Table of Contents

Chapter 1 VLAN Configuration. 1-1

1.1 VLAN Overview. 1-1

1.1.1 Introduction to VLAN. 1-1

1.1.2 VLAN Classification. 1-2

1.2 Basic VLAN Configuration. 1-2

1.3 Basic VLAN Interface Configuration. 1-2

1.4 Port-Based VLAN Configuration. 1-3

1.4.1 Introduction of Port-Based VLAN. 1-3

1.4.2 Configuring an Access Port-Based VLAN. 1-5

1.4.3 Configuring a Trunk Port-Based VLAN. 1-6

1.4.4 Configuring a Hybrid Port-Based VLAN. 1-7

1.5 Displaying VLAN Configuration. 1-8

1.6 VLAN Configuration Example. 1-9

1.6.1 Network Requirements. 1-9

1.6.2 Network Diagram.. 1-9

1.6.3 Configuration Procedure. 1-9

Chapter 2 Voice VLAN Configuration. 2-1

2.1 Voice VLAN Overview. 2-1

2.1.1 Automatic and Manual Voice VLAN Modes. 2-1

2.1.2 Security and Ordinary Voice VLAN Modes. 2-4

2.2 Voice VLAN Configuration. 2-4

2.2.1 Configuration Prerequisites. 2-4

2.2.2 Configuring Voice VLAN in Automatic Mode. 2-5

2.2.3 Configuring Voice VLAN in Manual Mode. 2-6

2.3 Displaying Voice VLAN. 2-7

2.4 Voice VLAN Configuration Example. 2-7

2.4.1 Voice VLAN Configuration Example (Automatic Mode) 2-7

2.4.2 Voice VLAN Configuration Example (Manual Mode) 2-9

Chapter 3 GVRP Configuration. 3-1

3.1 Introduction to GARP. 3-1

3.1.1 Introduction to GARP. 3-1

3.1.2 Introduction to GVRP. 3-3

3.1.3 Protocols and Standards. 3-4

3.2 Configuring GVRP. 3-4

3.2.1 Configuring GVRP. 3-4

3.2.2 Setting GARP Timer 3-5

3.3 Displaying and Maintaining GARP/GVRP. 3-6

3.4 GVRP Configuration Example. 3-7

3.4.1 Example 1. 3-7

3.4.2 Example 2. 3-8

3.4.3 Example 3. 3-9

 

Chapter 1  VLAN Configuration

1.1  VLAN Overview

1.1.1  Introduction to VLAN

The virtual local area network (VLAN) technology is developed for switches to control broadcast operations in LANs.

By creating VLANs in a physical LAN, you can divide the LAN into multiple logical LANs, each of which has a broadcast domain of its own. Hosts in the same VLAN communicate with each other as if they are in a LAN. However, hosts in different VLANs cannot communicate with each other directly. In this way, a broadcast frame is confined within one VLAN, as shown in Figure 1-1.

Figure 1-1 A VLAN implementation

A VLAN can span across multiple switches, or even routers. This enables hosts in a VLAN to be dispersed in a more loose way. That is, hosts in a VLAN can belong to different physical network segments.

VLAN enjoys the following advantages.

l           Broadcasts are confined to VLANs. This decreases bandwidth utilization and improves network performance.

l           Network security is improved. Packets of different VLANs are isolated during transmission. That is, hosts in different VLANs cannot communicate with each other directly. To enable communications between different VLANs, network devices operating on Layer 3 (such as routers or Layer 3 switches) are needed.

l           Configuration workload is reduced. VLAN can be used to group specific hosts. When the physical position of a host changes, no additional network configuration is required if the host still belongs to the same VLAN.

1.1.2  VLAN Classification

Depending on how VLANs are established, VLANs fall into the following six categories:

l           Port-based VLAN

l           MAC-based VLAN

l           Protocol-based VLAN

l           IP sub network-based VLAN

l           Policy-based VLAN

l           Other VLAN

H3C S5500-SI Series Ethernet Switch supports the port-based VLAN. This chapter will focus on the port-based VLAN.

1.2  Basic VLAN Configuration

Table 1-1 Basic VLAN configuration

To do…	Use the command…	Remarks
Enter system view	system-view	—
Create VLANs in bulk	vlan { vlan-id1 to vlan-id2 | all }	Optional
Create a VLAN and enter VLAN view	vlan vlan-id	Required If the specified VLAN does not exist, this command will first create the VLAN, and then enter VLAN view.
Specify the description string of the VLAN	description text	Optional By default, the description string of a VLAN is its VLAN ID, such as “VLAN 0001”.

 

1.3  Basic VLAN Interface Configuration

VLAN interface is a virtual interface in Layer 3 mode, and mainly used in realizing the Layer 3 connectivity between different VLANs.

