Syntax
display port vlan-vpn
View
Any view
Parameters
None
Description
Use the display port vlan-vpn
command to display the information about VLAN-VPN configuration of the current
system.
Related commands: vlan-vpn enable, vlan-vpn
inner-cos-trust.
Examples
# Display the VLAN-VPN configuration of the
current system.
<Sysname> display port vlan-vpn
GigabitEthernet1/0/5
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
VLAN-VPN inner-cos-trust status:
disable
Table 1-1
Description on the fields of the display port
vlan-vpn command
|
Field
|
Description
|
|
GigabitEthernet1/0/5
|
The port with the VLAN VPN feature
enabled
|
|
VLAN-VPN status
|
The operation status of the VLAN VPN
feature on the port
enabled
indicates that VLAN VPN is enabled on the port.
You can use the vlan-vpn enable
command to enable VLAN VPN on a port.
|
|
VLAN-VPN VLAN
|
The VLAN corresponding to the tag that
the port tags packets with, that is, the default VLAN of the port. For
descriptions on default VLAN, refer to VLAN Operation.
|
|
VLAN-VPN inner-cos-trust
|
The status of the inner-to-outer tag
priority replicating feature, enable (enabled) or disable
(disabled).
You can use the vlan-vpn
inner-cos-trust command to configure the feature.
|
Syntax
vlan-vpn enable
undo vlan-vpn
View
Ethernet port view
Parameters
None
Description
Use the vlan-vpn enable command to
enable the VLAN-VPN feature for a port.
Use the undo vlan-vpn command to
disable the VLAN-VPN feature for a port.
By default, the VLAN-VPN feature is
disabled.
With the VLAN-VPN feature enabled, a
received packet is tagged with the default VLAN tag of the receiving port no
matter whether or not the packet already carries a VLAN tag.
l
If the packet already carries a VLAN tag, the packet
becomes a dual-tagged packet.
l
Otherwise, the packet becomes a packet carrying
the default VLAN tag of the port.
Caution:
If IRF fabric is
enabled on a device, the VLAN-VPN feature cannot be enabled on any port of the
device.
You can use the display port vlan-vpn
command to display the configuration information of VLAN-VPN on the ports to
verity your configuration.
After the VLAN-VPN function is enabled, you
can use the vlan-vpn vid command and the raw-vlan-id inbound
command to configure the selective QinQ function. Refer to Selective QinQ Configuration Commands
for details.
Examples
# Enable the VLAN-VPN feature for GigabitEthernet
1/0/1 port.
<Sysname> system-view
System View: return to User View
with Ctrl+Z.
[Sysname] interface GigabitEthernet
1/0/1
[Sysname-GigabitEthernet1/0/1]
vlan-vpn enable
1.1.3 vlan-vpn inner-cos-trust
Syntax
vlan-vpn inner-cos-trust
enable
undo vlan-vpn inner-cos-trust
View
Ethernet port
view
Parameters
None
Description
Use the vlan-vpn inner-cos-trust enable command
to enable the inner-to-outer tag priority replicating feature.
With the feature enabled, a port replicates
the inner tag priority to the outer tag when adding an outer tag for a packet.
Use the undo vlan-vpn inner-cos-trust
command to disable the feature.
By default, the inner-to-outer tag priority
replicating feature is disabled, and the switch will use the priority of the
receiving port as the outer tag priority of packets. For descriptions on
receiving port priority, refer to QoS-QoS Profile Operation.
Note that:
l
This feature can be enabled only on
VLAN-VPN-enabled ports.
l
This command is mutually exclusive with the vlan-vpn
priority command.
Examples
# Enable the inner-to-outer tag priority replicating
feature for GigabitEthernet 1/0/2.
<Sysname> system-view
System View: return to User View
with Ctrl+Z.
[Sysname] interface GigabitEthernet
1/0/2
[Sysname-GigabitEthernet1/0/2]
vlan-vpn inner-cos-trust enable
Syntax
vlan-vpn priority inner-priority remark outer-priority
undo vlan-vpn priority inner-priority
View
Ethernet port view
Parameters
inner-priority: 802.1p priority of the inner VLAN tag in a packet. This argument can
be in the range 0 to 7 or a keyword listed in Table 1-2.
outer-priority: Priority for the outer VLAN tag in a
packet. This argument can be in the range 0 to 7 or a keyword listed Table 1-2.
