Table of Contents

Chapter 1 VLAN Configuration. 1-1

1.1 Introduction to VLAN. 1-1

1.1.1 VLAN Overview. 1-1

1.1.2 VLAN Classification. 1-2

1.2 Configuring Basic VLAN Attributes. 1-2

1.3 Configuring VLAN Interface Basic Attributes. 1-2

1.4 Configuring the Port-Based VLAN. 1-3

1.4.1 Introduction to the Port-Based VLAN. 1-3

1.4.2 Configuring the Access-Port-Based VLAN. 1-5

1.4.3 Configuring the Trunk-Port-Based VLAN. 1-6

1.4.4 Configuring the Hybrid-Port-Based VLAN. 1-7

1.5 Configuring the Protocol-Based VLAN. 1-8

1.5.1 Introduction to the Protocol-Based VLAN. 1-8

1.5.2 Configuring the Protocol-Based VLAN. 1-9

1.6 Configuring the IP-Subnet-Based VLAN. 1-10

1.6.1 Introduction. 1-10

1.6.2 Configuring the IP-Subnet-Based VLANs. 1-11

1.7 Displaying and Maintaining VLAN. 1-12

1.8 A Typical VLAN Configuration Example. 1-12

Chapter 2 Voice VLAN Configuration. 2-1

2.1 Introduction to Voice VLAN. 2-1

2.1.1 Voice VLAN Mode on a Port 2-1

2.1.2 Security Mode and Normal Mode of Voice VLAN. 2-4

2.2 Configuring the Voice VLAN. 2-4

2.2.1 Configuration Prerequisites. 2-4

2.2.2 Setting Voice VLAN Mode on a Port to Automatic Mode. 2-4

2.2.3 Setting Voice VLAN Mode on a Port to Manual Mode. 2-5

2.3 Displaying and Maintaining Voice VLAN. 2-7

2.4 Typical Voice VLAN Configuration Examples. 2-7

2.4.1 Configuring Automatic Voice VLAN Mode. 2-7

2.4.2 Configuring Manual Voice VLAN Mode. 2-9

Chapter 3 GVRP Configuration. 3-1

3.1 GVRP Overview. 3-1

3.1.1 Introduction to GARP. 3-1

3.1.2 Introduction to GVRP. 3-3

3.1.3 Protocols and Standards. 3-4

3.2 Configuring GVRP. 3-4

3.2.1 Configuring GVRP Functions. 3-4

3.2.2 Configuring GARP Timers. 3-5

3.3 Displaying and Maintaining GVRP. 3-6

3.4 GVRP Configuration Example. 3-6

3.4.1 Example 1. 3-6

3.4.2 Example 2. 3-8

3.4.3 Example 3. 3-9

 

Chapter 1  VLAN Configuration

1.1  Introduction to VLAN

1.1.1  VLAN Overview

Virtual Local Area Network (VLAN for short) technology was developed mainly to solve the broadcast problems in LANs. It divides a LAN into multiple logical LANs with each being a broadcast domain. Hosts in the same VLAN can communicate with each other like in a LAN. However, hosts from different VLANs cannot communicate directly. In this way, broadcast packets are confined to a single VLAN, as illustrated in the following figure.

Figure 1-1 A VLAN diagram

A VLAN is not restricted by physical factors, that is to say, hosts that reside in different network segments may belong to the same VLAN, a VLAN can be within the same switch, or span across multiple switches or routers.

VLAN technology has the following advantages:

1)         Broadcast traffic is confined to each VLAN, reducing bandwidth utilization and improving network performance.

2)         LAN security is improved. Packets in different VLANs cannot communicate with each other directly. That is, users in a VLAN cannot interact directly with users in other VLANs, unless routers or Layer 3 switches are used.

3)         A more flexible way to establish virtual working groups. With VLAN technology, clients can be allocated to different working groups, and users from the same group do not have to be within the same physical area, making network construction and maintenance much easier and more flexible.

1.1.2  VLAN Classification

Depending on how VLANs are established, VLANs fall into the following six categories.

l           Port-based

l           MAC address-based

l           Protocol-based

l           IP-subnet-based

l           Policy-based

l           Other types

This chapter will focus on the port-based VLANs, protocol-based VLANs, and IP-subnet-based VLANs.

1.2  Configuring Basic VLAN Attributes

Follow the following steps to configure basic VLAN attributes:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Create VLANs	vlan { vlan-id1 [ to vlan-id2 ] | all }	Optional Using this command can create multiple VLANs.
Enter VLAN view	vlan vlan-id	Required The VLAN must be created first before entering its view; otherwise, using the command creates a VLAN and enters its view
Specify a descriptive character string for the VLAN	description text	Optional VLAN ID used by default, for example, “VLAN 0001”

 

1.3  Configuring VLAN Interface Basic Attributes

A VLAN interface is a virtual Layer 3 interface for Layer 3 communications between different VLANs.

