HP 5120 EI Series Lan Switching Configuration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Network Router
  5. 5120 EI Series
  6. Lan switching configuration manual

HP 5120 EI Series Lan Switching Configuration Manual

Hide thumbs Also See for 5120 EI Series:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual
HP 5120 EI Switch Series
Layer 2—LAN Switching

Configuration Guide

Part number: 5998-1791
Software version: Release 2220
Document version: 6W100-20130810

Advertisement

Table of Contents
loading

Related Manuals for HP 5120 EI Series

Summary of Contents for HP 5120 EI Series

  • Page 1: Configuration Guide

    HP 5120 EI Switch Series Layer 2—LAN Switching Configuration Guide Part number: 5998-1791 Software version: Release 2220 Document version: 6W100-20130810...
  • Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring Ethernet interfaces ··································································································································· 1   Ethernet interface naming conventions ··························································································································· 1   Configuring a combo interface ······································································································································· 1   Configuration prerequisites ····································································································································· 1   Changing the active port of a combo interface ···································································································· 1   Configuring basic settings of an Ethernet interface ······································································································· 2  ...
  • Page 4 Configuring static, dynamic, and blackhole MAC address table entries ································································ 22   Configuring a static or dynamic MAC address table entry in system view ···················································· 23   Configuring a static or dynamic MAC address table entry in interface view ················································ 23  ...
  • Page 5 Layer 2 static aggregation configuration example ···························································································· 50   Layer 2 dynamic aggregation configuration example ······················································································ 52   Configuring port isolation ·········································································································································· 55   Assigning a port to the isolation group ······················································································································· 55   Displaying and maintaining the isolation group ········································································································ 55  ...
  • Page 6 Configuring the mode a port uses to recognize/send MSTP packets ······································································ 85   Enabling outputting port state transition information ·································································································· 86   Enabling the spanning tree feature ······························································································································ 87   Configuration restrictions and guidelines ··········································································································· 87   Enabling the spanning tree feature (in STP/RSTP/MSTP mode) ······································································ 87  ...
  • Page 7 VLAN interface configuration example ············································································································· 116   Configuring port-based VLANs ··································································································································· 118   Introduction to port-based VLAN ······················································································································· 118   Assigning an access port to a VLAN ················································································································ 119   Assigning a trunk port to a VLAN······················································································································ 120   Assigning a hybrid port to a VLAN ··················································································································· 121  ...
  • Page 8 Configuration procedure ···································································································································· 156   Dynamically advertising server-assigned VLANs through LLDP ··············································································· 157   Overview ······························································································································································ 157   Example for using 802.1X to authenticate IP phones ····················································································· 157   Displaying and maintaining voice VLAN ·················································································································· 157   Voice VLAN configuration examples ························································································································· 158  ...
  • Page 9 Configuration example for MVRP in normal registration mode ·············································································· 211   Network requirements ········································································································································· 211   Configuration procedure ···································································································································· 212   Support and other resources ·································································································································· 221   Contacting HP ······························································································································································ 221   Subscription service ············································································································································ 221   Related information ······················································································································································ 221   Documents ···························································································································································· 221  ...

  • Page 10: Configuring Ethernet Interfaces

    Configuring Ethernet interfaces Ethernet interface naming conventions The GE and 10-GE interfaces on the HP 5120 EI switches are named in the format of interface-type A/B/C, where the following definitions apply: • A—Represents the ID of the switch in an IRF fabric. If the switch is not assigned to any IRF fabric, A uses 1.

  • Page 11: Configuring Basic Settings Of An Ethernet Interface

    Step Command Remarks Optional. Activate the current undo shutdown By default, of the two ports that compose a combo interface. interface, the one with a smaller port ID is active. Configuring basic settings of an Ethernet interface You can set an Ethernet interface to operate in one of the following duplex modes: Full-duplex mode (full)—Interfaces that operate in this mode can send and receive packets •...

  • Page 12: Shutting Down An Ethernet Interface

    NOTE: Make sure that the fiber port speed matches the speed requirement of the inserted transceiver module. For example, after you insert a 1000-Mbps transceiver module into a fiber port, configure the port speed with the speed 1000 or speed auto command. Shutting down an Ethernet interface CAUTION: Use this feature with caution.

  • Page 13: Configuring Flow Control On An Ethernet Interface

    Figure 1 Speed auto negotiation application scenario As shown in Figure 1, all ports on Switch A are operating in speed auto negotiation mode, with the highest speed of 1000 Mbps. If the transmission rate of each server in the server cluster is 1000 Mbps, their total transmission rate will exceed the capability of port GigabitEthernet 1/0/4, the port providing access to the Internet for the servers.

  • Page 14: Configuring Link Change Suppression On An Ethernet Interface

    Rx mode (configured by using the flow-control receive enable command)—The interface can • receive, but not send flow control frames. As shown in Figure 2, when both Port A and Port B forward packets at the rate of 1000 Mbps, Port C is congested.

  • Page 15: Configuring Link-Down Event Suppression

    Link-down event suppression enables an interface to suppress link-down events and start a delay timer each time the physical link goes down. During this delay, the interface does not report the link-down event, and the display interface brief or display interface command displays the interface state as UP. If the physical link is still down when the timer expires, the interface reports the link-down event to the upper layers.

  • Page 16: Configuration Restrictions And Guidelines

    External loopback testing—Tests hardware of Ethernet interfaces. To perform external loopback • testing on an Ethernet interface, connect a loopback plug to the Ethernet interface. The switch sends test packets out of the interface, which are expected to loop over the plug and back to the interface. If the interface fails to receive any test packet, the hardware of the interface is faulty.

  • Page 17: Configuring A Port Group

    Step Command Remarks By default, the switch allows jumbo frames within 9216 bytes to pass through Ethernet interfaces. Configure jumbo jumboframe enable [ value ] frame support. If you set the value argument multiple times, the latest configuration takes effect. Configuring a port group Some interfaces on your switch might use the same set of settings.

  • Page 18: Configuring Storm Suppression

    Step Command Remarks Enter system view system-view Use either command. • Enter Ethernet interface view: To enable auto power-down on an interface interface-type Ethernet interface, enter Ethernet interface-number Enter Ethernet interface view interface view. or port group view. • Enter port group view: To enable auto power-down on a port-group manual group of Ethernet interfaces, enter...

  • Page 19: Setting The Statistics Polling Interval

    NOTE: For an Ethernet interface that belongs to a port group, if you set a traffic suppression threshold for the interface in both Ethernet interface view and port group view, the threshold configured last takes effect. Setting the statistics polling interval To set the statistics polling interval globally or on an Ethernet interface: Step Command...

  • Page 20: Configuration Restrictions And Guidelines

    Figure 4 Multi-port loop You can enable loopback detection to detect loops on an interface and, if the interface supports the loopback-detection action command, configure the protective action to take on the receiving interface when a loop is detected, for example, to shut down the interface. Depending on whether a protective action is configured, the switch takes the actions in Table 1 to alleviate the impact of the loop condition.

  • Page 21: Configuration Procedure

    Configuration procedure To configure loopback detection: Step Command Remarks Enter system view. system-view Enable global Disabled by default. loopback-detection enable loopback detection. Optional. Enable multi-port loopback-detection By default, multi-port loopback detection is loopback detection. multi-port-mode enable disabled, and the switch can only detect single-port loopback.

  • Page 22: Enabling Bridging On An Ethernet Interface

    IMPORTANT: Fiber ports do not support the MDI mode setting. You can use both crossover and straight-through Ethernet cables to connect copper Ethernet interfaces. To accommodate these types of cables, a copper Ethernet interface can operate in one of the following Medium Dependent Interface (MDI) modes: •...

  • Page 23: Testing The Cable Connection Of An Ethernet Interface

    Step Command Remarks Enter system view. system-view interface interface-type Enter Ethernet interface view. interface-number Enable bridging on the port bridge enable Disabled by default. Ethernet interface. Testing the cable connection of an Ethernet interface IMPORTANT: Fiber ports do not support this feature. •...

  • Page 24: Configuration Restrictions And Guidelines

    Shuts down automatically. The interface shuts down automatically and stops forwarding any traffic. • When the blocked traffic drops below the lower threshold, the port does not forward the traffic. To bring up the interface, use the undo shutdown command or disable the storm control function. Alternatively, you can configure the storm suppression function to control a specific type of traffic.

  • Page 25: Displaying And Maintaining An Ethernet Interface

    Step Command Remarks Optional. By default, the interface outputs log Enable the interface to log messages when monitored traffic storm control threshold storm-constrain enable log exceeds the upper threshold or events.. drops below the lower threshold from the upper threshold. Displaying and maintaining an Ethernet interface Task Command...

  • Page 26: Configuring Loopback And Null Interfaces

    Configuring loopback and null interfaces Configuring a loopback interface Introduction to the loopback interface A loopback interface is a software-only virtual interface. It delivers the following benefits: The physical layer state and link-layer protocols of a loopback interface are always up unless the •...

  • Page 27: Configuring A Null Interface

    NOTE: You can configure settings such as IP addresses and IP routes on loopback interfaces. For more Layer 3—IP Services Configuration Guide Layer 3—IP Routing Configuration Guide information, see Configuring a null interface Introduction to the null interface A null interface is a completely software-based logical interface, and is always up. However, you cannot use it to forward data packets or configure an IP address or link-layer protocol on it.
  • Page 28 Task Command Remarks display interface [ null ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about Available in any view the null interface. display interface null 0 [ brief ] [ | { begin | exclude | include } regular-expression ] Clear the statistics on a reset counters interface [ loopback...