Table 1-2 Description
on 802.1p priority
|
IP Precedence (decimal)
|
Keyword
|
|
0
|
Best-effort
|
|
1
|
Background
|
|
2
|
Spare
|
|
3
|
Excellent-effort
|
|
4
|
Controlled-load
|
|
5
|
Video
|
|
6
|
Voice
|
|
7
|
Network-management
|
For descriptions on
the 802.1p priority values and the keywords listed in Table 1-2, refer to Qos-QoS
Profile Operation.
Description
Use the vlan-vpn priority command to
configure the mapping between the inner VLAN priority and the outer VLAN
priority. With the mapping configured, a port will encapsulate a packet with
the specified inner tag priority with an outer tag that has the corresponding
priority.
Use the undo vlan-vpn priority command
to remove the configuration.
By default, no mapping between the inner
tag priority and the outer tag priority is configured, and the switch uses the
priority of the receiving port as the outer tag priority of packets. For
descriptions on receiving port priority, refer to QoS-QoS Profile Operation.
Note that:
l
This command is applicable to only the VLAN-VPN
enabled ports.
l
This command is mutually exclusive with the vlan-vpn
inner-cos-trust command.
Examples
# Enable the inner-to-outer tag priority mapping feature for GigabitEthernet
1/0/1. Insert outer tags with the priorities being 5 to packets with the
priorities of their inner tags being 3.
<Sysname> system-view
System View: return to User View
with Ctrl+Z.
[Sysname] interface GigabitEthernet
1/0/1
[Sysname-GigabitEthernet1/0/1]
vlan-vpn priority 3 remark 5
The selective QinQ
feature is new to H3C S5600 Series Ethernet Switches.
Syntax
mac-address-mapping index source-vlan source-vlan-list destination-vlan dest-vlan-id
undo mac-address-mapping { index | all }
View
Ethernet port view
Parameters
index: Index
of the inter-VLAN MAC address replicating configuration to be created or
removed. This argument is in the range 0 to 7.
source-vlan source-vlan-list: Specifies a list of the
IDs of the VLANs, whose MAC address entries are to be replicated to the MAC
address table of the destination VLAN. You need to provide the source-vlan-list
argument in the form of { vlan-id [ to vlan-id ]
}&<1-10>, where the VLAN ID after the to keyword must be
larger than or equal to the VLAN ID before the to keyword and &<1-10>
means that you can specify up to 10 VLANs/VLAN ranges for this argument.
dest-vlan-id:
ID of the destination VLAN for replication, in the range 1 to 4094.
all: Removes
all the inter-VLAN MAC address replicating configurations created on the
current port.
Description
Use the mac-address-mapping command
to configure the inter-VLAN MAC address replicating feature for a port. This
feature can replicate MAC address entries of the MAC address tables of specified
source VLANs to the MAC address table of the specified destination VLAN.
Use the undo mac-address-mapping command
to disable this feature.
The inter-VLAN MAC address replicating
feature is disabled on any port by default.
In a selective QinQ application, you can
configure this feature to:
l
Replicate MAC address entries in the MAC address
tables of the outer VLANs configured in selective QinQ to the MAC address table
of the default VLAN of the downlink port. This is for forwarding uplink packets
to the operator network.
l
Replicate MAC address entries in the MAC address
table of the default VLAN of the downlink port to the MAC address tables of all
the outer VLANs configured in selective QinQ. This is for forwarding packets
from the operator network to the user networks.
Caution:
VLAN 4093 is a
special VLAN reserved for the IRF fabric feature. It can not serve as the
destination VLAN of the inter-VLAN MAC address replicating feature to receive
MAC address entries from the other VLANs.
Examples
# Enable the inter-VLAN MAC address replicating
feature for GigabitEthernet1/0/1 to replicate the MAC address entries between
the MAC address table of VLAN 4 (the default VLAN) and that of the outer VLAN
10.
<Sysname> system-view
System View: return to User View
with Ctrl+Z.