Follow the following steps to configure VLAN interface basic attributes:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Create VLAN interface and enter its view	interface Vlan-interface vlan-interface-id	Required The VLAN interface must be created first before entering its view
Configure an IP address for the VLAN interface	ip address ip-address { mask | mask-length } [ sub ]	Optional Not configured by default
Specify the descriptive character string for the VLAN interface	description text	Optional VLAN interface name used by default, for example, “Vlan-interface1 Interface”
Bring up the VLAN interface	undo shutdown	Optional By default, the VLAN interface is down if all ports in the VLAN are down, as long as one port in the VLAN is up, the VLAN interface is up

 

 

1.4  Configuring the Port-Based VLAN

1.4.1  Introduction to the Port-Based VLAN

This is the simplest and yet the most effective way of classifying VLANs. It groups VLAN members by port. After added to a VLAN, a port can forward the packets of the VLAN.

I. Port link type

Based on the tag handling mode, a port’s link type can be one of the following three:

l           Access port: An access port belongs to only one VLAN and strips off the VLAN tags when sending packets of this VLAN,  normally used to connect computers;

l           Trunk port: A trunk port can belong to multiple VLANs and receive and send packets for multiple VLANs, normally used to connect devices;

l           Hybrid port: A hybrid port can belong to multiple VLANs and receive and send packets for multiple VLANs, used to connect either computers or devices.

The differences between Hybrid and Trunk port:

l           A Hybrid port allows packets of multiple VLANs to be sent without the Tag label;

l           A Trunk port only allows packets from the default VLAN to be sent without the Tag label.

II. Default VLAN

You can configure the default VLAN for a port. By default, VLAN 1 is the default VLAN for all ports. However, this can be changed as needed.

l           An Access port only belongs to one VLAN. Therefore, its default VLAN is the VLAN it resides in and cannot be configured.

l           You can configure the default VLAN for the Trunk port or the Hybrid port as they can both belong to multiple VLANs.

l           After deletion of the default VLAN using the undo vlan command, the default VLAN for an Access port will revert to VLAN 1, whereas that for the Trunk or Hybrid port remains.

 

 

Configured with the default VLAN, a port handles packets in the following ways:

Port type	Inbound packets handling		Outbound packets handling
	No tag available	Tag available
Access Port	Tag the packet with the default VLAN ID	l      Receive the packet if its VLAN ID is the same as the default VLAN ID l      Discard the packet if its VLAN ID is different from the default VLAN ID	Strip the Tag and send the packet as the VLAN ID is the same with the default VLAN ID
Trunk port		l      Receive the packet if the VLAN ID is the same as the default VLAN ID l      Receive the packet if the VLAN ID is not the same as the default VLAN ID but is allowed to pass through the port l      Discard the packet if the VLAN ID is neither the same as the default VLAN ID nor allowed to pass through the port	l      Strip the Tag and send the packet if the VLAN ID is the same as the default VLAN ID l      Keep the tag and send the packet if the VLAN ID is not the same as the default VLAN ID but allowed to pass through the port
Hybrid port			Send the packets if the VLAN ID is allowed to pass through the port. Use the port hybrid vlan command to configure whether the port tags packets when sending packets in this VLAN (including default VLAN).

 

1.4.2  Configuring the Access-Port-Based VLAN

There are two ways to add an Access port to a specified VLAN: one way is to configure under the VLAN view, the other way is to configure under the Ethernet port view/port group view.

Follow the following steps to configure the Access-port-based VLAN in VLAN view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter VLAN view	vlan vlan-id	Required For a nonexistent VLAN, this command will create a VLAN and enter its view
Add an Access port to the current VLAN	port interface-list	Required By default, system will add all ports to VLAN 1

 

Follow the following steps to configure the Access-port-based VLAN in Ethernet port view/port group view:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enter Ethernet port view or port group view	Enter Ethernet port view	interface interface-type interface-number	Use either command Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group
	Enter port group view	port-group { manual port-group-name | aggregation agg-id }
Configure the port link type as Access		port link-type access	Optional The link type of a port is Access by default
Add the current Access port to a specified VLAN		port access vlan vlan-id	Optional By default, all Access ports belong to VLAN 1

 

 

1.4.3  Configuring the Trunk-Port-Based VLAN

A Trunk port may belong to multiple VLANs, and you can only perform this configuration in Ethernet port view or port group view.

Follow the following steps to configure the Trunk-port-based VLAN:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enter Ethernet port view or port group view	Enter Ethernet port view	interface interface-type interface-number	Use either command Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group
	Enter port group view	port-group { manual port-group-name | aggregation agg-id }
Configure the port link type as Trunk		port link-type trunk	Required The link type of a port is Access by default
Allow a specified VLAN to pass through the current Trunk port		port trunk permit vlan { vlan-id-list | all }	Required By default, all Trunk ports belong to VLAN 1 only
Configure the default VLAN for the Trunk port		port trunk pvid vlan vlan-id	Optional VLAN 1 is the default by default

 

 

1.4.4  Configuring the Hybrid-Port-Based VLAN

A Hybrid port may belong to multiple VLANs, and this configuration can only be performed in Ethernet port view or port group view.