Table 1-2 Configure a VLAN interface

To do…	Use the command…	Remarks
Enter system view	system-view	—
Create a VLAN interface and enter VLAN interface view	interface vlan-interface vlan-interface-id	Required If the specified VLAN interface does not exist, this command will create it first and then enter VLAN interface view.
Configure IP address of VLAN interface	ip address ip-address { mask | mask-length } [ sub ]	Optional By default, no IP address is configured for a VLAN interface
Specify the description string for the current VLAN interface	description text	Optional By default, the description string of a VLAN interface is the name of the VLAN interface, such as “Vlan-interface1 interface”.
Enable the VLAN Interface	undo shutdown	Optional By default, if all the ports under the VLAN interface are down, the VLAN interface is down; if one or more ports under the VLAN interface are up, the VLAN interface is up.

 

 

1.4  Port-Based VLAN Configuration

1.4.1  Introduction of Port-Based VLAN

Port-based VLAN is the simplest and most effective VLAN division method. It defines its VLAN members according to the ports of a switch. After a specified port is added into a specified VLAN, the port can forward the packets of the specified VLAN.

I. Link Type of an Ethernet Port

Depending on how a port processes VLAN tags when it forwards packets, the link type of the port can be one of the following three types:

l           Access. An access port belongs to only one VLAN; it strips VLAN tags when sending the packets of the VLAN. An access port is generally used to connect a user device.

l           Trunk. A trunk port can belong to more than one VLAN and receives/sends the packets of multiple VLANs; it is generally used to connect a switch.

l           Hybrid. A hybrid port can also belong to more than one VLAN and receives/sends the packets of multiple VLANs; it is used to connect a switch or a user device.

The difference between the hybrid port and the trunk port is that:

l           A hybrid port allows the packets from multiple VLANs to be sent without tags.

l           A trunk port only allows the packets from the default VLAN to be sent without tags.

II. Default VLAN

You can configure a VLAN for a port. In additional, you can also configure a default VLAN for the port. By default, the default VLAN of all the ports is VLAN 1. But you can configure it as needed.

l           The default VLAN of an access port is the VLAN the access port belongs to and cannot be configured.

l           Both of the trunk port and hybrid port allow multiple VLANs to pass through. You can configure the default VLAN for them.

l           After you delete the default VLAN of a port through the undo vlan command, for an access port, its default VLAN restore to VLAN 1; for a trunk or a hybrid port, its default VLAN configuration remain unchanged, that is, a trunk port or hybrid port can use the presently nonexistent VLAN as the default VLAN.

 

 

The way by which a port processes incoming and outgoing packets depends on the link type and default VLAN configured on it. Refer to the following table for details:

Table 1-3 Incoming and outgoing packets

Port type	Incoming packet		Outgoing packet
	If no tag is carried in the packet	If a tag is carried in the packet
Access port	Encapsulate the default VLAN tag to the packet	l      Receive the packet when the VLAN ID (recorded in the tag) is the same with the default VLAN ID. l      Drop the packet when the VLAN ID is different with the default VLAN ID.	Remove the tag and send the packet directly for the VLAN ID is just the default VLAN ID.
Trunk port		l      Receive the packet when the VLAN ID (recorded in the tag) is the same with the default VLAN ID. l      Receive the packet when the VLAN ID is different with the default VLAN ID but is allowed on the port. l      Drop the packet when the VLAN ID is different with the default ID and is not allowed on the port.	l      When the VLAN ID is the same with the default VLAN ID, remove the tag of the packet first and then send the packet. l      When the VLAN ID is different with the default VLAN ID but is allowed on the port, keep the original tag and send the packet.
Hybrid port			When the VLAN ID is allowed on the port, send the packet. You can configure whether or not to carry tags in the outgoing packets of a VLAN (including default VLAN) through the port hybrid vlan command.

 

1.4.2  Configuring an Access Port-Based VLAN

You can configure an access port-based VLAN in two ways: configure it in VLAN view, or configure it in Ethernet port view/port group view.

Table 1-4 Configure an access port-based VLAN (in VLAN view)

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter VLAN view	vlan vlan-id	Required If the specified VLAN does not exist, this command will create the VLAN first and then enter VLAN view of the VLAN.
Add an Ethernet port to a specified VLAN	port interface-list	Required By default, the system adds all ports to VLAN 1.

 

Table 1-5 Configure an access port-based VLAN (in Ethernet port view or port group view)

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enter Ethernet port view or port group view	Enter Ethernet port view	interface interface-type interface-number	Use either command Configured in Ethernet port view, the following settings are effective on the current port only; configured in port group view, the following settings are effective on all ports in the port group
	Enter port group view	port-group { manual port-group-name | aggregation agg-id }
Configure a port as an access port		port link-type access	Optional By default, a port is an access port.
Add the current access port to a specified VLAN		port access vlan vlan-id	Required By default, all access ports belong to VLAN 1.