  • Page 29: Bulk Configuring Interfaces

    Bulk configuring interfaces You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can perform the shutdown command in interface range view to shut down a range of interfaces. Failure of applying a command on one member interface does not affect the application of the command on the other member interfaces.

  • Page 30: Configuring The Mac Address Table

    Configuring the MAC address table This feature covers only the unicast MAC address table. For information about configuring static multicast MAC address table entries for IGMP snooping and MLD snooping, see IP Multicast Configuration Guide. The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces. The MAC address table configuration tasks are all optional can be performed in any order.

  • Page 31: Types Of Mac Address Table Entries

    Manually configuring MAC address entries With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate frames, which can invite security hazards. For example, when a hacker sends frames with a forged source MAC address to a port different from the one to which the real MAC address is connected, the device creates an entry for the forged MAC address, and forwards frames destined for the legal user to the hacker instead.

  • Page 32: Configuring A Static Or Dynamic Mac Address Table Entry In System View

    Configuring a static or dynamic MAC address table entry in system view Step Command Remarks Enter system view. system-view By default, no MAC address entry is configured. Add or modify a mac-address { dynamic | static } dynamic or static MAC mac-address interface interface-type Make sure that you have created address entry.

  • Page 33: Disabling Global Mac Address Learning

    Disabling global MAC address learning Disabling global MAC address learning disables the learning function on all ports. To disable MAC address learning: Step Command Remarks Enter system view. system-view Disable global MAC address mac-address mac-learning disable Enabled by default. learning. Disabling MAC address learning on ports After enabling global MAC address learning, you can disable the function on a single port, or on all ports in a port group as needed.

  • Page 34: Disabling Mac Entry Aging Timer Refresh Based On Destination Mac Address

    accommodate the latest network changes. Too short an interval might result in removal of valid entries, causing unnecessary flooding, which might affect device performance. To configure the aging timer for dynamic MAC address entries: Step Command Remarks Enter system view. system-view Optional Configure the aging...

  • Page 35: Configuring The Mac Learning Limit On Ports

    Figure 5 NLB cluster NLB supports load sharing and redundancy among servers within a cluster. To implement fast failover, NLB requires that the switch forwards network traffic to all servers or specified servers in the cluster, and each server filters out unexpected traffic. In NLB unicast mode, when a server joins the cluster or a failover occurs, a packet with a virtual source MAC address is sent within the cluster.

  • Page 36: Enabling Mac Address Roaming

    NOTE: Do not configure the MAC learning limit on any member ports of an aggregation group. Otherwise, the member ports cannot be selected. Enabling MAC address roaming After you enable MAC address roaming on an IRF fabric, each member switch advertises learned MAC addresses to other member switches.

  • Page 37: Enabling Mac Address Migration Log Notifying

    Figure 7 MAC address tables of devices when Client A roams to AP D To enable MAC address roaming: Step Command Remarks Enter system view. system-view Enable MAC address mac-address mac-roaming enable Disabled by default. roaming. Enabling MAC address migration log notifying This feature records and notifies MAC address migration information, including MAC addresses that migrate, IDs of VLANs to which MAC addresses belong, source interfaces from which MAC addresses migrate, and current interfaces with which MAC addresses associate, last migration time, and migration...

  • Page 38: Displaying And Maintaining Mac Address Tables

    Step Command Remarks Enable MAC address mac-flapping notification By default, MAC address migration log migration log notifying. enable notifying is disabled. The MAC address migration logs of the last one minute are displayed once every one minute. Displaying and maintaining MAC address tables Task Command Remarks...

  • Page 39: Configuration Procedure

    Figure 8 Network diagram Configuration procedure # Add a static MAC address entry. <Sysname> system-view [Sysname] mac-address static 000f-e235-dc71 interface gigabitethernet 1/0/1 vlan 1 # Add a blackhole MAC address entry. [Sysname] mac-address blackhole 000f-e235-abcd vlan 1 # Set the aging timer for dynamic MAC address entries to 500 seconds. [Sysname] mac-address timer aging 500 # Display the MAC address entry for port GigabitEthernet 1/0/1.

  • Page 40: Configuring Mac Information

    Configuring MAC Information Overview Introduction to MAC Information To monitor a network, you must monitor users who are joining and leaving the network. Because a MAC address uniquely identifies a network user, you can monitor users who are joining and leaving a network by monitoring their MAC addresses.

  • Page 41: Configuring Mac Information Mode

    Step Command Remarks Enter system view. system-view Enter Layer 2 Ethernet interface interface-type interface view. interface-number Enable MAC Information on mac-address information enable Disabled by default. the interface. { added | deleted } Configuring MAC Information mode Step Command Remarks Enter system view.

  • Page 42: Mac Information Configuration Example

    Step Command Remarks Optional Configure the MAC mac-address information Information queue length. queue-length value 50 by default. MAC Information configuration example Network requirements As shown in Figure 9, enable MAC Information on GigabitEthernet 1/0/1 on Device to send MAC address changes in Syslog messages to Host B through GigabitEthernet 1/0/3. Host B analyzes and displays the Syslog messages.

  • Page 43: Configuring Ethernet Link Aggregation

    Configuring Ethernet link aggregation Overview Ethernet link aggregation, or simply link aggregation, combines multiple physical Ethernet ports into one logical link, called an "aggregate link." Link aggregation delivers the following benefits: • Increases bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.

  • Page 44: Operational Key

    Operational key When aggregating ports, the system automatically assigns each port an operational key based on port information such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key. In an aggregation group, all selected member ports are assigned the same operational key. Configuration classes Every configuration setting on a port might affect its aggregation state.
  • Page 45 The IEEE 802.3ad LACP offers basic LACP functions and extended LACP functions, as described Table Table 3 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port aggregation priority, port number, and operational key. Basic LACP Each member port in a LACP-enabled aggregation group exchanges the preceding functions...

  • Page 46: Aggregating Links In Static Mode

    Table 5 A comparison between static and dynamic aggregation modes Aggregation LACP status on Pros Cons mode member ports The member ports do not adjust the Aggregation is stable. Peers do aggregation state according to Static Disabled not affect the aggregation state of that of the peer ports.

  • Page 47: Aggregating Links In Dynamic Mode

    Figure 11 Setting the aggregation state of a member port in a static aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Port attribute/class 2 configurations same as the reference port? Port number as low as to set More candidate ports than max.
  • Page 48 Figure 12 Setting the state of a member port in a dynamic aggregation group Meanwhile, the system with the higher system ID, which has identified the aggregation state changes on the remote system, sets the aggregation state of local member ports as the same as their peer ports. A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports, and will set one, and only one, half-duplex port as a Selected port when none of the full-duplex ports can be selected or only half-duplex ports exist in the group.

  • Page 49: Load-Sharing Criteria For Link Aggregation Groups

    Load-sharing criteria for link aggregation groups In a link aggregation group, traffic can be load-shared across the selected member ports based on a set of criteria, depending on your configuration. You can choose one of the following criteria or any combination for load sharing: Source/Destination MAC addresses •...

  • Page 50: Configuring An Aggregation Group

    Configuring an aggregation group Configuration guidelines You cannot assign a port to a Layer 2 aggregation group if any of the features listed in Table 6 • configured on the port. Table 6 Features incompatible with Layer 2 aggregation groups Feature Reference RRPP...

  • Page 51: Configuring A Dynamic Aggregation Group

    Configuring a dynamic aggregation group To guarantee a successful dynamic aggregation, be sure that the peer ports of the ports aggregated at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each member port. Step Command Remarks...

  • Page 52: Configuring An Aggregate Interface

    Configuring an aggregate interface Most of the configurations that can be performed on Layer 2 Ethernet interfaces can also be performed on Layer 2 interfaces. Configuring the description of an aggregate interface You can configure the description of an aggregate interface for administration purposes such as describing the purpose of the interface.

  • Page 53: Limiting The Number Of Selected Ports For An Aggregation Group

    Step Command Remarks Enter aggregate interface • interface bridge-aggregation view. interface-number Optional. Enable link state traps for the enable snmp trap updown aggregate interface. Enabled by default. Limiting the number of Selected ports for an aggregation group The bandwidth of an aggregate link increases along with the number of selected member ports. To avoid congestion caused by insufficient Selected ports on an aggregate link, you can set the minimum number of Selected ports required for bringing up the specific aggregate interface.

  • Page 54: Shutting Down An Aggregate Interface

    To limit the number of Selected ports for an aggregation group: Step Command Remarks Enter system view. system-view • interface bridge-aggregation Enter aggregate interface view. interface-number Set the minimum number of Selected link-aggregation selected-port Not specified by default. ports for the aggregation group. minimum number By default, the maximum number of Selected ports...

  • Page 55: Configuring Load Sharing For Link Aggregation Groups

    Step Command Remarks • interface bridge-aggregation Enter aggregate interface view. interface-number Restore the default settings for the default aggregate interface. Configuring load sharing for link aggregation groups Configuring load-sharing criteria for link aggregation groups You can determine how traffic is load-shared in a link aggregation group by configuring load-sharing criteria.