Follow the following steps to configure the Hybrid-port-based VLAN:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enter Ethernet port view or port group view	Enter Ethernet port view	interface interface-type interface-number	Use either command; Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group
	Enter port group view	port-group { manual port-group-name | aggregation agg-id }
Configure the port link type as Hybrid		port link-type hybrid	Required The link type of a port is Access by default
Allow a specified VLAN to pass through the current Hybrid port		port hybrid vlan vlan-id-list { tagged | untagged }	Required By default, all Hybrid ports belong to VLAN 1
Configure the default VLAN of the Hybrid port		port hybrid pvid vlan vlan-id	Optional VLAN 1 is the default by default

 

 

1.5  Configuring the Protocol-Based VLAN

1.5.1  Introduction to the Protocol-Based VLAN

In this approach, inbound packets are assigned with different VLAN IDs based on their protocol type and encapsulation format. The protocols that can be used to categorize VLANs include: IP, IPX, and AppleTalk (AT). The encapsulation formats include: Ethernet II, 802.3, 802.3/802.2 LLC, and 802.3/802.2 SNAP.

A protocol-based VLAN can be defined by a protocol template, which is determined by the encapsulation format and protocol type. A device will first identify the protocol template of an untagged packet after receiving it from a port, the VLAN it belongs to, and then forward it in the corresponding VLAN.

This feature is mainly used to bind the service type with VLAN for ease of management and maintenance.

1.5.2  Configuring the Protocol-Based VLAN

 

 

Follow the following steps to configure the protocol-based VLAN:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enter VLAN view		vlan vlan-id	Required For a nonexistent VLAN, this command will create a VLAN and enter its view
Configure VLAN protocol type		protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode { ethernetii etype etype-id | llc { dsap dsap-id [ ssap ssap-id ] | ssap ssap-id } | snap etype etype-id } }	Required By default, no protocol type is configured for a VLAN.
Exit the VLAN view		quit	Required
Enter Ethernet port view or port group view	Enter Ethernet port view	interface interface-type interface-number	Use either command Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group
	Enter port group view	port-group { manual port-group-name | aggregation agg-id }
Configure the port link type as Hybrid		port link-type hybrid	Required The link type of all ports is Access by default
Allow a protocol-based VLAN to pass through the current Hybrid port		port hybrid vlan vlan-id-list { tagged | untagged }	Required By default, all ports belong to VLAN 1
Configure the association between the Hybrid port and the protocol-based VLAN		port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }	Required By default, no association is created between a Hybrid port and the protocol-based VLAN.

 

 

1.6  Configuring the IP-Subnet-Based VLAN

1.6.1  Introduction

In this approach, VLANs are categorized based on the source IP address and the subnet mask of packet. After receiving an untagged packet from a port, the device finds its association with the current VLAN based on the source address contained in the packet, it will then forward the packet in the corresponding VLAN. This allows packets from a certain network segment or with certain IP addresses to be forwarded in a VLAN.

1.6.2  Configuring the IP-Subnet-Based VLANs

 

 

Follow the following steps to configure the IP-subnet-based VLAN:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enter VLAN view		vlan vlan-id	Required For a nonexistent VLAN, this command will create a VLAN and enter view
Configure the association between an IP subnet with the current VLAN		ip-subnet-vlan [ ip-subnet-index ] ip ip-address [ mask ]	Required The configured IP network segment or IP address cannot be a multicast network segment or a multicast address
Exit the VLAN view		quit	Required
Enter Ethernet port view or port group view	Enter Ethernet port view	interface interface-type interface-number	Use either command; Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group
	Enter port group view	port-group { manual port-group-name | aggregation agg-id }
Configure port link type as Hybrid		port link-type hybrid	Required The link type of all ports is Access by default
Allow an IP-subnet-based VLAN to pass through the current Hybrid port		port hybrid vlan vlan-id-list { tagged | untagged }	Required By default, all ports belong to VLAN 1
Configure the association between the Hybrid port and the IP-subnet-based VLAN		port hybrid ip-subnet-vlan vlan vlan-id	Required By default, no Hybrid port is associated with the IP-subnet-based VLAN.

 

1.7  Displaying and Maintaining VLAN

To do...	Use the command…	Remarks
Display VLAN information	display vlan [ vlan-id1 [ to vlan-id2 ] | all | static | dynamic | reserved ]	Available in user view
Display VLAN interface information	display interface Vlan-interface [ vlan-interface-id ]
Display the protocol information and protocol indexes of specified VLANs	display protocol-vlan vlan { vlan-id [ to vlan-id ] | all }
Display the protocol information and protocol indexes of specified ports	display protocol-vlan interface { interface-type interface-number [ to interface-type interface-number ] | all }
Display the IP-subnet-based VLAN information and IP subnet indexes of specified VLANs	display ip-subnet-vlan vlan { vlan-id [ to vlan-id ] | all }
Display the IP-subnet-based VLAN information and IP subnet index of specified ports	display ip-subnet-vlan interface { interface-type interface-number  [ to { interface-type interface-number } ] | all }

 

1.8  A Typical VLAN Configuration Example

I. Network requirements

l           Device A connects to Device B through the Trunk port Ethernet 1/0/1;

l           The default VLAN ID of the port is 100;

l           This port allows packets from VLAN 2, VLAN 6 to VLAN 50, and VLAN 100 to pass through.