 

 

1.4.3  Configuring a Trunk Port-Based VLAN

A trunk port allows multiple VLANs to pass, and you can configure it in Ethernet port view/port group view.

Table 1-6 Configure a trunk port-based VLAN

To do…			Use the command…	Remarks
Enter system view		system-view		—
Enter Ethernet port view or port group view	Enter Ethernet port view	interface interface-type interface-number		Use either command Configured in Ethernet port view, the following settings are effective on the current port only; configured in port group view, the following settings are effective on all ports in the port group
	Enter port group view	port-group { manual port-group-name | aggregation agg-id }
Configure a port as a trunk port		port link-type trunk		Required By default, the link type of a port is access.
Add the current trunk port to specified VLANs		port trunk permit vlan { vlan-id-list | all }		Required By default, all trunk ports only allow the packets of VLAN 1 to pass.
Set the default VLAN for the trunk port		port trunk pvid vlan vlan-id		Optional By default, the default VLAN of the trunk port is VLAN 1

 

 

1.4.4  Configuring a Hybrid Port-Based VLAN

A hybrid port allows multiple VLANs to pass, and you can configure it in Ethernet port view/port group view.

Table 1-7 Configure a hybrid port-based VLAN

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enter Ethernet port view or port group view	Enter Ethernet port view	interface interface-type interface-number	Use either command Configured in Ethernet port view, the following settings are effective on the current port only; configured in port group view, the following settings are effective on all ports in the port group
	Enter port group view	port-group { manual port-group-name | aggregation agg-id }
Configure a port as a Hybrid port		port link-type hybrid	Required By default, the link type of a port is access.
Add the current hybrid port to specified VLANs		port hybrid vlan vlan-id-list { tagged | untagged }	Required By default, all hybrid ports only allow VLAN 1 packets to pass.
Set the default VLAN for the hybrid port.		port hybrid pvid vlan vlan-id	Optional By default, the default VLAN of the hybrid port is VLAN 1

 

 

1.5  Displaying VLAN Configuration

After the above configuration, you can execute the display command in any view to view the running of the VLAN configuration, and to verify the effect of the configuration.

Table 1-8 Display the information about specified VLANs

To do…	Use the command…	Remarks
Display the information about specified VLANs	display vlan [ vlan-id1 [ to vlan-id2 ] | all | static | dynamic | reserved ]	Available in any view
Display the information about specified VLAN interface	display interface vlan-interface [ vlan-interface-id ]

 

1.6  VLAN Configuration Example

1.6.1  Network Requirements

l           Switch A connects with Switch B through the trunk port GigabitEthernet1/0/1.

l           The default VLAN ID of the port is 100.

l           The port permits the packets from VLAN 2, VLAN 6 through 50, and VLAN 100 to pass.

1.6.2  Network Diagram

Figure 1-2 Network diagram for port-based VLAN configuration

1.6.3  Configuration Procedure

1)         Configure Switch A

# Create VLAN 2, VLAN 6 through VLAN 50 and VLAN 100.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] vlan 100

[Sysname-vlan100] quit

[Sysname] vlan 6 to 50

Please wait... Done.

# Enter Ethernet port view of GigabitEthernet1/0/1.

[Sysname] interface GigabitEthernet 1/0/1

# Configure GigabitEthernet1/0/1 as a trunk port, and configure its default VLAN ID as VLAN 100.

[Sysname-GigabitEthernet1/0/1] port link-type trunk

[Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 100

# Configure GigabitEthernet1/0/1 to permit the packets from VLAN 2, VLAN 6 through 50, and VLAN 100 to pass.

[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 2 6 to 50 100

Please wait... Done. 

2)         Configuration on Switch B is the same as that on Switch A.

 

Chapter 2  Voice VLAN Configuration

2.1  Voice VLAN Overview

Voice VLANs are VLANs configured specially for voice data stream. By adding the ports with voice devices attached to voice VLANs, you can perform quality of service (QoS)-related configuration for voice data, ensuring the transmission priority of voice data stream and voice quality.

S5500-SI series Ethernet switches determine whether a received packet is a voice packet by checking its source MAC address. If the source MAC addresses of packets comply with the organizationally unique identifier (OUI) addresses configured by the system, the packets are determined as voice packets and transmitted in voice VLAN.

You can configure an OUI address for voice packets or specify to use the default OUI address.

The following table shows the five default OUI addresses of a switch.