  • Page 56: Enabling Local-First Load Sharing For Link Aggregation

    Source MAC address • • Destination MAC address Source IP address and destination IP address • Source IP address and source port • • Destination IP address and destination port Source IP address, source port, destination IP address, and destination port •...

  • Page 57: Enabling Link-Aggregation Traffic Redirection

    Figure 13 Load sharing process for cross-switch link aggregation in an IRF fabric The egress port for a traffic flow is an aggregate interface that has Selected ports on different IRF member switches Local-first load sharing mechanism enabled? Any Selected ports on the ingress switch? Packets are load shared only Packets are load shared...

  • Page 58: Displaying And Maintaining Ethernet Link Aggregation

    Step Command Remarks Enter system view. system-view Optional. Enable link-aggregation traffic link-aggregation lacp redirection. traffic-redirect-notification enable Disabled by default. CAUTION: To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of the • aggregate link. • To prevent packet loss that might occur at a reboot, disable both MSTP and link-aggregation traffic redirection.

  • Page 59: Ethernet Link Aggregation Configuration Examples

    Ethernet link aggregation configuration examples In an aggregation group, only ports that have the same port attributes and class-two configurations (see "Configuration classes") as the reference port (see "Reference port") can operate as Selected ports. Make sure that all member ports have the same port attributes and class-two configurations as the reference port.
  • Page 60 # Create Layer 2 aggregate interface Bridge-Aggregation 1. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3...

  • Page 61: Layer 2 Dynamic Aggregation Configuration Example

    Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address The output shows that all link aggregation groups created on the device perform load sharing based on source and destination MAC addresses. Layer 2 dynamic aggregation configuration example Network requirements As shown in Figure Device A and Device B are connected through their respective Layer 2 Ethernet interfaces •...
  • Page 62 # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1 one at a time. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/3] quit # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to...
  • Page 63 The output shows that all link aggregation groups created on the device perform load sharing based on source and destination MAC addresses.

  • Page 64: Configuring Port Isolation

    Configuring port isolation Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another. To use the feature, assign ports to a port isolation group. Ports in an isolation group are called "isolated ports."...

  • Page 65: Port Isolation Configuration Example

    Port isolation configuration example Network requirements As shown in Figure 16, Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device, and Device is connected to the Internet through GigabitEthernet 1/0/4. All these ports are in the same VLAN. Configure Device to provide Internet access for all the hosts and isolate them from one another.

  • Page 66: Configuring Spanning Tree Protocols

    Configuring spanning tree protocols As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, putting them in a standby state, which still also allows for link redundancy. The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), Per VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).

  • Page 67: Basic Concepts In Stp

    Basic concepts in STP Root bridge A tree network must have a root bridge. The entire network contains only one root bridge. The other bridges in the network are called "leaf nodes." The root bridge is not permanent, but can change with changes of the network topology.

  • Page 68: Calculation Process Of The Stp Algorithm

    Calculation process of the STP algorithm The spanning tree calculation process described in the following sections is a simplified process for example only. The STP algorithm uses the following calculation process: Initialize the state. Upon initialization of a device, each port generates a BPDU with the port as the designated port, the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge Select the root bridge.
  • Page 69 Table 9 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device compares the priority of the received configuration BPDU with that of the configuration BPDU generated by the port, and: • If the former priority is lower, the device discards the received configuration BPDU and keeps the configuration BPDU the port generated.
  • Page 70 Device Port name Configuration BPDU on the port Port A2 {0, 0, 0, Port A2} Port B1 {1, 0, 1, Port B1} Device B Port B2 {1, 0, 1, Port B2} Port C1 {2, 0, 2, Port C1} Device C Port C2 {2, 0, 2, Port C2} NOTE:...
  • Page 71 Configuration BPDU on Device Comparison process ports after comparison • Port C1 receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}, finds that the received configuration BPDU is superior to its • existing configuration BPDU {2, 0, 2, Port C1}, and updates its Port C1: {0, 0, 0, Port configuration BPDU.
  • Page 72 Figure 19 The final calculated spanning tree Root bridge Root port Designated port Blocked port Normal link Blocked link The configuration BPDU forwarding mechanism of STP The configuration BPDUs of STP are forwarded following these guidelines: • Upon network initiation, every device regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.

  • Page 73: Rstp

    The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded. RSTP RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster than STP.

  • Page 74: Mstp Basic Concepts

    MSTP provides the following features: • MSTP divides a switched network into multiple regions, each of which contains multiple spanning trees that are independent of one another. MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance •...
  • Page 75 Figure 21 Network diagram and topology of MST region 3 To MST region 4 MST region 3 Device A Device B MSTI 1 MSTI 2 Regional root MSTI Device C Device D MSTI 0 VLAN 1 MSTI 1 Topology of MSTIs in MST region 3 VLAN 2&3 MSTI 2 Other VLANs...
  • Page 76 An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default. Figure 20, MSTI 0 is the IST in MST region 3. CIST The common and internal spanning tree (CIST) is a single spanning tree that connects all devices in a switched network.
  • Page 77 MSTP calculation involves the following port roles: • Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port. Designated port—Forwards data to the downstream network segment or device. • Alternate port—The backup port for a root port or master port. When the root port or master port •...

  • Page 78: How Mstp Works

    How MSTP works MSTP divides an entire Layer 2 network into multiple MST regions, which are connected by a calculated CST. Inside an MST region, multiple spanning trees are calculated. Each spanning tree is an MSTI. Among these MSTIs, MSTI 0 is the IST. Like STP, MSTP uses configuration BPDUs to calculate spanning trees.

  • Page 79: Spanning Tree Configuration Task List

    Spanning tree configuration task list Before configuring a spanning tree, you must determine the spanning tree protocol to be used (STP, RSTP, PVST, or MSTP) and plan the device roles (the root bridge or leaf node). Configuration restrictions and guidelines If GVRP and a spanning tree protocol are enabled on a device at the same time, GVRP packets are •...

  • Page 80: Rstp Configuration Task List

    Task Remarks Required Setting the spanning tree mode Configure the device to operate in STP mode. Configuring the device priority Optional Configuring the timeout factor Optional Configuring the maximum port rate Optional Configuring the leaf nodes Configuring path costs of ports Optional Configuring the port priority Optional...

  • Page 81: Pvst Configuration Task List

    Task Remarks Configuring the maximum port rate Optional Configuring edge ports Optional Configuring path costs of ports Optional Configuring the port priority Optional Configuring the port link type Optional Configuring the mode a port uses to recognize/send MSTP Optional packets Enabling outputting port state transition information Optional Enabling the spanning tree feature...

  • Page 82: Mstp Configuration Task List

    Task Remarks Configuring edge ports Optional Configuring path costs of ports Optional Configuring the port priority Optional Configuring the port link type Optional Enabling outputting port state transition Optional information Enabling the spanning tree feature Required Performing mCheck Optional Configuring protection functions Optional MSTP configuration task list Task...

  • Page 83: Setting The Spanning Tree Mode

    VLAN. The number of VLANs that PVST can maintain instances for depends on the switch model. Suppose the number is n, which is 32 on the HP 5120 EI Switch Series. When you configure PVST on devices of different models in a network, to avoid network failures, make sure that the number of VLANs for which PVST maintains instances does not exceed the lowest n.

  • Page 84: Configuring An Mst Region

    Step Command Remarks Set the spanning tree mode. stp mode { stp | rstp | mstp | pvst } MSTP mode by default. Configuring an MST region Two or more spanning tree devices belong to the same MST region only if they are configured to have the same format selector (0 by default, not configurable), MST region name, MST region revision level, and the same VLAN-to-instance mapping entries in the MST region, and each two devices are connected by a physical link.

  • Page 85: Configuring The Root Bridge Or A Secondary Root Bridge

    Step Command Remarks Display the activated display stp region-configuration Optional. configuration [ | { begin | exclude | include } information of the MST Available in any view regular-expression ] region. Configuring the root bridge or a secondary root bridge You can have MSTP determine the root bridge of a spanning tree through MSTP calculation, or you can specify the current device as the root bridge or as a secondary root bridge using the commands that the system provides.

  • Page 86: Configuring The Current Device As A Secondary Root Bridge Of A Specific Spanning Tree

    Configuring the current device as a secondary root bridge of a specific spanning tree To configure the current device as a secondary root bridge of a specific spanning tree: Step Command Remarks Enter system view. system-view • In STP/RSTP mode: Use one of the stp root secondary commands.

  • Page 87: Configuring The Network Diameter Of A Switched Network

    device that received it. This prevents devices beyond the reach of the maximum hop from participate in spanning tree calculation, so the size of the MST region is limited. Make this configuration on the root bridge only. All other devices in the MST region use the maximum hop value set for the root bridge.

  • Page 88: Configuration Restrictions And Guidelines

    Max age ≥ 2 × (hello time + 1 second) HP does not recommend you to manually set the spanning tree timers. Instead, you can specify the network diameter and let spanning tree protocols automatically calculate the timers based on the network diameter.

  • Page 89: Configuring The Timeout Factor

    BPDUs and prevent spanning tree protocols from using excessive network resources when the network becomes unstable. HP recommends you to use the default setting. To configure the maximum rate of a port or a group of ports:...

  • Page 90: Configuring Edge Ports

    Step Command Remarks • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use one of the commands. interface-number group view. • Enter port group view: port-group manual port-group-name Configure the maximum rate stp transmit-limit limit 10 by default.