II. Network diagram

Figure 1-2 Network diagram for configuring VLANs allowed on ports

III. Configuration procedure

1)         Configure Device A

# Create VLAN 2, VLAN 6 to VLAN 50, and VLAN 100.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] vlan 100

[Sysname-vlan100] quit

[Sysname] vlan 6 to 50

Please wait... Done. 

# Enter the Ethernet port view of Ethernet 1/0/1.

[Sysname] interface Ethernet 1/0/1

# Configure Ethernet 1/0/1 as a Trunk port and configure its default VLAN ID as 100.

[Sysname-Ethernet1/0/1] port link-type trunk

[Sysname-Ethernet1/0/1] port trunk pvid vlan 100

# Configure packets from VLAN 2, VLAN 6 to VLAN 50, and VLAN 100 to pass through Ethernet 1/0.

[Sysname-Ethernet1/0/1] port trunk permit vlan 2 6 to 50 100

 Please wait... Done.

2)         Configure Device B following similar steps as that of Device A.

 

Chapter 2  Voice VLAN Configuration

2.1  Introduction to Voice VLAN

Voice VLANs are configured specially for voice traffic. By adding the ports that connect voice devices to voice VLANs, you can configure quality of service (QoS for short) attributes for the voice traffic, increasing transmission priority and ensuring voice quality. A device determines whether a received packet is a voice packet by checking its source MAC address. Packets containing source MAC addresses that comply with the voice device Organizationally Unique Identifier (OUI for short) addresses are regarded as voice traffic, and are forwarded in the voice VLANs.

You can configure the OUI addresses in advance or use the default OUI addresses, which are listed as follows:

Number	OUI address	Vendors
1	0001-e300-0000	Siemens phone
2	0003-6b00-0000	Cisco phone
3	00d0-1e00-0000	Pingtel phone
4	00e0-7500-0000	Polycom phone
5	00e0-bb00-0000	3com phone

 

 

2.1.1  Voice VLAN Mode on a Port

There are two voice VLAN modes on a port:  automatic and manual.

l           In automatic voice VLAN mode, the system identifies the source MAC address contained in the untagged packet sent when the IP phone is powered on and matches it against the OUI addresses. If a match is found, the system will automatically add the port into the Voice VLAN and apply ACL rules to ensure the packet precedence. An aging time can be configured for the voice VLAN. The system will remove a port from the voice VLAN if no voice packet is received from it after the aging time. The adding and deleting of ports are automatically realized by the system.

l           In manual voice VLAN mode, administrators add the IP phone access port to the voice VLAN. It then identifies the source MAC address contained in the packet, matches it against the OUI addresses, and decides whether to forward the packet in the voice VLAN. The administrators apply ACL rules while adding or deleting a port from the voice VLAN. In this mode, the adding or deleting of ports is realized by the administrators.

l           Both modes forward tagged packets based on the VLAN IDs contained in the packets.

The above two modes are configured in Ethernet port view. Different voice VLAN modes can be configured on different ports, independent of one another.

The following table lists the co-relation between the voice VLAN mode, the voice traffic type of an IP phone, and the type of an Ethernet port.

Mode	Voice traffic type	Port link type
Automatic mode	Tagged voice traffic	Access: not supported
		Trunk: supported provided that the default VLAN of the access port exists and is not a voice VLAN and that the access port belongs to the voice VLAN
		Hybrid: supported provided that the default VLAN of the access port exists and is in the list of tagged VLANs whose packets can pass through the access port
	Untagged voice traffic	Access, Trunk, Hybrid: not supported
Manual mode	Tagged voice traffic	Access: not supported
		Trunk: supported provided that the default VLAN of the access port exists and is not a voice VLAN and that the access port belongs to the default VLAN
		Hybrid: supported provided that the default VLAN of the access port exists and is from the list of tagged VLANs whose packets can pass through the access port
	Untagged voice traffic	Access: supported provided that the default VLAN of the access port is a voice VLAN
		Trunk: supported provided that the default VLAN of the access port is a voice VLAN and that the access port allows packets from the voice VLAN to pass through
		Hybrid port: supported provided that the default VLAN of the access port is a voice VLAN and that the voice VLAN is in the list of untagged VLANs whose packets are allowed to pass through the access port

 

 

 

2.1.2  Security Mode and Normal Mode of Voice VLAN

Ports that have the voice VLAN feature enabled can be divided into two modes based on their filtering mechanisms applied to inbound packets.

l           Security mode: only voice packets with source OUI MAC addresses can pass through the port (with the voice VLAN feature enabled), other non-voice packets will be discarded, including authentication packets, such as 802.1x authentication packet.

l           Normal mode: both voice packets and non-voice packets are allowed to pass through a port (with the voice VLAN feature enabled), the former will abide by the voice VLAN filtering mechanism whereas the latter normal VLAN filtering mechanism.