Table 2-1 Default OUI addresses preset by the switch

Number	OUI Address	Vendor
1	0001-e300-0000	Siemens phone
2	0003-6b00-0000	Cisco phone
3	00d0-1e00-0000	Pingtel phone
4	00e0-7500-0000	Polycom phone
5	00e0-bb00-0000	3com phone

 

 

2.1.1  Automatic and Manual Voice VLAN Modes

According to how a port is added to the voice VLAN, the port can work in one of the two voice VLAN modes: automatic and manual.

l           In automatic mode, the system identifies the source MAC address contained in the untagged packet sent when the IP phone is powered on and matches it against the OUI addresses. If a match is found, the system will automatically add the port into the Voice VLAN and send ACL rules to ensure the packet precedence. An aging time can be configured on the device. The system will remove a port from the voice VLAN if no voice packets are received from it within the aging time. The adding and deleting of ports are automatically realized by the system.

l           In manual mode, the administrator adds the IP phone access port directly to the voice VLAN. The system then identifies the source MAC address contained in the packets on the port, matches it against the OUI addresses, and decides whether to forward the packets in the voice VLAN. When the administrator adds a port to the voice VLAN, the device automatically applies ACL rules to the port to configure packet priority. In this mode, the adding or deleting of ports is realized by the administrators.

In any of the two modes, the port forwards tagged packets in the same manner: forward the tagged packets based on the VLAN IDs contained in them.

The above two working modes are configured in Ethernet port view. The voice VLAN working modes of different ports are independent and different ports can be configured to work in different modes.

The following table lists the co-relation between voice VLAN modes, voice traffic types of IP phones, and port types.

Table 2-2 Port modes and voice stream types

Port voice VLAN mode	Voice stream type	Port type	Supported or not
Automatic mode	Tagged voice stream	Access	Not supported
		Trunk	Supported Make sure the default VLAN of the port exists and is not a voice VLAN. And the port permits the packets of the default VLAN.
		Hybrid	Supported Make sure the default VLAN of the port exists and is in the list of the tagged VLANs whose packets are permitted by the port.
	Untagged voice stream	Access	Not supported.
		Trunk
		Hybrid
Manual mode	Tagged voice stream	Access	Not supported
		Trunk	Supported Make sure the default VLAN of the port exists and is not a voice VLAN. And the port permits the packets of the default VLAN.
		Hybrid	Supported Make sure the default VLAN of the port exists and is in the list of the tagged VLANs whose packets are permitted by the port.
	Untagged voice stream	Access	Supported Make sure the default VLAN of the port is a voice VLAN.
		Trunk	Supported Make sure the default VLAN of the port is a voice VLAN and the port permits the packets of the VLAN.
		Hybrid	Supported Make sure the default VLAN of the port is a voice VLAN and is in the list of untagged VLANs whose packets are permitted by the port.

 

 

 

2.1.2  Security and Ordinary Voice VLAN Modes

According to the packet filtering scheme of a port with voice VLAN function enabled, the port works in one of the two voice VLAN modes: security and ordinary.

l           In security mode, the port with the voice VLAN function enabled allows only the voice packets with source MAC address being recognizable OUI address. Other packets are discarded (including some authentication packets, like 802.1x authentication packets).

l           In ordinary mode, the port with voice VLAN function enabled allows both voice packets and other types of packets to pass. Voice packets comply with the filtering rule of the voice VLAN and other types of packets comply with the filtering rule of the ordinary VLAN.

You are recommended not to transmit voice data and other service data in the voice VLAN simultaneously. If you need to do so, make sure the voice VLAN mode is ordinary.

2.2  Voice VLAN Configuration

2.2.1  Configuration Prerequisites

l           Create the corresponding VLAN before configuring voice VLAN.

l           VLAN 1 is the default VLAN and do not need to be created. But VLAN 1 does not support the voice VLAN function.

2.2.2  Configuring Voice VLAN in Automatic Mode

Table 2-3 Configure voice VLAN in automatic mode

To do…	Use the command…	Remarks
Enter system view	system-view	—
Set the aging time for the voice VLAN	voice vlan aging minutes	Optional The default aging time is 1,440 minutes, and only effective for the port in automatic mode.
Enable the voice VLAN security mode	voice vlan security enable	Optional By default, the voice VLAN security mode is enabled.
Set an OUI address that can be identified by the voice VLAN	voice vlan mac-address oui mask oui-mask [ description text ]	Optional A voice VLAN has five default OUI addresses.
Enable the voice VLAN function globally	voice vlan vlan-id enable	Required
Enter port view	interface interface-type interface-number	—
Set the voice VLAN operation mode to automatic mode	voice vlan mode auto	Optional The default voice VLAN operation mode is automatic mode.
Enable the voice VLAN function for the port	voice vlan enable	Required By default, the voice VLAN function is not enabled for a port.