[Sysname] interface GigabitEthernet
1/0/1
[Sysname-GigabitEthernet1/0/1]
mac-address-mapping 0 source-vlan 4 destination-vlan 10
[Sysname-GigabitEthernet1/0/1]
mac-address-mapping 1 source-vlan 10 destination-vlan 4
Syntax
raw-vlan-id inbound vlan-id-list
undo raw-vlan-id inbound { all | vlan-id-list }
View
QinQ view
Parameters
vlan-id-list:
Lists of VLAN IDs. After receiving packets of these VLANs, the switch will
encapsulate the packets with the specified outer VLAN tag. You need to provide
this argument in the form of { vlan-id [ to vlan-id ]
}&<1-10>, where the VLAN ID after the to keyword must be
larger than or equal to the VLAN ID before the to keyword and &<1-10>
means that you can specify up to 10 VLANs/VLAN ranges for this argument.
all: Removes
all configurations of encapsulating an outer VLAN tag for specified inner VLANs
in the current view.
Description
Use the raw-vlan-id inbound command
to specify to encapsulate packets with the specified inner VLAN tags with the
specified outer tag. This command must be configured on ports connecting the
user network.
Use the undo raw-vlan-id inbound command
to remove the configuration.
By default, the switch does not encapsulate
packets with any outer VLAN tag.
Caution:
A packet cannot be
tagged with different outer VLAN tags. To change the outer VLAN tag of a
packet, you need to remove the existing outer VLAN tag configuration and configure
a new outer VLAN tag.
Before configuring this command in QinQ
view, you need to use the vlan-vpn vid command to configure the outer
VLAN tag to be used in the selective QinQ policy.
Related commands: vlan-vpn vid.
Examples
# Configure GigabitEthernet 1/0/1 to add
the tag of VLAN 20 as the outer tag to packets with their inner VLAN IDs being
8 through 15.
<Sysname> system-view
System View: return to User View
with Ctrl+Z.
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] vlan-vpn vid 20
[Sysname-GigabitEthernet1/0/1-vid-20]
raw-vlan-id inbound 8 to 15
2.1.3 vlan-vpn vid
Syntax
vlan-vpn vid vlan-id
undo vlan-vpn vid vlan-id
View
Ethernet port view
Parameters
vlan-id:
VLAN ID, in the range 1 to 4094.
Description
Use the vlan-vpn vid command to
configure the outer VLAN tag for a selective QinQ policy (that is, the outer
VLAN tag to be used by a port to encapsulate received packets) and to enter
QinQ view.
Use the undo vlan-vpn vid command to
remove the configured outer VLAN tag. Note that this command will also remove all
configurations configured by the raw-vlan-id inbound command in QinQ view.
Before configuring this command on a port,
make sure that the vlan-vpn enable command is configured on the port.
Caution:
If IRF fabric is
enabled on a device, the selective QinQ policy cannot be configured on any port
of the device.
By default, no selective QinQ policy is configured
on a port.
After specifying an outer VLAN tag and
enter QinQ view, you need to use the raw-vlan-id inbound command to specify
which VLANs’ packets will be encapsulated with the specified outer VLAN
tag. Otherwise, the configuration of the outer VLAN tag is of no use.
Related commands: raw-vlan-id inbound.
Examples
# Specify GigabitEthernet 1/0/1 add VLAN 20
tag as the outer tag to the packets with their inner VLAN IDs being 2 through
14.
<Sysname> system-view
System View: return to User View
with Ctrl+Z.
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] vlan-vpn vid 20
[Sysname-GigabitEthernet1/0/1-vid-20]
raw-vlan-id inbound 2 to 14
Two features, the
BPDU Tunnel support for packets of multiple protocols and adjusting tunnel
packet MAC addresses, are newly added. For details, refer to bpdu-tunnel and bpdu-tunnel tunnel-dmac.
Syntax
bpdu-tunnel protocol-type
undo bpdu-tunnel { protocol-type | all }
View
Ethernet port view
Parameters
protocol-type: Protocol type, packets of which will be transmitted through a BPDU
tunnel, This argument can be a keyword listed in Table 3-1.