It is recommended that you do not mix voice packets with other types of data in a voice VLAN. If necessary, please ensure that the security mode is disabled.

2.2  Configuring the Voice VLAN

2.2.1  Configuration Prerequisites

l           Create the corresponding VLAN before configuring the voice VLAN;

l           As a default VLAN, VLAN 1 does not need to be created. However, it cannot be enabled with the voice VLAN feature.

2.2.2  Setting Voice VLAN Mode on a Port to Automatic Mode

Follow the following steps to set the voice VLAN mode on a port to automatic:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Configure the aging time of the voice VLAN	voice vlan aging minutes	Optional Only applicable to ports in automatic mode and defaults to 1,440 minutes
Enable the security mode of the voice VLAN	voice vlan security enable	Optional Enabled by default
Configure the OUI address for the voice VLAN	voice vlan mac-address oui mask oui-mask [ description text ]	Optional By default, each voice VLAN has 5 default OUI addresses
Enable the global voice VLAN feature	voice vlan vlan-id enable	Required
Enter Ethernet port view	interface { interface-type interface-number | interface-name }	—
Set the voice VLAN mode on the port to automatic	voice vlan mode auto	Optional Enabled by default
Enable the voice VLAN feature on the port	voice vlan enable	Required Disabled by default

 

 

2.2.3  Setting Voice VLAN Mode on a Port to Manual Mode

Follow the following steps to set the voice VLAN mode on a port to manual mode:

To do...		Use the command...	Remarks
Enter system view		system-view	—
Enable the security mode of voice VLAN		voice vlan security enable	Optional Enabled by default
Configure the OUI address of voice VLAN		voice vlan mac-address oui mask oui-mask [ description text ]	Optional By default, a voice VLAN has 5 default OUI addresses
Enable the global voice VLAN feature		voice vlan vlan-id enable	Required
Enter Ethernet port view		interface { interface-type interface-number | interface-name }	—
Set the voice VLAN mode on the port to manual		undo voice vlan mode auto	Required Disabled by default
Return to system view		quit	—
Add a manual mode port to the voice VLAN	Access port	Refer to 1.4.2  “Configuring the Access-Port-Based VLAN”	One of the three options is required. If you add an Access port to the voice VLAN, the voice VLAN automatically becomes the default VLAN of the port.
	Trunk port	Refer to 1.4.3  “Configuring the Trunk-Port-Based VLAN”
	Hybrid port	Refer to 1.4.4  “Configuring the Hybrid-Port-Based VLAN”
Configure the voice VLAN as the default VLAN of a port	Trunk port	Refer to 1.4.3  “Configuring the Trunk-Port-Based VLAN”	Optional When the incoming voice stream is untagged, this configuration is required; when the incoming voice stream is tagged, this configuration is prohibited.
	Hybrid port	Refer to 1.4.4  “Configuring the Hybrid-Port-Based VLAN”
Enable the voice VLAN feature on the port		voice vlan enable	Required Disabled by default

 

 

2.3  Displaying and Maintaining Voice VLAN

To do...	Use the command...	Remarks
Display the voice VLAN state	display voice vlan state	Available in any view
Display the OUI addresses currently supported by system	display voice vlan oui

 

2.4  Typical Voice VLAN Configuration Examples

2.4.1  Configuring Automatic Voice VLAN Mode

I. Network requirement

l           Create VLAN 2 and configure it as a voice VLAN with an aging time of 100 minutes.

l           Configure Ethernet 1/0/1 as a Trunk port. Its default VLAN is VLAN 6.

l           The device allows voice packets from Ethernet 1/0/1 with an OUI address of 0011-2200-0000, a mask of ffff-ff00-0000, and a descriptive string of “test” to be forwarded through the voice VLAN.

II. Network diagram

Figure 2-1 Network diagram for automatic voice VLAN mode configuration

III. Configuration procedure

 # Create VLAN 2 and VLAN 6.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] vlan 6

[Sysname-vlan6] quit

# Configure the voice VLAN aging time.

[Sysname] voice vlan aging 100

# Configure the OUI address 0011-2200-0000 as the legal address of the voice VLAN.

[Sysname] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test

# Enable the global voice VLAN feature.

[Sysname] voice vlan 2 enable

# Set the voice VLAN mode on Ethernet 1/0/1 to automatic. (Optional, by default, the voice VLAN mode on a port is automatic.)