 

 

2.2.3  Configuring Voice VLAN in Manual Mode

Table 2-4 Configure voice VLAN in manual mode

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the voice VLAN security mode	voice vlan security enable	Optional By default, the voice VLAN security mode is enabled.
Set an OUI address to be one that can be identified by the voice VLAN	voice vlan mac-address oui mask oui-mask [ description text ]	Optional By default, after the voice VLAN is enabled, it has five OUI addresses.
Enable the voice VLAN function globally	voice vlan vlan-id enable	Required
Enter port view	interface interface-type interface-number	—
Set voice VLAN operation mode to manual mode	undo voice vlan mode auto	Required The default voice VLAN operation mode is automatic mode.
Add the manual mode port to the voice VLAN	Refer to section 1.4  “Port-Based VLAN”	Required By default, all ports belong to VLAN 1. When you add a hybrid port to the voice VLAN, you need to configure the hybrid port to keep or strip the VLAN tag of the voice stream. Refer to Table 2-2 “Port modes and voice stream types”.
Specify the voice VLAN as the default VLAN of the port	Refer to section 1.4  “Port-Based VLAN”	Optional By default, the default VLAN of all ports is VLAN 1. Whether you need to configure the voice VLAN as the default VLAN of a port, refer to Table 2-2 “Port modes and voice stream types”.
Enable the voice VLAN function for the port	voice vlan enable	Required By default, the voice VLAN function is disabled on a port.

 

 

2.3  Displaying Voice VLAN

After the above configurations, you can execute the display command in any view to view the running status and verify the configuration effect.

Table 2-5 Display a voice VLAN

To do...	Use the command...	Remarks
Display the voice VLAN state	display voice vlan state	Available in any view
Display the OUI addresses currently supported by system	display voice vlan oui

 

2.4  Voice VLAN Configuration Example

2.4.1  Voice VLAN Configuration Example (Automatic Mode)

I. Network requirements

l           Create VLAN 2 and configure it as a voice VLAN with an aging time of 100 minutes.

l           Configure GigabitEthernet1/0/1 port as a trunk port, with VLAN 6 as the default port.

l           The device allows voice packets from GigabitEthernet 1/0/1 with an OUI address of 0011-2200-0000 and a mask of ffff-ff00-0000 to be forwarded through the voice VLAN.

II. Network diagram

Figure 2-1 Network diagram for configuration of voice VLAN in automatic mode

III. Configuration procedure

# Create VLAN 2, VLAN 6.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] vlan 6

[Sysname-vlan6] quit

# Set aging time for the voice VLAN

[Sysname] voice vlan aging 100

# Set 0011-2200-0000 to be one that can be identified by the voice VLAN

[Sysname] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test

# Enable the global voice VLAN function.

[Sysname] voice vlan 2 enable

# Set the voice VLAN operation mode of GigabitEthernet1/0/1 to automatic mode.

[Sysname] interface GigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] voice vlan mode auto

# Specify port GigabitEthternet1/0/1 as a Trunk port.

[Sysname-GigabitEthernet1/0/1] port link-type trunk

# Set the default VLAN of the port to VLAN 6, and the port permits VLAN 6 to pass.

[Sysname-GigabitEthernet1/0/1] port trunk permit vlan 6

[Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 6

# Enable the voice VLAN function for the port.

[Sysname-GigabitEthernet1/0/1] voice vlan enable

2.4.2  Voice VLAN Configuration Example (Manual Mode)

I. Network requirements

l           Create VLAN 2 and configure it as a voice VLAN.

l           The voice stream transmitted by the IP phone is untagged, and the port which the IP phone is attached to is a Hybrid port GigabitEthernet1/0/1.

l           GigbitEthernet1/0/1 works in manual mode, and only permits the voice packets with the following features to pass: OUI address is 0011-2200-0000; network mask is ffff-ff00-0000 and description string is “test”.

II. Network diagram

Figure 2-2 Voice VLAN Configuration Example

III. Configuration procedure

# Set the voice VALN to work in security mode to permit the legal voice packets to pass (optional, defaults to security mode).

<Sysname> system-view

[Sysname] voice vlan security enable

# Set 0011-2200-0000 to be one that can be identified by the voice VLAN

[Sysname] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test

# Create VLAN 2, and enable the voice VLAN function for it.

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] voice vlan 2 enable

# Set GigabitEthernet1/0/1 to work in the manual mode.

[Sysname] interface GigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] undo voice vlan mode auto

# Configure GigabitEthernet1/0/1 as a Hybrid port.

[Sysname-GigabitEthernet1/0/1] port link-type hybrid

# Configure VLAN 2 as the default VLAN of port GigabitEthernet1/0/1, and allow packets of VLAN 2 to pass through the port.

