the Switch. In this example, untagged LBDT packets sent
by the Switch will be discarded by other switches on the network. As a result, the
packets cannot be sent back to the Switch, and LBDT fails. Therefore, LBDT is
configured in a specified VLAN. The configuration roadmap is as follows:
1. Enable LBDT on interfaces and configure the Switch to detect loops in VLAN
100 to implement LBDT on the network where the Switch is located.
2. Configure an action to be taken after a loop is detected and set the recovery
time. After a loop is detected, the Switch blocks the interface to reduce the
impact of the loop on the network. After a loop is eliminated, the interface
can be restored.
NOTE
Configure interfaces on other switching devices as trunk or hybrid interfaces and configure
these interfaces to allow packets from corresponding VLANs to pass through to ensure
Layer 2 connectivity.
Procedure
Step 1 Enable LBDT on interfaces.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] loopback-detect enable //Enable LBDT on the interface.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] loopback-detect enable //Enable LBDT on the interface.
[Switch-GigabitEthernet1/0/2] quit
[Switch-GigabitEthernet1/0/2] loopback-detect packet vlan 100 //Enable LBDT to detect loops in VLAN
100.
[Switch-GigabitEthernet1/0/2] quit
Step 3 Configure an action to be taken after a loop is detected and set the recovery time.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] loopback-detect action block //Configure the Block action to be taken
after a loop is detected.
[Switch-GigabitEthernet1/0/1] loopback-detect recovery-time 30 //Set the recovery time to 30s.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] loopback-detect action block //Configure the Block action to be taken
after a loop is detected.
[Switch-GigabitEthernet1/0/2] loopback-detect recovery-time 30 //Set the recovery time to 30s.
[Switch-GigabitEthernet1/0/2] quit
----------------------------------------------------------------------------------
GigabitEthernet1/0/1 30 block
NORMAL
GigabitEthernet1/0/2 30 block NORMAL
----------------------------------------------------------------------------------
The preceding command output shows that the LBDT configuration is
successful.
2. After about 5s, run the display loopback-detect command to check whether
GE1/0/1 or GE1/0/2 is blocked.
[Switch] display loopback-detect
Loopback-detect sending-packet interval:
5
----------------------------------------------------------------------------------
GigabitEthernet1/0/1 30 block
NORMAL
GigabitEthernet1/0/2 30 block BLOCK(Loopback detected)
----------------------------------------------------------------------------------
The preceding command output shows that GE1/0/2 is blocked.
3. Shut down GE1/0/1. After 30s, run the display loopback-detect command to
check whether GE1/0/2 is restored.
[Switch] display loopback-detect
Loopback-detect sending-packet interval:
5
----------------------------------------------------------------------------------
GigabitEthernet1/0/1 30 block
NORMAL
GigabitEthernet1/0/2 30 block NORMAL
----------------------------------------------------------------------------------
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 100
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 100
loopback-detect recovery-time 30
loopback-detect packet vlan 100
loopback-detect enable
loopback-detect action block
#
interface GigabitEthernet1/0/2
port hybrid tagged vlan 100
loopback-detect recovery-time 30
loopback-detect packet vlan 100
loopback-detect enable
loopback-detect action block
#
return