  • Page 91: Specifying A Standard For The Device To Use When It Calculates The Default Path Cost

    You can have the device automatically calculate the default path cost, or you can configure the path cost for ports. Specifying a standard for the device to use when it calculates the default path cost CAUTION: If you change the standard that the device uses to calculate the default path costs, you restore the path costs to the default.

  • Page 92: Configuring Path Costs Of Ports

    Path cost Link speed Port type IEEE 802.1d-1998 IEEE 802.1t Private standard Single port 2000 Aggregate interface 1000 containing 2 Selected ports 10 Gbps Aggregate interface containing 3 Selected ports Aggregate interface containing 4 Selected ports Configuration restrictions and guidelines When it calculates path cost for an aggregate interface, IEEE 802.1t takes into account the number •...

  • Page 93: Configuration Example

    Step Command Remarks • In STP/RSTP mode: stp cost cost Use one of the commands. Configure the path cost of the • In PVST mode: By default, the system ports. stp vlan vlan-list cost cost automatically calculates the • In MSTP mode: path cost of each port.

  • Page 94: Configuring The Port Link Type

    You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that • operates in full duplex mode. HP recommends you to use the default setting and let the device to automatically detect the port link type.

  • Page 95: Enabling Outputting Port State Transition Information

    legacy—Compatible format • By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format. You can configure the MSTP packet format on a port. When operating in MSTP mode after the configuration, the port sends and receives only MSTP packets of the format that you have configured to communicate with devices that send packets of the same format.

  • Page 96: Enabling The Spanning Tree Feature

    (which is the number of PVST instances that the switch supports and is 32 for the HP 5120 EI switch) of the existing VLANs by default. To enable the spanning tree feature for other VLANs, you must first disable the spanning tree feature for certain VLANs.

  • Page 97: Performing Mcheck

    Step Command Remarks Enable the spanning tree By default, the spanning tree stp vlan vlan-list enable feature on specific VLANs. feature is enabled on VLANs. • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use either command.

  • Page 98: Configuring Digest Snooping

    Digest Snooping when the network is already working well. Configuration procedure You can enable Digest Snooping only on the HP device that is connected to a third-party device that uses its private key to calculate the configuration digest. To configure Digest Snooping:...

  • Page 99: Digest Snooping Configuration Example

    Step Command Remarks • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use either command. interface-number group view. • Enter port group view: port-group manual port-group-name Enable Digest Snooping on stp config-digest-snooping Disabled by default.

  • Page 100: Configuring No Agreement Check

    [DeviceA] stp config-digest-snooping # Enable Digest Snooping on GigabitEthernet 1/0/1 of Device B and enable global Digest Snooping on Device B. <DeviceB> system-view [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] stp config-digest-snooping Configuring No Agreement Check In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports: Proposal—Sent by designated ports to request rapid transition.

  • Page 101: Configuration Prerequisites

    Figure 25 Rapid state transition of an RSTP designated port If the upstream device is a third-party device, the rapid state transition implementation might be limited. For example, when the upstream device uses a rapid transition mechanism similar to that of RSTP, and the downstream device adopts MSTP and does not operate in RSTP mode, the root port on the downstream device receives no agreement packet from the upstream device and sends no agreement packets to the upstream device.

  • Page 102: No Agreement Check Configuration Example

    No Agreement Check configuration example Network requirements As shown in Figure Device A connects to a third-party device that has a different spanning tree implementation. Both • devices are in the same region. • The third-party device (Device B) is the regional root bridge, and Device A is the downstream device.

  • Page 103: Configuration Restrictions And Guidelines

    In the network, the IRF fabric transparently transmits the received BPDUs and does not participate in spanning tree calculations. When a topology change occurs to the IRF fabric or user networks, the IRF fabric may need a long time to learn the correct MAC address table entries and ARP entries, resulting in long network disruption.

  • Page 104: Enabling Root Guard

    receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new spanning tree calculation process. This causes a change of network topology. Under normal conditions, these ports should not receive configuration BPDUs. However, if someone forges configuration BPDUs maliciously to attack the devices, the network will become unstable.

  • Page 105: Enabling Loop Guard

    Step Command Remarks • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use either command. interface-number group view. • Enter port group view: port-group manual port-group-name Enable the root guard function stp root-protection Disabled by default.

  • Page 106: Enabling Tc-Bpdu Guard

    6 by default. device can perform every 10 seconds. NOTE: HP does not recommend you disable this feature. Enabling BPDU drop In a spanning tree network, after receiving BPDUs, the device performs STP calculation according to the received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious attackers to attack the network by forging BPDUs.

  • Page 107: Displaying And Maintaining The Spanning Tree

    Displaying and maintaining the spanning tree Task Command Remarks Display information about ports blocked display stp abnormal-port [ | { begin | Available in any view by spanning tree protection functions. exclude | include } regular-expression ] display stp bpdu-statistics [ interface interface-type interface-number [ instance Display BPDU statistics on ports.
  • Page 108 Figure 28 Network diagram MST region Device A Device B Permit: all VLANs GE1/0/3 GE1/0/3 Permit: VLANs 10 and Permit: VLANs 20 and GE1/0/3 GE1/0/3 Permit: VLANs 20 and 40 Device C Device D Configuration procedure Configure VLANs and VLAN member ports (details not shown): Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B.
  • Page 109 [DeviceB] stp region-configuration [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable the spanning tree feature globally.
  • Page 110 [DeviceD] stp enable Verify the configurations: In this example, suppose that Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0. You can use the display stp brief command to display brief spanning tree information on each device after the network is stable.

  • Page 111: Pvst Configuration Example

    Figure 29 MSTIs mapped to different VLANs MSTI 1 mapped to VLAN 10 MSTI 0 mapped to VLAN 20 MSTI 3 mapped to VLAN 30 MSTI 4 mapped to VLAN 40 Root bridge Normal link Blocked link PVST configuration example Network requirements As shown in Figure...
  • Page 112 Configuration procedure Configure VLANs and VLAN member ports (details not shown): Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B. Create VLAN 10, VLAN 20, and VLAN 40 on Device C. Create VLAN 20, VLAN 30, and VLAN 40 on Device D. Configure the ports on these devices as trunk ports and assign them to related VLANs.
  • Page 113 # Display brief spanning tree information on Device A. [DeviceA] display stp brief VLAN Port Role STP State Protection GigabitEthernet1/0/1 DESI DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/1 DESI FORWARDING NONE GigabitEthernet1/0/2 DESI FORWARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/2 DESI FORWARDING NONE...
  • Page 114 Figure 31 Spanning trees mapped to different VLANs...

  • Page 115: Configuring Bpdu Tunneling

    PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to CE 2. HP devices support BPDU tunneling for the following protocols: •...

  • Page 116: Bpdu Tunneling Implementation

    Ethernet Operation, Administration and Maintenance (EOAM) • • GARP VLAN Registration Protocol (GVRP) HW Group Management Protocol (HGMP) • Link Aggregation Control Protocol (LACP) • • Link Layer Discovery Protocol (LLDP) Port Aggregation Protocol (PAGP) • Per VLAN Spanning Tree (PVST) •...

  • Page 117: Enabling Bpdu Tunneling

    Figure 33 BPDU tunneling implementation The upper section of Figure 33 represents the service provider network (ISP network). The lower section, including User A network 1 and User A network 2, represents the customer networks. Enabling BPDU tunneling on edge devices (PE 1 and PE 2) in the service provider network allows BPDUs of User A network 1 and User A network 2 to be transparently transmitted through the service provider network.

  • Page 118: Configuration Restrictions And Guidelines

    Configuration restrictions and guidelines Settings made in Layer 2 Ethernet interface view or Layer 2 aggregate interface view take effect • only on the current port. Settings made in port group view take effect on all ports in the port group. Before you enable BPDU tunneling for DLDP, EOAM, GVRP, HGMP, LLDP, or STP on a port, disable •...

  • Page 119: Bpdu Tunneling Configuration Examples

    To configure destination multicast MAC address for BPDUs: Step Command Remarks Enter system view. system-view Configure the destination Optional. bpdu-tunnel tunnel-dmac multicast MAC address for mac-address 0x010F-E200-0003 by default. BPDUs. NOTE: For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network.

  • Page 120: Bpdu Tunneling For Pvst Configuration Example

    # Create VLAN 2 and assign GigabitEthernet 1/0/1 to VLAN 2. [PE1] vlan 2 [PE1-vlan2] quit [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port access vlan 2 # Disable STP on GigabitEthernet 1/0/1, and then enable BPDU tunneling for STP on it. [PE1-GigabitEthernet1/0/1] undo stp enable [PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q stp Configure PE 2:...
  • Page 121 Configuration procedure Configure PE 1: # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Configure GigabitEthernet 1/0/1 as a trunk port and assign it to all VLANs. [PE1] interface gigabitethernet 1/0/1 [PE1-GigabitEthernet1/0/1] port link-type trunk [PE1-GigabitEthernet1/0/1] port trunk permit vlan all # Disable STP on GigabitEthernet 1/0/1, and then enable BPDU tunneling for STP and PVST on...

  • Page 122: Configuring Vlans

    Configuring VLANs Overview Ethernet is a network technology based on the CSMA/CD mechanism. Because the medium is shared, collisions and excessive broadcasts are common on Ethernet networks. To address the issue, virtual LAN (VLAN) was introduced to break a LAN down into separate VLANs. VLANs are isolated from each other at Layer 2.