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] voice vlan mode auto

# Configure Ethernet 1/0/1 as a Trunk port.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] port link-type trunk

# Configure the default VLAN of the port to be VLAN 6 and allow packets from VLAN 6 to pass through the port.

[Sysname-Ethernet1/0/1] port trunk permit vlan 6

[Sysname-Ethernet1/0/1] port trunk pvid vlan 6

# Enable the voice VLAN feature of the port.

[Sysname-Ethernet1/0/1] voice vlan enable

2.4.2  Configuring Manual Voice VLAN Mode

I. Network requirement

l           Create VLAN 2 and configure it as a voice VLAN.

l           IP phone type is untagged with the Hybrid port Ethernet 1/0/1 being the access port.

l           Ethernet 1/0/1 works in manual mode. It only allows voice packets with an OUI address of 0011-2200-0000, a mask of ffff-ff00-0000, and a descriptive string of “test” to be forwarded.

II. Network diagram

Figure 2-2 Network diagram for manual voice VLAN mode configuration

III. Configuration procedure

# Configure the voice VLAN to work in security mode and only allows legal voice packets to pass through the voice VLAN enabled port. (Optional, enabled by default)

<Sysname> system-view

[Sysname] voice vlan security enable

# Configure the OUI address 0011-2200-0000 as the legal voice VLAN address.

[Sysname] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test

# Create VLAN 2. Enable voice VLAN feature for it.

[Sysname] vlan 2

[Sysname-vlan2] quit

[Sysname] voice vlan 2 enable

# Configure Ethernet 1/0/1 to work in manual mode.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] undo voice vlan mode auto

# Configure Ethernet 1/0/1 as a Hybrid port.

[Sysname-Ethernet1/0/1] port link-type hybrid

# Configure VLAN 2 as the default VLAN of the port and allow packets from VLAN 2 to pass through the port.

[Sysname-Ethernet1/0/1] port hybrid pvid vlan 2

[Sysname-Ethernet1/0/1] port hybrid vlan 2 untagged

# Enable the voice VLAN feature of Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] voice vlan enable

IV. Verification

# Display information about the OUI addresses, OUI address masks, and descriptive strings.

[Sysname-Ethernet1/0/1] return

<Sysname> display voice vlan oui

Oui Address     Mask            Description

0001-e300-0000  ffff-ff00-0000  Siemens phone

0003-6b00-0000  ffff-ff00-0000  Cisco phone

0011-2200-0000  ffff-ff00-0000  test

00d0-1e00-0000  ffff-ff00-0000  Pingtel phone

00e0-7500-0000  ffff-ff00-0000  Polycom phone

00e0-bb00-0000  ffff-ff00-0000  3com phone

# Display the current voice VLAN state.

<Sysname> display voice vlan state

Voice VLAN status: ENABLE

Voice VLAN ID: 2

Voice VLAN configuration mode: MANUAL

Voice VLAN security mode: Security

Voice VLAN aging time: 100 minutes

Voice VLAN enabled port and its mode:

PORT               MODE

--------------------------------

Ethernet1/0/1    MANUAL

 

Chapter 3  GVRP Configuration

3.1  GVRP Overview

3.1.1  Introduction to GARP

The generic attribute registration protocol (GARP), provides a mechanism that allows participants in a GARP application to distribute, propagate, and register with other participants in a bridged LAN the attributes specific to the GARP application, such as the VLAN or multicast address attribute.

GARP-compliant application entities are called GARP applications. One example is GVRP. When a GARP application entity is present on a port on your device, this port is regarded a GARP application entity.

I. GARP messages and timers

1)         GARP messages

GARP participants, which can be end stations or bridges, exchange attributes primarily by sending the following three types of messages:

l           Join to announce the willingness to register attributes with other participants.

l           Leave to announce the willingness to deregister with other participants. Together with Join messages, Leave messages guarantee attribute reregistration and deregistration.

l           LeaveAll to deregister all attributes. A LeaveAll message is sent upon expiration of a LeaveAll timer which starts upon the startup of a GARP application entity.

Through message exchange, all attribute information that needs registration propagates to all GARP participants throughout a bridged LAN.

2)         GARP timers

GARP sets interval for sending GARP messages by using these four timers:

l           Hold timer –– When a GARP application entity receives the first registration request, it starts a hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This can thus help you save bandwidth.

l           Join timer –– Each GARP application entity sends a Join message twice for reliability sake and uses a join timer to set the sending interval.

l           Leave timer –– Starts upon receipt of a Leave message. When this timer expires, the GARP application entity removes attribute information as requested.

l           Leaveall timer –– Starts when a GARP application entity starts. When this timer expires, the entity sends a LeaveAll message so that other entities can re-register its attribute information. Then, a leaveall timer starts again.

 

 

II. Operating mechanism of GARP

The GARP mechanism allows the configuration of a GARP participant to propagate throughout a LAN quickly. In GARP, a GARP participant registers or deregisters its attributes with other participants by making or withdrawing declarations of attributes and at the same time, based on received declarations or withdrawals handles attributes of other participants.

GARP application entities send protocol data units (PDU) with a particular multicast MAC address as destination. Based on this address, a device can identify to which GVRP application, GVRP for example, should a GARP PDU be delivered.