Table 3-1 Description on the protocol-name
argument
|
Value
|
Description
|
|
cdp
|
Enable/Disable BPDU tunnel for CISCO
discovery protocol (CDP).
|
|
hgmp
|
Enable/Disable BPDU tunnel for Huawei
group management protocol (HGMP) related protocols, including neighbor
discovery protocol (NDP), neighbor topology discovery protocol, cluster member
remote control (MRC), and Huawei authentication bypass protocol (HABP).
|
|
lacp
|
Enable/Disable BPDU tunnel for link
aggregation control protocol (LACP).
|
|
pagp
|
Enable/Disable BPDU tunnel for port
aggregation protocol (PAGP).
|
|
pvst
|
Enable/Disable BPDU tunnel for per-VLAN
spanning tree (PVST).
|
|
stp
|
Enable/Disable BPDU tunnel for spanning
tree protocol (STP).
|
|
vtp
|
Enable/Disable BPDU tunnel for VLAN trunk
protocol (VTP).
|
|
udld
|
Enable/Disable BPDU tunnel for uni-directional
link direction (UDLD).
|
all:
Disables BPDU tunnel for all protocol packets.
Description
Use the bpdu-tunnel command to
enable BPDU tunnel on a port, so that packets of the specified protocol will be
transparently transmitted through the BPDU tunnel on the port.
Use the undo bpdu-tunnel command to
disable BPDU tunnel on a port.
By default, BPDU tunnel is disabled on a
port.
After you enable a port to transmit packets
of a specified protocol type through the BPDU tunnel, when the port receives
such a packet, it will use the specified private multicast MAC address to
replace the original destination MAC address of the packet before sending it. As
a result, the packet will not be recognized as a protocol packet by other
devices in the operator network during transmission. In this way, transparent
transmission is implemented.
You can use the bpdu-tunnel tunnel-dmac
command to change the destination MAC addresses of protocol packets to a
specified multicast MAC address.
Caution:
l
If this command is enabled on a port for a
specific protocol, the specific protocol cannot be enabled on the port. For
example, if you have configured the bpdu-tunnel lacp command, the lacp
enable command cannot be enabled on the port.
l
The commands configured for service
provider’s devices at both ends of a BPDU tunnel must be consistent.
Otherwise, BPDU packets of the customer network cannot be transparently
transmitted properly.
l
If IRF fabric is enabled on one port of a
device, the BPDU tunnel feature cannot be enabled on any port of the device.
Examples
# Enable BPDU tunnel for packets of LACP.
<Sysname> system-view
System View: return to User View
with Ctrl+Z.
[Sysname] interface GigabitEthernet
1/0/1
[Sysname-GigabitEthernet1/0/1] bpdu-tunnel lacp
Syntax
bpdu-tunnel tunnel-dmac mac-address
undo bpdu-tunnel tunnel-dmac
View
System view
Parameters
mac-address:
Destination MAC address to be assigned to the protocol packets transmitted
along a BPDU tunnel. This argument must be a multicast MAC address.
Description
Use the bpdu-tunnel tunnel-dmac
command to configure the destination MAC address for protocol packets
transmitted along a BPDU tunnel.
Use the undo bpdu-tunnel tunnel-dmac
command to restore the default destination MAC address.
By default, the destination MAC address for
protocol packets transmitted along a BPDU tunnel is 010f-e200-0003.
Caution:
Related commands: display bpdu-tunnel.
Examples
# Set the destination MAC address for
protocol packets transmitted along BPDU tunnels to 010f-e266-c3ab.
<Sysname> system-view
System View: return to User View
with Ctrl+Z.
[Sysname] bpdu-tunnel tunnel-dmac
010f-e266-c3ab
Syntax
display bpdu-tunnel
View
Any view
Parameters
None
Description
Use the display bpdu-tunnel command
to display the private multicast MAC address configured for protocol packets
transmitted along the BPDU tunnel(s).
Related commands: bpdu-tunnel tunnel-dmac.
Examples
# Display the private multicast MAC address
configured for packets transmitted along the BPDU tunnel(s).
<Sysname> display
bpdu-tunnel
Tunnel packet's
destination-mac-address: 010f-e2cd-0003
The above output information indicates that
all the protocol packets transmitted along the BPDU tunnel(s) use 010f-e2cd-0003
as their destination MAC addresses.