  • Page 123: Vlan Types

    The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, Ethernet also supports other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw. The VLAN tag fields are added to frames encapsulated in these formats for VLAN identification. In the header of a traditional Ethernet data frame, the field after the destination MAC address and the source MAC address is the Type field, which indicates the upper layer protocol type, as shown in Figure...

  • Page 124: Protocols And Standards

    IP subnet • • Policy Other criteria • This chapter covers port-based VLAN, MAC-based VLAN, protocol-based VLAN, and IP subnet-based VLAN. The port-based VLAN implementation is the basis of all other VLAN implementations. To use any other VLAN implementations, you must configure port-based VLAN settings. You can configure all these types of VLANs on a port at the same time.

  • Page 125: Configuring Basic Settings Of A Vlan Interface

    Configuring basic settings of a VLAN interface You can use VLAN interfaces to provide Layer 3 communication between hosts of different VLANs. VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface. You can assign the VLAN interface an IP address and specify the IP address as the gateway address for the devices in the VLAN, so that traffic can be routed to other IP subnets.
  • Page 126 Configure VLAN interfaces on Switch A and configure the PCs to enable Layer 3 communication between the PCs. Figure 39 Network diagram Configuration procedure Configure Switch A: # Create VLAN 5 and assign GigabitEthernet 1/0/1 to it. <SwitchA> system-view [SwitchA] vlan 5 [SwitchA-vlan5] port GigabitEthernet 1/0/1 # Create VLAN 10 and assign GigabitEthernet 1/0/2 to it.

  • Page 127: Configuring Port-Based Vlans

    • information about voice VLAN, see "Configuring a voice VLAN." HP recommends that you set the same PVID ID for local and remote ports. • Make sure that a port permits the traffic from its PVID to pass through. Otherwise, when the port •...

  • Page 128: Assigning An Access Port To A Vlan

    Actions (in the inbound direction) Actions (in the outbound Port type direction) Untagged frame Tagged frame • Receives the frame if its VLAN ID is the same as the PVID. Tags the frame with the Removes the VLAN tag and Access PVID tag.

  • Page 129: Assigning A Trunk Port To A Vlan

    Step Command Remarks Use any command. • The configuration made in Layer 2 Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet interface • The configuration made in port group view: view applies to all ports in the port interface interface-type group.

  • Page 130: Assigning A Hybrid Port To A Vlan

    Step Command Remarks Use any command. • The configuration made in Layer 2 Ethernet • Enter Layer 2 Ethernet interface interface view applies only to the port. view: • The configuration made in port group view interface interface-type applies to all ports in the port group. interface-number •...

  • Page 131: Port-Based Vlan Configuration Example

    Step Command Remarks Use any command. • The configuration made in Ethernet interface view applies only to the port. • Enter Layer 2 Ethernet interface • The configuration made in port group view: view applies to all ports in the port group. interface interface-type interface-number •...
  • Page 132 Figure 40 Network diagram Configuration procedure Configure Device A: # Create VLAN 100, and assign port GigabitEthernet 1/0/1 to VLAN 100. <DeviceA> system-view [DeviceA] vlan 100 [DeviceA-vlan100] port gigabitethernet 1/0/1 [DeviceA-vlan100] quit # Create VLAN 200, and assign port GigabitEthernet 1/0/2 to VLAN 200. [DeviceA] vlan 200 [DeviceA-vlan200] port gigabitethernet 1/0/2 [DeviceA-vlan200] quit...

  • Page 133: Configuring Mac-Based Vlans

    [DeviceA-GigabitEthernet1/0/3] display vlan 200 VLAN ID: 200 VLAN Type: static Route Interface: not configured Description: VLAN 0200 Name: VLAN 0200 Tagged Ports: GigabitEthernet1/0/3 Untagged Ports: GigabitEthernet1/0/2 Configuring MAC-based VLANs Introduction to MAC-based VLAN The MAC-based VLAN feature assigns hosts to a VLAN based on their MAC addresses. This feature is usually used in conjunction with security technologies such as 802.1X to provide secure, flexible network access for terminal devices.
  • Page 134 If not, the port selects a VLAN for the frame in the order of MAC-based VLAN, IP subnet-based • VLAN, protocol-based VLAN, and port-based VLAN, tags the untagged frame with the selected VLAN tag, and obtains the tag. Then, the port reports the source MAC address of the frame. After reporting the source MAC address of the frame, the port looks up the source MAC address in the MAC-to-VLAN map, and processes the frame as follows: If the source MAC address of the frame exactly matches a MAC address-to-VLAN entry configured...

  • Page 135: Configuration Restrictions And Guidelines

    A port forwards frames matching MAC-to-VLAN entries according to the 802.1p priorities of the • MAC-based VLANs. Dynamic MAC-based VLAN You can use dynamic MAC-based VLAN with access authentication (such as 802.1X authentication based on MAC addresses) to implement secure, flexible terminal access. After configuring dynamic MAC-based VLAN on the device, you must configure the username-to-VLAN entries on the access authentication server.
  • Page 136 Step Command Remarks Enter system view. system-view mac-vlan mac-address Associate a specific MAC mac-address vlan vlan-id address with a VLAN. [ priority priority ] • Enter Layer 2 Ethernet Use either command. interface view: interface interface-type • The configuration made in Ethernet Enter interface view or interface-number interface view applies only to the port.
  • Page 137 MAC-based VLAN mac-vlan trigger enable single MAC addresses preferentially. assignment. When dynamic MAC-based VLAN assignment is enabled, HP does not recommend configuring the vlan precedence ip-subnet-vlan command, which will make the system assign VLANs based on IP subnets, because the configuration does not take effect.

  • Page 138: Mac-Based Vlan Configuration Example

    MAC-based VLAN configuration example Network requirements As shown in Figure GigabitEthernet 1/0/1 of Device A and Device C are each connected to a meeting room. Laptop • 1 and Laptop 2 are used for meetings and might be used in either of the two meeting rooms. Different departments own Laptop 1 and Laptop 2.
  • Page 139 [DeviceA-vlan100] quit [DeviceA] vlan 200 [DeviceA-vlan200] quit # Associate the MAC address of Laptop 1 with VLAN 100, and associate the MAC address of Laptop 2 with VLAN 200. [DeviceA] mac-vlan mac-address 000d-88f8-4e71 vlan 100 [DeviceA] mac-vlan mac-address 0014-222c-aa69 vlan 200 # Configure Laptop 1 and Laptop 2 to access the network through GigabitEthernet 1/0/1.

  • Page 140: Configuring Protocol-Based Vlans

    On Device A and Device C, you can see that VLAN 100 is associated with the MAC address of Laptop 1, and VLAN 200 is associated with the MAC address of Laptop 2. [DeviceA] display mac-vlan all The following MAC VLAN addresses exist: S:Static D:Dynamic MAC ADDR...

  • Page 141: Configuration Procedure

    When you use the mode keyword to configure a user-defined protocol template, do not set etype-id • in ethernetii etype etype-id to 0x0800, 0x8137, 0x809b, or 0x86dd. Otherwise, the encapsulation format of the matching packets will be the same as that of the IPv4, IPX, AppleTalk, and IPv6 packets, respectively.

  • Page 142: Protocol-Based Vlan Configuration Example

    Protocol-based VLAN configuration example Network requirements In a lab environment, as shown in Figure 43, most hosts run the IPv4 protocol, and the rest of the hosts run the IPv6 protocol for teaching purposes. To avoid interference, isolate IPv4 traffic and IPv6 traffic at Layer 2.
  • Page 143 [Device] vlan 100 [Device-vlan100] protocol-vlan 1 ipv4 [Device-vlan100] quit # Configure port GigabitEthernet 1/0/1 as a hybrid port that forwards packets of VLANs 100 and 200 untagged. [Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] port link-type hybrid [Device-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait...

  • Page 144: Configuring Ip Subnet-Based Vlans

    VLAN ID Protocol Index Protocol Type ====================================================== ipv4 ipv6 Interface: GigabitEthernet 1/0/2 VLAN ID Protocol Index Protocol Type ====================================================== ipv4 ipv6 Configuration guidelines Protocol-based VLAN configuration applies only to hybrid ports. Configuring IP subnet-based VLANs In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet.

  • Page 145: Ip Subnet-Based Vlan Configuration Example

    Step Command Remarks Use any command. • The configuration made in Ethernet interface view applies only to the port. • The configuration made in port group • Enter Layer 2 Ethernet interface view applies to all ports in the port view: group.
  • Page 146 Configuration consideration Create VLANs 100 and 200. • • Associate IP subnets with the VLANs. Assign ports to the VLANs. • Configuration procedure # Associate IP subnet 192.168.5.0/24 with VLAN 100. <DeviceC> system-view [DeviceC] vlan 100 [DeviceC-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0 [DeviceC-vlan100] quit # Associate IP subnet 192.168.50.0/24 with VLAN 200.