III. GARP message format

The following figure illustrates the GARP message format.

Figure 3-1 GARP message format

The following table describes the GARP message fields.

Table 3-1 Description on the GARP message fields:

Field	Description	Value
Protocol ID	Protocol identifier for GARP	1
Message	One or multiple messages, each containing an attribute type and an attribute list	––
Attribute Type	Defined by the concerned GARP application	0x01 for GVRP, indicating the VLAN ID attribute
Attribute List	Consists of one or multiple attributes	––
Attribute	Consists of an Attribute Length, an Attribute Event, and an Attribute Value. If the Attribute Event is LeaveAll, Attribute Value is omitted	––
Attribute Length	Number of octets occupied by an attribute, inclusive of the attribute length field	2 to 255 in bytes
Attribute Event	Event described by the attribute	0: LeaveAll 1: JoinEmpty 2: JoinIn 3: LeaveEmpty 4: LeaveIn 5: Empty
Attribute Value	Attribute value	VLAN ID for GVRP
End Mark	Indicates the end of PDU	––

 

3.1.2  Introduction to GVRP

GVRP enables a device to propagate local VLAN registration information to other participant devices and dynamically update the VLAN registration information from other devices to its local database. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.

GVRP provides the following three registration types on a port:

l           Normal –– Enables a port to dynamically register and deregister VLANs, and to propagate both dynamic and static VLAN information.

l           Fixed –– Disables the port to dynamically register VLANs or propagate dynamic VLAN information, but allows the port to propagate static VLAN information. A trunk port with fixed registration type thus allows only manually configured VLANs to pass through even though it is configured to carry all VLANs.

l           Forbidden –– Disables the port to dynamically register VLANs, and to propagate VLAN information except for VLAN 1. A trunk port with forbidden registration type thus allows only VLAN 1 to pass through even though it is configured to carry all VLANs.

3.1.3  Protocols and Standards

IEEE 802.1Q specifies GVRP.

3.2  Configuring GVRP

GVRP configuration covers GVRP functions and GARP timers.

 

 

3.2.1  Configuring GVRP Functions

Follow these steps to configure GVRP functions on a trunk port:

To do…		Use the command…	Remarks
Enter system view		system-view	––
Enable global GVRP		gvrp	Required Disabled by default.
Enter Ethernet interface view or port-group view	Enter Ethernet interface view	interface interface-type interface-number	Required Perform either of the commands. Depending on the view you accessed, the subsequent configuration takes effect on a port or all ports in a port-group.
	Enter port-group view	port-group { manual port-group-name | aggregation agg-id }
Enable GVRP on the port		gvrp	Required Disabled by default.
Configure the GVRP registration mode on the port		gvrp registration { fixed | forbidden | normal }	Optional The default is normal.

 

 

3.2.2  Configuring GARP Timers

Follow these steps to configure GARP timers:

To do…		Use the command…	Remarks
Enter system view		system-view	––
Configure the GARP leaveall timer		garp timer leaveall timer-value	Optional The default is 1000 centiseconds.
Enter Ethernet interface view or port-group view	Enter Ethernet interface view	interface interface-type interface-number	Required Perform either of the commands. Depending on the view you accessed, the subsequent configuration takes effect on a port or all ports in a port-group.
	Enter port-group view	port-group { manual port-group-name | aggregation agg-id }
Configure the hold timer, join timer, and leave timer		garp timer { hold | join | leave } timer-value	Optional The default is 10 centiseconds for the hold timer, 20 centiseconds for the join timer, and 60 centiseconds for the leave timer.

 

When configuring GARP timers, note that their values are dependent on one another and must be a multiplier of five centiseconds. If the value range for a timer is not desired, you may change it by tuning the value of another related timer as shown in the following table:

Table 3-2 Dependencies of GARP timers

Timer	Lower limit	Upper limit
Hold	10 centiseconds	Not greater than half of the join timer setting
Join	Not less than two times the hold timer setting	Less than half of the leave timer setting
Leave	Greater than two times the join timer setting	Less than the leaveall timer setting
LeaveAll	Greater than the leave timer setting	32765 centiseconds

 

3.3  Displaying and Maintaining GVRP

To do…	Use the command…	Remarks
Display statistics about GARP	display garp statistics [ interface interface-list ]	Available in any view
Display GARP timers for all or specified ports	display garp timer [ interface interface-list ]
Display statistics about GVRP	display gvrp statistics [ interface interface-list ]
Display the global GVRP state	display gvrp status
Clear the GARP statistics	reset garp statistics [ interface interface-list ]	Available in user view

 

3.4  GVRP Configuration Example

3.4.1  Example 1

I. Network requirements

Configure GVRP for dynamic VLAN information registration and update among devices.