[Sysname-GigabitEthernet1/0/1] port hybrid pvid vlan 2

[Sysname-GigabitEthernet1/0/1] port hybrid vlan 2 untagged

# Enable the voice VLAN function for the port GigabitEthernet1/0/1.

[Sysname-GigabitEthernet1/0/1] voice vlan enable

IV. Displaying and verification

# display the currently supported OUI addresses and the related information.

[Sysname-GigabitEthernet1/0/1] display voice vlan oui

Oui Address     Mask            Description

0001-e300-0000  ffff-ff00-0000  Siemens phone

0003-6b00-0000  ffff-ff00-0000  Cisco phone

0011-2200-0000  ffff-ff00-0000  test

00d0-1e00-0000  ffff-ff00-0000  Pingtel phone

00e0-7500-0000  ffff-ff00-0000  Polycom phone

00e0-bb00-0000  ffff-ff00-0000  3com phone

# Display current voice VLAN state.

[Sysname-GigabitEthernet1/0/1] display voice vlan state

Voice VLAN status: ENABLE

Voice VLAN ID: 2

Voice VLAN security mode: Security

Voice VLAN aging time: 100 minutes

Voice VLAN enabled port and its mode:

PORT                       MODE

--------------------------------

GigabitEthernet1/0/1    MANUAL

 

Chapter 3  GVRP Configuration

3.1  Introduction to GARP

3.1.1  Introduction to GARP

The generic attribute registration protocol (GARP), provides a mechanism that allows participants in a GARP application to distribute, propagate, and register with other participants in a bridged LAN the attributes specific to the GARP application, such as the VLAN or multicast address attribute.

GARP-compliant application entities are called GARP applications. One example is GVRP. When a GARP application entity is present on a port on your device, this port is regarded a GARP application entity.

I. GARP messages and timers

1)         GARP messages

Generally, GARP participants exchange information with each other through the following three types of messages: Join, Leave, and LeaveAll.

l           Join to announce the willingness to register attributes with other participants.

l           Leave to announce the willingness to deregister with other participants. Together with Join messages, Leave messages guarantee attribute reregistration and deregistration.

l           LeaveAll to deregister all attributes. A LeaveAll message is sent upon expiration of a LeaveAll timer which starts upon the startup of a GARP application entity.

Through message exchange, all attribute information that needs registration propagates to all GARP participants throughout a bridged LAN.

2)         GARP timers

GARP sets interval for sending GARP messages by using these four timers:

l           Hold timer –– When a GARP application entity receives the first registration request, it starts a hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This can thus help you save bandwidth.

l           Join timer –– A GARP application entity can send a Join message twice to ensure the message can be transmitted to other entities. The sending interval is set on the join timer.

l           Leave timer –– Starts upon receipt of a Leave message. When this timer expires, the GARP application entity removes attribute information as requested.

l           Leaveall timer –– Starts when a GARP application entity starts. When this timer expires, the entity sends a LeaveAll message so that other entities can re-register its attribute information. Then, a leaveall timer starts again.

 

 

II. Operating mechanism of GARP

The GARP mechanism allows the configuration of a GARP participant to propagate throughout a LAN quickly. In GARP, a GARP participant registers or deregisters its attributes with other participants by making or withdrawing declarations of attributes and at the same time, based on received declarations or withdrawals handles attributes of other participants.

GARP application entities send protocol data units (PDU) with a particular multicast MAC address as destination. Based on this address, a device can identify to which GVRP application, GVRP for example, should a GARP PDU be delivered.

III. GARP message format

The following figure illustrates the GARP message format.

Figure 3-1 GARP message format

The following table describes the GARP message fields.

Table 3-1 Description on the GARP message fields

Field	Description	Value
Protocol ID	Protocol identifier for GARP	1
Message	One or multiple messages, each containing an attribute type and an attribute list	––
Attribute Type	Defined by the concerned GARP application	0x01 for GVRP, indicating the VLAN ID attribute
Attribute List	Consists of one or multiple attributes	––
Attribute	Consists of an Attribute Length, an Attribute Event, and an Attribute Value. If the Attribute Event is LeaveAll, Attribute Value is omitted	––
Attribute Length	Number of octets occupied by an attribute, inclusive of the attribute length field	2 to 255 in bytes
Attribute Event	Event described by the attribute	0: LeaveAll 1: JoinEmpty 2: JoinIn 3: LeaveEmpty 4: LeaveIn 5: Empty
Attribute Value	Attribute value	VLAN ID for GVRP
End Mark	Indicates the end of PDU of GARP	––

 

3.1.2  Introduction to GVRP

GVRP enables a device to propagate local VLAN registration information to other participant devices and dynamically update the VLAN registration information from other devices to its local database. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.