  • Page 147: Displaying And Maintaining Vlan

    [DeviceC-GigabitEthernet1/0/12] quit # Associate interface GigabitEthernet 1/0/1 with IP subnet-based VLANs 100 and 200. [DeviceC] interface gigabitethernet 1/0/1 [DeviceC-GigabitEthernet1/0/1] port link-type hybrid [DeviceC-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged Please wait... Done. [DeviceC-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 100 [DeviceC-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 200 [DeviceC-GigabitEthernet1/0/1] return Verifying the configurations # Display the IP subnet information for all VLANs.
  • Page 148 Task Command Remarks display mac-vlan { all | dynamic | mac-address Display MAC address-to-VLAN Available in any mac-address | static | vlan vlan-id } [ | { begin | entries. view exclude | include } regular-expression ] Display all interfaces with display mac-vlan interface [ | { begin | exclude | Available in any MAC-based VLAN enabled.

  • Page 149: Configuring An Isolate-User-Vlan

    Configuring an isolate-user-VLAN Overview An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, the following types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device. The following are the characteristics of the isolate-user-VLAN implementation: • Isolate-user-VLANs are mainly used for upstream data exchange. An isolate-user-VLAN can be associated with multiple secondary VLANs.

  • Page 150: Configuration Restrictions And Guidelines

    Configure the downlink ports, for example, the ports connecting Device B to hosts in Figure to operate in host mode, so that the downlink ports can be added to the isolate-user-VLAN associated with the secondary VLAN automatically. For more information about the promiscuous and host mode commands, see Layer 2—LAN Switching Command Reference.

  • Page 151: Displaying And Maintaining Isolate-User-Vlan

    Step Command Remarks isolate-user-vlan Associate the isolate-user-vlan-id secondary isolate-user-VLAN with the Not configured by default. secondary-vlan-id [ to specified secondary VLANs. secondary-vlan-id ] Enter Layer 2 Ethernet or aggregate interface view: interface interface-type interface-number interface By default, a port does not operate Configure the uplink port for bridge-aggregation in promiscuous mode or host mode...

  • Page 152: Isolate-User-Vlan Configuration Example

    Task Command Remarks Display the mapping between an display isolate-user-vlan isolate-user-VLAN and its secondary [ isolate-user-vlan-id ] [ | { begin | Available in any view VLANs. exclude | include } regular-expression ] Isolate-user-VLAN configuration example Network requirements As shown in Figure Connect Device A to downstream devices Device B and Device C.

  • Page 153: Verifying The Configuration

    # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 # Configure the uplink port GigabitEthernet 1/0/5 to operate in promiscuous mode in VLAN 5. [DeviceB] interface gigabitethernet 1/0/5 [DeviceB-GigabitEthernet1/0/5] port isolate-user-vlan 5 promiscuous [DeviceB-GigabitEthernet1/0/5] quit # Assign downlink ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to VLAN 3 and VLAN 2, respectively, and configure the ports to operate in host mode.
  • Page 154 VLAN ID: 5 VLAN Type: static Isolate-user-VLAN type : isolate-user-VLAN Route Interface: not configured Description: VLAN 0005 Name: VLAN 0005 Tagged Ports: none Untagged Ports: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/5 VLAN ID: 2 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0002 Name: VLAN 0002 Tagged...

  • Page 155: Configuring A Voice Vlan

    Configuring a voice VLAN Overview A voice VLAN is configured for voice traffic. After assigning the ports that connect to voice devices to a voice VLAN, the system automatically configures quality of service (QoS) parameters for voice traffic, to improve the transmission priority of voice traffic and ensure voice quality. Common voice devices include IP phones and integrated access devices (IADs).

  • Page 156: Automatically Identifying Ip Phones Through Lldp

    Automatically identifying IP phones through LLDP When you use OUI addresses to identify IP phones, the number of OUI addresses that can be configured is limited. Additionally, when there are plenty of IP phones in the network, you must configure many OUI addresses.

  • Page 157: Ip Phone Access Methods

    IP phone access methods Connecting the host and the IP phone in series As shown in Figure 48, the host is connected to the IP phone, and the IP phone is connected to the device. When the host and the IP phone are connected in series, the host and the IP phone must be assigned to different VLANs, and the IP phone must be able to send out VLAN-tagged packets, so that the data traffic and the voice traffic can be distinguished.
  • Page 158 receiving port to the voice VLAN, issues ACL rules, and configures the packet precedence. You can configure a voice VLAN aging time on the device. The system will remove a port from the voice VLAN if no packet is received from the port during the aging time. The system automatically assigns ports to, or removes ports from, a voice VLAN.

  • Page 159: Security Mode And Normal Mode Of Voice Vlans

    MAC addresses checking. TIP: HP does not recommend transmitting both voice traffic and non-voice traffic in a voice VLAN. If you must transmit both voice traffic and non-voice traffic, make sure that the voice VLAN security mode is disabled.

  • Page 160: Configuration Prerequisites

    Table 17 How a voice VLAN-enabled port processes packets in security and normal mode Voice VLAN Packet type Packet processing mode mode Untagged packets If the source MAC address of a packet matches an OUI address configured for the device, it is forwarded in the voice Packets that carry the voice VLAN;...

  • Page 161: Configuring A Port To Operate In Automatic Voice Vlan Assignment Mode

    Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface view. interface-number Configure the interface to trust the QoS priority settings in Use either command. incoming voice traffic, but not voice vlan qos trust to modify the CoS and DSCP By default, an interface modifies the CoS values marked for incoming value and the DSCP value marked for voice...

  • Page 162: Configuring A Port To Operate In Manual Voice Vlan Assignment Mode

    Step Command Remarks Optional. Enable the voice VLAN voice vlan security enable By default, the voice VLAN security security mode. mode is enabled. Optional. By default, each voice VLAN has Add a recognizable OUI voice vlan mac-address oui mask default OUI addresses configured. address.

  • Page 163: Enabling Lldp To Automatically Discover Ip Phones

    Step Command Remarks Optional. By default, each voice VLAN has Add a recognizable OUI voice vlan mac-address oui mask default OUI addresses configured. address. oui-mask [ description text ] For the default OUI addresses of different vendors, see Table interface interface-type Enter interface view.

  • Page 164: Configuration Procedure

    Configuration procedure To enable LLDP to automatically discover IP phones: Step Command Remarks Enter system view. system-view Enable LLDP to automatically voice vlan track lldp Disabled by default. discover IP phones. IMPORTANT: When the switch is enabled to automatically discover IP phones through LLDP, you can connect at most •...

  • Page 165: Configuration Procedure

    Figure 50 Voice VLAN advertisement through LLDP With the received voice VLAN information, the IP phone automatically completes the voice VLAN configuration, including the voice VLAN ID, tagging status, and priority. This voice VLAN can be the voice VLAN directly specified for LLDP advertisement, the voice VLAN configured on the port, or the voice VLAN assigned by a server, depending on your configuration.

  • Page 166: Dynamically Advertising Server-Assigned Vlans Through Lldp

    Dynamically advertising server-assigned VLANs through LLDP Overview Dynamic advertisement of server-assigned VLANs through LLDP must work with 802.1X or MAC authentication, and is available only for LLDP-enabled IP phones. If 802.1X authentication is used, make sure the IP phones also support 802.1X authentication. To implement this function for an IP phone, perform the following configuration tasks: Enable LLDP globally and on the port connected to the IP phone.

  • Page 167: Voice Vlan Configuration Examples

    Task Command Remarks Display the OUI addresses that the display voice vlan oui [ | { begin | exclude | Available in any view system supports. include } regular-expression ] Voice VLAN configuration examples Automatic voice VLAN mode configuration example Network requirements As shown in Figure...
  • Page 168 # Since GigabitEthernet 1/0/1 might receive both voice traffic and data traffic at the same time, to ensure the quality of voice packets and effective bandwidth use, configure voice VLANs to operate in security mode. Configure the voice VLANs to transmit only voice packets. By default, voice VLANs operate in security mode.

  • Page 169: Manual Voice Vlan Assignment Mode Configuration Example

    PORT VLAN MODE DSCP -------------------------------------------------------------------- GigabitEthernet1/0/1 AUTO GigabitEthernet1/0/2 AUTO Manual voice VLAN assignment mode configuration example Network requirements As shown in Figure Create VLAN 2 and configure it as a voice VLAN that permits only voice traffic to pass through. •...
  • Page 170 # Enable voice VLAN on GigabitEthernet 1/0/1. [DeviceA-GigabitEthernet1/0/1] voice vlan 2 enable Verifying the configurations # Display the OUI addresses, OUI address masks, and description strings. <DeviceA> display voice vlan oui Oui Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000...

  • Page 171: Configuring Gvrp

    Configuring GVRP The Generic Attribute Registration Protocol (GARP) provides a generic framework for devices in a switched LAN, such as end stations and switches, to register and deregister attribute values. The GARP VLAN Registration Protocol (GVRP) is a GARP application that registers and deregisters VLAN attributes. GVRP uses the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for GVRP devices on the network.
  • Page 172 LeaveAll messages from other participants. If any participants want to maintain the registration for a particular attribute value, they must send a Join message. GARP timers HP's implementation of GARP uses the following timers to control GARP message transmission: • Hold timer The Hold timer sets the delay that a GARP participant waits before sending a Join or Leave message.
  • Page 173 On a GARP-enabled network, each port maintains its own Hold, Join, and Leave timers, but only • one LeaveAll timer is maintained on each device. This LeaveAll timer applies to all ports on the device. • The value ranges for the Hold, Join, Leave, and LeaveAll timers are dependent on one another. Table 19 for their dependencies.