II. Network diagram

Figure 3-2 Network diagram for GVRP configuration

III. Configuration procedure

l           Configure Switch A

# Enable GVRP globally.

<Sysname> system-view

[Sysname] gvrp

# Configure port Ethernet 1/0/1 as trunk, allowing all VLANs to pass.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] port link-type trunk

[Sysname-Ethernet1/0/1] port trunk permit vlan all

# Enable GVRP on Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] gvrp

# Create VLAN 2.

[Sysname-Ethernet1/0/1] quit

[Sysname] vlan 2

[Sysname-vlan2]

l           Configure Switch B

# Enable GVRP globally.

<Sysname> system-view

[Sysname] gvrp

# Configure port Ethernet 1/0/2 as trunk, allowing all VLANs to pass.

[Sysname] interface Ethernet 1/0/2

[Sysname-Ethernet1/0/2] port link-type trunk

[Sysname-Ethernet1/0/2] port trunk permit vlan all

# Enable GVRP on Ethernet 1/0/2.

[Sysname-Ethernet1/0/2] gvrp

# Create VLAN 3.

[Sysname-Ethernet1/0/2] quit

[Sysname] vlan 3

[Sysname-vlan3]

l           Verify the configuration.

# Display the dynamic VLAN information on Switch A

[Sysname-vlan2] display vlan dynamic

 Now, the following dynamic VLAN exist(s):

  3

# Display the dynamic VLAN information on Switch B

[Sysname-vlan3] display vlan dynamic

 Now, the following dynamic VLAN exist(s):

  2

3.4.2  Example 2

I. Network requirements

Enable GVRP on devices and configure the port registration mode as fixed to realize dynamic registration and update of some VLAN information between devices.

II. Network diagram

Figure 3-3 Network diagram for GVRP configuration

III. Configuration procedure

1)         Configure Switch A

# Enable GVRP globally.

<Sysname> system-view

[Sysname] gvrp

# Configure port Ethernet1/0/1 as trunk, allowing all VLANs to pass.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] port link-type trunk

[Sysname-Ethernet1/0/1] port trunk permit vlan all

# Enable GVRP on Ethernet1/0/1

[Sysname-Ethernet1/0/1] gvrp

# Configure the GVRP registration mode as fixed.

[Sysname-Ethernet1/0/1] gvrp registration fixed

# Create static VLAN 2.

[Sysname-Ethernet1/0/1] quit

[Sysname] vlan 2

[Sysname-vlan2]

2)         Configure Switch B

# Enable GVRP globally.

<Sysname> system-view

[Sysname] gvrp

# Configure port Ethernet1/0/2 as trunk, allowing all VLANs to pass.

[Sysname] interface Ethernet 1/0/2

[Sysname-Ethernet1/0/2] port link-type trunk

[Sysname-Ethernet1/0/2] port trunk permit vlan all

# Enable GVRP on Ethernet1/0/2

[Sysname-Ethernet1/0/2] gvrp

# Create static VLAN 3.

[Sysname-Ethernet1/0/2] quit

[Sysname] vlan 3

[Sysname-vlan3]

3)         Verify the configuration

# Display the dynamic VLAN information on Switch A

[Sysname-vlan2] display vlan dynamic

 No dynamic vlans exist!

# Display the dynamic VLAN information on Switch B.

[Sysname-vlan3] display vlan dynamic

 Now, the following dynamic VLAN exist(s):

  2

3.4.3  Example 3

I. Network requirements

Enable GVRP on devices and configure the port registration mode as forbidden to forbid dynamic registration and update of VLAN information between devices.

II. Network diagram

Figure 3-4 Network diagram for GVRP configuration

III. Configuration procedure

1)         Configure Switch A

# Enable GVRP globally.

<Sysname > system-view

[Sysname] gvrp

# Configure Ethernet1/0/1 as a trunk port, allowing all VLANs to pass.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] port link-type trunk

[Sysname-Ethernet1/0/1] port trunk permit vlan all

# Enable GVRP on the trunk port.

[Sysname-Ethernet1/0/1] gvrp

# Configure the GVRP registration mode as forbidden.

[Sysname-Ethernet1/0/1] gvrp registration forbidden

# Create static VLAN 2.

[Sysname-Ethernet1/0/1] quit

[Sysname] vlan 2

[Sysname-vlan2]

2)         Configure Switch B

# Enable GVRP globally.

<Sysname > system-view

[Sysname] gvrp

# Configure Ethernet1/0/2 as a trunk port, allowing all VLANs to pass.

[Sysname] interface Ethernet 1/0/2

[Sysname-Ethernet1/0/2] port link-type trunk

[Sysname-Ethernet1/0/2] port trunk permit vlan all

# Enable GVRP on the trunk port.

[Sysname-Ethernet1/0/2] gvrp

# Create static VLAN 3.

[Sysname-Ethernet1/0/2] quit

[Sysname] vlan 3

[Sysname-vlan3]

3)         Verify the configuration

# Display dynamic VLAN information on Switch A

[Sysname-vlan2] display vlan dynamic

 No dynamic vlans exist!

# Display dynamic VLAN information on Switch B.

[Sysname-vlan3] display vlan dynamic

 No dynamic vlans exist!