GVRP provides the following three registration types on a port:

l           Normal –– Enables a port to dynamically register and deregister VLANs, and to propagate both dynamic and static VLAN information.

l           Fixed –– Disables the port to dynamically register/deregister VLANs or propagate dynamic VLAN information, but allows the port to propagate static VLAN information. A trunk port with fixed registration type thus allows only manually configured VLANs to pass through even though it is configured to carry all VLANs.

l           Forbidden –– Disables the port to dynamically register/deregister VLANs, and to propagate VLAN information except for VLAN 1. A trunk port with forbidden registration type thus allows only VLAN 1 to pass through even though it is configured to carry all VLANs.

3.1.3  Protocols and Standards

IEEE 802.1Q specifies GVRP.

3.2  Configuring GVRP

When configuring GVRP, you need to configure timers, enable GVRP, and configure GVRP registration mode.

 

 

3.2.1  Configuring GVRP

Table 3-2 Configure GVRP on a trunk port

To do…		Use the command…	Remarks
Enter system view		system-view	––
Enable GVRP globally		gvrp	Required Disabled by default
Enter Ethernet port view or port-group view	Enter Ethernet port view	interface interface-type interface-number	Perform either of the commands. Depending on the view you accessed, the subsequent configuration takes effect on a port or all ports in a port-group.
	Enter port-group view	port-group { manual port-group-name | aggregation agg-id }
Enable GVRP on the port		gvrp	Required Disabled by default
Configure GVRP registration mode on the port		gvrp registration { fixed | forbidden | normal }	Optional The default is normal

 

 

3.2.2  Setting GARP Timer

Table 3-3 Set GARP timer

To do …		Use the command…	Remarks
Enter system view		system-view	—
Set GARP LeaveAll timer		garp timer leaveall timer-value	Optional By default, the LeaveAll timer is set to 1,000 centiseconds.
Enter Ethernet port view or port-group view	Enter Ethernet port view	interface interface-type interface-number	Perform either of the commands. Depending on the view you accessed, the subsequent configuration takes effect on a port or all ports in a port-group.
	Enter port-group view	port-group { manual port-group-name | aggregation agg-id }
Set GARP Hold timer, Join timer and Leave timer		garp timer { hold | join | leave } timer-value	Optional By default, the Hold, Join, and Leave timers are set to 10, 20, and 60 centiseconds respectively.

 

When configuring GARP timers, note that their values are dependent on each other and must be a multiplier of five centiseconds. If the value range for a timer is not desired, you may change it by tuning the value of another timer as shown in the following table:

Table 3-4 Dependencies of GARP timers

Timer	Lower limit	Upper limit
Hold	10 centiseconds	Not greater than half of the join timer setting You can change this value by changing the value of the join timer.
Join	Not less than two times the hold timer setting You can change this value by changing the value of the hold timer.	Less than half of the leave timer setting You can change this value by changing the value of the leave timer.
Leave	Greater than two times the join timer setting You can change this value by changing the value of the join timer.	Less than the leaveall timer setting You can change this value by changing the value of the leaveall timer.
Leaveall	Greater than the leave timer setting You can change this value by changing the value of the leave timer	32,765 centiseconds

 

3.3  Displaying and Maintaining GARP/GVRP

Table 3-5 Display and Maintain GARP/GVRP

To do…	Use the command…	Remarks
Display statistics about GARP	display garp statistics [ interface interface-list ]	Available in any view
Display GARP timers for all or specified ports	display garp timer [ interface interface-list ]
Display statistics about GVRP	display gvrp statistics [ interface interface-list ]
Display the global GVRP state	display gvrp status
Clear the GARP statistics	reset garp statistics [ interface interface-list ]	Available in user view

 

3.4  GVRP Configuration Example

3.4.1  Example 1

I. Network requirements

Configure GVRP on devices and specify the port registration mode as normal to realize dynamic VLAN information registration and update among devices.