  • Page 174: Gvrp

    Field Description Value • 0x00—LeaveAll event • 0x01—JoinEmpty event • 0x02—JoinIn event Attribute event Event that the attribute describes • 0x03—LeaveEmpty event • 0x04—LeaveIn event • 0x05—Empty event VLAN ID for GVRP If the value of the attribute event field is Attribute value Attribute value 0x00 (LeaveAll event), the attribute value...

  • Page 175: Configuring Gvrp Functions

    GVRP configuration made in Ethernet interface view or Layer 2 aggregate interface view takes • effect on the current interface only; GVRP configuration made in port group view takes effect on all the member ports in the group. • GVRP configuration made on a member port in an aggregation group takes effect only after the port is removed from the aggregation group.

  • Page 176: Configuring The Garp Timers

    Step Command Remarks Access by default. For more information about the Configure the link type of port link-type trunk port link-type trunk command, the ports as trunk. see Layer 2—LAN Switching Command Reference. By default, a trunk port is assigned to VLAN 1 only. Assign the trunk ports to For more information about the port trunk permit vlan all...

  • Page 177: Displaying And Maintaining Gvrp

    If you want to restore the default settings of the timers, restore the Hold timer first, followed by the • Join, Leave, and LeaveAll timers. Table 19 Dependencies of the GARP timers Timer Lower limit Upper limit Hold 10 centiseconds No greater than half of the Join timer Join No less than twice the Hold timer...
  • Page 178 Device A and Device B are connected through their ports GigabitEthernet 1/0/1. • • Enable GVRP and configure the normal registration mode on ports to enable the registration and deregistration of dynamic and static VLAN information between the two devices. Figure 56 Network diagram Configuration procedure Configure Device A:...

  • Page 179: Gvrp Fixed Registration Mode Configuration Example

    1(default),2-3 According to the output, information about VLAN 1, static VLAN information of VLAN 2 on the local device, and dynamic VLAN information of VLAN 3 on Device B are all registered through GVRP. # Display the local VLAN information that GVRP maintains on port GigabitEthernet 1/0/1 of Device B.

  • Page 180: Gvrp Forbidden Registration Mode Configuration Example

    [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1, and set the GVRP registration mode to fixed on the port.
  • Page 181 Configuration procedure Configure Device A: # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, and assign it to all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1, and set the GVRP registration mode to forbidden on the port.
  • Page 182 # Display the local VLAN information that GVRP maintains on port GigabitEthernet 1/0/1 of Device B. [DeviceB] display gvrp local-vlan interface gigabitethernet 1/0/1 Following VLANs exist in GVRP local database: 1(default) According to the output, information about VLAN 1 is registered through GVRP, but static VLAN information of VLAN 3 on the local device and dynamic VLAN information of VLAN 2 on Device A are not.

  • Page 183: Configuring Qinq

    Configuring QinQ Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network. Service provider network VLANs (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.

  • Page 184: Qinq Frame Structure

    Figure 59 Typical QinQ application scenario As shown in Figure 59, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20. The service provider assigns SVLAN 3 for customer network A, and assigns SVLAN 4 for customer network B.

  • Page 185: Implementations Of Qinq

    The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. HP recommends you to increase the MTU of each interface on the service provider network to at least 1504 bytes.

  • Page 186: Protocols And Standards

    The switch determines whether a received frame carries a VLAN tag by checking the TPID value. For example, if a frame carries a VLAN tag with TPID value 0x8100, but the configured TPID value is 0x9100, the switch considers that the frame does not carry any VLAN tag. Devices of different vendors may set the TPID of the outer VLAN tag of QinQ frames to different values.

  • Page 187: Configuring Basic Qinq

    On a port with QinQ enabled, you must configure the port to allow packets from the inner and • outer VLANs of QinQ packets to pass through. Complete the follows tasks to configure QinQ: Task Remarks Enabling basic QinQ Required Configuring basic QinQ Configuring VLAN transparent transmission Optional...

  • Page 188: Configuring Selective Qinq

    Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view: interface interface-type Enter interface view or port Use either command. interface-number group view. • Enter port group view: port-group manual port-group-name Configure the link type of port link-type { hybrid | trunk } the ports.

  • Page 189: Configuring An Inner-Outer Vlan 802.1P Priority Mapping

    VLAN tag. Configuring an inner-outer VLAN 802.1p priority mapping Through QoS policies, the HP 5120 EI switches achieve the following inner-outer VLAN 802.1p priority mapping modes: Marking the 802.1p priorities in outer VLAN tags according to the inner VLAN IDs or the 802.1p •...

  • Page 190: Configuring The Tpid Value In Vlan Tags

    By default, the TPID value is 0x8100. value. The configuration applies to all ports. NOTE: The TPID value configured on the HP 5120 EI Switch Series applies to both the CVLAN tags and the SVLAN tags. QinQ configuration examples Basic QinQ configuration example...
  • Page 191 Figure 62 Network diagram Configuration procedure IMPORTANT: Make sure that you have configured the devices in the service provider network to allow QinQ packets to pass through. Configure PE 1: Configure GigabitEthernet 1/0/1: # Configure GigabitEthernet 1/0/1 as a trunk port and assign it to VLAN 100 and VLANs 10 through 70..
  • Page 192 Configure GigabitEthernet 1/0/3: # Configure GigabitEthernet 1/0/3 as a trunk port and assign it to VLAN 200 and VLANs 30 through 90. [PE1] interface gigabitethernet 1/0/3 [PE1-GigabitEthernet1/0/3] port link-type trunk [PE1-GigabitEthernet1/0/3] port trunk permit vlan 200 30 to 90 # Configure VLAN 200 as the PVID for the port. [PE1-GigabitEthernet1/0/3] port trunk pvid vlan 200 # Enable basic QinQ on the port.

  • Page 193: Selective Qinq Configuration Example

    On the third-party devices between PE 1 and PE 2, configure the port that connects to PE 1 and that connecting to PE 2 to allow tagged frames of VLAN 100 and VLAN 200 to pass through. (Details not shown.) Selective QinQ configuration example Network requirements As shown in...
  • Page 194 [PE1-GigabitEthernet1/0/1] port hybrid vlan 10 20 tagged [PE1-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged # Enable basic QinQ on the port. [PE1-GigabitEthernet1/0/1] qinq enable # Configure the port to tag VLAN 10 frames with outer VLAN ID 100. [PE1-GigabitEthernet1/0/1] qinq vid 100 [PE1-GigabitEthernet1/0/1-vid-100] raw-vlan-id inbound 10 [PE1-GigabitEthernet1/0/1-vid-100] quit # Configure the port to tag VLAN 20 frames with outer VLAN ID 200.
  • Page 195 [PE2-GigabitEthernet1/0/2] port trunk permit vlan 100 200 [PE2-GigabitEthernet1/0/2] quit # Set the TPID in the outer VLAN tags to 0x8200. [PE2] qinq ethernet-type 8200 On the third-party devices between PE 1 and PE 2, configure the port that connects to PE 1 and that connecting to PE 2 to allow tagged frames of VLAN 100 and VLAN 200 to pass through.

  • Page 196: Configuring Lldp

    Configuring LLDP Overview Background In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
  • Page 197 Field Description MAC address of the sending port. If the port does not have a MAC address, Source MAC address the MAC address of the sending bridge is used. Type Ethernet type for the upper layer protocol. It is 0x88CC for LLDP. Data LLDPDU.
  • Page 198 TLVs TLVs are type, length, and value sequences that carry information elements. The type field identifies the type of information, the length field measures the length of the information field in octets, and the value field contains the information itself. LLDPDU TLVs fall into the following categories: Basic management TLVs •...
  • Page 199 NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. HP devices send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.

  • Page 200: How Lldp Works

    Type Description Hardware Revision Allows a terminal device to advertise its hardware version. Firmware Revision Allows a terminal device to advertise its firmware version. Software Revision Allows a terminal device to advertise its software version. Serial Number Allows a terminal device to advertise its serial number. Manufacturer Name Allows a terminal device to advertise its vendor name.

  • Page 201: Protocols And Standards

    Receiving LLDPDUs An LLDP-enabled port that is operating in TxRx mode or Rx mode checks the validity of TLVs carried in every received LLDPDU. If valid, the information is saved and an aging timer is set for it based on the time to live (TTL) value in the Time to Live TLV carried in the LLDPDU.

  • Page 202: Setting The Lldp Operating Mode

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter Ethernet interface Use either command. view or port group view. • Enter port group view: port-group manual port-group-name Optional. Enable LLDP. lldp enable By default, LLDP is enabled on a port.

  • Page 203: Configuring The Advertisable Tlvs

    To enable LLDP polling: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number Enter Ethernet interface Use either command. view or port group view. • Enter port group view: port-group manual port-group-name Enable LLDP polling and lldp check-change-interval interval Disabled by default.

  • Page 204: Setting Other Lldp Parameters

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type Enter Ethernet interface interface-number Use either command. view or port group view. • Enter port group view: port-group manual port-group-name Optional. By default, the management address is sent through LLDPDUs. Allow LLDP to advertise For a Layer 2 Ethernet port, the the management...

  • Page 205: Setting An Encapsulation Format For Lldpdus

    Step Command Remarks Optional. Set the TTL multiplier. lldp hold-multiplier value 4 by default. Optional. Set the LLDPDU transmit lldp timer tx-interval interval interval. 30 seconds by default. Optional. Set the LLDPDU transmit delay. lldp timer tx-delay delay 2 seconds by default. Set the number of LLDPDUs Optional.