II. Network diagram

Figure 3-2 Network diagram for GVRP configuration

III. Configuration procedure

1)         Configure Switch A

# Enable GVRP globally.

<Sysname> system-view

[Sysname] gvrp

# Configure port GigabitEthernet1/0/1 as trunk, allowing all VLANs to pass.

[Sysname] interface GigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type trunk

[Sysname-GigabitEthernet1/0/1] port trunk permit vlan all

# Enable GVRP on GigabitEthernet1/0/1.

[Sysname-GigabitEthernet1/0/1] gvrp

# Display static VLAN2.

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] vlan 2

[Sysname-vlan2]

2)         Configure Switch B

# Enable GVRP globally.

<Sysname> system-view

[Sysname] gvrp

# Configure port GigabitEthernet 1/0/2 as trunk, allowing all VLANs to pass.

[Sysname] interface GigabitEthernet 1/0/2

[Sysname-GigabitEthernet1/0/2] port link-type trunk

[Sysname-GigabitEthernet1/0/2] port trunk permit vlan all

# Enable GVRP on GigabitEthernet 1/0/2.

[Sysname-GigabitEthernet1/0/2] gvrp

# Configure static VLAN3.

[Sysname-GigabitEthernet1/0/2] quit

[Sysname] vlan 3

[Sysname-vlan3]

3)         Display configuration results

# Display dynamic VLAN on Switch A.

[Sysname-vlan2] display vlan dynamic

 Now, the following dynamic VLAN exist(s):

  3

# Display dynamic VLAN on Switch B

[Sysname-vlan3] display vlan dynamic

 Now, the following dynamic VLAN exist(s):

  2

3.4.2  Example 2

I. Network requirements

Enable GVRP on devices and configure the port registration mode as fixed to realize dynamic registration and update of some VLAN information between devices.

II. Network diagram

Figure 3-3 Network diagram for GVRP configuration

III. Configuration procedure

1)         Configure Switch A

# Enable GVRP globally.

<Sysname> system-view

[Sysname] gvrp

# Configure port GigabitEthernet1/0/1 as trunk, allowing all VLANs to pass.

[Sysname] interface GigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type trunk

[Sysname-GigabitEthernet1/0/1] port trunk permit vlan all

# Enable GVRP on GigabitEthernet1/0/1

[Sysname-GigabitEthernet1/0/1] gvrp

# Configure the GVRP registration mode as fixed.

[Sysname-GigabitEthernet1/0/1] gvrp registration fixed

# Create static VLAN 2.

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] vlan 2

[Sysname-vlan2]

2)         Configure Switch B

# Enable GVRP globally.

<Sysname> system-view

[Sysname] gvrp

# Configure port GigabitEthernet1/0/2 as trunk, allowing all VLANs to pass.

[Sysname] interface GigabitEthernet 1/0/2

[Sysname-GigabitEthernet1/0/2] port link-type trunk

[Sysname-GigabitEthernet1/0/2] port trunk permit vlan all

# Enable GVRP on GigabitEthernet1/0/2

[Sysname-GigabitEthernet1/0/2] gvrp

# Create static VLAN 3.

[Sysname-GigabitEthernet1/0/2] quit

[Sysname] vlan 3

[Sysname-vlan3]

3)         Display the configuration

# Display the dynamic VLAN information on Switch A

[Sysname-vlan2] display vlan dynamic

 No dynamic vlans exist!

# Display the dynamic VLAN information on Switch B.

[Sysname-vlan3] display vlan dynamic

 Now, the following dynamic VLAN exist(s):

  2

3.4.3  Example 3

I. Network requirements

Enable GVRP on devices and configure the port registration mode as forbidden to forbid dynamic registration and update of VLAN information between devices.

II. Network diagram

Figure 3-4 Network diagram for GVRP configuration

III. Configuration procedure

1)         Configure Switch A

# Enable GVRP globally.

<Sysname > system-view

[Sysname] gvrp

# Configure GigabitEthernet1/0/1 as a trunk port, allowing all VLANs to pass.

[Sysname] interface GigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port link-type trunk

[Sysname-GigabitEthernet1/0/1] port trunk permit vlan all

# Enable GVRP on the trunk port.

[Sysname-GigabitEthernet1/0/1] gvrp

# Configure the GVRP registration mode as forbidden.

[Sysname-GigabitEthernet1/0/1] gvrp registration forbidden

# Create static VLAN 2.

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] vlan 2

[Sysname-vlan2]

2)         Configure Switch B

# Enable GVRP globally.

<Sysname > system-view

[Sysname] gvrp

# Configure GigabitEthernet1/0/2 as a trunk port, allowing all VLANs to pass.

[Sysname] interface GigabitEthernet 1/0/2

[Sysname-GigabitEthernet1/0/2] port link-type trunk

[Sysname-GigabitEthernet1/0/2] port trunk permit vlan all

# Enable GVRP on the trunk port.

[Sysname-GigabitEthernet1/0/2] gvrp

# Create static VLAN 3.

[Sysname-GigabitEthernet1/0/2] quit

[Sysname] vlan 3

[Sysname-vlan3]

3)         Display the configuration

# Display dynamic VLAN information on Switch A

[Sysname-vlan2] display vlan dynamic

 No dynamic vlans exist!

# Display dynamic VLAN information on Switch B.

[Sysname-vlan3] display vlan dynamic

 No dynamic vlans exist!