  • Page 206: Configuration Prerequisites

    Table 27 Fields in CDP packets Field Description Device ID Device ID, which is the bridge MAC address of the device. IPv4 address of the interface. The port IPv4 address is the main IP address of the VLAN interface that is in up state and whose corresponding VLAN ID is the lowest among the VLANs Addresses permitted on the port.

  • Page 207: Configuring Lldp Trapping

    CAUTION: The maximum TTL value that CDP allows is 255 seconds. To make CDP-compatible LLDP work properly with Cisco IP phones, be sure that the product of the TTL multiplier and the LLDPDU transmit interval is less than 255 seconds. CDP-compatible LLDP operates in one of the follows modes: •...

  • Page 208: Displaying And Maintaining Lldp

    Displaying and maintaining LLDP Task Command Remarks Display the global LLDP display lldp local-information [ global | interface information or the information Available in any interface-type interface-number ] [ | { begin | exclude contained in the LLDP TLVs to be view | include } regular-expression ] sent through a port.

  • Page 209: Verify The Configuration

    <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. (You can skip this step because LLDP is enabled on ports by default.) Set the LLDP operating mode to Rx. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp admin-status rx [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2...
  • Page 210 Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Polling interval : 0s Number of neighbors: Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV : 3 As the sample output shows, GigabitEthernet 1/0/1 of Switch A connects to an MED device, and GigabitEthernet 1/0/2 of Switch A connects to a non-MED device.

  • Page 211: Cdp-Compatible Lldp Configuration Example

    Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV As the sample output shows, GigabitEthernet 1/0/2 of Switch A does not connect to any neighboring devices. CDP-compatible LLDP configuration example Network requirements As shown in Figure 68, GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A are each...
  • Page 212 [SwitchA-GigabitEthernet1/0/1] lldp admin-status txrx [SwitchA-GigabitEthernet1/0/1] lldp compliance admin-status cdp txrx [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] lldp enable [SwitchA-GigabitEthernet1/0/2] lldp admin-status txrx [SwitchA-GigabitEthernet1/0/2] lldp compliance admin-status cdp txrx [SwitchA-GigabitEthernet1/0/2] quit Verify the configuration by displaying the neighbor information on Switch A. [SwitchA] display lldp neighbor-information CDP neighbor-information of port 1[GigabitEthernet1/0/1]: CDP neighbor index : 1...

  • Page 213: Configuring Mvrp

    Configuring MVRP Overview Multiple Registration Protocol (MRP) is an attribute registration protocol and transmits attribute messages. Multiple VLAN Registration Protocol (MVRP) is a typical MRP application. MVRP propagates and learns VLAN configuration among devices. MVRP enables a device to propagate the local VLAN configuration to the other devices, receive VLAN configuration from other devices, and dynamically update the local VLAN configuration (including the active VLANs and the ports through which a VLAN can be reached).
  • Page 214 MVRP registers and deregisters VLAN attributes as follows: • When a port receives the declaration of a VLAN attribute, the port registers the VLAN and joins the VLAN. When a port receives the withdrawal of a VLAN attribute, the port deregisters the VLAN and leaves •...

  • Page 215: Mvrp Registration Modes

    MRP timers The implementation of MRP uses the following timers to control MRP message transmission. • Periodic timer On startup, an MRP participant starts its own Periodic timer to control MRP message transmission. The MRP participant collects the MRP messages to be sent before the Periodic timer expires, and sends the MRP messages in as few packets as possible when the Periodic timer expires and meanwhile restarts the Periodic timer.

  • Page 216: Protocols And Standards

    Fixed • An MVRP participant in fixed registration mode disables deregistering dynamic VLANs, sends declarations for dynamic VLANs and static VLANs, and drops received MVRP protocol packets. As a result, an MVRP participant port in fixed registration mode does not deregister or register dynamic VLANs.

  • Page 217: Configuration Procedure

    Enabling MVRP on a Layer 2 aggregate interface enables both the aggregate interface and all • Selected member ports in the link aggregation group to participate in dynamic VLAN registration and deregistration. Configuration procedure To enable MVRP: Step Command Remarks Enter system view.

  • Page 218: Configuring Mrp Timers

    Step Command Remarks Optional. Configure the MVRP mvrp registration { fixed | The default setting is normal registration mode. forbidden | normal } registration mode. Configuring MRP timers CAUTION: The MRP timers apply to all MRP applications, for example, MVRP, on a port. To avoid frequent VLAN registrations and deregistrations, use the same MRP timers throughout the network.

  • Page 219: Enabling Gvrp Compatibility

    MSTP. When MVRP with GVRP compatibility enabled works with MSTP, the network might operate improperly. When GVRP compatibility is enabled for MVRP, HP recommends disabling the Period timer. • Otherwise, the VLAN status might frequently change when the system is busy.

  • Page 220: Configuration Example For Mvrp In Normal Registration Mode

    Task Command Remarks display mvrp statistics [ interface Display the MVRP statistics. interface-list ] [ | { begin | exclude | Available in any view include } regular-expression ] Display the dynamic VLAN display mvrp vlan-operation interface operation information of interface-type interface-number [ | { begin Available in any view the specified port.

  • Page 221: Configuration Procedure

    Figure 70 Network diagram Configuration procedure Configuring Device A # Enter MST region view. <DeviceA> system-view [DeviceA] stp region-configuration # Configure the MST region name, VLAN-to-instance mappings, and revision level. [DeviceA-mst-region] region-name example [DeviceA-mst-region] instance 1 vlan 10 [DeviceA-mst-region] instance 2 vlan 20 [DeviceA-mst-region] revision-level 0 # Manually activate the MST region configuration.
  • Page 222 # Globally enable MVRP. [DeviceA] mvrp global enable # Configure port GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port GigabitEthernet 1/0/1. [DeviceA-GigabitEthernet1/0/1] mvrp enable [DeviceA-GigabitEthernet1/0/1] quit # Configure port GigabitEthernet1/0/2 as a trunk port, and configure it to permit VLAN 40.
  • Page 223 [DeviceB] mvrp global enable # Configure port GigabitEthernet 1/0/1 as a trunk port, and configure it to permit VLANs 20 and 40. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 20 40 # Enable MVRP on port GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] mvrp enable [DeviceB-GigabitEthernet1/0/1] quit # Configure port GigabitEthernet1/0/2 as a trunk port, and configure it to permit all VLANs.
  • Page 224 # Configure port GigabitEthernet 1/0/1 as a trunk port, and configure it to permit all VLANs. [DeviceC] interface gigabitethernet 1/0/1 [DeviceC-GigabitEthernet1/0/1] port link-type trunk [DeviceC-GigabitEthernet1/0/1] port trunk permit vlan all # Enable MVRP on port GigabitEthernet 1/0/1. [DeviceC-GigabitEthernet1/0/1] mvrp enable [DeviceC-GigabitEthernet1/0/1] quit # Configure port GigabitEthernet1/0/2 as a trunk port, and configure it to permit all VLANs.
  • Page 225 [DeviceD-GigabitEthernet1/0/2] quit Verifying the configuration Verify the normal registration mode configuration: Use the display mvrp running-status command to display the local MVRP VLAN information to verify whether the configuration takes effect. # Check the local VLAN information on Device A. [DeviceA] display mvrp running-status -------[MVRP Global Info]------- Global Status...
  • Page 226 Port GigabitEthernet 1/0/3 has learned VLAN 1 and dynamic VLAN 20 created on Device B through MVRP. # Check the local VLAN information on Device B. [DeviceB] display mvrp running-status -------[MVRP Global Info]------- Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/1]---- Config Status...
  • Page 227 Global Status : Enabled Compliance-GVRP : False ----[GigabitEthernet1/0/1]---- Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Local VLANs : 1(default), 10, 20, ----[GigabitEthernet1/0/2]----...
  • Page 228 Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Local VLANs : 1(default), The output shows that: Port GigabitEthernet 1/0/1 has learned VLAN 1 and dynamic VLAN 20 created on Device B through MVRP.
  • Page 229 Config Status : Enabled Running Status : Enabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Fixed Local VLANs : 1(default), 10, The output shows that the dynamic VLAN information on GigabitEthernet 1/0/3 is not changed after you set the MVRP registration mode to fixed on GigabitEthernet 1/0/3.

  • Page 230: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 231: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 232 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 233: Index

    Index A B C D E G I L M O P Q R S T V Configuring loopback testing on an Ethernet interface,6 Assigning a port to the isolation group,55 Configuring MAC Information mode,32 Configuring MAC-based VLANs,124 Configuring MRP timers,209 BPDU tunneling configuration examples,1 10...
  • Page 234 Disabling MAC address learning,23 Isolate-user-VLAN configuration example,143 Disabling MAC entry aging timer refresh based on destination MAC address,25 LLDP configuration examples,199 Displaying and maintaining an Ethernet interface,16 LLDP configuration task list,192 Displaying and maintaining Ethernet link aggregation,49 Displaying and maintaining GVRP,168 MAC address table configuration example,29...
  • Page 235 Spanning tree configuration task list,70 Testing the cable connection of an Ethernet interface,14 STP,57 Voice VLAN configuration examples,158...

This manual is also suitable for:

5500 ei series5500 si series

Table of Contents